From dfbd7de3f53cae4b81d8643283f106cbf16e3415 Mon Sep 17 00:00:00 2001 From: Stratoula Kalafateli Date: Thu, 19 Sep 2024 17:10:39 +0200 Subject: [PATCH 01/74] [ES|QL] Enhances the inline documentation experience (#192156) ## Summary Closes https://github.com/elastic/kibana/issues/166907 This PR: 1. Changes the inline docs implementation to a flyout for Discover image 2. Adds the flyout to open from the help menu and removes it from the editor footer 3. For the inline editing changes the docs to be rendered as a component inside the editor (exactly as the history component) Note: The documentation in the inline editing has limited space (same problem has the history component). I need to sync with Ryan to see what we can do, I am exploring some ideas in follow up PRs image 4. Moves the esql docs to the language package and the script associated to this ### Follow up - The language package should be renamed as the `popover` makes sense only for the formula implementation now. I will do it after this PR gets merged - See how we can give more space to the docs / history container when in inline mode ### Note The async bundle got increased as we want the ES|QL docs in unified search too. It wont be a problem as is loaded asynchronously. ### Checklist - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Ryan Keairns Co-authored-by: Drew Tate Co-authored-by: Elastic Machine --- .../steps/esql_generate_function_metadata.sh | 2 +- .../index.ts | 9 +- .../package.json | 9 +- .../scripts/generate_esql_docs.ts | 10 +- .../setup_tests.ts | 11 + ...language_documentation_popover.stories.tsx | 2 +- .../src/components/as_flyout/index.test.tsx | 95 ++ .../src/components/as_flyout/index.tsx | 117 ++ .../src/components/as_inline/index.test.tsx | 97 ++ .../src/components/as_inline/index.tsx | 82 ++ .../{ => as_popover}/documentation.scss | 0 .../index.tsx} | 6 +- .../popover_content.test.tsx} | 2 +- .../popover_content.tsx} | 45 +- .../shared/documentation_content.tsx | 82 ++ .../shared/documentation_navigation.tsx | 109 ++ .../src/components/shared/index.ts | 11 + .../sections}/esql_documentation_sections.tsx | 270 ++--- .../generated/aggregation_functions.tsx | 140 +-- .../sections}/generated/scalar_functions.tsx | 1043 ++++++----------- .../src/sections/index.ts | 44 + .../src/types.ts | 17 + .../src/utils/get_filtered_groups.test.tsx | 85 ++ .../src/utils/get_filtered_groups.ts | 41 + .../tsconfig.json | 1 + packages/kbn-text-based-editor/README.md | 1 - packages/kbn-text-based-editor/package.json | 7 +- .../src/editor_footer/index.tsx | 115 +- packages/kbn-text-based-editor/src/helpers.ts | 37 - .../src/text_based_languages_editor.test.tsx | 30 +- .../src/text_based_languages_editor.tsx | 5 +- packages/kbn-text-based-editor/src/types.ts | 3 + packages/kbn-text-based-editor/tsconfig.json | 1 - .../esql_menu_popover.test.tsx | 2 +- .../query_string_input/esql_menu_popover.tsx | 85 +- src/plugins/unified_search/tsconfig.json | 3 +- .../index_data_visualizer_esql.tsx | 1 + .../expression/esql_query_expression.tsx | 1 + .../translations/translations/fr-FR.json | 476 ++++---- .../translations/translations/ja-JP.json | 476 ++++---- .../translations/translations/zh-CN.json | 476 ++++---- 41 files changed, 2199 insertions(+), 1850 deletions(-) rename packages/{kbn-text-based-editor => kbn-language-documentation-popover}/scripts/generate_esql_docs.ts (92%) create mode 100644 packages/kbn-language-documentation-popover/setup_tests.ts create mode 100644 packages/kbn-language-documentation-popover/src/components/as_flyout/index.test.tsx create mode 100644 packages/kbn-language-documentation-popover/src/components/as_flyout/index.tsx create mode 100644 packages/kbn-language-documentation-popover/src/components/as_inline/index.test.tsx create mode 100644 packages/kbn-language-documentation-popover/src/components/as_inline/index.tsx rename packages/kbn-language-documentation-popover/src/components/{ => as_popover}/documentation.scss (100%) rename packages/kbn-language-documentation-popover/src/components/{documentation_popover.tsx => as_popover/index.tsx} (95%) rename packages/kbn-language-documentation-popover/src/components/{documentation_content.test.tsx => as_popover/popover_content.test.tsx} (97%) rename packages/kbn-language-documentation-popover/src/components/{documentation_content.tsx => as_popover/popover_content.tsx} (84%) create mode 100644 packages/kbn-language-documentation-popover/src/components/shared/documentation_content.tsx create mode 100644 packages/kbn-language-documentation-popover/src/components/shared/documentation_navigation.tsx create mode 100644 packages/kbn-language-documentation-popover/src/components/shared/index.ts rename packages/{kbn-text-based-editor/src/inline_documentation => kbn-language-documentation-popover/src/sections}/esql_documentation_sections.tsx (79%) rename packages/{kbn-text-based-editor/src/inline_documentation => kbn-language-documentation-popover/src/sections}/generated/aggregation_functions.tsx (77%) rename packages/{kbn-text-based-editor/src/inline_documentation => kbn-language-documentation-popover/src/sections}/generated/scalar_functions.tsx (77%) create mode 100644 packages/kbn-language-documentation-popover/src/sections/index.ts create mode 100644 packages/kbn-language-documentation-popover/src/types.ts create mode 100644 packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.test.tsx create mode 100644 packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.ts diff --git a/.buildkite/scripts/steps/esql_generate_function_metadata.sh b/.buildkite/scripts/steps/esql_generate_function_metadata.sh index 837a962b3c42b..07de4bc9bd04c 100755 --- a/.buildkite/scripts/steps/esql_generate_function_metadata.sh +++ b/.buildkite/scripts/steps/esql_generate_function_metadata.sh @@ -2,7 +2,7 @@ set -euo pipefail VALIDATION_PACKAGE_DIR="packages/kbn-esql-validation-autocomplete" -EDITOR_PACKAGE_DIR="packages/kbn-text-based-editor" +EDITOR_PACKAGE_DIR="packages/kbn-language-documentation-popover" GIT_SCOPE="$VALIDATION_PACKAGE_DIR/**/* $EDITOR_PACKAGE_DIR/**/*" report_main_step () { diff --git a/packages/kbn-language-documentation-popover/index.ts b/packages/kbn-language-documentation-popover/index.ts index a417382773a54..c12962fdf22b2 100644 --- a/packages/kbn-language-documentation-popover/index.ts +++ b/packages/kbn-language-documentation-popover/index.ts @@ -6,7 +6,8 @@ * your election, the "Elastic License 2.0", the "GNU Affero General Public * License v3.0 only", or the "Server Side Public License, v 1". */ - -export { LanguageDocumentationPopover } from './src/components/documentation_popover'; -export { LanguageDocumentationPopoverContent } from './src/components/documentation_content'; -export type { LanguageDocumentationSections } from './src/components/documentation_content'; +export { LanguageDocumentationPopover } from './src/components/as_popover'; +export { LanguageDocumentationPopoverContent } from './src/components/as_popover/popover_content'; +export { LanguageDocumentationFlyout } from './src/components/as_flyout'; +export { LanguageDocumentationInline } from './src/components/as_inline'; +export type { LanguageDocumentationSections } from './src/types'; diff --git a/packages/kbn-language-documentation-popover/package.json b/packages/kbn-language-documentation-popover/package.json index a756b25061b64..002c3c4ee51b3 100644 --- a/packages/kbn-language-documentation-popover/package.json +++ b/packages/kbn-language-documentation-popover/package.json @@ -5,5 +5,10 @@ "private": true, "sideEffects": [ "*.scss" - ] -} \ No newline at end of file + ], + "scripts": { + "make:docs": "ts-node --transpileOnly scripts/generate_esql_docs.ts", + "postmake:docs": "yarn run lint:fix", + "lint:fix": "cd ../.. && node ./scripts/eslint --fix ./packages/kbn-language-documentation-popover/src/sections/generated" + } +} diff --git a/packages/kbn-text-based-editor/scripts/generate_esql_docs.ts b/packages/kbn-language-documentation-popover/scripts/generate_esql_docs.ts similarity index 92% rename from packages/kbn-text-based-editor/scripts/generate_esql_docs.ts rename to packages/kbn-language-documentation-popover/scripts/generate_esql_docs.ts index 8a38908e2b211..4fad23e2e25f2 100644 --- a/packages/kbn-text-based-editor/scripts/generate_esql_docs.ts +++ b/packages/kbn-language-documentation-popover/scripts/generate_esql_docs.ts @@ -11,18 +11,18 @@ import * as recast from 'recast'; const n = recast.types.namedTypes; import fs from 'fs'; import path from 'path'; -import { functions } from '../src/inline_documentation/generated/scalar_functions'; +import { functions } from '../src/sections/generated/scalar_functions'; (function () { const pathToElasticsearch = process.argv[2]; const { scalarFunctions, aggregationFunctions } = loadFunctionDocs(pathToElasticsearch); writeFunctionDocs( scalarFunctions, - path.join(__dirname, '../src/inline_documentation/generated/scalar_functions.tsx') + path.join(__dirname, '../src/sections/generated/scalar_functions.tsx') ); writeFunctionDocs( aggregationFunctions, - path.join(__dirname, '../src/inline_documentation/generated/aggregation_functions.tsx') + path.join(__dirname, '../src/sections/generated/aggregation_functions.tsx') ); })(); @@ -86,7 +86,7 @@ function writeFunctionDocs(functionDocs: Map, pathToDocsFile: st // Do not edit manually... automatically generated by scripts/generate_esql_docs.ts { label: i18n.translate( - 'textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.${name}', + 'languageDocumentationPopover.documentationESQL.${name}', { defaultMessage: '${name.toUpperCase()}', } @@ -97,7 +97,7 @@ function writeFunctionDocs(functionDocs: Map, pathToDocsFile: st readOnly enableSoftLineBreaks markdownContent={i18n.translate( - 'textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.${name}.markdown', + 'languageDocumentationPopover.documentationESQL.${name}.markdown', { defaultMessage: \`${docWithoutLinks.replaceAll('`', '\\`')}\`, description: diff --git a/packages/kbn-language-documentation-popover/setup_tests.ts b/packages/kbn-language-documentation-popover/setup_tests.ts new file mode 100644 index 0000000000000..5ebc6d3dac1ca --- /dev/null +++ b/packages/kbn-language-documentation-popover/setup_tests.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +// eslint-disable-next-line import/no-extraneous-dependencies +import '@testing-library/jest-dom'; diff --git a/packages/kbn-language-documentation-popover/src/__stories__/language_documentation_popover.stories.tsx b/packages/kbn-language-documentation-popover/src/__stories__/language_documentation_popover.stories.tsx index 658f1fe81129c..06ace5c916201 100644 --- a/packages/kbn-language-documentation-popover/src/__stories__/language_documentation_popover.stories.tsx +++ b/packages/kbn-language-documentation-popover/src/__stories__/language_documentation_popover.stories.tsx @@ -9,7 +9,7 @@ import React from 'react'; import { storiesOf } from '@storybook/react'; -import { LanguageDocumentationPopover } from '../components/documentation_popover'; +import { LanguageDocumentationPopover } from '../components/as_popover'; const sections = { groups: [ diff --git a/packages/kbn-language-documentation-popover/src/components/as_flyout/index.test.tsx b/packages/kbn-language-documentation-popover/src/components/as_flyout/index.test.tsx new file mode 100644 index 0000000000000..5dd66386c4188 --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/components/as_flyout/index.test.tsx @@ -0,0 +1,95 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import React from 'react'; +import { screen, render, fireEvent, waitFor } from '@testing-library/react'; +import { LanguageDocumentationFlyout } from '.'; + +jest.mock('../../sections', () => { + const module = jest.requireActual('../../sections'); + return { + ...module, + getESQLDocsSections: () => ({ + groups: [ + { + label: 'Section one', + description: 'Section 1 description', + items: [], + }, + { + label: 'Section two', + items: [ + { + label: 'Section two item 1', + description: 'Section two item 1 description', + }, + { + label: 'Section two item 2', + description: 'Section two item 2 description', + }, + ], + }, + { + label: 'Section three', + items: [ + { + label: 'Section three item 1', + description: 'Section three item 1 description', + }, + { + label: 'Section three item 2', + description: 'Section three item 2 description', + }, + ], + }, + ], + initialSection: Here is the initial section, + }), + }; +}); + +describe('###Documentation flyout component', () => { + const renderFlyout = (linkToDocumentation?: string) => { + return render( + + ); + }; + it('has a header element for navigation through the sections', () => { + renderFlyout(); + expect(screen.getByTestId('language-documentation-navigation-search')).toBeInTheDocument(); + expect(screen.getByTestId('language-documentation-navigation-dropdown')).toBeInTheDocument(); + expect(screen.queryByTestId('language-documentation-navigation-link')).not.toBeInTheDocument(); + }); + + it('has a link if linkToDocumentation prop is given', () => { + renderFlyout('meow'); + expect(screen.getByTestId('language-documentation-navigation-link')).toBeInTheDocument(); + }); + + it('contains the two last sections', async () => { + renderFlyout(); + await waitFor(() => { + expect(screen.getByText('Section two')).toBeInTheDocument(); + expect(screen.getByText('Section three')).toBeInTheDocument(); + }); + }); + + it('contains the correct section if user updates the search input', async () => { + renderFlyout(); + const input = screen.getByTestId('language-documentation-navigation-search'); + fireEvent.change(input, { target: { value: 'two' } }); + await waitFor(() => { + expect(screen.getByText('Section two')).toBeInTheDocument(); + }); + }); +}); diff --git a/packages/kbn-language-documentation-popover/src/components/as_flyout/index.tsx b/packages/kbn-language-documentation-popover/src/components/as_flyout/index.tsx new file mode 100644 index 0000000000000..0a617165f7661 --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/components/as_flyout/index.tsx @@ -0,0 +1,117 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +import React, { useCallback, useEffect, useState, useRef, useMemo } from 'react'; +import { + EuiFlyout, + useEuiTheme, + EuiFlyoutBody, + EuiFlyoutHeader, + EuiTitle, + EuiSpacer, +} from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import { getFilteredGroups } from '../../utils/get_filtered_groups'; +import { DocumentationMainContent, DocumentationNavigation } from '../shared'; +import { getESQLDocsSections } from '../../sections'; +import type { LanguageDocumentationSections } from '../../types'; + +interface DocumentationFlyoutProps { + isHelpMenuOpen: boolean; + onHelpMenuVisibilityChange: (status: boolean) => void; + searchInDescription?: boolean; + linkToDocumentation?: string; +} + +function DocumentationFlyout({ + searchInDescription, + linkToDocumentation, + isHelpMenuOpen, + onHelpMenuVisibilityChange, +}: DocumentationFlyoutProps) { + const [documentationSections, setDocumentationSections] = + useState(); + + const { euiTheme } = useEuiTheme(); + const DEFAULT_WIDTH = euiTheme.base * 34; + + const [selectedSection, setSelectedSection] = useState(); + const [searchText, setSearchText] = useState(''); + + const scrollTargets = useRef>({}); + + const onNavigationChange = useCallback((selectedOptions) => { + setSelectedSection(selectedOptions.length ? selectedOptions[0].label : undefined); + if (selectedOptions.length) { + const scrollToElement = scrollTargets.current[selectedOptions[0].label]; + scrollToElement.scrollIntoView(); + } + }, []); + + useEffect(() => { + onHelpMenuVisibilityChange(isHelpMenuOpen ?? false); + }, [isHelpMenuOpen, onHelpMenuVisibilityChange]); + + useEffect(() => { + async function getDocumentation() { + const sections = await getESQLDocsSections(); + setDocumentationSections(sections); + } + if (!documentationSections) { + getDocumentation(); + } + }, [documentationSections]); + + const filteredGroups = useMemo(() => { + return getFilteredGroups(searchText, searchInDescription, documentationSections, 1); + }, [documentationSections, searchText, searchInDescription]); + + return ( + <> + {isHelpMenuOpen && ( + onHelpMenuVisibilityChange(false)} + aria-labelledby="esqlInlineDocumentationFlyout" + type="push" + size={DEFAULT_WIDTH} + paddingSize="m" + > + + +

+ {i18n.translate('languageDocumentationPopover.documentationFlyoutTitle', { + defaultMessage: 'ES|QL quick reference', + })} +

+ + + + + + + + + )} + + ); +} + +export const LanguageDocumentationFlyout = React.memo(DocumentationFlyout); diff --git a/packages/kbn-language-documentation-popover/src/components/as_inline/index.test.tsx b/packages/kbn-language-documentation-popover/src/components/as_inline/index.test.tsx new file mode 100644 index 0000000000000..4ba873614f9b2 --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/components/as_inline/index.test.tsx @@ -0,0 +1,97 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import React from 'react'; +import { screen, render, fireEvent, waitFor } from '@testing-library/react'; +import { Markdown } from '@kbn/shared-ux-markdown'; +import { LanguageDocumentationInline } from '.'; + +const mockMarkDownDescription = () => ( + +); + +jest.mock('../../sections', () => { + const module = jest.requireActual('../../sections'); + return { + ...module, + getESQLDocsSections: () => ({ + groups: [ + { + label: 'Section one', + description: 'Section 1 description', + items: [], + }, + { + label: 'Section two', + items: [ + { + label: 'Section two item 1', + description: 'Section two item 1 description', + }, + { + label: 'Section two item 2', + description: 'Section two item 2 description', + }, + ], + }, + { + label: 'Section three', + items: [ + { + label: 'Section three item 1', + description: mockMarkDownDescription(), + }, + { + label: 'Section three item 2', + description: 'Section three item 2 description', + }, + ], + }, + ], + initialSection: Here is the initial section, + }), + }; +}); + +describe('###Documentation flyout component', () => { + const renderInlineComponent = (searchInDescription = false) => { + return render(); + }; + it('has a header element for navigation through the sections', () => { + renderInlineComponent(); + expect(screen.getByTestId('language-documentation-navigation-search')).toBeInTheDocument(); + expect(screen.getByTestId('language-documentation-navigation-dropdown')).toBeInTheDocument(); + }); + + it('contains the two last sections', async () => { + renderInlineComponent(); + await waitFor(() => { + expect(screen.getByText('Section two')).toBeInTheDocument(); + expect(screen.getByText('Section three')).toBeInTheDocument(); + }); + }); + + it('contains the correct section if user updates the search input', async () => { + renderInlineComponent(); + const input = screen.getByTestId('language-documentation-navigation-search'); + fireEvent.change(input, { target: { value: 'two' } }); + await waitFor(() => { + expect(screen.getByText('Section two')).toBeInTheDocument(); + }); + }); + + it('contains the correct section if user updates the search input with a text that exist in the description', async () => { + renderInlineComponent(true); + const input = screen.getByTestId('language-documentation-navigation-search'); + fireEvent.change(input, { target: { value: 'blah' } }); + await waitFor(() => { + expect(screen.getByText('Section three')).toBeInTheDocument(); + }); + }); +}); diff --git a/packages/kbn-language-documentation-popover/src/components/as_inline/index.tsx b/packages/kbn-language-documentation-popover/src/components/as_inline/index.tsx new file mode 100644 index 0000000000000..dcc860aa70db2 --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/components/as_inline/index.tsx @@ -0,0 +1,82 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +import React, { useCallback, useState, useRef, useMemo, useEffect } from 'react'; +import { css } from '@emotion/react'; +import { useEuiTheme, euiScrollBarStyles, EuiSpacer } from '@elastic/eui'; +import { getFilteredGroups } from '../../utils/get_filtered_groups'; +import { DocumentationMainContent, DocumentationNavigation } from '../shared'; +import type { LanguageDocumentationSections } from '../../types'; +import { getESQLDocsSections } from '../../sections'; + +interface DocumentationInlineProps { + searchInDescription?: boolean; +} + +const MAX_HEIGHT = 250; + +function DocumentationInline({ searchInDescription }: DocumentationInlineProps) { + const theme = useEuiTheme(); + const [documentationSections, setDocumentationSections] = + useState(); + const scrollBarStyles = euiScrollBarStyles(theme); + const [selectedSection, setSelectedSection] = useState(); + const [searchText, setSearchText] = useState(''); + + const scrollTargets = useRef>({}); + + useEffect(() => { + async function getDocumentation() { + const sections = await getESQLDocsSections(); + setDocumentationSections(sections); + } + if (!documentationSections) { + getDocumentation(); + } + }, [documentationSections]); + + const filteredGroups = useMemo(() => { + return getFilteredGroups(searchText, searchInDescription, documentationSections, 1); + }, [documentationSections, searchText, searchInDescription]); + + const onNavigationChange = useCallback((selectedOptions) => { + setSelectedSection(selectedOptions.length ? selectedOptions[0].label : undefined); + if (selectedOptions.length) { + const scrollToElement = scrollTargets.current[selectedOptions[0].label]; + scrollToElement.scrollIntoView(); + } + }, []); + + return ( +
+ + + +
+ ); +} + +export const LanguageDocumentationInline = React.memo(DocumentationInline); diff --git a/packages/kbn-language-documentation-popover/src/components/documentation.scss b/packages/kbn-language-documentation-popover/src/components/as_popover/documentation.scss similarity index 100% rename from packages/kbn-language-documentation-popover/src/components/documentation.scss rename to packages/kbn-language-documentation-popover/src/components/as_popover/documentation.scss diff --git a/packages/kbn-language-documentation-popover/src/components/documentation_popover.tsx b/packages/kbn-language-documentation-popover/src/components/as_popover/index.tsx similarity index 95% rename from packages/kbn-language-documentation-popover/src/components/documentation_popover.tsx rename to packages/kbn-language-documentation-popover/src/components/as_popover/index.tsx index 265e3304f7d90..9a1432e938f04 100644 --- a/packages/kbn-language-documentation-popover/src/components/documentation_popover.tsx +++ b/packages/kbn-language-documentation-popover/src/components/as_popover/index.tsx @@ -16,10 +16,8 @@ import { EuiButtonIconProps, EuiOutsideClickDetector, } from '@elastic/eui'; -import { - type LanguageDocumentationSections, - LanguageDocumentationPopoverContent, -} from './documentation_content'; +import { LanguageDocumentationPopoverContent } from './popover_content'; +import type { LanguageDocumentationSections } from '../../types'; interface DocumentationPopoverProps { language: string; diff --git a/packages/kbn-language-documentation-popover/src/components/documentation_content.test.tsx b/packages/kbn-language-documentation-popover/src/components/as_popover/popover_content.test.tsx similarity index 97% rename from packages/kbn-language-documentation-popover/src/components/documentation_content.test.tsx rename to packages/kbn-language-documentation-popover/src/components/as_popover/popover_content.test.tsx index d5acdad75dae4..a7a4bce8c2cd5 100644 --- a/packages/kbn-language-documentation-popover/src/components/documentation_content.test.tsx +++ b/packages/kbn-language-documentation-popover/src/components/as_popover/popover_content.test.tsx @@ -11,7 +11,7 @@ import React from 'react'; import { mountWithIntl, findTestSubject } from '@kbn/test-jest-helpers'; import { act } from 'react-dom/test-utils'; import { Markdown } from '@kbn/shared-ux-markdown'; -import { LanguageDocumentationPopoverContent } from './documentation_content'; +import { LanguageDocumentationPopoverContent } from './popover_content'; describe('###Documentation popover content', () => { const sections = { diff --git a/packages/kbn-language-documentation-popover/src/components/documentation_content.tsx b/packages/kbn-language-documentation-popover/src/components/as_popover/popover_content.tsx similarity index 84% rename from packages/kbn-language-documentation-popover/src/components/documentation_content.tsx rename to packages/kbn-language-documentation-popover/src/components/as_popover/popover_content.tsx index d3fedfee9f1eb..ec622eccf6044 100644 --- a/packages/kbn-language-documentation-popover/src/components/documentation_content.tsx +++ b/packages/kbn-language-documentation-popover/src/components/as_popover/popover_content.tsx @@ -6,8 +6,7 @@ * your election, the "Elastic License 2.0", the "GNU Affero General Public * License v3.0 only", or the "Server Side Public License, v 1". */ - -import React, { useEffect, useRef, useState } from 'react'; +import React, { useEffect, useRef, useState, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; import { EuiFlexGroup, @@ -22,19 +21,11 @@ import { EuiSpacer, EuiLink, } from '@elastic/eui'; -import { elementToString } from '../utils/element_to_string'; +import { getFilteredGroups } from '../../utils/get_filtered_groups'; +import type { LanguageDocumentationSections } from '../../types'; import './documentation.scss'; -export interface LanguageDocumentationSections { - groups: Array<{ - label: string; - description?: string; - items: Array<{ label: string; description?: JSX.Element }>; - }>; - initialSection: JSX.Element; -} - interface DocumentationProps { language: string; sections?: LanguageDocumentationSections; @@ -61,29 +52,9 @@ function DocumentationContent({ const [searchText, setSearchText] = useState(''); - const normalizedSearchText = searchText.trim().toLocaleLowerCase(); - - const filteredGroups = sections?.groups - .map((group) => { - const items = group.items.filter((helpItem) => { - return ( - !normalizedSearchText || - helpItem.label.toLocaleLowerCase().includes(normalizedSearchText) || - // Converting the JSX element to a string first - (searchInDescription && - elementToString(helpItem.description) - ?.toLocaleLowerCase() - .includes(normalizedSearchText)) - ); - }); - return { ...group, items }; - }) - .filter((group) => { - if (group.items.length > 0 || !normalizedSearchText) { - return true; - } - return group.label.toLocaleLowerCase().includes(normalizedSearchText); - }); + const filteredGroups = useMemo(() => { + return getFilteredGroups(searchText, searchInDescription, sections); + }, [sections, searchText, searchInDescription]); return ( <> @@ -158,12 +129,12 @@ function DocumentationContent({ - {helpGroup.items.length ? ( + {helpGroup.options.length ? ( <> - {helpGroup.items.map((helpItem) => { + {helpGroup.options.map((helpItem) => { return ( ; + filteredGroups?: Array<{ + label: string; + description?: string; + options: Array<{ label: string; description?: JSX.Element | undefined }>; + }>; + sections?: LanguageDocumentationSections; +} + +function DocumentationContent({ + searchText, + scrollTargets, + filteredGroups, + sections, +}: DocumentationContentProps) { + return ( + <> + + + {!searchText && ( +
{ + if (el && sections?.groups?.length) { + scrollTargets.current[sections.groups[0].label] = el; + } + }} + > + {sections?.initialSection} +
+ )} + {filteredGroups?.map((helpGroup, index) => { + return ( +
{ + if (el) { + scrollTargets.current[helpGroup.label] = el; + } + }} + > +

{helpGroup.label}

+ +

{helpGroup.description}

+ + {filteredGroups?.[index].options.map((helpItem) => { + return ( +
{ + if (el) { + scrollTargets.current[helpItem.label] = el; + } + }} + > + {helpItem.description} +
+ ); + })} +
+ ); + })} + + + + ); +} + +export const DocumentationMainContent = React.memo(DocumentationContent); diff --git a/packages/kbn-language-documentation-popover/src/components/shared/documentation_navigation.tsx b/packages/kbn-language-documentation-popover/src/components/shared/documentation_navigation.tsx new file mode 100644 index 0000000000000..c8202d0ea448f --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/components/shared/documentation_navigation.tsx @@ -0,0 +1,109 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +import React from 'react'; +import { css } from '@emotion/react'; +import { + EuiFlexItem, + EuiFlexGroup, + EuiFormRow, + EuiLink, + EuiText, + useEuiTheme, + EuiFieldSearch, + EuiComboBox, +} from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; + +interface DocumentationNavProps { + searchText: string; + setSearchText: (text: string) => void; + onNavigationChange: (selectedOptions: Array<{ label: string }>) => void; + filteredGroups?: Array<{ label: string }>; + linkToDocumentation?: string; + selectedSection?: string; +} + +function DocumentationNav({ + searchText, + setSearchText, + onNavigationChange, + filteredGroups, + linkToDocumentation, + selectedSection, +}: DocumentationNavProps) { + const { euiTheme } = useEuiTheme(); + + return ( + <> + + + + + {i18n.translate('languageDocumentationPopover.esqlDocsLinkLabel', { + defaultMessage: 'View full ES|QL documentation', + })} + + + ) + } + > + + + + + { + setSearchText(e.target.value); + }} + data-test-subj="language-documentation-navigation-search" + placeholder={i18n.translate('languageDocumentationPopover.searchPlaceholder', { + defaultMessage: 'Search', + })} + fullWidth + compressed + /> + + + + ); +} + +export const DocumentationNavigation = React.memo(DocumentationNav); diff --git a/packages/kbn-language-documentation-popover/src/components/shared/index.ts b/packages/kbn-language-documentation-popover/src/components/shared/index.ts new file mode 100644 index 0000000000000..f00df2358d39a --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/components/shared/index.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +export { DocumentationNavigation } from './documentation_navigation'; +export { DocumentationMainContent } from './documentation_content'; diff --git a/packages/kbn-text-based-editor/src/inline_documentation/esql_documentation_sections.tsx b/packages/kbn-language-documentation-popover/src/sections/esql_documentation_sections.tsx similarity index 79% rename from packages/kbn-text-based-editor/src/inline_documentation/esql_documentation_sections.tsx rename to packages/kbn-language-documentation-popover/src/sections/esql_documentation_sections.tsx index d0c136cf6d01e..21e550f4ca5eb 100644 --- a/packages/kbn-text-based-editor/src/inline_documentation/esql_documentation_sections.tsx +++ b/packages/kbn-language-documentation-popover/src/sections/esql_documentation_sections.tsx @@ -17,11 +17,8 @@ const Markdown = (props: Parameters[0]) => ( export const initialSection = ( ); export const sourceCommands = { - label: i18n.translate('textBasedEditor.query.textBasedLanguagesEditor.sourceCommands', { + label: i18n.translate('languageDocumentationPopover.documentationESQL.sourceCommands', { defaultMessage: 'Source commands', }), description: i18n.translate( - 'textBasedEditor.query.textBasedLanguagesEditor.commandsDescription', + 'languageDocumentationPopover.documentationESQL.commandsDescription', { defaultMessage: `A source command produces a table, typically with data from Elasticsearch. ES|QL supports the following source commands.`, } ), items: [ { - label: i18n.translate( - 'textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from', - { - defaultMessage: 'FROM', - } - ), + label: i18n.translate('languageDocumentationPopover.documentationESQL.from', { + defaultMessage: 'FROM', + }), description: ( \` source command returns information about the deployment and its capabilities: @@ -186,28 +173,25 @@ The \`SHOW \` source command returns information about the deployment and }; export const processingCommands = { - label: i18n.translate('textBasedEditor.query.textBasedLanguagesEditor.processingCommands', { + label: i18n.translate('languageDocumentationPopover.documentationESQL.processingCommands', { defaultMessage: 'Processing commands', }), description: i18n.translate( - 'textBasedEditor.query.textBasedLanguagesEditor.processingCommandsDescription', + 'languageDocumentationPopover.documentationESQL.processingCommandsDescription', { defaultMessage: `Processing commands change an input table by adding, removing, or changing rows and columns. ES|QL supports the following processing commands.`, } ), items: [ { - label: i18n.translate( - 'textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.dissect', - { - defaultMessage: 'DISSECT', - } - ), + label: i18n.translate('languageDocumentationPopover.documentationESQL.dissect', { + defaultMessage: 'DISSECT', + }), description: ( \` type conversion functions. +The \`::\` operator provides a convenient alternative syntax to the \`TO_\` type conversion functions. Example: \`\`\` @@ -943,16 +882,13 @@ ROW ver = CONCAT(("0"::INT + 1)::STRING, ".2.3")::VERSION ), }, { - label: i18n.translate( - 'textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.inOperator', - { - defaultMessage: 'IN', - } - ), + label: i18n.translate('languageDocumentationPopover.documentationESQL.inOperator', { + defaultMessage: 'IN', + }), description: ( { + const groups: Array<{ + label: string; + description?: string; + items: Array<{ label: string; description?: JSX.Element }>; + }> = []; + const { + sourceCommands, + processingCommands, + initialSection, + scalarFunctions, + aggregationFunctions, + groupingFunctions, + operators, + } = await import('./esql_documentation_sections'); + groups.push({ + label: i18n.translate('languageDocumentationPopover.esqlSections.initialSectionLabel', { + defaultMessage: 'ES|QL', + }), + items: [], + }); + groups.push( + sourceCommands, + processingCommands, + scalarFunctions, + aggregationFunctions, + groupingFunctions, + operators + ); + return { + groups, + initialSection, + }; +}; diff --git a/packages/kbn-language-documentation-popover/src/types.ts b/packages/kbn-language-documentation-popover/src/types.ts new file mode 100644 index 0000000000000..863c00b94e21e --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/types.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +export interface LanguageDocumentationSections { + groups: Array<{ + label: string; + description?: string; + items: Array<{ label: string; description?: JSX.Element }>; + }>; + initialSection: JSX.Element; +} diff --git a/packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.test.tsx b/packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.test.tsx new file mode 100644 index 0000000000000..9dfe443f10b0b --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.test.tsx @@ -0,0 +1,85 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +import React from 'react'; +import { Markdown } from '@kbn/shared-ux-markdown'; +import { getFilteredGroups } from './get_filtered_groups'; + +describe('getFilteredGroups', () => { + const sections = { + groups: [ + { + label: 'Section one', + description: 'Section 1 description', + items: [], + }, + { + label: 'Section two', + items: [ + { + label: 'Section two item 1 blah blah', + description: ( + + ), + }, + { + label: 'Section two item 2', + description: ( + + ), + }, + ], + }, + { + label: 'Section three ', + items: [ + { + label: 'Section three item 1', + description: ( + + ), + }, + { + label: 'Section three item 2', + description: ( + + ), + }, + ], + }, + ], + initialSection: Here is the initial section, + }; + test('Should return the sections as it gets them if the search string is empty', () => { + const filteredSections = getFilteredGroups('', false, sections); + expect(filteredSections).toStrictEqual([ + ...sections.groups.map((group) => ({ ...group, options: group.items })), + ]); + }); + + test('Should return the 2 last sections as it gets them if the search string is empty and the numOfGroupsToOmit is set to 1', () => { + const filteredSections = getFilteredGroups('', false, sections, 1); + expect(filteredSections).toStrictEqual([ + ...sections.groups.slice(1).map((group) => ({ ...group, options: group.items })), + ]); + }); + + test('Should return the section two as it gets it if the search string is asking for this', () => { + const filteredSections = getFilteredGroups('tWo', false, sections); + expect(filteredSections).toStrictEqual([ + { ...sections.groups[1], options: sections.groups[1].items }, + ]); + }); + + test('Should return the section two filtered on the search string if it is allowed to search in description', () => { + const filteredSections = getFilteredGroups('Section two item 1 blah blah', true, sections); + expect(filteredSections).toStrictEqual([ + { ...sections.groups[1], options: [sections.groups[1].items[0]] }, + ]); + }); +}); diff --git a/packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.ts b/packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.ts new file mode 100644 index 0000000000000..2ac252bdad775 --- /dev/null +++ b/packages/kbn-language-documentation-popover/src/utils/get_filtered_groups.ts @@ -0,0 +1,41 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ +import type { LanguageDocumentationSections } from '../types'; +import { elementToString } from './element_to_string'; + +export const getFilteredGroups = ( + searchText: string, + searchInDescription?: boolean, + sections?: LanguageDocumentationSections, + numOfGroupsToOmit?: number +) => { + const normalizedSearchText = searchText.trim().toLocaleLowerCase(); + return sections?.groups + .slice(numOfGroupsToOmit ?? 0) + .map((group) => { + const options = group.items.filter((helpItem) => { + return ( + !normalizedSearchText || + helpItem.label.toLocaleLowerCase().includes(normalizedSearchText) || + // Converting the JSX element to a string first + (searchInDescription && + elementToString(helpItem.description) + ?.toLocaleLowerCase() + .includes(normalizedSearchText)) + ); + }); + return { ...group, options }; + }) + .filter((group) => { + if (group.options.length > 0 || !normalizedSearchText) { + return true; + } + return group.label.toLocaleLowerCase().includes(normalizedSearchText); + }); +}; diff --git a/packages/kbn-language-documentation-popover/tsconfig.json b/packages/kbn-language-documentation-popover/tsconfig.json index 48da6397a6448..f613b6cb759aa 100644 --- a/packages/kbn-language-documentation-popover/tsconfig.json +++ b/packages/kbn-language-documentation-popover/tsconfig.json @@ -5,6 +5,7 @@ "types": [ "jest", "node", + "@emotion/react/types/css-prop", ] }, "include": [ diff --git a/packages/kbn-text-based-editor/README.md b/packages/kbn-text-based-editor/README.md index 2bb9ae5887f24..ae7846a58d207 100644 --- a/packages/kbn-text-based-editor/README.md +++ b/packages/kbn-text-based-editor/README.md @@ -14,7 +14,6 @@ In order to enable text based languages on your unified search bar add `textBase ## Languages supported -- SQL: based on the Elasticsearch sql api - ESQL: based on the Elastisearch esql api diff --git a/packages/kbn-text-based-editor/package.json b/packages/kbn-text-based-editor/package.json index 3eeb282f953c2..47d3d426b21f2 100644 --- a/packages/kbn-text-based-editor/package.json +++ b/packages/kbn-text-based-editor/package.json @@ -5,10 +5,5 @@ "license": "Elastic License 2.0 OR AGPL-3.0-only OR SSPL-1.0", "sideEffects": [ "*.scss" - ], - "scripts": { - "make:docs": "ts-node --transpileOnly scripts/generate_esql_docs.ts", - "postmake:docs": "yarn run lint:fix", - "lint:fix": "cd ../.. && node ./scripts/eslint --fix ./packages/kbn-text-based-editor/src/inline_documentation/generated" - } + ] } diff --git a/packages/kbn-text-based-editor/src/editor_footer/index.tsx b/packages/kbn-text-based-editor/src/editor_footer/index.tsx index fa60eb1a32f44..6468a2c08a8bc 100644 --- a/packages/kbn-text-based-editor/src/editor_footer/index.tsx +++ b/packages/kbn-text-based-editor/src/editor_footer/index.tsx @@ -7,18 +7,25 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import React, { memo, useState, useCallback, useEffect, useMemo } from 'react'; +import React, { memo, useState, useCallback, useMemo } from 'react'; import { i18n } from '@kbn/i18n'; -import { EuiText, EuiFlexGroup, EuiFlexItem, EuiCode } from '@elastic/eui'; +import { + EuiText, + EuiFlexGroup, + EuiFlexItem, + EuiCode, + EuiButtonIcon, + EuiButtonEmpty, +} from '@elastic/eui'; import { Interpolation, Theme, css } from '@emotion/react'; import { useKibana } from '@kbn/kibana-react-plugin/public'; import { - LanguageDocumentationPopover, - type LanguageDocumentationSections, + LanguageDocumentationInline, + LanguageDocumentationFlyout, } from '@kbn/language-documentation-popover'; import { getLimitFromESQLQuery } from '@kbn/esql-utils'; -import { type MonacoMessage, getDocumentationSections } from '../helpers'; +import { type MonacoMessage } from '../helpers'; import { ErrorsWarningsFooterPopover } from './errors_warnings_popover'; import { QueryHistoryAction, QueryHistory } from './query_history'; import { SubmitFeedbackComponent } from './feedback_component'; @@ -43,8 +50,6 @@ interface EditorFooterProps { updateQuery: (qs: string) => void; isHistoryOpen: boolean; setIsHistoryOpen: (status: boolean) => void; - isHelpMenuOpen: boolean; - setIsHelpMenuOpen: (status: boolean) => void; measuredContainerWidth: number; hideRunQueryText?: boolean; editorIsInline?: boolean; @@ -52,6 +57,7 @@ interface EditorFooterProps { hideTimeFilterInfo?: boolean; hideQueryHistory?: boolean; isInCompactMode?: boolean; + displayDocumentationAsFlyout?: boolean; } export const EditorFooter = memo(function EditorFooter({ @@ -71,18 +77,15 @@ export const EditorFooter = memo(function EditorFooter({ setIsHistoryOpen, hideQueryHistory, isInCompactMode, + displayDocumentationAsFlyout, measuredContainerWidth, code, - isHelpMenuOpen, - setIsHelpMenuOpen, }: EditorFooterProps) { const kibana = useKibana(); const { docLinks } = kibana.services; - const [isErrorPopoverOpen, setIsErrorPopoverOpen] = useState(false); + const [isLanguageComponentOpen, setIsLanguageComponentOpen] = useState(false); const [isWarningPopoverOpen, setIsWarningPopoverOpen] = useState(false); - const [documentationSections, setDocumentationSections] = - useState(); const onUpdateAndSubmit = useCallback( (qs: string) => { @@ -98,17 +101,17 @@ export const EditorFooter = memo(function EditorFooter({ [runQuery, updateQuery] ); - const limit = useMemo(() => getLimitFromESQLQuery(code), [code]); + const toggleHistoryComponent = useCallback(() => { + setIsHistoryOpen(!isHistoryOpen); + setIsLanguageComponentOpen(false); + }, [isHistoryOpen, setIsHistoryOpen]); - useEffect(() => { - async function getDocumentation() { - const sections = await getDocumentationSections('esql'); - setDocumentationSections(sections); - } - if (!documentationSections) { - getDocumentation(); - } - }, [documentationSections]); + const toggleLanguageComponent = useCallback(async () => { + setIsLanguageComponentOpen(!isLanguageComponentOpen); + setIsHistoryOpen(false); + }, [isLanguageComponentOpen, setIsHistoryOpen]); + + const limit = useMemo(() => getLimitFromESQLQuery(code), [code]); return ( )} - {documentationSections && !editorIsInline && ( - - + toggleLanguageComponent()} + css={css` + cursor: pointer; + `} + /> + - + )} @@ -318,34 +318,14 @@ export const EditorFooter = memo(function EditorFooter({ {!hideQueryHistory && ( setIsHistoryOpen(!isHistoryOpen)} + toggleHistory={toggleHistoryComponent} isHistoryOpen={isHistoryOpen} isSpaceReduced={true} /> )} - {documentationSections && ( - - - - )} + + + @@ -362,6 +342,11 @@ export const EditorFooter = memo(function EditorFooter({ /> )} + {isLanguageComponentOpen && editorIsInline && ( + + + + )} ); }); diff --git a/packages/kbn-text-based-editor/src/helpers.ts b/packages/kbn-text-based-editor/src/helpers.ts index 0ba6d5004606f..b1bb3aaf826a7 100644 --- a/packages/kbn-text-based-editor/src/helpers.ts +++ b/packages/kbn-text-based-editor/src/helpers.ts @@ -161,43 +161,6 @@ export const parseErrors = (errors: Error[], code: string): MonacoMessage[] => { }); }; -export const getDocumentationSections = async (language: string) => { - const groups: Array<{ - label: string; - description?: string; - items: Array<{ label: string; description?: JSX.Element }>; - }> = []; - if (language === 'esql') { - const { - sourceCommands, - processingCommands, - initialSection, - scalarFunctions, - aggregationFunctions, - groupingFunctions, - operators, - } = await import('./inline_documentation/esql_documentation_sections'); - groups.push({ - label: i18n.translate('textBasedEditor.query.textBasedLanguagesEditor.esql', { - defaultMessage: 'ES|QL', - }), - items: [], - }); - groups.push( - sourceCommands, - processingCommands, - scalarFunctions, - aggregationFunctions, - groupingFunctions, - operators - ); - return { - groups, - initialSection, - }; - } -}; - export const getIndicesList = async (dataViews: DataViewsPublicPluginStart) => { const indices = await dataViews.getIndices({ showAllIndices: false, diff --git a/packages/kbn-text-based-editor/src/text_based_languages_editor.test.tsx b/packages/kbn-text-based-editor/src/text_based_languages_editor.test.tsx index d8fe9512691a1..0855d0326263f 100644 --- a/packages/kbn-text-based-editor/src/text_based_languages_editor.test.tsx +++ b/packages/kbn-text-based-editor/src/text_based_languages_editor.test.tsx @@ -16,21 +16,6 @@ import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; import { TextBasedLanguagesEditor } from './text_based_languages_editor'; import type { TextBasedLanguagesEditorProps } from './types'; import { ReactWrapper } from 'enzyme'; - -jest.mock('./helpers', () => { - const module = jest.requireActual('./helpers'); - return { - ...module, - getDocumentationSections: () => ({ - groups: [ - { - label: 'How it works', - items: [], - }, - ], - }), - }; -}); import { of } from 'rxjs'; describe('TextBasedLanguagesEditor', () => { @@ -133,9 +118,6 @@ describe('TextBasedLanguagesEditor', () => { expect( component!.find('[data-test-subj="TextBasedLangEditor-toggleWordWrap"]').length ).not.toBe(0); - expect(component!.find('[data-test-subj="TextBasedLangEditor-documentation"]').length).not.toBe( - 0 - ); }); it('should render the resize for the expanded code editor mode', async () => { @@ -156,6 +138,18 @@ describe('TextBasedLanguagesEditor', () => { expect(component.find('[data-test-subj="TextBasedLangEditor-run-query"]').length).not.toBe(0); }); + it('should render the doc icon if the displayDocumentationAsFlyout is true', async () => { + const newProps = { + ...props, + displayDocumentationAsFlyout: true, + editorIsInline: false, + }; + const component = mount(renderTextBasedLanguagesEditorComponent({ ...newProps })); + expect(component.find('[data-test-subj="TextBasedLangEditor-documentation"]').length).not.toBe( + 0 + ); + }); + it('should not render the run query text if the hideRunQueryText prop is set to true', async () => { const newProps = { ...props, diff --git a/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx b/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx index d6936bde6fcbe..2ebd5a42a966a 100644 --- a/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx +++ b/packages/kbn-text-based-editor/src/text_based_languages_editor.tsx @@ -78,6 +78,7 @@ export const TextBasedLanguagesEditor = memo(function TextBasedLanguagesEditor({ hideTimeFilterInfo, hideQueryHistory, hasOutline, + displayDocumentationAsFlyout, }: TextBasedLanguagesEditorProps) { const popoverRef = useRef(null); const datePickerOpenStatusRef = useRef(false); @@ -108,7 +109,6 @@ export const TextBasedLanguagesEditor = memo(function TextBasedLanguagesEditor({ const [isHistoryOpen, setIsHistoryOpen] = useState(false); const [isCodeEditorExpandedFocused, setIsCodeEditorExpandedFocused] = useState(false); - const [isLanguagePopoverOpen, setIsLanguagePopoverOpen] = useState(false); const [isQueryLoading, setIsQueryLoading] = useState(true); const [abortController, setAbortController] = useState(new AbortController()); @@ -738,8 +738,7 @@ export const TextBasedLanguagesEditor = memo(function TextBasedLanguagesEditor({ setIsHistoryOpen={toggleHistory} measuredContainerWidth={measuredEditorWidth} hideQueryHistory={hideHistoryComponent} - isHelpMenuOpen={isLanguagePopoverOpen} - setIsHelpMenuOpen={setIsLanguagePopoverOpen} + displayDocumentationAsFlyout={displayDocumentationAsFlyout} /> { renderESQLPopover(); expect(screen.getByTestId('esql-menu-button')).toBeInTheDocument(); await userEvent.click(screen.getByRole('button')); - + expect(screen.getByTestId('esql-quick-reference')).toBeInTheDocument(); expect(screen.getByTestId('esql-examples')).toBeInTheDocument(); expect(screen.getByTestId('esql-about')).toBeInTheDocument(); expect(screen.getByTestId('esql-feedback')).toBeInTheDocument(); diff --git a/src/plugins/unified_search/public/query_string_input/esql_menu_popover.tsx b/src/plugins/unified_search/public/query_string_input/esql_menu_popover.tsx index 003827344c307..d684448670c42 100644 --- a/src/plugins/unified_search/public/query_string_input/esql_menu_popover.tsx +++ b/src/plugins/unified_search/public/query_string_input/esql_menu_popover.tsx @@ -7,7 +7,7 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import React, { useMemo, useState } from 'react'; +import React, { useMemo, useState, useCallback } from 'react'; import { EuiPopover, EuiButton, @@ -19,6 +19,7 @@ import { import { useKibana } from '@kbn/kibana-react-plugin/public'; import { i18n } from '@kbn/i18n'; import { FEEDBACK_LINK } from '@kbn/esql-utils'; +import { LanguageDocumentationFlyout } from '@kbn/language-documentation-popover'; import type { IUnifiedSearchPluginServices } from '../types'; export const ESQLMenuPopover = () => { @@ -26,15 +27,33 @@ export const ESQLMenuPopover = () => { const { docLinks } = kibana.services; const [isESQLMenuPopoverOpen, setIsESQLMenuPopoverOpen] = useState(false); + const [isLanguageComponentOpen, setIsLanguageComponentOpen] = useState(false); + + const toggleLanguageComponent = useCallback(async () => { + setIsLanguageComponentOpen(!isLanguageComponentOpen); + setIsESQLMenuPopoverOpen(false); + }, [isLanguageComponentOpen]); + const esqlPanelItems = useMemo(() => { const panelItems: EuiContextMenuPanelProps['items'] = []; panelItems.push( + toggleLanguageComponent()} + > + {i18n.translate('unifiedSearch.query.queryBar.esqlMenu.quickReference', { + defaultMessage: 'Quick Reference', + })} + , setIsESQLMenuPopoverOpen(false)} > {i18n.translate('unifiedSearch.query.queryBar.esqlMenu.documentation', { defaultMessage: 'Documentation', @@ -46,6 +65,7 @@ export const ESQLMenuPopover = () => { data-test-subj="esql-examples" target="_blank" href={docLinks.links.query.queryESQLExamples} + onClick={() => setIsESQLMenuPopoverOpen(false)} > {i18n.translate('unifiedSearch.query.queryBar.esqlMenu.documentation', { defaultMessage: 'Example queries', @@ -58,6 +78,7 @@ export const ESQLMenuPopover = () => { data-test-subj="esql-feedback" target="_blank" href={FEEDBACK_LINK} + onClick={() => setIsESQLMenuPopoverOpen(false)} > {i18n.translate('unifiedSearch.query.queryBar.esqlMenu.documentation', { defaultMessage: 'Submit feedback', @@ -65,32 +86,44 @@ export const ESQLMenuPopover = () => { ); return panelItems; - }, [docLinks.links.query.queryESQL, docLinks.links.query.queryESQLExamples]); + }, [ + docLinks.links.query.queryESQL, + docLinks.links.query.queryESQLExamples, + toggleLanguageComponent, + ]); return ( - setIsESQLMenuPopoverOpen(!isESQLMenuPopoverOpen)} - data-test-subj="esql-menu-button" - size="s" - > - {i18n.translate('unifiedSearch.query.queryBar.esqlMenu.label', { - defaultMessage: 'ES|QL help', - })} - - } - panelProps={{ - ['data-test-subj']: 'esql-menu-popover', - css: { width: 240 }, - }} - isOpen={isESQLMenuPopoverOpen} - closePopover={() => setIsESQLMenuPopoverOpen(false)} - panelPaddingSize="s" - display="block" - > - - + <> + setIsESQLMenuPopoverOpen(!isESQLMenuPopoverOpen)} + data-test-subj="esql-menu-button" + size="s" + > + {i18n.translate('unifiedSearch.query.queryBar.esqlMenu.label', { + defaultMessage: 'ES|QL help', + })} + + } + panelProps={{ + ['data-test-subj']: 'esql-menu-popover', + css: { width: 240 }, + }} + isOpen={isESQLMenuPopoverOpen} + closePopover={() => setIsESQLMenuPopoverOpen(false)} + panelPaddingSize="s" + display="block" + > + + + + ); }; diff --git a/src/plugins/unified_search/tsconfig.json b/src/plugins/unified_search/tsconfig.json index 909c0031b5a31..e836f3c6daa67 100644 --- a/src/plugins/unified_search/tsconfig.json +++ b/src/plugins/unified_search/tsconfig.json @@ -46,7 +46,8 @@ "@kbn/data-view-utils", "@kbn/esql-utils", "@kbn/react-kibana-mount", - "@kbn/field-utils" + "@kbn/field-utils", + "@kbn/language-documentation-popover" ], "exclude": [ "target/**/*", diff --git a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx index 6671e4c73c2e8..8e3d48c47c789 100644 --- a/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx +++ b/x-pack/plugins/data_visualizer/public/application/index_data_visualizer/components/index_data_visualizer_view/index_data_visualizer_esql.tsx @@ -266,6 +266,7 @@ export const IndexDataVisualizerESQL: FC = (dataVi detectedTimestamp={currentDataView?.timeFieldName} hideRunQueryText={false} isLoading={queryHistoryStatus ?? false} + displayDocumentationAsFlyout /> diff --git a/x-pack/plugins/stack_alerts/public/rule_types/es_query/expression/esql_query_expression.tsx b/x-pack/plugins/stack_alerts/public/rule_types/es_query/expression/esql_query_expression.tsx index c8ce47ce68ac4..da8559a958d99 100644 --- a/x-pack/plugins/stack_alerts/public/rule_types/es_query/expression/esql_query_expression.tsx +++ b/x-pack/plugins/stack_alerts/public/rule_types/es_query/expression/esql_query_expression.tsx @@ -198,6 +198,7 @@ export const EsqlQueryExpression: React.FC< detectedTimestamp={detectedTimestamp} hideRunQueryText={true} isLoading={isLoading} + editorIsInline hasOutline /> diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index fb6953bde31f7..8960e3cb69dad 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -7084,255 +7084,253 @@ "telemetry.usageCollectionConstant": "collecte de données d’utilisation", "telemetry.usageDataTitle": "Collecte de données d’utilisation", "textBasedEditor.query.textBasedLanguagesEditor.aborted": "La demande a été annulée", - "textBasedEditor.query.textBasedLanguagesEditor.aggregationFunctions": "Fonctions d'agrégation", - "textBasedEditor.query.textBasedLanguagesEditor.aggregationFunctionsDocumentationESQLDescription": "Ces fonctions peuvent être utilisées avec STATS...BY :", + "languageDocumentationPopover.documentationESQL.aggregationFunctions": "Fonctions d'agrégation", + "languageDocumentationPopover.documentationESQL.aggregationFunctionsDocumentationESQLDescription": "Ces fonctions peuvent être utilisées avec STATS...BY :", "textBasedEditor.query.textBasedLanguagesEditor.cancel": "Annuler", "textBasedEditor.query.textBasedLanguagesEditor.collapseLabel": "Réduire", - "textBasedEditor.query.textBasedLanguagesEditor.commandsDescription": "Une commande source produit un tableau, habituellement avec des données issues d'Elasticsearch. ES|QL est compatible avec les commandes sources suivantes.", + "languageDocumentationPopover.documentationESQL.commandsDescription": "Une commande source produit un tableau, habituellement avec des données issues d'Elasticsearch. ES|QL est compatible avec les commandes sources suivantes.", "textBasedEditor.query.textBasedLanguagesEditor.disableWordWrapLabel": "Supprimer les sauts de ligne des barres verticales", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.abs": "ABS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.abs.markdown": "\n\n ### ABS\n Renvoie la valeur absolue.\n\n ````\n Numéro ROW = -1.0 \n | EVAL abs_number = ABS(number)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.acos": "ACOS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.acos.markdown": "\n\n ### ACOS\n Renvoie l'arc cosinus de `n` sous forme d'angle, exprimé en radians.\n\n ````\n ROW a=.9\n | EVAL acos=ACOS(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.asin": "ASIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.asin.markdown": "\n\n ### ASIN\n Renvoie l'arc sinus de l'entrée\n expression numérique sous forme d'angle, exprimée en radians.\n\n ````\n ROW a=.9\n | EVAL asin=ASIN(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan": "ATAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan.markdown": "\n\n ### ATAN\n Renvoie l'arc tangente de l'entrée\n expression numérique sous forme d'angle, exprimée en radians.\n\n ````\n ROW a=.12.9\n | EVAL atan=ATAN(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan2": "ATAN2", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan2.markdown": "\n\n ### ATAN2\n L'angle entre l'axe positif des x et le rayon allant de\n l'origine au point (x , y) dans le plan cartésien, exprimée en radians.\n\n ````\n ROW y=12.9, x=.6\n | EVAL atan2=ATAN2(y, x)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.autoBucketFunction": "COMPARTIMENT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.autoBucketFunction.markdown": "### COMPARTIMENT\nCréer des groupes de valeurs, des compartiments (\"buckets\"), à partir d'une entrée d'un numéro ou d'un horodatage. La taille des compartiments peut être fournie directement ou choisie selon une plage de valeurs et de décompte recommandée.\n\n`BUCKET` a deux modes de fonctionnement : \n\n1. Dans lequel la taille du compartiment est calculée selon la recommandation de décompte d'un compartiment (quatre paramètres) et une plage.\n2. Dans lequel la taille du compartiment est fournie directement (deux paramètres).\n\nAvec un nombre cible de compartiments, le début d'une plage et la fin d'une plage, `BUCKET` choisit une taille de compartiment appropriée afin de générer le nombre cible de compartiments ou moins.\n\nPar exemple, demander jusqu'à 20 compartiments pour une année organisera les données en intervalles mensuels :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT hire_date\n````\n\n**REMARQUE** : Le but n'est pas de fournir le nombre précis de compartiments, mais plutôt de sélectionner une plage qui fournit, tout au plus, le nombre cible de compartiments.\n\nVous pouvez combiner `BUCKET` avec une agrégation pour créer un histogramme :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_month = COUNT(*) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT month\n````\n\n**REMARQUE** : `BUCKET` ne crée pas de compartiments qui ne correspondent à aucun document. C'est pourquoi, dans l'exemple précédent, il manque 1985-03-01 ainsi que d'autres dates.\n\nDemander d'autres compartiments peut résulter en une plage réduite. Par exemple, demander jusqu'à 100 compartiments en un an résulte en des compartiments hebdomadaires :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 100, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT week\n````\n\n**REMARQUE** : `AUTO_BUCKET` ne filtre aucune ligne. Il n'utilise que la plage fournie pour choisir une taille de compartiment appropriée. Pour les lignes dont la valeur se situe en dehors de la plage, il renvoie une valeur de compartiment qui correspond à un compartiment situé en dehors de la plage. Associez `BUCKET` à `WHERE` pour filtrer les lignes.\n\nSi la taille de compartiment désirée est connue à l'avance, fournissez-la comme second argument, en ignorant la plage :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 1 week)\n| SORT week\n````\n\n**REMARQUE** : Lorsque vous fournissez la taille du compartiment comme second argument, ce dernier doit être une période temporelle ou une durée.\n\n`BUCKET` peut également être utilisé pour des champs numériques. Par exemple, pour créer un histogramme de salaire :\n\n````\nFROM employees\n| STATS COUNT(*) by bs = BUCKET(salary, 20, 25324, 74999)\n| SORT bs\n````\n\nContrairement à l'exemple précédent qui filtre intentionnellement sur une plage temporelle, vous n'avez pas souvent besoin de filtrer sur une plage numérique. Vous devez trouver les valeurs min et max séparément. ES|QL n'a pas encore de façon aisée d'effectuer cette opération automatiquement.\n\nLa plage peut être ignorée si la taille désirée de compartiment est connue à l'avance. Fournissez-la simplement comme second argument :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS c = COUNT(1) BY b = BUCKET(salary, 5000.)\n| SORT b\n````\n\n**REMARQUE** : Lorsque vous fournissez la taille du compartiment comme second argument, elle doit être de type à **virgule flottante**.\n\nVoici un exemple sur comment créer des compartiments horaires pour les dernières 24 heures, et calculer le nombre d'événements par heure :\n\n````\nFROM sample_data\n| WHERE @timestamp >= NOW() - 1 day and @timestamp < NOW()\n| STATS COUNT(*) BY bucket = BUCKET(@timestamp, 25, NOW() - 1 day, NOW())\n````\n\nVoici un exemple permettant de créer des compartiments mensuels pour l'année 1985, et calculer le salaire moyen par mois d'embauche :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS AVG(salary) BY bucket = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT bucket\n````\n\n`BUCKET` peut être utilisé pour les parties de groupage et d'agrégation de la commande `STATS …​ BY ...`, tant que la partie d'agrégation de la fonction est **référencée par un alias défini dans la partie de groupage**, ou que celle-ci est invoquée avec exactement la même expression.\n\nPar exemple :\n\n````\nFROM employees\n| STATS s1 = b1 + 1, s2 = BUCKET(salary / 1000 + 999, 50.) + 2 BY b1 = BUCKET(salary / 100 + 99, 50.), b2 = BUCKET(salary / 1000 + 999, 50.)\n| SORT b1, b2\n| KEEP s1, b1, s2, b2\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.binaryOperators": "Opérateurs binaires", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.binaryOperators.markdown": "### Opérateurs binaires\nLes opérateurs de comparaison binaire suivants sont pris en charge :\n\n* égalité : `==`\n* inégalité : `!=`\n* inférieur à : `<`\n* inférieur ou égal à : `<=`\n* supérieur à : `>`\n* supérieur ou égal à : `>=`\n* ajouter : `+`\n* soustraire : `-`\n* multiplier par : `*`\n* diviser par : `/`\n* module : `%`\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.booleanOperators": "Opérateurs booléens", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.booleanOperators.markdown": "### Opérateurs booléens\nLes opérateurs booléens suivants sont pris en charge :\n\n* `AND`\n* `OR`\n* `NOT`\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.bucket": "COMPARTIMENT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.bucket.markdown": "\n\n ### COMPARTIMENT\n Créer des groupes de valeurs, des compartiments (\"buckets\"), à partir d'une entrée d'un numéro ou d'un horodatage.\n La taille des compartiments peut être fournie directement ou choisie selon une plage de valeurs et de décompte recommandée.\n\n ````\n FROM employees\n | WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n | STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n | SORT hire_date\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.case": "CASE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.case.markdown": "\n\n ### CAS\n Accepte les paires de conditions et de valeurs. La fonction renvoie la valeur qui\n appartient à la première condition étant évaluée comme `true`.\n\n Si le nombre d'arguments est impair, le dernier argument est la valeur par défaut qui est\n renvoyée si aucune condition ne correspond. Si le nombre d'arguments est pair, et\n qu'aucune condition ne correspond, la fonction renvoie `null`.\n\n ````\n FROM employees\n | EVAL type = CASE(\n languages <= 1, \"monolingual\",\n languages <= 2, \"bilingual\",\n \"polyglot\")\n | KEEP emp_no, languages, type\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.castOperator": "Cast (::)", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.castOperator.markdown": "### CAST (`::`)\nL'opérateur `::` fournit une syntaxe alternative pratique au type de converstion de fonction `TO_`.\n\nExemple :\n````\nROW ver = CONCAT((\"0\"::INT + 1)::STRING, \".2.3\")::VERSION\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cbrt": "CBRT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cbrt.markdown": "\n\n ### CBRT\n Renvoie la racine cubique d'un nombre. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n La racine cubique de l’infini est nulle.\n\n ````\n ROW d = 1000.0\n | EVAL c = cbrt(d)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ceil": "CEIL", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ceil.markdown": "\n\n ### CEIL\n Arrondir un nombre à l'entier supérieur.\n\n ```\n ROW a=1.8\n | EVAL a=CEIL(a)\n ```\n Remarque : Il s'agit d'un noop pour `long` (y compris non signé) et `integer`. Pour `double`, la fonction choisit la valeur `double` la plus proche de l'entier, de manière similaire à la méthode Math.ceil.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cidr_match": "CIDR_MATCH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cidr_match.markdown": "\n\n ### CIDR_MATCH\n Renvoie `true` si l'IP fournie est contenue dans l'un des blocs CIDR fournis.\n\n ````\n FROM hosts \n | WHERE CIDR_MATCH(ip1, \"127.0.0.2/32\", \"127.0.0.3/32\") \n | KEEP card, host, ip0, ip1\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.coalesce": "COALESCE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.coalesce.markdown": "\n\n ### COALESCE\n Renvoie le premier de ses arguments qui n'est pas nul. Si tous les arguments sont nuls, `null` est renvoyé.\n\n ````\n ROW a=null, b=\"b\"\n | EVAL COALESCE(a, b)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.concat": "CONCAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.concat.markdown": "\n\n ### CONCAT\n Concatène deux ou plusieurs chaînes.\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fullname = CONCAT(first_name, \" \", last_name)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cos": "COS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cos.markdown": "\n\n ### COS\n Renvoie le cosinus d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL cos=COS(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cosh": "COSH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cosh.markdown": "\n\n ### COSH\n Renvoie le cosinus hyperbolique d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL cosh=COSH(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_diff": "DATE_DIFF", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_diff.markdown": "\n\n ### DATE_DIFF\n Soustrait le `startTimestamp` du `endTimestamp` et renvoie la différence en multiples `d'unité`.\n Si `startTimestamp` est postérieur à `endTimestamp`, des valeurs négatives sont renvoyées.\n\n ````\n ROW date1 = TO_DATETIME(\"2023-12-02T11:00:00.000Z\"), date2 = TO_DATETIME(\"2023-12-02T11:00:00.001Z\")\n | EVAL dd_ms = DATE_DIFF(\"microseconds\", date1, date2)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_extract": "DATE_EXTRACT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_extract.markdown": "\n\n ### DATE_EXTRACT\n Extrait des parties d'une date, telles que l'année, le mois, le jour, l'heure.\n\n ````\n ROW date = DATE_PARSE(\"yyyy-MM-dd\", \"2022-05-06\")\n | EVAL year = DATE_EXTRACT(\"year\", date)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_format": "DATE_FORMAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_format.markdown": "\n\n ### DATE_FORMAT\n Renvoie une représentation sous forme de chaîne d'une date dans le format fourni.\n\n ````\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL hired = DATE_FORMAT(\"YYYY-MM-dd\", hire_date)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_parse": "DATE_PARSE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_parse.markdown": "\n\n ### DATE_PARSE\n Renvoie une date en analysant le deuxième argument selon le format spécifié dans le premier argument.\n\n ````\n ROW date_string = \"2022-05-06\"\n | EVAL date = DATE_PARSE(\"yyyy-MM-dd\", date_string)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_trunc": "DATE_TRUNC", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_trunc.markdown": "\n\n ### DATE_TRUNC\n Arrondit une date à l'intervalle le plus proche.\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL year_hired = DATE_TRUNC(1 year, hire_date)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.dissect": "DISSECT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.dissect.markdown": "### DISSECT\n`DISSECT` vous permet d'extraire des données structurées d'une chaîne. `DISSECT` compare la chaîne à un modèle basé sur les délimiteurs, et extrait les clés indiquées en tant que colonnes.\n\nPour obtenir la syntaxe des modèles \"dissect\", consultez [la documentation relative au processeur \"dissect\"](https://www.elastic.co/guide/en/elasticsearch/reference/current/dissect-processor.html).\n\n```\nROW a = \"1953-01-23T12:15:00Z - some text - 127.0.0.1\"\n| DISSECT a \"%'{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip}'\"\n```` ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.drop": "DROP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.drop.markdown": "### DROP\nAfin de supprimer certaines colonnes d'un tableau, utilisez `DROP` :\n \n```\nFROM employees\n| DROP height\n```\n\nPlutôt que de spécifier chaque colonne par son nom, vous pouvez utiliser des caractères génériques pour supprimer toutes les colonnes dont le nom correspond à un modèle :\n\n```\nFROM employees\n| DROP height*\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.e": "E", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.e.markdown": "\n\n ### E\n Retourne le nombre d'Euler.\n\n ````\n ROW E()\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ends_with": "ENDS_WITH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ends_with.markdown": "\n\n ### ENDS_WITH\n Renvoie une valeur booléenne qui indique si une chaîne de mots-clés se termine par une autre chaîne.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL ln_E = ENDS_WITH(last_name, \"d\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.enrich": "ENRICH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.enrich.markdown": "### ENRICH\nVous pouvez utiliser `ENRICH` pour ajouter les données de vos index existants aux enregistrements entrants. Une fonction similaire à l'[enrichissement par ingestion](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html), mais qui fonctionne au moment de la requête.\n\n```\nROW language_code = \"1\"\n| ENRICH languages_policy\n```\n\n`ENRICH` requiert l'exécution d'une [politique d'enrichissement](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-policy). La politique d'enrichissement définit un champ de correspondance (un champ clé) et un ensemble de champs d'enrichissement.\n\n`ENRICH` recherche les enregistrements dans l'[index d'enrichissement](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-index) en se basant sur la valeur du champ de correspondance. La clé de correspondance dans l'ensemble de données d'entrée peut être définie en utilisant `ON `. Si elle n'est pas spécifiée, la correspondance sera effectuée sur un champ portant le même nom que le champ de correspondance défini dans la politique d'enrichissement.\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a\n```\n\nVous pouvez indiquer quels attributs (parmi ceux définis comme champs d'enrichissement dans la politique) doivent être ajoutés au résultat, en utilisant la syntaxe `WITH , ...`.\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH language_name\n```\n\nLes attributs peuvent également être renommés à l'aide de la syntaxe `WITH new_name=`\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH name = language_name\n````\n\nPar défaut (si aucun `WITH` n'est défini), `ENRICH` ajoute au résultat tous les champs d'enrichissement définis dans la politique d'enrichissement.\n\nEn cas de collision de noms, les champs nouvellement créés remplacent les champs existants.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.eval": "EVAL", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.eval.markdown": "### EVAL\n`EVAL` permet d'ajouter des colonnes :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height_feet = height * 3.281, height_cm = height * 100\n````\n\nSi la colonne indiquée existe déjà, la colonne existante sera supprimée et la nouvelle colonne sera ajoutée au tableau :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height = height * 3.281\n````\n\n#### Fonctions\n`EVAL` prend en charge diverses fonctions de calcul des valeurs. Pour en savoir plus, consultez les fonctions.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.floor": "FLOOR", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.floor.markdown": "\n\n ### FLOOR\n Arrondir un nombre à l'entier inférieur.\n\n ````\n ROW a=1.8\n | EVAL a=FLOOR(a)\n ````\n Remarque : Il s'agit d'un noop pour `long` (y compris non signé) et `integer`.\n Pour `double`, la fonction choisit la valeur `double` la plus proche de l'entier,\n de manière similaire à Math.floor.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from": "FROM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from_base64": "FROM_BASE64", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from_base64.markdown": "\n\n ### FROM_BASE64\n Décodez une chaîne base64.\n\n ````\n row a = \"ZWxhc3RpYw==\" \n | eval d = from_base64(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from.markdown": "### FROM\nLa commande source `FROM` renvoie un tableau contenant jusqu'à 10 000 documents issus d'un flux de données, d'un index ou d'un alias. Chaque ligne du tableau obtenu correspond à un document. Chaque colonne correspond à un champ et est accessible par le nom de ce champ.\n\n````\nFROM employees\n````\n\nVous pouvez utiliser des [calculs impliquant des dates](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#api-date-math-index-names) pour désigner les indices, les alias et les flux de données. Cela peut s'avérer utile pour les données temporelles.\n\nUtilisez des listes séparées par des virgules ou des caractères génériques pour rechercher plusieurs flux de données, indices ou alias :\n\n````\nFROM employees-00001,employees-*\n````\n\n#### Métadonnées\n\nES|QL peut accéder aux champs de métadonnées suivants :\n\n* `_index` : l'index auquel appartient le document. Le champ est du type `keyword`.\n* `_id` : l'identifiant du document source. Le champ est du type `keyword`.\n* `_id` : la version du document source. Le champ est du type `long`.\n\nUtilisez la directive `METADATA` pour activer les champs de métadonnées :\n\n````\nFROM index [METADATA _index, _id]\n````\n\nLes champs de métadonnées ne sont disponibles que si la source des données est un index. Par conséquent, `FROM` est la seule commande source qui prend en charge la directive `METADATA`.\n\nUne fois activés, les champs sont disponibles pour les commandes de traitement suivantes, tout comme les autres champs de l'index :\n\n````\nFROM ul_logs, apps [METADATA _index, _version]\n| WHERE id IN (13, 14) AND _version == 1\n| EVAL key = CONCAT(_index, \"_\", TO_STR(id))\n| SORT id, _index\n| KEEP id, _index, _version, key\n````\n\nDe même, comme pour les champs d'index, une fois l'agrégation effectuée, un champ de métadonnées ne sera plus accessible aux commandes suivantes, sauf s'il est utilisé comme champ de regroupement :\n\n````\nFROM employees [METADATA _index, _id]\n| STATS max = MAX(emp_no) BY _index\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.greatest": "GREATEST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.greatest.markdown": "\n\n ### GREATEST\n Renvoie la valeur maximale de plusieurs colonnes. Similaire à `MV_MAX`\n sauf que ceci est destiné à une exécution sur plusieurs colonnes à la fois.\n\n ````\n ROW a = 10, b = 20\n | EVAL g = GREATEST(a, b)\n ````\n Remarque : Lorsque cette fonction est exécutée sur les champs `keyword` ou `text`, elle renvoie la dernière chaîne dans l'ordre alphabétique. Lorsqu'elle est exécutée sur des colonnes `boolean`, elle renvoie `true` si l'une des valeurs l'est.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.grok": "GROK", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.grok.markdown": "### GROK\n`GROK` vous permet d'extraire des données structurées d'une chaîne. `GROK` compare la chaîne à des modèles, sur la base d’expressions régulières, et extrait les modèles indiqués en tant que colonnes.\n\nPour obtenir la syntaxe des modèles \"grok\", consultez [la documentation relative au processeur \"grok\"](https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html).\n\n````\nROW a = \"12 15.5 15.6 true\"\n| GROK a \"%'{NUMBER:b:int}' %'{NUMBER:c:float}' %'{NUMBER:d:double}' %'{WORD:e:boolean}'\"\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.inOperator": "IN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.inOperator.markdown": "### IN\nL'opérateur `IN` permet de tester si un champ ou une expression est égal à un élément d'une liste de littéraux, de champs ou d'expressions :\n\n````\nROW a = 1, b = 4, c = 3\n| WHERE c-a IN (3, b / 2, a)\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ip_prefix": "IP_PREFIX", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ip_prefix.markdown": "\n\n ### IP_PREFIX\n Tronque une adresse IP à une longueur de préfixe donnée.\n\n ````\n row ip4 = to_ip(\"1.2.3.4\"), ip6 = to_ip(\"fe80::cae2:65ff:fece:feb9\")\n | eval ip4_prefix = ip_prefix(ip4, 24, 0), ip6_prefix = ip_prefix(ip6, 0, 112);\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.keep": "KEEP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.keep.markdown": "### KEEP\nLa commande `KEEP` permet de définir les colonnes qui seront renvoyées et l'ordre dans lequel elles le seront.\n\nPour limiter les colonnes retournées, utilisez une liste de noms de colonnes séparés par des virgules. Les colonnes sont renvoyées dans l'ordre indiqué :\n \n````\nFROM employees\n| KEEP first_name, last_name, height\n````\n\nPlutôt que de spécifier chaque colonne par son nom, vous pouvez utiliser des caractères génériques pour renvoyer toutes les colonnes dont le nom correspond à un modèle :\n\n````\nFROM employees\n| KEEP h*\n````\n\nLe caractère générique de l'astérisque (\"*\") placé de manière isolée transpose l'ensemble des colonnes qui ne correspondent pas aux autres arguments. La requête suivante renverra en premier lieu toutes les colonnes dont le nom commence par un h, puis toutes les autres colonnes :\n\n````\nFROM employees\n| KEEP h*, *\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.least": "LEAST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.least.markdown": "\n\n ### LEAST\n Renvoie la valeur minimale de plusieurs colonnes. Cette fonction est similaire à `MV_MIN`. Toutefois, elle est destinée à être exécutée sur plusieurs colonnes à la fois.\n\n ````\n ROW a = 10, b = 20\n | EVAL l = LEAST(a, b)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.left": "LEFT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.left.markdown": "\n\n ### LEFT\n Renvoie la sous-chaîne qui extrait la \"longueur\" des caractères de la \"chaîne\" en partant de la gauche.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL left = LEFT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.length": "LENGHT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.length.markdown": "\n\n ### LENGTH\n Renvoie la longueur des caractères d'une chaîne.\n\n ````\n FROM employees\n | KEEP first_name, last_name\n | EVAL fn_length = LENGTH(first_name)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.limit": "LIMIT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.limit.markdown": "### LIMIT\nLa commande de traitement `LIMIT` permet de restreindre le nombre de lignes :\n \n````\nFROM employees\n| LIMIT 5\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.locate": "LOCATE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.locate.markdown": "\n\n ### LOCATE\n Renvoie un entier qui indique la position d'une sous-chaîne de mots-clés dans une autre chaîne\n\n ````\n row a = \"hello\"\n | eval a_ll = locate(a, \"ll\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log": "LOG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log.markdown": "\n\n ### LOG\n Renvoie le logarithme d'une valeur dans une base. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n\n Les journaux de zéros, de nombres négatifs et de base 1 renvoient `null` ainsi qu'un avertissement.\n\n ````\n ROW base = 2.0, value = 8.0\n | EVAL s = LOG(base, value)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log10": "LOG10", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log10.markdown": "\n\n ### LOG10\n Renvoie le logarithme d'une valeur en base 10. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n\n Les logs de 0 et de nombres négatifs renvoient `null` ainsi qu'un avertissement.\n\n ````\n ROW d = 1000.0 \n | EVAL s = LOG10(d)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ltrim": "LTRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ltrim.markdown": "\n\n ### LTRIM\n Retire les espaces au début des chaînes.\n\n ````\n ROW message = \" some text \", color = \" red \"\n | EVAL message = LTRIM(message)\n | EVAL color = LTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.markdown": "## ES|QL\n\nUne requête ES|QL (langage de requête Elasticsearch) se compose d'une série de commandes, séparées par une barre verticale : `|`. Chaque requête commence par une **commande source**, qui produit un tableau, habituellement avec des données issues d'Elasticsearch. \n\nUne commande source peut être suivie d'une ou plusieurs **commandes de traitement**. Les commandes de traitement peuvent modifier le tableau de sortie de la commande précédente en ajoutant, supprimant ou modifiant les lignes et les colonnes.\n\n````\nsource-command\n| processing-command1\n| processing-command2\n````\n\nLe résultat d'une requête est le tableau produit par la dernière commande de traitement. \n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_append": "MV_APPEND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_append.markdown": "\n\n ### MV_APPEND\n Concatène les valeurs de deux champs à valeurs multiples.\n\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_avg": "MV_AVG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_avg.markdown": "\n\n ### MV_AVG\n Convertit un champ multivalué en un champ à valeur unique comprenant la moyenne de toutes les valeurs.\n\n ````\n ROW a=[3, 5, 1, 6]\n | EVAL avg_a = MV_AVG(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_concat": "MV_CONCAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_concat.markdown": "\n\n ### MV_CONCAT\n Convertit une expression de type chaîne multivalué en une colonne à valeur unique comprenant la concaténation de toutes les valeurs, séparées par un délimiteur.\n\n ````\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL j = MV_CONCAT(a, \", \")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_count": "MV_COUNT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_count.markdown": "\n\n ### MV_COUNT\n Convertit une expression multivaluée en une colonne à valeur unique comprenant le total du nombre de valeurs.\n\n ````\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL count_a = MV_COUNT(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_dedupe": "MV_DEDUPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_dedupe.markdown": "\n\n ### MV_DEDUPE\n Supprime les valeurs en doublon d'un champ multivalué.\n\n ````\n ROW a=[\"foo\", \"foo\", \"bar\", \"foo\"]\n | EVAL dedupe_a = MV_DEDUPE(a)\n ````\n Remarque : la fonction `MV_DEDUPE` est en mesure de trier les valeurs de la colonne, mais ne le fait pas systématiquement.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_first": "MV_FIRST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_first.markdown": "\n\n ### MV_FIRST\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la\n première valeur. Ceci est particulièrement utile pour lire une fonction qui émet\n des colonnes multivaluées dans un ordre connu, comme `SPLIT`.\n\n L'ordre dans lequel les champs multivalués sont lus à partir\n du stockage sous-jacent n'est pas garanti. Il est *souvent* ascendant, mais ne vous y\n fiez pas. Si vous avez besoin de la valeur minimale, utilisez `MV_MIN` au lieu de\n `MV_FIRST`. `MV_MIN` comporte des optimisations pour les valeurs triées, il n'y a donc aucun\n avantage en matière de performances pour `MV_FIRST`.\n\n ````\n ROW a=\"foo;bar;baz\"\n | EVAL first_a = MV_FIRST(SPLIT(a, \";\"))\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_last": "MV_LAST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_last.markdown": "\n\n ### MV_LAST\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la dernière\n valeur. Ceci est particulièrement utile pour lire une fonction qui émet des champs multivalués\n dans un ordre connu, comme `SPLIT`.\n\n L'ordre dans lequel les champs multivalués sont lus à partir\n du stockage sous-jacent n'est pas garanti. Il est *souvent* ascendant, mais ne vous y\n fiez pas. Si vous avez besoin de la valeur maximale, utilisez `MV_MAX` au lieu de\n `MV_LAST`. `MV_MAX` comporte des optimisations pour les valeurs triées, il n'y a donc aucun\n avantage en matière de performances pour `MV_LAST`.\n\n ````\n ROW a=\"foo;bar;baz\"\n | EVAL last_a = MV_LAST(SPLIT(a, \";\"))\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_max": "MV_MAX", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_max.markdown": "\n\n ### MV_MAX\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la valeur maximale.\n\n ````\n ROW a=[3, 5, 1]\n | EVAL max_a = MV_MAX(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_median": "MV_MEDIAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_median.markdown": "\n\n ### MV_MEDIAN\n Convertit un champ multivalué en un champ à valeur unique comprenant la valeur médiane.\n\n ````\n ROW a=[3, 5, 1]\n | EVAL median_a = MV_MEDIAN(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_min": "MV_MIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_min.markdown": "\n\n ### MV_MIN\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la valeur minimale.\n\n ````\n ROW a=[2, 1]\n | EVAL min_a = MV_MIN(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_slice": "MV_SLICE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_slice.markdown": "\n\n ### MV_SLICE\n Renvoie un sous-ensemble du champ multivalué en utilisant les valeurs d'index de début et de fin.\n\n ````\n row a = [1, 2, 2, 3]\n | eval a1 = mv_slice(a, 1), a2 = mv_slice(a, 2, 3)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sort": "MV_SORT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sort.markdown": "\n\n ### MV_SORT\n Trie une expression multivaluée par ordre lexicographique.\n\n ````\n ROW a = [4, 2, -3, 2]\n | EVAL sa = mv_sort(a), sd = mv_sort(a, \"DESC\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sum": "MV_SUM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sum.markdown": "\n\n ### MV_SUM\n Convertit un champ multivalué en un champ à valeur unique comprenant la somme de toutes les valeurs.\n\n ````\n ROW a=[3, 5, 6]\n | EVAL sum_a = MV_SUM(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_zip": "MV_ZIP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_zip.markdown": "\n\n ### MV_ZIP\n Combine les valeurs de deux champs multivalués avec un délimiteur qui les relie.\n\n ````\n ROW a = [\"x\", \"y\", \"z\"], b = [\"1\", \"2\"]\n | EVAL c = mv_zip(a, b, \"-\")\n | KEEP a, b, c\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mvExpand": "MV_EXPAND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mvExpand.markdown": "### MV_EXPAND\nLa commande de traitement `MV_EXPAND` développe les champs multivalués en indiquant une valeur par ligne et en dupliquant les autres champs : \n````\nROW a=[1,2,3], b=\"b\", j=[\"a\",\"b\"]\n| MV_EXPAND a\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.now": "NOW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.now.markdown": "\n\n ### NOW\n Renvoie la date et l'heure actuelles.\n\n ````\n ROW current_date = NOW()\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pi": "PI", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pi.markdown": "\n\n ### PI\n Renvoie Pi, le rapport entre la circonférence et le diamètre d'un cercle.\n\n ````\n ROW PI()\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pow": "POW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pow.markdown": "\n\n ### POW\n Renvoie la valeur d’une `base` élevée à la puissance d’un `exposant`.\n\n ````\n ROW base = 2.0, exponent = 2\n | EVAL result = POW(base, exponent)\n ````\n Remarque : Il est toujours possible de dépasser un résultat double ici ; dans ce cas, la valeur `null` sera renvoyée.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.predicates": "valeurs NULL", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.predicates.markdown": "### Valeurs NULL\nPour une comparaison avec une valeur NULL, utilisez les attributs `IS NULL` et `IS NOT NULL` :\n\n````\nFROM employees\n| WHERE birth_date IS NULL\n| KEEP first_name, last_name\n| SORT first_name\n| LIMIT 3\n````\n\n````\nFROM employees\n| WHERE is_rehired IS NOT NULL\n| STATS count(emp_no)\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rename": "RENAME", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rename.markdown": "### RENAME\nUtilisez `RENAME` pour renommer une colonne en utilisant la syntaxe suivante :\n\n````\nRENAME AS \n````\n\nPar exemple :\n\n````\nFROM employees\n| KEEP first_name, last_name, still_hired\n| RENAME still_hired AS employed\n````\n\nSi une colonne portant le nouveau nom existe déjà, elle sera remplacée par la nouvelle colonne.\n\nPlusieurs colonnes peuvent être renommées à l'aide d'une seule commande `RENAME` :\n\n````\nFROM employees\n| KEEP first_name, last_name\n| RENAME first_name AS fn, last_name AS ln\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.repeat": "REPEAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.repeat.markdown": "\n\n ### REPEAT\n Renvoie une chaîne construite par la concaténation de la `chaîne` avec elle-même, le `nombre` de fois spécifié.\n\n ````\n ROW a = \"Hello!\"\n | EVAL triple_a = REPEAT(a, 3);\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.replace": "REPLACE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.replace.markdown": "\n\n ### REPLACE\n La fonction remplace dans la chaîne `str` toutes les correspondances avec l'expression régulière `regex`\n par la chaîne de remplacement `newStr`.\n\n ````\n ROW str = \"Hello World\"\n | EVAL str = REPLACE(str, \"World\", \"Universe\")\n | KEEP str\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.right": "RIGHT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.right.markdown": "\n\n ### RIGHT\n Renvoie la sous-chaîne qui extrait la longueur des caractères de `str` en partant de la droite.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL right = RIGHT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.round": "ROUND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.round.markdown": "\n\n ### ROUND\n Arrondit un nombre au nombre spécifié de décimales.\n La valeur par défaut est 0, qui renvoie l'entier le plus proche. Si le\n nombre de décimales spécifié est négatif, la fonction arrondit au nombre de décimales à gauche\n de la virgule.\n\n ````\n FROM employees\n | KEEP first_name, last_name, height\n | EVAL height_ft = ROUND(height * 3.281, 1)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.row": "ROW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.row.markdown": "### ROW\nLa commande source `ROW` renvoie une ligne contenant une ou plusieurs colonnes avec les valeurs que vous spécifiez. Cette commande peut s'avérer utile pour les tests.\n \n````\nROW a = 1, b = \"two\", c = null\n````\n\nUtilisez des crochets pour créer des colonnes à valeurs multiples :\n\n````\nROW a = [2, 1]\n````\n\nROW permet d'utiliser des fonctions :\n\n````\nROW a = ROUND(1.23, 0)\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rtrim": "RTRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rtrim.markdown": "\n\n ### RTRIM\n Supprime les espaces à la fin des chaînes.\n\n ````\n ROW message = \" some text \", color = \" red \"\n | EVAL message = RTRIM(message)\n | EVAL color = RTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.show": "SHOW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.show.markdown": "### SHOW\nLa commande source `SHOW ` renvoie des informations sur le déploiement et ses capacités :\n\n* Utilisez `SHOW INFO` pour renvoyer la version du déploiement, la date de compilation et le hachage.\n* Utilisez `SHOW FUNCTIONS` pour renvoyer une liste de toutes les fonctions prises en charge et un résumé de chaque fonction.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.signum": "SIGNUM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.signum.markdown": "\n\n ### SIGNUM\n Renvoie le signe du nombre donné.\n Il renvoie `-1` pour les nombres négatifs, `0` pour `0` et `1` pour les nombres positifs.\n\n ````\n ROW d = 100.0\n | EVAL s = SIGNUM(d)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sin": "SIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sin.markdown": "\n\n ### SIN\n Renvoie la fonction trigonométrique sinusoïdale d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL sin=SIN(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sinh": "SINH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sinh.markdown": "\n\n ### SINH\n Renvoie le sinus hyperbolique d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL sinh=SINH(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sort": "SORT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sort.markdown": "### SORT\nUtilisez la commande `SORT` pour trier les lignes sur un ou plusieurs champs :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height\n````\n\nL'ordre de tri par défaut est croissant. Définissez un ordre de tri explicite en utilisant `ASC` ou `DESC` :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC\n````\n\nSi deux lignes disposent de la même clé de tri, l'ordre original sera préservé. Vous pouvez ajouter des expressions de tri pour départager les deux lignes :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC, first_name ASC\n````\n\n#### valeurs `null`\nPar défaut, les valeurs `null` sont considérées comme étant supérieures à toutes les autres valeurs. Selon un ordre de tri croissant, les valeurs `null` sont classées en dernier. Selon un ordre de tri décroissant, les valeurs `null` sont classées en premier. Pour modifier cet ordre, utilisez `NULLS FIRST` ou `NULLS LAST` :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT first_name ASC NULLS FIRST\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.split": "SPLIT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.split.markdown": "\n\n ### SPLIT\n Divise une chaîne de valeur unique en plusieurs chaînes.\n\n ````\n ROW words=\"foo;bar;baz;qux;quux;corge\"\n | EVAL word = SPLIT(words, \";\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sqrt": "SQRT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sqrt.markdown": "\n\n ### SQRT\n Renvoie la racine carrée d'un nombre. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n Les racines carrées des nombres négatifs et des infinis sont nulles.\n\n ````\n ROW d = 100.0\n | EVAL s = SQRT(d)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_contains": "ST_CONTAINS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_contains.markdown": "\n\n ### ST_CONTAINS\n Renvoie si la première géométrie contient la deuxième géométrie.\n Il s'agit de l'inverse de la fonction `ST_WITHIN`.\n\n ````\n FROM airport_city_boundaries\n | WHERE ST_CONTAINS(city_boundary, TO_GEOSHAPE(\"POLYGON((109.35 18.3, 109.45 18.3, 109.45 18.4, 109.35 18.4, 109.35 18.3))\"))\n | KEEP abbrev, airport, region, city, city_location\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_disjoint": "ST_DISJOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_disjoint.markdown": "\n\n ### ST_DISJOINT\n Renvoie si les deux géométries ou colonnes géométriques sont disjointes.\n Il s'agit de l'inverse de la fonction `ST_INTERSECTS`.\n En termes mathématiques : ST_Disjoint(A, B) ⇔ A ⋂ B = ∅\n\n ````\n FROM airport_city_boundaries\n | WHERE ST_DISJOINT(city_boundary, TO_GEOSHAPE(\"POLYGON((-10 -60, 120 -60, 120 60, -10 60, -10 -60))\"))\n | KEEP abbrev, airport, region, city, city_location\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_distance": "ST_DISTANCE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_distance.markdown": "\n\n ### ST_DISTANCE\n Calcule la distance entre deux points.\n Pour les géométries cartésiennes, c’est la distance pythagoricienne dans les mêmes unités que les coordonnées d'origine.\n Pour les géométries géographiques, c’est la distance circulaire le long du grand cercle en mètres.\n\n ````\n Aéroports FROM\n | WHERE abbrev == \"CPH\"\n | EVAL distance = ST_DISTANCE(location, city_location)\n | KEEP abbrev, name, location, city_location, distance\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_intersects": "ST_INTERSECTS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_intersects.markdown": "\n\n ### ST_INTERSECTS\n Renvoie `true` (vrai) si deux géométries se croisent.\n Elles se croisent si elles ont un point commun, y compris leurs points intérieurs\n (les points situés le long des lignes ou dans des polygones).\n Il s'agit de l'inverse de la fonction `ST_DISJOINT`.\n En termes mathématiques : ST_Intersects(A, B) ⇔ A ⋂ B ≠ ∅\n\n ````\n Aéroports FROM\n | WHERE ST_INTERSECTS(location, TO_GEOSHAPE(\"POLYGON((42 14, 43 14, 43 15, 42 15, 42 14))\"))\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_within": "ST_WITHIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_within.markdown": "\n\n ### ST_WITHIN\n Renvoie si la première géométrie est à l'intérieur de la deuxième géométrie.\n Il s'agit de l'inverse de la fonction `ST_CONTAINS`.\n\n ````\n FROM airport_city_boundaries\n | WHERE ST_WITHIN(city_boundary, TO_GEOSHAPE(\"POLYGON((109.1 18.15, 109.6 18.15, 109.6 18.65, 109.1 18.65, 109.1 18.15))\"))\n | KEEP abbrev, airport, region, city, city_location\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_x": "ST_X", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_x.markdown": "\n\n ### ST_X\n Extrait la coordonnée `x` du point fourni.\n Si les points sont de type `geo_point`, cela revient à extraire la valeur de la `longitude`.\n\n ````\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_y": "ST_Y", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_y.markdown": "\n\n ### ST_Y\n Extrait la coordonnée `y` du point fourni.\n Si les points sont de type `geo_point`, cela revient à extraire la valeur de la `latitude`.\n\n ````\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.starts_with": "STARTS_WITH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.starts_with.markdown": "\n\n ### STARTS_WITH\n Renvoie un booléen qui indique si une chaîne de mot-clés débute par une autre chaîne.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL ln_S = STARTS_WITH(last_name, \"B\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.statsby": "STATS ... BY", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.statsby.markdown": "### STATS ... BY\nUtilisez `STATS ... BY` pour regrouper les lignes en fonction d'une valeur commune et calculer une ou plusieurs valeurs agrégées sur les lignes regroupées.\n\n**Exemples** :\n\n````\nFROM employees\n| STATS count = COUNT(emp_no) BY languages\n| SORT languages\n````\n\nSi `BY` est omis, le tableau de sortie contient exactement une ligne avec les agrégations appliquées sur l'ensemble des données :\n\n````\nFROM employees\n| STATS avg_lang = AVG(languages)\n````\n\nIl est possible de calculer plusieurs valeurs :\n\n````\nFROM employees\n| STATS avg_lang = AVG(languages), max_lang = MAX(languages)\n````\n\nIl est également possible d'effectuer des regroupements en fonction de plusieurs valeurs (uniquement pour les champs longs et les champs de la famille de mots-clés) :\n\n````\nFROM employees\n| EVAL hired = DATE_FORMAT(hire_date, \"YYYY\")\n| STATS avg_salary = AVG(salary) BY hired, languages.long\n| EVAL avg_salary = ROUND(avg_salary)\n| SORT hired, languages.long\n````\n\nConsultez la rubrique **Fonctions d'agrégation** pour obtenir la liste des fonctions pouvant être utilisées avec `STATS ... BY`.\n\nLes fonctions d'agrégation et les expressions de regroupement acceptent toutes deux d'autres fonctions. Ceci est utile pour utiliser `STATS...BY` sur des colonnes à valeur multiple. Par exemple, pour calculer l'évolution moyenne du salaire, vous pouvez utiliser `MV_AVG` pour faire la moyenne des multiples valeurs par employé, et utiliser le résultat avec la fonction `AVG` :\n\n````\nFROM employees\n| STATS avg_salary_change = AVG(MV_AVG(salary_change))\n````\n\nLe regroupement par expression est par exemple le regroupement des employés en fonction de la première lettre de leur nom de famille :\n\n````\nFROM employees\n| STATS my_count = COUNT() BY LEFT(last_name, 1)\n| SORT \"LEFT(last_name, 1)\"\n````\n\nIl n'est pas obligatoire d'indiquer le nom de la colonne de sortie. S'il n'est pas spécifié, le nouveau nom de la colonne est égal à l'expression. La requête suivante renvoie une colonne appelée `AVG(salary)` :\n\n````\nFROM employees\n| STATS AVG(salary)\n````\n\nComme ce nom contient des caractères spéciaux, il doit être placé entre deux caractères (`) lorsqu'il est utilisé dans des commandes suivantes :\n\n````\nFROM employees\n| STATS AVG(salary)\n| EVAL avg_salary_rounded = ROUND(\"AVG(salary)\")\n````\n\n**Remarque** : `STATS` sans aucun groupe est beaucoup plus rapide que l'ajout d'un groupe.\n\n**Remarque** : Le regroupement sur une seule expression est actuellement beaucoup plus optimisé que le regroupement sur plusieurs expressions.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.stringOperators": "LIKE et RLIKE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.stringOperators.markdown": "### LIKE et RLIKE\nPour comparer des chaînes en utilisant des caractères génériques ou des expressions régulières, utilisez `LIKE` ou `RLIKE` :\n\nUtilisez `LIKE` pour faire correspondre des chaînes à l'aide de caractères génériques. Les caractères génériques suivants sont pris en charge :\n\n* `*` correspond à zéro caractère ou plus.\n* `?` correspond à un seul caractère.\n\n````\nFROM employees\n| WHERE first_name LIKE \"?b*\"\n| KEEP first_name, last_name\n````\n\nUtilisez `RLIKE` pour faire correspondre des chaînes à l'aide d'expressions régulières :\n\n````\nFROM employees\n| WHERE first_name RLIKE \".leja.*\"\n| KEEP first_name, last_name\n````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.substring": "SUBSTRING", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.substring.markdown": "\n\n ### SUBSTRING\n Renvoie la sous-chaîne d'une chaîne, délimitée en fonction d'une position de départ et d'une longueur facultative\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL ln_sub = SUBSTRING(last_name, 1, 3)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tan": "TAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tan.markdown": "\n\n ### TAN\n Renvoie la fonction trigonométrique Tangente d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL tan=TAN(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tanh": "TANH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tanh.markdown": "\n\n ### TANH\n Renvoie la fonction hyperbolique Tangente d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL tanh=TANH(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tau": "TAU", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tau.markdown": "\n\n ### TAU\n Renvoie le rapport entre la circonférence et le rayon d'un cercle.\n\n ````\n ROW TAU()\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_base64": "TO_BASE64", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_base64.markdown": "\n\n ### TO_BASE64\n Encode une chaîne en chaîne base64.\n\n ````\n row a = \"elastic\" \n | eval e = to_base64(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_boolean": "TO_BOOLEAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_boolean.markdown": "\n\n ### TO_BOOLEAN\n Convertit une valeur d'entrée en une valeur booléenne.\n Une chaîne de valeur *true* sera convertie, sans tenir compte de la casse, en une valeur booléenne *true*.\n Pour toute autre valeur, y compris une chaîne vide, la fonction renverra *false*.\n La valeur numérique *0* sera convertie en *false*, toute autre valeur sera convertie en *true*.\n\n ````\n ROW str = [\"true\", \"TRuE\", \"false\", \"\", \"yes\", \"1\"]\n | EVAL bool = TO_BOOLEAN(str)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianpoint": "TO_CARTESIANPOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianpoint.markdown": "\n\n ### TO_CARTESIANPOINT\n Convertit la valeur d'une entrée en une valeur `cartesian_point`.\n Une chaîne ne sera convertie que si elle respecte le format WKT Point.\n\n ````\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POINT(7580.93 2272.77)\"]\n | MV_EXPAND wkt\n | EVAL pt = TO_CARTESIANPOINT(wkt)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianshape": "TO_CARTESIANSHAPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianshape.markdown": "\n\n ### TO_CARTESIANSHAPE\n Convertit une valeur d'entrée en une valeur `cartesian_shape`.\n Une chaîne ne sera convertie que si elle respecte le format WKT.\n\n ````\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POLYGON ((3339584.72 1118889.97, 4452779.63 4865942.27, 2226389.81 4865942.27, 1113194.90 2273030.92, 3339584.72 1118889.97))\"]\n | MV_EXPAND wkt\n | EVAL geom = TO_CARTESIANSHAPE(wkt)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_datetime": "TO_DATETIME", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_datetime.markdown": "\n\n ### TO_DATETIME\n Convertit une valeur d'entrée en une valeur de date.\n Une chaîne ne sera convertie que si elle respecte le format `yyyy-MM-dd'T'HH:mm:ss.SSS'Z'`.\n Pour convertir des dates vers d'autres formats, utilisez `DATE_PARSE`.\n\n ````\n ROW string = [\"1953-09-02T00:00:00.000Z\", \"1964-06-02T00:00:00.000Z\", \"1964-06-02 00:00:00\"]\n | EVAL datetime = TO_DATETIME(string)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_degrees": "TO_DEGREES", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_degrees.markdown": "\n\n ### TO_DEGREES\n Convertit un nombre en radians en degrés.\n\n ````\n ROW rad = [1.57, 3.14, 4.71]\n | EVAL deg = TO_DEGREES(rad)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_double": "TO_DOUBLE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_double.markdown": "\n\n ### TO_DOUBLE\n Convertit une valeur d'entrée en une valeur double. Si le paramètre d'entrée est de type date,\n sa valeur sera interprétée en millisecondes depuis l'heure Unix,\n convertie en double. Le booléen *true* sera converti en double *1.0*, et *false* en *0.0*.\n\n ````\n ROW str1 = \"5.20128E11\", str2 = \"foo\"\n | EVAL dbl = TO_DOUBLE(\"520128000000\"), dbl1 = TO_DOUBLE(str1), dbl2 = TO_DOUBLE(str2)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geopoint": "TO_GEOPOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geopoint.markdown": "\n\n ### TO_GEOPOINT\n Convertit une valeur d'entrée en une valeur `geo_point`.\n Une chaîne ne sera convertie que si elle respecte le format WKT Point.\n\n ````\n ROW wkt = \"POINT(42.97109630194 14.7552534413725)\"\n | EVAL pt = TO_GEOPOINT(wkt)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geoshape": "TO_GEOSHAPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geoshape.markdown": "\n\n ### TO_GEOSHAPE\n Convertit une valeur d'entrée en une valeur `geo_shape`.\n Une chaîne ne sera convertie que si elle respecte le format WKT.\n\n ````\n ROW wkt = \"POLYGON ((30 10, 40 40, 20 40, 10 20, 30 10))\"\n | EVAL geom = TO_GEOSHAPE(wkt)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_integer": "TO_INTEGER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_integer.markdown": "\n\n ### TO_INTEGER\n Convertit une valeur d'entrée en une valeur entière.\n Si le paramètre d'entrée est de type date, sa valeur sera interprétée en millisecondes\n depuis l'heure Unix, convertie en entier.\n Le booléen *true* sera converti en entier *1*, et *false* en *0*.\n\n ````\n ROW long = [5013792, 2147483647, 501379200000]\n | EVAL int = TO_INTEGER(long)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_ip": "TO_IP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_ip.markdown": "\n\n ### TO_IP\n Convertit une chaîne d'entrée en valeur IP.\n\n ````\n ROW str1 = \"1.1.1.1\", str2 = \"foo\"\n | EVAL ip1 = TO_IP(str1), ip2 = TO_IP(str2)\n | WHERE CIDR_MATCH(ip1, \"1.0.0.0/8\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_long": "TO_LONG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_long.markdown": "\n\n ### TO_LONG\n Convertit une valeur d'entrée en une valeur longue. Si le paramètre d'entrée est de type date,\n sa valeur sera interprétée en millisecondes depuis l'heure Unix, convertie en valeur longue.\n Le booléen *true* sera converti en valeur longue *1*, et *false* en *0*.\n\n ````\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_LONG(str1), long2 = TO_LONG(str2), long3 = TO_LONG(str3)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_lower": "TO_LOWER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_lower.markdown": "\n\n ### TO_LOWER\n Renvoie une nouvelle chaîne représentant la chaîne d'entrée convertie en minuscules.\n\n ````\n ROW message = \"Some Text\"\n | EVAL message_lower = TO_LOWER(message)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_radians": "TO_RADIANS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_radians.markdown": "\n\n ### TO_RADIANS\n Convertit un nombre en degrés en radians.\n\n ````\n ROW deg = [90.0, 180.0, 270.0]\n | EVAL rad = TO_RADIANS(deg)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_string": "TO_STRING", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_string.markdown": "\n\n ### TO_STRING\n Convertit une valeur d'entrée en une chaîne.\n\n ````\n ROW a=10\n | EVAL j = TO_STRING(a)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_unsigned_long": "TO_UNSIGNED_LONG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_unsigned_long.markdown": "\n\n ### TO_UNSIGNED_LONG\n Convertit une valeur d'entrée en une valeur longue non signée. Si le paramètre d'entrée est de type date,\n sa valeur sera interprétée en millisecondes depuis l'heure Unix, convertie en valeur longue non signée.\n Le booléen *true* sera converti en valeur longue non signée *1*, et *false* en *0*.\n\n ````\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_UNSIGNED_LONG(str1), long2 = TO_ULONG(str2), long3 = TO_UL(str3)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_upper": "TO_UPPER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_upper.markdown": "\n\n ### TO_UPPER\n Renvoie une nouvelle chaîne représentant la chaîne d'entrée convertie en majuscules.\n\n ````\n ROW message = \"Some Text\"\n | EVAL message_upper = TO_UPPER(message)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_version": "TO_VERSION", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_version.markdown": "\n\n ### TO_VERSION\n Convertit une chaîne d'entrée en une valeur de version.\n\n ````\n ROW v = TO_VERSION(\"1.2.3\")\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.trim": "TRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.trim.markdown": "\n\n ### TRIM\n Supprime les espaces de début et de fin d'une chaîne.\n\n ````\n ROW message = \" some text \", color = \" red \"\n | EVAL message = TRIM(message)\n | EVAL color = TRIM(color)\n ````\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.where": "WHERE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.where.markdown": "### WHERE\nUtilisez `WHERE` afin d'obtenir un tableau qui comprend toutes les lignes du tableau d'entrée pour lesquelles la condition fournie est évaluée à `true` :\n \n````\nFROM employees\n| KEEP first_name, last_name, still_hired\n| WHERE still_hired == true\n````\n\n#### Opérateurs\n\nPour obtenir un aperçu des opérateurs pris en charge, consultez la section **Opérateurs**.\n\n#### Fonctions\n`WHERE` prend en charge diverses fonctions de calcul des valeurs. Pour en savoir plus, consultez la section **Fonctions**.\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationLabel": "Documentation", + "languageDocumentationPopover.documentationESQL.abs": "ABS", + "languageDocumentationPopover.documentationESQL.abs.markdown": "\n\n ### ABS\n Renvoie la valeur absolue.\n\n ````\n Numéro ROW = -1.0 \n | EVAL abs_number = ABS(number)\n ````\n ", + "languageDocumentationPopover.documentationESQL.acos": "ACOS", + "languageDocumentationPopover.documentationESQL.acos.markdown": "\n\n ### ACOS\n Renvoie l'arc cosinus de `n` sous forme d'angle, exprimé en radians.\n\n ````\n ROW a=.9\n | EVAL acos=ACOS(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.asin": "ASIN", + "languageDocumentationPopover.documentationESQL.asin.markdown": "\n\n ### ASIN\n Renvoie l'arc sinus de l'entrée\n expression numérique sous forme d'angle, exprimée en radians.\n\n ````\n ROW a=.9\n | EVAL asin=ASIN(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.atan": "ATAN", + "languageDocumentationPopover.documentationESQL.atan.markdown": "\n\n ### ATAN\n Renvoie l'arc tangente de l'entrée\n expression numérique sous forme d'angle, exprimée en radians.\n\n ````\n ROW a=.12.9\n | EVAL atan=ATAN(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.atan2": "ATAN2", + "languageDocumentationPopover.documentationESQL.atan2.markdown": "\n\n ### ATAN2\n L'angle entre l'axe positif des x et le rayon allant de\n l'origine au point (x , y) dans le plan cartésien, exprimée en radians.\n\n ````\n ROW y=12.9, x=.6\n | EVAL atan2=ATAN2(y, x)\n ````\n ", + "languageDocumentationPopover.documentationESQL.autoBucketFunction": "COMPARTIMENT", + "languageDocumentationPopover.documentationESQL.autoBucketFunction.markdown": "### COMPARTIMENT\nCréer des groupes de valeurs, des compartiments (\"buckets\"), à partir d'une entrée d'un numéro ou d'un horodatage. La taille des compartiments peut être fournie directement ou choisie selon une plage de valeurs et de décompte recommandée.\n\n`BUCKET` a deux modes de fonctionnement : \n\n1. Dans lequel la taille du compartiment est calculée selon la recommandation de décompte d'un compartiment (quatre paramètres) et une plage.\n2. Dans lequel la taille du compartiment est fournie directement (deux paramètres).\n\nAvec un nombre cible de compartiments, le début d'une plage et la fin d'une plage, `BUCKET` choisit une taille de compartiment appropriée afin de générer le nombre cible de compartiments ou moins.\n\nPar exemple, demander jusqu'à 20 compartiments pour une année organisera les données en intervalles mensuels :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT hire_date\n````\n\n**REMARQUE** : Le but n'est pas de fournir le nombre précis de compartiments, mais plutôt de sélectionner une plage qui fournit, tout au plus, le nombre cible de compartiments.\n\nVous pouvez combiner `BUCKET` avec une agrégation pour créer un histogramme :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_month = COUNT(*) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT month\n````\n\n**REMARQUE** : `BUCKET` ne crée pas de compartiments qui ne correspondent à aucun document. C'est pourquoi, dans l'exemple précédent, il manque 1985-03-01 ainsi que d'autres dates.\n\nDemander d'autres compartiments peut résulter en une plage réduite. Par exemple, demander jusqu'à 100 compartiments en un an résulte en des compartiments hebdomadaires :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 100, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT week\n````\n\n**REMARQUE** : `AUTO_BUCKET` ne filtre aucune ligne. Il n'utilise que la plage fournie pour choisir une taille de compartiment appropriée. Pour les lignes dont la valeur se situe en dehors de la plage, il renvoie une valeur de compartiment qui correspond à un compartiment situé en dehors de la plage. Associez `BUCKET` à `WHERE` pour filtrer les lignes.\n\nSi la taille de compartiment désirée est connue à l'avance, fournissez-la comme second argument, en ignorant la plage :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 1 week)\n| SORT week\n````\n\n**REMARQUE** : Lorsque vous fournissez la taille du compartiment comme second argument, ce dernier doit être une période temporelle ou une durée.\n\n`BUCKET` peut également être utilisé pour des champs numériques. Par exemple, pour créer un histogramme de salaire :\n\n````\nFROM employees\n| STATS COUNT(*) by bs = BUCKET(salary, 20, 25324, 74999)\n| SORT bs\n````\n\nContrairement à l'exemple précédent qui filtre intentionnellement sur une plage temporelle, vous n'avez pas souvent besoin de filtrer sur une plage numérique. Vous devez trouver les valeurs min et max séparément. ES|QL n'a pas encore de façon aisée d'effectuer cette opération automatiquement.\n\nLa plage peut être ignorée si la taille désirée de compartiment est connue à l'avance. Fournissez-la simplement comme second argument :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS c = COUNT(1) BY b = BUCKET(salary, 5000.)\n| SORT b\n````\n\n**REMARQUE** : Lorsque vous fournissez la taille du compartiment comme second argument, elle doit être de type à **virgule flottante**.\n\nVoici un exemple sur comment créer des compartiments horaires pour les dernières 24 heures, et calculer le nombre d'événements par heure :\n\n````\nFROM sample_data\n| WHERE @timestamp >= NOW() - 1 day and @timestamp < NOW()\n| STATS COUNT(*) BY bucket = BUCKET(@timestamp, 25, NOW() - 1 day, NOW())\n````\n\nVoici un exemple permettant de créer des compartiments mensuels pour l'année 1985, et calculer le salaire moyen par mois d'embauche :\n\n````\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS AVG(salary) BY bucket = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT bucket\n````\n\n`BUCKET` peut être utilisé pour les parties de groupage et d'agrégation de la commande `STATS …​ BY ...`, tant que la partie d'agrégation de la fonction est **référencée par un alias défini dans la partie de groupage**, ou que celle-ci est invoquée avec exactement la même expression.\n\nPar exemple :\n\n````\nFROM employees\n| STATS s1 = b1 + 1, s2 = BUCKET(salary / 1000 + 999, 50.) + 2 BY b1 = BUCKET(salary / 100 + 99, 50.), b2 = BUCKET(salary / 1000 + 999, 50.)\n| SORT b1, b2\n| KEEP s1, b1, s2, b2\n````\n ", + "languageDocumentationPopover.documentationESQL.binaryOperators": "Opérateurs binaires", + "languageDocumentationPopover.documentationESQL.binaryOperators.markdown": "### Opérateurs binaires\nLes opérateurs de comparaison binaire suivants sont pris en charge :\n\n* égalité : `==`\n* inégalité : `!=`\n* inférieur à : `<`\n* inférieur ou égal à : `<=`\n* supérieur à : `>`\n* supérieur ou égal à : `>=`\n* ajouter : `+`\n* soustraire : `-`\n* multiplier par : `*`\n* diviser par : `/`\n* module : `%`\n ", + "languageDocumentationPopover.documentationESQL.booleanOperators": "Opérateurs booléens", + "languageDocumentationPopover.documentationESQL.booleanOperators.markdown": "### Opérateurs booléens\nLes opérateurs booléens suivants sont pris en charge :\n\n* `AND`\n* `OR`\n* `NOT`\n ", + "languageDocumentationPopover.documentationESQL.bucket": "COMPARTIMENT", + "languageDocumentationPopover.documentationESQL.bucket.markdown": "\n\n ### COMPARTIMENT\n Créer des groupes de valeurs, des compartiments (\"buckets\"), à partir d'une entrée d'un numéro ou d'un horodatage.\n La taille des compartiments peut être fournie directement ou choisie selon une plage de valeurs et de décompte recommandée.\n\n ````\n FROM employees\n | WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n | STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n | SORT hire_date\n ````\n ", + "languageDocumentationPopover.documentationESQL.case": "CASE", + "languageDocumentationPopover.documentationESQL.case.markdown": "\n\n ### CAS\n Accepte les paires de conditions et de valeurs. La fonction renvoie la valeur qui\n appartient à la première condition étant évaluée comme `true`.\n\n Si le nombre d'arguments est impair, le dernier argument est la valeur par défaut qui est\n renvoyée si aucune condition ne correspond. Si le nombre d'arguments est pair, et\n qu'aucune condition ne correspond, la fonction renvoie `null`.\n\n ````\n FROM employees\n | EVAL type = CASE(\n languages <= 1, \"monolingual\",\n languages <= 2, \"bilingual\",\n \"polyglot\")\n | KEEP emp_no, languages, type\n ````\n ", + "languageDocumentationPopover.documentationESQL.castOperator": "Cast (::)", + "languageDocumentationPopover.documentationESQL.castOperator.markdown": "### CAST (`::`)\nL'opérateur `::` fournit une syntaxe alternative pratique au type de converstion de fonction `TO_`.\n\nExemple :\n````\nROW ver = CONCAT((\"0\"::INT + 1)::STRING, \".2.3\")::VERSION\n````\n ", + "languageDocumentationPopover.documentationESQL.cbrt": "CBRT", + "languageDocumentationPopover.documentationESQL.cbrt.markdown": "\n\n ### CBRT\n Renvoie la racine cubique d'un nombre. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n La racine cubique de l’infini est nulle.\n\n ````\n ROW d = 1000.0\n | EVAL c = cbrt(d)\n ````\n ", + "languageDocumentationPopover.documentationESQL.ceil": "CEIL", + "languageDocumentationPopover.documentationESQL.ceil.markdown": "\n\n ### CEIL\n Arrondir un nombre à l'entier supérieur.\n\n ```\n ROW a=1.8\n | EVAL a=CEIL(a)\n ```\n Remarque : Il s'agit d'un noop pour `long` (y compris non signé) et `integer`. Pour `double`, la fonction choisit la valeur `double` la plus proche de l'entier, de manière similaire à la méthode Math.ceil.\n ", + "languageDocumentationPopover.documentationESQL.cidr_match": "CIDR_MATCH", + "languageDocumentationPopover.documentationESQL.cidr_match.markdown": "\n\n ### CIDR_MATCH\n Renvoie `true` si l'IP fournie est contenue dans l'un des blocs CIDR fournis.\n\n ````\n FROM hosts \n | WHERE CIDR_MATCH(ip1, \"127.0.0.2/32\", \"127.0.0.3/32\") \n | KEEP card, host, ip0, ip1\n ````\n ", + "languageDocumentationPopover.documentationESQL.coalesce": "COALESCE", + "languageDocumentationPopover.documentationESQL.coalesce.markdown": "\n\n ### COALESCE\n Renvoie le premier de ses arguments qui n'est pas nul. Si tous les arguments sont nuls, `null` est renvoyé.\n\n ````\n ROW a=null, b=\"b\"\n | EVAL COALESCE(a, b)\n ````\n ", + "languageDocumentationPopover.documentationESQL.concat": "CONCAT", + "languageDocumentationPopover.documentationESQL.concat.markdown": "\n\n ### CONCAT\n Concatène deux ou plusieurs chaînes.\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fullname = CONCAT(first_name, \" \", last_name)\n ````\n ", + "languageDocumentationPopover.documentationESQL.cos": "COS", + "languageDocumentationPopover.documentationESQL.cos.markdown": "\n\n ### COS\n Renvoie le cosinus d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL cos=COS(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.cosh": "COSH", + "languageDocumentationPopover.documentationESQL.cosh.markdown": "\n\n ### COSH\n Renvoie le cosinus hyperbolique d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL cosh=COSH(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_diff": "DATE_DIFF", + "languageDocumentationPopover.documentationESQL.date_diff.markdown": "\n\n ### DATE_DIFF\n Soustrait le `startTimestamp` du `endTimestamp` et renvoie la différence en multiples `d'unité`.\n Si `startTimestamp` est postérieur à `endTimestamp`, des valeurs négatives sont renvoyées.\n\n ````\n ROW date1 = TO_DATETIME(\"2023-12-02T11:00:00.000Z\"), date2 = TO_DATETIME(\"2023-12-02T11:00:00.001Z\")\n | EVAL dd_ms = DATE_DIFF(\"microseconds\", date1, date2)\n ````\n ", + "languageDocumentationPopover.documentationESQL.date_extract": "DATE_EXTRACT", + "languageDocumentationPopover.documentationESQL.date_extract.markdown": "\n\n ### DATE_EXTRACT\n Extrait des parties d'une date, telles que l'année, le mois, le jour, l'heure.\n\n ````\n ROW date = DATE_PARSE(\"yyyy-MM-dd\", \"2022-05-06\")\n | EVAL year = DATE_EXTRACT(\"year\", date)\n ````\n ", + "languageDocumentationPopover.documentationESQL.date_format": "DATE_FORMAT", + "languageDocumentationPopover.documentationESQL.date_format.markdown": "\n\n ### DATE_FORMAT\n Renvoie une représentation sous forme de chaîne d'une date dans le format fourni.\n\n ````\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL hired = DATE_FORMAT(\"YYYY-MM-dd\", hire_date)\n ````\n ", + "languageDocumentationPopover.documentationESQL.date_parse": "DATE_PARSE", + "languageDocumentationPopover.documentationESQL.date_parse.markdown": "\n\n ### DATE_PARSE\n Renvoie une date en analysant le deuxième argument selon le format spécifié dans le premier argument.\n\n ````\n ROW date_string = \"2022-05-06\"\n | EVAL date = DATE_PARSE(\"yyyy-MM-dd\", date_string)\n ````\n ", + "languageDocumentationPopover.documentationESQL.date_trunc": "DATE_TRUNC", + "languageDocumentationPopover.documentationESQL.date_trunc.markdown": "\n\n ### DATE_TRUNC\n Arrondit une date à l'intervalle le plus proche.\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL year_hired = DATE_TRUNC(1 year, hire_date)\n ````\n ", + "languageDocumentationPopover.documentationESQL.dissect": "DISSECT", + "languageDocumentationPopover.documentationESQL.dissect.markdown": "### DISSECT\n`DISSECT` vous permet d'extraire des données structurées d'une chaîne. `DISSECT` compare la chaîne à un modèle basé sur les délimiteurs, et extrait les clés indiquées en tant que colonnes.\n\nPour obtenir la syntaxe des modèles \"dissect\", consultez [la documentation relative au processeur \"dissect\"](https://www.elastic.co/guide/en/elasticsearch/reference/current/dissect-processor.html).\n\n```\nROW a = \"1953-01-23T12:15:00Z - some text - 127.0.0.1\"\n| DISSECT a \"%'{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip}'\"\n```` ", + "languageDocumentationPopover.documentationESQL.drop": "DROP", + "languageDocumentationPopover.documentationESQL.drop.markdown": "### DROP\nAfin de supprimer certaines colonnes d'un tableau, utilisez `DROP` :\n \n```\nFROM employees\n| DROP height\n```\n\nPlutôt que de spécifier chaque colonne par son nom, vous pouvez utiliser des caractères génériques pour supprimer toutes les colonnes dont le nom correspond à un modèle :\n\n```\nFROM employees\n| DROP height*\n````\n ", + "languageDocumentationPopover.documentationESQL.e": "E", + "languageDocumentationPopover.documentationESQL.e.markdown": "\n\n ### E\n Retourne le nombre d'Euler.\n\n ````\n ROW E()\n ````\n ", + "languageDocumentationPopover.documentationESQL.ends_with": "ENDS_WITH", + "languageDocumentationPopover.documentationESQL.ends_with.markdown": "\n\n ### ENDS_WITH\n Renvoie une valeur booléenne qui indique si une chaîne de mots-clés se termine par une autre chaîne.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL ln_E = ENDS_WITH(last_name, \"d\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.enrich": "ENRICH", + "languageDocumentationPopover.documentationESQL.enrich.markdown": "### ENRICH\nVous pouvez utiliser `ENRICH` pour ajouter les données de vos index existants aux enregistrements entrants. Une fonction similaire à l'[enrichissement par ingestion](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html), mais qui fonctionne au moment de la requête.\n\n```\nROW language_code = \"1\"\n| ENRICH languages_policy\n```\n\n`ENRICH` requiert l'exécution d'une [politique d'enrichissement](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-policy). La politique d'enrichissement définit un champ de correspondance (un champ clé) et un ensemble de champs d'enrichissement.\n\n`ENRICH` recherche les enregistrements dans l'[index d'enrichissement](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-index) en se basant sur la valeur du champ de correspondance. La clé de correspondance dans l'ensemble de données d'entrée peut être définie en utilisant `ON `. Si elle n'est pas spécifiée, la correspondance sera effectuée sur un champ portant le même nom que le champ de correspondance défini dans la politique d'enrichissement.\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a\n```\n\nVous pouvez indiquer quels attributs (parmi ceux définis comme champs d'enrichissement dans la politique) doivent être ajoutés au résultat, en utilisant la syntaxe `WITH , ...`.\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH language_name\n```\n\nLes attributs peuvent également être renommés à l'aide de la syntaxe `WITH new_name=`\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH name = language_name\n````\n\nPar défaut (si aucun `WITH` n'est défini), `ENRICH` ajoute au résultat tous les champs d'enrichissement définis dans la politique d'enrichissement.\n\nEn cas de collision de noms, les champs nouvellement créés remplacent les champs existants.\n ", + "languageDocumentationPopover.documentationESQL.eval": "EVAL", + "languageDocumentationPopover.documentationESQL.eval.markdown": "### EVAL\n`EVAL` permet d'ajouter des colonnes :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height_feet = height * 3.281, height_cm = height * 100\n````\n\nSi la colonne indiquée existe déjà, la colonne existante sera supprimée et la nouvelle colonne sera ajoutée au tableau :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height = height * 3.281\n````\n\n#### Fonctions\n`EVAL` prend en charge diverses fonctions de calcul des valeurs. Pour en savoir plus, consultez les fonctions.\n ", + "languageDocumentationPopover.documentationESQL.floor": "FLOOR", + "languageDocumentationPopover.documentationESQL.floor.markdown": "\n\n ### FLOOR\n Arrondir un nombre à l'entier inférieur.\n\n ````\n ROW a=1.8\n | EVAL a=FLOOR(a)\n ````\n Remarque : Il s'agit d'un noop pour `long` (y compris non signé) et `integer`.\n Pour `double`, la fonction choisit la valeur `double` la plus proche de l'entier,\n de manière similaire à Math.floor.\n ", + "languageDocumentationPopover.documentationESQL.from": "FROM", + "languageDocumentationPopover.documentationESQL.from_base64": "FROM_BASE64", + "languageDocumentationPopover.documentationESQL.from_base64.markdown": "\n\n ### FROM_BASE64\n Décodez une chaîne base64.\n\n ````\n row a = \"ZWxhc3RpYw==\" \n | eval d = from_base64(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.from.markdown": "### FROM\nLa commande source `FROM` renvoie un tableau contenant jusqu'à 10 000 documents issus d'un flux de données, d'un index ou d'un alias. Chaque ligne du tableau obtenu correspond à un document. Chaque colonne correspond à un champ et est accessible par le nom de ce champ.\n\n````\nFROM employees\n````\n\nVous pouvez utiliser des [calculs impliquant des dates](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#api-date-math-index-names) pour désigner les indices, les alias et les flux de données. Cela peut s'avérer utile pour les données temporelles.\n\nUtilisez des listes séparées par des virgules ou des caractères génériques pour rechercher plusieurs flux de données, indices ou alias :\n\n````\nFROM employees-00001,employees-*\n````\n\n#### Métadonnées\n\nES|QL peut accéder aux champs de métadonnées suivants :\n\n* `_index` : l'index auquel appartient le document. Le champ est du type `keyword`.\n* `_id` : l'identifiant du document source. Le champ est du type `keyword`.\n* `_id` : la version du document source. Le champ est du type `long`.\n\nUtilisez la directive `METADATA` pour activer les champs de métadonnées :\n\n````\nFROM index [METADATA _index, _id]\n````\n\nLes champs de métadonnées ne sont disponibles que si la source des données est un index. Par conséquent, `FROM` est la seule commande source qui prend en charge la directive `METADATA`.\n\nUne fois activés, les champs sont disponibles pour les commandes de traitement suivantes, tout comme les autres champs de l'index :\n\n````\nFROM ul_logs, apps [METADATA _index, _version]\n| WHERE id IN (13, 14) AND _version == 1\n| EVAL key = CONCAT(_index, \"_\", TO_STR(id))\n| SORT id, _index\n| KEEP id, _index, _version, key\n````\n\nDe même, comme pour les champs d'index, une fois l'agrégation effectuée, un champ de métadonnées ne sera plus accessible aux commandes suivantes, sauf s'il est utilisé comme champ de regroupement :\n\n````\nFROM employees [METADATA _index, _id]\n| STATS max = MAX(emp_no) BY _index\n````\n ", + "languageDocumentationPopover.documentationESQL.greatest": "GREATEST", + "languageDocumentationPopover.documentationESQL.greatest.markdown": "\n\n ### GREATEST\n Renvoie la valeur maximale de plusieurs colonnes. Similaire à `MV_MAX`\n sauf que ceci est destiné à une exécution sur plusieurs colonnes à la fois.\n\n ````\n ROW a = 10, b = 20\n | EVAL g = GREATEST(a, b)\n ````\n Remarque : Lorsque cette fonction est exécutée sur les champs `keyword` ou `text`, elle renvoie la dernière chaîne dans l'ordre alphabétique. Lorsqu'elle est exécutée sur des colonnes `boolean`, elle renvoie `true` si l'une des valeurs l'est.\n ", + "languageDocumentationPopover.documentationESQL.grok": "GROK", + "languageDocumentationPopover.documentationESQL.grok.markdown": "### GROK\n`GROK` vous permet d'extraire des données structurées d'une chaîne. `GROK` compare la chaîne à des modèles, sur la base d’expressions régulières, et extrait les modèles indiqués en tant que colonnes.\n\nPour obtenir la syntaxe des modèles \"grok\", consultez [la documentation relative au processeur \"grok\"](https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html).\n\n````\nROW a = \"12 15.5 15.6 true\"\n| GROK a \"%'{NUMBER:b:int}' %'{NUMBER:c:float}' %'{NUMBER:d:double}' %'{WORD:e:boolean}'\"\n````\n ", + "languageDocumentationPopover.documentationESQL.inOperator": "IN", + "languageDocumentationPopover.documentationESQL.inOperator.markdown": "### IN\nL'opérateur `IN` permet de tester si un champ ou une expression est égal à un élément d'une liste de littéraux, de champs ou d'expressions :\n\n````\nROW a = 1, b = 4, c = 3\n| WHERE c-a IN (3, b / 2, a)\n````\n ", + "languageDocumentationPopover.documentationESQL.ip_prefix": "IP_PREFIX", + "languageDocumentationPopover.documentationESQL.ip_prefix.markdown": "\n\n ### IP_PREFIX\n Tronque une adresse IP à une longueur de préfixe donnée.\n\n ````\n row ip4 = to_ip(\"1.2.3.4\"), ip6 = to_ip(\"fe80::cae2:65ff:fece:feb9\")\n | eval ip4_prefix = ip_prefix(ip4, 24, 0), ip6_prefix = ip_prefix(ip6, 0, 112);\n ````\n ", + "languageDocumentationPopover.documentationESQL.keep": "KEEP", + "languageDocumentationPopover.documentationESQL.keep.markdown": "### KEEP\nLa commande `KEEP` permet de définir les colonnes qui seront renvoyées et l'ordre dans lequel elles le seront.\n\nPour limiter les colonnes retournées, utilisez une liste de noms de colonnes séparés par des virgules. Les colonnes sont renvoyées dans l'ordre indiqué :\n \n````\nFROM employees\n| KEEP first_name, last_name, height\n````\n\nPlutôt que de spécifier chaque colonne par son nom, vous pouvez utiliser des caractères génériques pour renvoyer toutes les colonnes dont le nom correspond à un modèle :\n\n````\nFROM employees\n| KEEP h*\n````\n\nLe caractère générique de l'astérisque (\"*\") placé de manière isolée transpose l'ensemble des colonnes qui ne correspondent pas aux autres arguments. La requête suivante renverra en premier lieu toutes les colonnes dont le nom commence par un h, puis toutes les autres colonnes :\n\n````\nFROM employees\n| KEEP h*, *\n````\n ", + "languageDocumentationPopover.documentationESQL.least": "LEAST", + "languageDocumentationPopover.documentationESQL.least.markdown": "\n\n ### LEAST\n Renvoie la valeur minimale de plusieurs colonnes. Cette fonction est similaire à `MV_MIN`. Toutefois, elle est destinée à être exécutée sur plusieurs colonnes à la fois.\n\n ````\n ROW a = 10, b = 20\n | EVAL l = LEAST(a, b)\n ````\n ", + "languageDocumentationPopover.documentationESQL.left": "LEFT", + "languageDocumentationPopover.documentationESQL.left.markdown": "\n\n ### LEFT\n Renvoie la sous-chaîne qui extrait la \"longueur\" des caractères de la \"chaîne\" en partant de la gauche.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL left = LEFT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ````\n ", + "languageDocumentationPopover.documentationESQL.length": "LENGHT", + "languageDocumentationPopover.documentationESQL.length.markdown": "\n\n ### LENGTH\n Renvoie la longueur des caractères d'une chaîne.\n\n ````\n FROM employees\n | KEEP first_name, last_name\n | EVAL fn_length = LENGTH(first_name)\n ````\n ", + "languageDocumentationPopover.documentationESQL.limit": "LIMIT", + "languageDocumentationPopover.documentationESQL.limit.markdown": "### LIMIT\nLa commande de traitement `LIMIT` permet de restreindre le nombre de lignes :\n \n````\nFROM employees\n| LIMIT 5\n````\n ", + "languageDocumentationPopover.documentationESQL.locate": "LOCATE", + "languageDocumentationPopover.documentationESQL.locate.markdown": "\n\n ### LOCATE\n Renvoie un entier qui indique la position d'une sous-chaîne de mots-clés dans une autre chaîne\n\n ````\n row a = \"hello\"\n | eval a_ll = locate(a, \"ll\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.log": "LOG", + "languageDocumentationPopover.documentationESQL.log.markdown": "\n\n ### LOG\n Renvoie le logarithme d'une valeur dans une base. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n\n Les journaux de zéros, de nombres négatifs et de base 1 renvoient `null` ainsi qu'un avertissement.\n\n ````\n ROW base = 2.0, value = 8.0\n | EVAL s = LOG(base, value)\n ````\n ", + "languageDocumentationPopover.documentationESQL.log10": "LOG10", + "languageDocumentationPopover.documentationESQL.log10.markdown": "\n\n ### LOG10\n Renvoie le logarithme d'une valeur en base 10. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n\n Les logs de 0 et de nombres négatifs renvoient `null` ainsi qu'un avertissement.\n\n ````\n ROW d = 1000.0 \n | EVAL s = LOG10(d)\n ````\n ", + "languageDocumentationPopover.documentationESQL.ltrim": "LTRIM", + "languageDocumentationPopover.documentationESQL.ltrim.markdown": "\n\n ### LTRIM\n Retire les espaces au début des chaînes.\n\n ````\n ROW message = \" some text \", color = \" red \"\n | EVAL message = LTRIM(message)\n | EVAL color = LTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.markdown": "## ES|QL\n\nUne requête ES|QL (langage de requête Elasticsearch) se compose d'une série de commandes, séparées par une barre verticale : `|`. Chaque requête commence par une **commande source**, qui produit un tableau, habituellement avec des données issues d'Elasticsearch. \n\nUne commande source peut être suivie d'une ou plusieurs **commandes de traitement**. Les commandes de traitement peuvent modifier le tableau de sortie de la commande précédente en ajoutant, supprimant ou modifiant les lignes et les colonnes.\n\n````\nsource-command\n| processing-command1\n| processing-command2\n````\n\nLe résultat d'une requête est le tableau produit par la dernière commande de traitement. \n ", + "languageDocumentationPopover.documentationESQL.mv_append": "MV_APPEND", + "languageDocumentationPopover.documentationESQL.mv_append.markdown": "\n\n ### MV_APPEND\n Concatène les valeurs de deux champs à valeurs multiples.\n\n ", + "languageDocumentationPopover.documentationESQL.mv_avg": "MV_AVG", + "languageDocumentationPopover.documentationESQL.mv_avg.markdown": "\n\n ### MV_AVG\n Convertit un champ multivalué en un champ à valeur unique comprenant la moyenne de toutes les valeurs.\n\n ````\n ROW a=[3, 5, 1, 6]\n | EVAL avg_a = MV_AVG(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_concat": "MV_CONCAT", + "languageDocumentationPopover.documentationESQL.mv_concat.markdown": "\n\n ### MV_CONCAT\n Convertit une expression de type chaîne multivalué en une colonne à valeur unique comprenant la concaténation de toutes les valeurs, séparées par un délimiteur.\n\n ````\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL j = MV_CONCAT(a, \", \")\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_count": "MV_COUNT", + "languageDocumentationPopover.documentationESQL.mv_count.markdown": "\n\n ### MV_COUNT\n Convertit une expression multivaluée en une colonne à valeur unique comprenant le total du nombre de valeurs.\n\n ````\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL count_a = MV_COUNT(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_dedupe": "MV_DEDUPE", + "languageDocumentationPopover.documentationESQL.mv_dedupe.markdown": "\n\n ### MV_DEDUPE\n Supprime les valeurs en doublon d'un champ multivalué.\n\n ````\n ROW a=[\"foo\", \"foo\", \"bar\", \"foo\"]\n | EVAL dedupe_a = MV_DEDUPE(a)\n ````\n Remarque : la fonction `MV_DEDUPE` est en mesure de trier les valeurs de la colonne, mais ne le fait pas systématiquement.\n ", + "languageDocumentationPopover.documentationESQL.mv_first": "MV_FIRST", + "languageDocumentationPopover.documentationESQL.mv_first.markdown": "\n\n ### MV_FIRST\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la\n première valeur. Ceci est particulièrement utile pour lire une fonction qui émet\n des colonnes multivaluées dans un ordre connu, comme `SPLIT`.\n\n L'ordre dans lequel les champs multivalués sont lus à partir\n du stockage sous-jacent n'est pas garanti. Il est *souvent* ascendant, mais ne vous y\n fiez pas. Si vous avez besoin de la valeur minimale, utilisez `MV_MIN` au lieu de\n `MV_FIRST`. `MV_MIN` comporte des optimisations pour les valeurs triées, il n'y a donc aucun\n avantage en matière de performances pour `MV_FIRST`.\n\n ````\n ROW a=\"foo;bar;baz\"\n | EVAL first_a = MV_FIRST(SPLIT(a, \";\"))\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_last": "MV_LAST", + "languageDocumentationPopover.documentationESQL.mv_last.markdown": "\n\n ### MV_LAST\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la dernière\n valeur. Ceci est particulièrement utile pour lire une fonction qui émet des champs multivalués\n dans un ordre connu, comme `SPLIT`.\n\n L'ordre dans lequel les champs multivalués sont lus à partir\n du stockage sous-jacent n'est pas garanti. Il est *souvent* ascendant, mais ne vous y\n fiez pas. Si vous avez besoin de la valeur maximale, utilisez `MV_MAX` au lieu de\n `MV_LAST`. `MV_MAX` comporte des optimisations pour les valeurs triées, il n'y a donc aucun\n avantage en matière de performances pour `MV_LAST`.\n\n ````\n ROW a=\"foo;bar;baz\"\n | EVAL last_a = MV_LAST(SPLIT(a, \";\"))\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_max": "MV_MAX", + "languageDocumentationPopover.documentationESQL.mv_max.markdown": "\n\n ### MV_MAX\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la valeur maximale.\n\n ````\n ROW a=[3, 5, 1]\n | EVAL max_a = MV_MAX(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_median": "MV_MEDIAN", + "languageDocumentationPopover.documentationESQL.mv_median.markdown": "\n\n ### MV_MEDIAN\n Convertit un champ multivalué en un champ à valeur unique comprenant la valeur médiane.\n\n ````\n ROW a=[3, 5, 1]\n | EVAL median_a = MV_MEDIAN(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_min": "MV_MIN", + "languageDocumentationPopover.documentationESQL.mv_min.markdown": "\n\n ### MV_MIN\n Convertit une expression multivaluée en une colonne à valeur unique comprenant la valeur minimale.\n\n ````\n ROW a=[2, 1]\n | EVAL min_a = MV_MIN(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_slice": "MV_SLICE", + "languageDocumentationPopover.documentationESQL.mv_slice.markdown": "\n\n ### MV_SLICE\n Renvoie un sous-ensemble du champ multivalué en utilisant les valeurs d'index de début et de fin.\n\n ````\n row a = [1, 2, 2, 3]\n | eval a1 = mv_slice(a, 1), a2 = mv_slice(a, 2, 3)\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_sort": "MV_SORT", + "languageDocumentationPopover.documentationESQL.mv_sort.markdown": "\n\n ### MV_SORT\n Trie une expression multivaluée par ordre lexicographique.\n\n ````\n ROW a = [4, 2, -3, 2]\n | EVAL sa = mv_sort(a), sd = mv_sort(a, \"DESC\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_sum": "MV_SUM", + "languageDocumentationPopover.documentationESQL.mv_sum.markdown": "\n\n ### MV_SUM\n Convertit un champ multivalué en un champ à valeur unique comprenant la somme de toutes les valeurs.\n\n ````\n ROW a=[3, 5, 6]\n | EVAL sum_a = MV_SUM(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.mv_zip": "MV_ZIP", + "languageDocumentationPopover.documentationESQL.mv_zip.markdown": "\n\n ### MV_ZIP\n Combine les valeurs de deux champs multivalués avec un délimiteur qui les relie.\n\n ````\n ROW a = [\"x\", \"y\", \"z\"], b = [\"1\", \"2\"]\n | EVAL c = mv_zip(a, b, \"-\")\n | KEEP a, b, c\n ````\n ", + "languageDocumentationPopover.documentationESQL.mvExpand": "MV_EXPAND", + "languageDocumentationPopover.documentationESQL.mvExpand.markdown": "### MV_EXPAND\nLa commande de traitement `MV_EXPAND` développe les champs multivalués en indiquant une valeur par ligne et en dupliquant les autres champs : \n````\nROW a=[1,2,3], b=\"b\", j=[\"a\",\"b\"]\n| MV_EXPAND a\n````\n ", + "languageDocumentationPopover.documentationESQL.now": "NOW", + "languageDocumentationPopover.documentationESQL.now.markdown": "\n\n ### NOW\n Renvoie la date et l'heure actuelles.\n\n ````\n ROW current_date = NOW()\n ````\n ", + "languageDocumentationPopover.documentationESQL.pi": "PI", + "languageDocumentationPopover.documentationESQL.pi.markdown": "\n\n ### PI\n Renvoie Pi, le rapport entre la circonférence et le diamètre d'un cercle.\n\n ````\n ROW PI()\n ````\n ", + "languageDocumentationPopover.documentationESQL.pow": "POW", + "languageDocumentationPopover.documentationESQL.pow.markdown": "\n\n ### POW\n Renvoie la valeur d’une `base` élevée à la puissance d’un `exposant`.\n\n ````\n ROW base = 2.0, exponent = 2\n | EVAL result = POW(base, exponent)\n ````\n Remarque : Il est toujours possible de dépasser un résultat double ici ; dans ce cas, la valeur `null` sera renvoyée.\n ", + "languageDocumentationPopover.documentationESQL.predicates": "valeurs NULL", + "languageDocumentationPopover.documentationESQL.predicates.markdown": "### Valeurs NULL\nPour une comparaison avec une valeur NULL, utilisez les attributs `IS NULL` et `IS NOT NULL` :\n\n````\nFROM employees\n| WHERE birth_date IS NULL\n| KEEP first_name, last_name\n| SORT first_name\n| LIMIT 3\n````\n\n````\nFROM employees\n| WHERE is_rehired IS NOT NULL\n| STATS count(emp_no)\n````\n ", + "languageDocumentationPopover.documentationESQL.rename": "RENAME", + "languageDocumentationPopover.documentationESQL.rename.markdown": "### RENAME\nUtilisez `RENAME` pour renommer une colonne en utilisant la syntaxe suivante :\n\n````\nRENAME AS \n````\n\nPar exemple :\n\n````\nFROM employees\n| KEEP first_name, last_name, still_hired\n| RENAME still_hired AS employed\n````\n\nSi une colonne portant le nouveau nom existe déjà, elle sera remplacée par la nouvelle colonne.\n\nPlusieurs colonnes peuvent être renommées à l'aide d'une seule commande `RENAME` :\n\n````\nFROM employees\n| KEEP first_name, last_name\n| RENAME first_name AS fn, last_name AS ln\n````\n ", + "languageDocumentationPopover.documentationESQL.repeat": "REPEAT", + "languageDocumentationPopover.documentationESQL.repeat.markdown": "\n\n ### REPEAT\n Renvoie une chaîne construite par la concaténation de la `chaîne` avec elle-même, le `nombre` de fois spécifié.\n\n ````\n ROW a = \"Hello!\"\n | EVAL triple_a = REPEAT(a, 3);\n ````\n ", + "languageDocumentationPopover.documentationESQL.replace": "REPLACE", + "languageDocumentationPopover.documentationESQL.replace.markdown": "\n\n ### REPLACE\n La fonction remplace dans la chaîne `str` toutes les correspondances avec l'expression régulière `regex`\n par la chaîne de remplacement `newStr`.\n\n ````\n ROW str = \"Hello World\"\n | EVAL str = REPLACE(str, \"World\", \"Universe\")\n | KEEP str\n ````\n ", + "languageDocumentationPopover.documentationESQL.right": "RIGHT", + "languageDocumentationPopover.documentationESQL.right.markdown": "\n\n ### RIGHT\n Renvoie la sous-chaîne qui extrait la longueur des caractères de `str` en partant de la droite.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL right = RIGHT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ````\n ", + "languageDocumentationPopover.documentationESQL.round": "ROUND", + "languageDocumentationPopover.documentationESQL.round.markdown": "\n\n ### ROUND\n Arrondit un nombre au nombre spécifié de décimales.\n La valeur par défaut est 0, qui renvoie l'entier le plus proche. Si le\n nombre de décimales spécifié est négatif, la fonction arrondit au nombre de décimales à gauche\n de la virgule.\n\n ````\n FROM employees\n | KEEP first_name, last_name, height\n | EVAL height_ft = ROUND(height * 3.281, 1)\n ````\n ", + "languageDocumentationPopover.documentationESQL.row": "ROW", + "languageDocumentationPopover.documentationESQL.row.markdown": "### ROW\nLa commande source `ROW` renvoie une ligne contenant une ou plusieurs colonnes avec les valeurs que vous spécifiez. Cette commande peut s'avérer utile pour les tests.\n \n````\nROW a = 1, b = \"two\", c = null\n````\n\nUtilisez des crochets pour créer des colonnes à valeurs multiples :\n\n````\nROW a = [2, 1]\n````\n\nROW permet d'utiliser des fonctions :\n\n````\nROW a = ROUND(1.23, 0)\n````\n ", + "languageDocumentationPopover.documentationESQL.rtrim": "RTRIM", + "languageDocumentationPopover.documentationESQL.rtrim.markdown": "\n\n ### RTRIM\n Supprime les espaces à la fin des chaînes.\n\n ````\n ROW message = \" some text \", color = \" red \"\n | EVAL message = RTRIM(message)\n | EVAL color = RTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.show": "SHOW", + "languageDocumentationPopover.documentationESQL.show.markdown": "### SHOW\nLa commande source `SHOW ` renvoie des informations sur le déploiement et ses capacités :\n\n* Utilisez `SHOW INFO` pour renvoyer la version du déploiement, la date de compilation et le hachage.\n* Utilisez `SHOW FUNCTIONS` pour renvoyer une liste de toutes les fonctions prises en charge et un résumé de chaque fonction.\n ", + "languageDocumentationPopover.documentationESQL.signum": "SIGNUM", + "languageDocumentationPopover.documentationESQL.signum.markdown": "\n\n ### SIGNUM\n Renvoie le signe du nombre donné.\n Il renvoie `-1` pour les nombres négatifs, `0` pour `0` et `1` pour les nombres positifs.\n\n ````\n ROW d = 100.0\n | EVAL s = SIGNUM(d)\n ````\n ", + "languageDocumentationPopover.documentationESQL.sin": "SIN", + "languageDocumentationPopover.documentationESQL.sin.markdown": "\n\n ### SIN\n Renvoie la fonction trigonométrique sinusoïdale d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL sin=SIN(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.sinh": "SINH", + "languageDocumentationPopover.documentationESQL.sinh.markdown": "\n\n ### SINH\n Renvoie le sinus hyperbolique d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL sinh=SINH(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.sort": "SORT", + "languageDocumentationPopover.documentationESQL.sort.markdown": "### SORT\nUtilisez la commande `SORT` pour trier les lignes sur un ou plusieurs champs :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height\n````\n\nL'ordre de tri par défaut est croissant. Définissez un ordre de tri explicite en utilisant `ASC` ou `DESC` :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC\n````\n\nSi deux lignes disposent de la même clé de tri, l'ordre original sera préservé. Vous pouvez ajouter des expressions de tri pour départager les deux lignes :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC, first_name ASC\n````\n\n#### valeurs `null`\nPar défaut, les valeurs `null` sont considérées comme étant supérieures à toutes les autres valeurs. Selon un ordre de tri croissant, les valeurs `null` sont classées en dernier. Selon un ordre de tri décroissant, les valeurs `null` sont classées en premier. Pour modifier cet ordre, utilisez `NULLS FIRST` ou `NULLS LAST` :\n\n````\nFROM employees\n| KEEP first_name, last_name, height\n| SORT first_name ASC NULLS FIRST\n````\n ", + "languageDocumentationPopover.documentationESQL.split": "SPLIT", + "languageDocumentationPopover.documentationESQL.split.markdown": "\n\n ### SPLIT\n Divise une chaîne de valeur unique en plusieurs chaînes.\n\n ````\n ROW words=\"foo;bar;baz;qux;quux;corge\"\n | EVAL word = SPLIT(words, \";\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.sqrt": "SQRT", + "languageDocumentationPopover.documentationESQL.sqrt.markdown": "\n\n ### SQRT\n Renvoie la racine carrée d'un nombre. La valeur de renvoi est toujours un double, quelle que soit la valeur numérique de l'entrée.\n Les racines carrées des nombres négatifs et des infinis sont nulles.\n\n ````\n ROW d = 100.0\n | EVAL s = SQRT(d)\n ````\n ", + "languageDocumentationPopover.documentationESQL.st_contains": "ST_CONTAINS", + "languageDocumentationPopover.documentationESQL.st_contains.markdown": "\n\n ### ST_CONTAINS\n Renvoie si la première géométrie contient la deuxième géométrie.\n Il s'agit de l'inverse de la fonction `ST_WITHIN`.\n\n ````\n FROM airport_city_boundaries\n | WHERE ST_CONTAINS(city_boundary, TO_GEOSHAPE(\"POLYGON((109.35 18.3, 109.45 18.3, 109.45 18.4, 109.35 18.4, 109.35 18.3))\"))\n | KEEP abbrev, airport, region, city, city_location\n ````\n ", + "languageDocumentationPopover.documentationESQL.st_disjoint": "ST_DISJOINT", + "languageDocumentationPopover.documentationESQL.st_disjoint.markdown": "\n\n ### ST_DISJOINT\n Renvoie si les deux géométries ou colonnes géométriques sont disjointes.\n Il s'agit de l'inverse de la fonction `ST_INTERSECTS`.\n En termes mathématiques : ST_Disjoint(A, B) ⇔ A ⋂ B = ∅\n\n ````\n FROM airport_city_boundaries\n | WHERE ST_DISJOINT(city_boundary, TO_GEOSHAPE(\"POLYGON((-10 -60, 120 -60, 120 60, -10 60, -10 -60))\"))\n | KEEP abbrev, airport, region, city, city_location\n ````\n ", + "languageDocumentationPopover.documentationESQL.st_distance": "ST_DISTANCE", + "languageDocumentationPopover.documentationESQL.st_distance.markdown": "\n\n ### ST_DISTANCE\n Calcule la distance entre deux points.\n Pour les géométries cartésiennes, c’est la distance pythagoricienne dans les mêmes unités que les coordonnées d'origine.\n Pour les géométries géographiques, c’est la distance circulaire le long du grand cercle en mètres.\n\n ````\n Aéroports FROM\n | WHERE abbrev == \"CPH\"\n | EVAL distance = ST_DISTANCE(location, city_location)\n | KEEP abbrev, name, location, city_location, distance\n ````\n ", + "languageDocumentationPopover.documentationESQL.st_intersects": "ST_INTERSECTS", + "languageDocumentationPopover.documentationESQL.st_intersects.markdown": "\n\n ### ST_INTERSECTS\n Renvoie `true` (vrai) si deux géométries se croisent.\n Elles se croisent si elles ont un point commun, y compris leurs points intérieurs\n (les points situés le long des lignes ou dans des polygones).\n Il s'agit de l'inverse de la fonction `ST_DISJOINT`.\n En termes mathématiques : ST_Intersects(A, B) ⇔ A ⋂ B ≠ ∅\n\n ````\n Aéroports FROM\n | WHERE ST_INTERSECTS(location, TO_GEOSHAPE(\"POLYGON((42 14, 43 14, 43 15, 42 15, 42 14))\"))\n ````\n ", + "languageDocumentationPopover.documentationESQL.st_within": "ST_WITHIN", + "languageDocumentationPopover.documentationESQL.st_within.markdown": "\n\n ### ST_WITHIN\n Renvoie si la première géométrie est à l'intérieur de la deuxième géométrie.\n Il s'agit de l'inverse de la fonction `ST_CONTAINS`.\n\n ````\n FROM airport_city_boundaries\n | WHERE ST_WITHIN(city_boundary, TO_GEOSHAPE(\"POLYGON((109.1 18.15, 109.6 18.15, 109.6 18.65, 109.1 18.65, 109.1 18.15))\"))\n | KEEP abbrev, airport, region, city, city_location\n ````\n ", + "languageDocumentationPopover.documentationESQL.st_x": "ST_X", + "languageDocumentationPopover.documentationESQL.st_x.markdown": "\n\n ### ST_X\n Extrait la coordonnée `x` du point fourni.\n Si les points sont de type `geo_point`, cela revient à extraire la valeur de la `longitude`.\n\n ````\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ````\n ", + "languageDocumentationPopover.documentationESQL.st_y": "ST_Y", + "languageDocumentationPopover.documentationESQL.st_y.markdown": "\n\n ### ST_Y\n Extrait la coordonnée `y` du point fourni.\n Si les points sont de type `geo_point`, cela revient à extraire la valeur de la `latitude`.\n\n ````\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ````\n ", + "languageDocumentationPopover.documentationESQL.starts_with": "STARTS_WITH", + "languageDocumentationPopover.documentationESQL.starts_with.markdown": "\n\n ### STARTS_WITH\n Renvoie un booléen qui indique si une chaîne de mot-clés débute par une autre chaîne.\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL ln_S = STARTS_WITH(last_name, \"B\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.statsby": "STATS ... BY", + "languageDocumentationPopover.documentationESQL.statsby.markdown": "### STATS ... BY\nUtilisez `STATS ... BY` pour regrouper les lignes en fonction d'une valeur commune et calculer une ou plusieurs valeurs agrégées sur les lignes regroupées.\n\n**Exemples** :\n\n````\nFROM employees\n| STATS count = COUNT(emp_no) BY languages\n| SORT languages\n````\n\nSi `BY` est omis, le tableau de sortie contient exactement une ligne avec les agrégations appliquées sur l'ensemble des données :\n\n````\nFROM employees\n| STATS avg_lang = AVG(languages)\n````\n\nIl est possible de calculer plusieurs valeurs :\n\n````\nFROM employees\n| STATS avg_lang = AVG(languages), max_lang = MAX(languages)\n````\n\nIl est également possible d'effectuer des regroupements en fonction de plusieurs valeurs (uniquement pour les champs longs et les champs de la famille de mots-clés) :\n\n````\nFROM employees\n| EVAL hired = DATE_FORMAT(hire_date, \"YYYY\")\n| STATS avg_salary = AVG(salary) BY hired, languages.long\n| EVAL avg_salary = ROUND(avg_salary)\n| SORT hired, languages.long\n````\n\nConsultez la rubrique **Fonctions d'agrégation** pour obtenir la liste des fonctions pouvant être utilisées avec `STATS ... BY`.\n\nLes fonctions d'agrégation et les expressions de regroupement acceptent toutes deux d'autres fonctions. Ceci est utile pour utiliser `STATS...BY` sur des colonnes à valeur multiple. Par exemple, pour calculer l'évolution moyenne du salaire, vous pouvez utiliser `MV_AVG` pour faire la moyenne des multiples valeurs par employé, et utiliser le résultat avec la fonction `AVG` :\n\n````\nFROM employees\n| STATS avg_salary_change = AVG(MV_AVG(salary_change))\n````\n\nLe regroupement par expression est par exemple le regroupement des employés en fonction de la première lettre de leur nom de famille :\n\n````\nFROM employees\n| STATS my_count = COUNT() BY LEFT(last_name, 1)\n| SORT \"LEFT(last_name, 1)\"\n````\n\nIl n'est pas obligatoire d'indiquer le nom de la colonne de sortie. S'il n'est pas spécifié, le nouveau nom de la colonne est égal à l'expression. La requête suivante renvoie une colonne appelée `AVG(salary)` :\n\n````\nFROM employees\n| STATS AVG(salary)\n````\n\nComme ce nom contient des caractères spéciaux, il doit être placé entre deux caractères (`) lorsqu'il est utilisé dans des commandes suivantes :\n\n````\nFROM employees\n| STATS AVG(salary)\n| EVAL avg_salary_rounded = ROUND(\"AVG(salary)\")\n````\n\n**Remarque** : `STATS` sans aucun groupe est beaucoup plus rapide que l'ajout d'un groupe.\n\n**Remarque** : Le regroupement sur une seule expression est actuellement beaucoup plus optimisé que le regroupement sur plusieurs expressions.\n ", + "languageDocumentationPopover.documentationESQL.stringOperators": "LIKE et RLIKE", + "languageDocumentationPopover.documentationESQL.stringOperators.markdown": "### LIKE et RLIKE\nPour comparer des chaînes en utilisant des caractères génériques ou des expressions régulières, utilisez `LIKE` ou `RLIKE` :\n\nUtilisez `LIKE` pour faire correspondre des chaînes à l'aide de caractères génériques. Les caractères génériques suivants sont pris en charge :\n\n* `*` correspond à zéro caractère ou plus.\n* `?` correspond à un seul caractère.\n\n````\nFROM employees\n| WHERE first_name LIKE \"?b*\"\n| KEEP first_name, last_name\n````\n\nUtilisez `RLIKE` pour faire correspondre des chaînes à l'aide d'expressions régulières :\n\n````\nFROM employees\n| WHERE first_name RLIKE \".leja.*\"\n| KEEP first_name, last_name\n````\n ", + "languageDocumentationPopover.documentationESQL.substring": "SUBSTRING", + "languageDocumentationPopover.documentationESQL.substring.markdown": "\n\n ### SUBSTRING\n Renvoie la sous-chaîne d'une chaîne, délimitée en fonction d'une position de départ et d'une longueur facultative\n\n ````\n FROM employees\n | KEEP last_name\n | EVAL ln_sub = SUBSTRING(last_name, 1, 3)\n ````\n ", + "languageDocumentationPopover.documentationESQL.tan": "TAN", + "languageDocumentationPopover.documentationESQL.tan.markdown": "\n\n ### TAN\n Renvoie la fonction trigonométrique Tangente d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL tan=TAN(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.tanh": "TANH", + "languageDocumentationPopover.documentationESQL.tanh.markdown": "\n\n ### TANH\n Renvoie la fonction hyperbolique Tangente d'un angle.\n\n ````\n ROW a=1.8 \n | EVAL tanh=TANH(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.tau": "TAU", + "languageDocumentationPopover.documentationESQL.tau.markdown": "\n\n ### TAU\n Renvoie le rapport entre la circonférence et le rayon d'un cercle.\n\n ````\n ROW TAU()\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_base64": "TO_BASE64", + "languageDocumentationPopover.documentationESQL.to_base64.markdown": "\n\n ### TO_BASE64\n Encode une chaîne en chaîne base64.\n\n ````\n row a = \"elastic\" \n | eval e = to_base64(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_boolean": "TO_BOOLEAN", + "languageDocumentationPopover.documentationESQL.to_boolean.markdown": "\n\n ### TO_BOOLEAN\n Convertit une valeur d'entrée en une valeur booléenne.\n Une chaîne de valeur *true* sera convertie, sans tenir compte de la casse, en une valeur booléenne *true*.\n Pour toute autre valeur, y compris une chaîne vide, la fonction renverra *false*.\n La valeur numérique *0* sera convertie en *false*, toute autre valeur sera convertie en *true*.\n\n ````\n ROW str = [\"true\", \"TRuE\", \"false\", \"\", \"yes\", \"1\"]\n | EVAL bool = TO_BOOLEAN(str)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_cartesianpoint": "TO_CARTESIANPOINT", + "languageDocumentationPopover.documentationESQL.to_cartesianpoint.markdown": "\n\n ### TO_CARTESIANPOINT\n Convertit la valeur d'une entrée en une valeur `cartesian_point`.\n Une chaîne ne sera convertie que si elle respecte le format WKT Point.\n\n ````\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POINT(7580.93 2272.77)\"]\n | MV_EXPAND wkt\n | EVAL pt = TO_CARTESIANPOINT(wkt)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_cartesianshape": "TO_CARTESIANSHAPE", + "languageDocumentationPopover.documentationESQL.to_cartesianshape.markdown": "\n\n ### TO_CARTESIANSHAPE\n Convertit une valeur d'entrée en une valeur `cartesian_shape`.\n Une chaîne ne sera convertie que si elle respecte le format WKT.\n\n ````\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POLYGON ((3339584.72 1118889.97, 4452779.63 4865942.27, 2226389.81 4865942.27, 1113194.90 2273030.92, 3339584.72 1118889.97))\"]\n | MV_EXPAND wkt\n | EVAL geom = TO_CARTESIANSHAPE(wkt)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_datetime": "TO_DATETIME", + "languageDocumentationPopover.documentationESQL.to_datetime.markdown": "\n\n ### TO_DATETIME\n Convertit une valeur d'entrée en une valeur de date.\n Une chaîne ne sera convertie que si elle respecte le format `yyyy-MM-dd'T'HH:mm:ss.SSS'Z'`.\n Pour convertir des dates vers d'autres formats, utilisez `DATE_PARSE`.\n\n ````\n ROW string = [\"1953-09-02T00:00:00.000Z\", \"1964-06-02T00:00:00.000Z\", \"1964-06-02 00:00:00\"]\n | EVAL datetime = TO_DATETIME(string)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_degrees": "TO_DEGREES", + "languageDocumentationPopover.documentationESQL.to_degrees.markdown": "\n\n ### TO_DEGREES\n Convertit un nombre en radians en degrés.\n\n ````\n ROW rad = [1.57, 3.14, 4.71]\n | EVAL deg = TO_DEGREES(rad)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_double": "TO_DOUBLE", + "languageDocumentationPopover.documentationESQL.to_double.markdown": "\n\n ### TO_DOUBLE\n Convertit une valeur d'entrée en une valeur double. Si le paramètre d'entrée est de type date,\n sa valeur sera interprétée en millisecondes depuis l'heure Unix,\n convertie en double. Le booléen *true* sera converti en double *1.0*, et *false* en *0.0*.\n\n ````\n ROW str1 = \"5.20128E11\", str2 = \"foo\"\n | EVAL dbl = TO_DOUBLE(\"520128000000\"), dbl1 = TO_DOUBLE(str1), dbl2 = TO_DOUBLE(str2)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_geopoint": "TO_GEOPOINT", + "languageDocumentationPopover.documentationESQL.to_geopoint.markdown": "\n\n ### TO_GEOPOINT\n Convertit une valeur d'entrée en une valeur `geo_point`.\n Une chaîne ne sera convertie que si elle respecte le format WKT Point.\n\n ````\n ROW wkt = \"POINT(42.97109630194 14.7552534413725)\"\n | EVAL pt = TO_GEOPOINT(wkt)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_geoshape": "TO_GEOSHAPE", + "languageDocumentationPopover.documentationESQL.to_geoshape.markdown": "\n\n ### TO_GEOSHAPE\n Convertit une valeur d'entrée en une valeur `geo_shape`.\n Une chaîne ne sera convertie que si elle respecte le format WKT.\n\n ````\n ROW wkt = \"POLYGON ((30 10, 40 40, 20 40, 10 20, 30 10))\"\n | EVAL geom = TO_GEOSHAPE(wkt)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_integer": "TO_INTEGER", + "languageDocumentationPopover.documentationESQL.to_integer.markdown": "\n\n ### TO_INTEGER\n Convertit une valeur d'entrée en une valeur entière.\n Si le paramètre d'entrée est de type date, sa valeur sera interprétée en millisecondes\n depuis l'heure Unix, convertie en entier.\n Le booléen *true* sera converti en entier *1*, et *false* en *0*.\n\n ````\n ROW long = [5013792, 2147483647, 501379200000]\n | EVAL int = TO_INTEGER(long)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_ip": "TO_IP", + "languageDocumentationPopover.documentationESQL.to_ip.markdown": "\n\n ### TO_IP\n Convertit une chaîne d'entrée en valeur IP.\n\n ````\n ROW str1 = \"1.1.1.1\", str2 = \"foo\"\n | EVAL ip1 = TO_IP(str1), ip2 = TO_IP(str2)\n | WHERE CIDR_MATCH(ip1, \"1.0.0.0/8\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_long": "TO_LONG", + "languageDocumentationPopover.documentationESQL.to_long.markdown": "\n\n ### TO_LONG\n Convertit une valeur d'entrée en une valeur longue. Si le paramètre d'entrée est de type date,\n sa valeur sera interprétée en millisecondes depuis l'heure Unix, convertie en valeur longue.\n Le booléen *true* sera converti en valeur longue *1*, et *false* en *0*.\n\n ````\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_LONG(str1), long2 = TO_LONG(str2), long3 = TO_LONG(str3)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_lower": "TO_LOWER", + "languageDocumentationPopover.documentationESQL.to_lower.markdown": "\n\n ### TO_LOWER\n Renvoie une nouvelle chaîne représentant la chaîne d'entrée convertie en minuscules.\n\n ````\n ROW message = \"Some Text\"\n | EVAL message_lower = TO_LOWER(message)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_radians": "TO_RADIANS", + "languageDocumentationPopover.documentationESQL.to_radians.markdown": "\n\n ### TO_RADIANS\n Convertit un nombre en degrés en radians.\n\n ````\n ROW deg = [90.0, 180.0, 270.0]\n | EVAL rad = TO_RADIANS(deg)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_string": "TO_STRING", + "languageDocumentationPopover.documentationESQL.to_string.markdown": "\n\n ### TO_STRING\n Convertit une valeur d'entrée en une chaîne.\n\n ````\n ROW a=10\n | EVAL j = TO_STRING(a)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_unsigned_long": "TO_UNSIGNED_LONG", + "languageDocumentationPopover.documentationESQL.to_unsigned_long.markdown": "\n\n ### TO_UNSIGNED_LONG\n Convertit une valeur d'entrée en une valeur longue non signée. Si le paramètre d'entrée est de type date,\n sa valeur sera interprétée en millisecondes depuis l'heure Unix, convertie en valeur longue non signée.\n Le booléen *true* sera converti en valeur longue non signée *1*, et *false* en *0*.\n\n ````\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_UNSIGNED_LONG(str1), long2 = TO_ULONG(str2), long3 = TO_UL(str3)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_upper": "TO_UPPER", + "languageDocumentationPopover.documentationESQL.to_upper.markdown": "\n\n ### TO_UPPER\n Renvoie une nouvelle chaîne représentant la chaîne d'entrée convertie en majuscules.\n\n ````\n ROW message = \"Some Text\"\n | EVAL message_upper = TO_UPPER(message)\n ````\n ", + "languageDocumentationPopover.documentationESQL.to_version": "TO_VERSION", + "languageDocumentationPopover.documentationESQL.to_version.markdown": "\n\n ### TO_VERSION\n Convertit une chaîne d'entrée en une valeur de version.\n\n ````\n ROW v = TO_VERSION(\"1.2.3\")\n ````\n ", + "languageDocumentationPopover.documentationESQL.trim": "TRIM", + "languageDocumentationPopover.documentationESQL.trim.markdown": "\n\n ### TRIM\n Supprime les espaces de début et de fin d'une chaîne.\n\n ````\n ROW message = \" some text \", color = \" red \"\n | EVAL message = TRIM(message)\n | EVAL color = TRIM(color)\n ````\n ", + "languageDocumentationPopover.documentationESQL.where": "WHERE", + "languageDocumentationPopover.documentationESQL.where.markdown": "### WHERE\nUtilisez `WHERE` afin d'obtenir un tableau qui comprend toutes les lignes du tableau d'entrée pour lesquelles la condition fournie est évaluée à `true` :\n \n````\nFROM employees\n| KEEP first_name, last_name, still_hired\n| WHERE still_hired == true\n````\n\n#### Opérateurs\n\nPour obtenir un aperçu des opérateurs pris en charge, consultez la section **Opérateurs**.\n\n#### Fonctions\n`WHERE` prend en charge diverses fonctions de calcul des valeurs. Pour en savoir plus, consultez la section **Fonctions**.\n ", "textBasedEditor.query.textBasedLanguagesEditor.EnableWordWrapLabel": "Ajouter des sauts de ligne aux barres verticales", "textBasedEditor.query.textBasedLanguagesEditor.errorCount": "{count} {count, plural, one {erreur} other {erreurs}}", "textBasedEditor.query.textBasedLanguagesEditor.errorsTitle": "Erreurs", - "textBasedEditor.query.textBasedLanguagesEditor.esql": "ES|QL", "textBasedEditor.query.textBasedLanguagesEditor.expandLabel": "Développer", "textBasedEditor.query.textBasedLanguagesEditor.feedback": "Commentaires", - "textBasedEditor.query.textBasedLanguagesEditor.functions": "Fonctions", - "textBasedEditor.query.textBasedLanguagesEditor.functionsDocumentationESQLDescription": "Les fonctions sont compatibles avec \"ROW\" (Ligne), \"EVAL\" (Évaluation) et \"WHERE\" (Où).", - "textBasedEditor.query.textBasedLanguagesEditor.groupingFunctions": "Fonctions de groupage", - "textBasedEditor.query.textBasedLanguagesEditor.groupingFunctionsDocumentationESQLDescription": "Ces fonctions de regroupement peuvent être utilisées avec `STATS...BY` :", + "languageDocumentationPopover.documentationESQL.functions": "Fonctions", + "languageDocumentationPopover.documentationESQL.functionsDocumentationESQLDescription": "Les fonctions sont compatibles avec \"ROW\" (Ligne), \"EVAL\" (Évaluation) et \"WHERE\" (Où).", + "languageDocumentationPopover.documentationESQL.groupingFunctions": "Fonctions de groupage", + "languageDocumentationPopover.documentationESQL.groupingFunctionsDocumentationESQLDescription": "Ces fonctions de regroupement peuvent être utilisées avec `STATS...BY` :", "textBasedEditor.query.textBasedLanguagesEditor.hideQueriesLabel": "Masquer les recherches récentes", "textBasedEditor.query.textBasedLanguagesEditor.lineCount": "{count} {count, plural, one {ligne} other {lignes}}", "textBasedEditor.query.textBasedLanguagesEditor.lineNumber": "Ligne {lineNumber}", - "textBasedEditor.query.textBasedLanguagesEditor.operators": "Opérateurs", - "textBasedEditor.query.textBasedLanguagesEditor.operatorsDocumentationESQLDescription": "ES|QL est compatible avec les opérateurs suivants :", - "textBasedEditor.query.textBasedLanguagesEditor.processingCommands": "Traitement des commandes", - "textBasedEditor.query.textBasedLanguagesEditor.processingCommandsDescription": "Le traitement des commandes transforme un tableau des entrées par l'ajout, le retrait ou la modification des lignes et des colonnes. ES|QL est compatible avec le traitement des commandes suivant.", + "languageDocumentationPopover.documentationESQL.operators": "Opérateurs", + "languageDocumentationPopover.documentationESQL.operatorsDocumentationESQLDescription": "ES|QL est compatible avec les opérateurs suivants :", + "languageDocumentationPopover.documentationESQL.processingCommands": "Traitement des commandes", + "languageDocumentationPopover.documentationESQL.processingCommandsDescription": "Le traitement des commandes transforme un tableau des entrées par l'ajout, le retrait ou la modification des lignes et des colonnes. ES|QL est compatible avec le traitement des commandes suivant.", "textBasedEditor.query.textBasedLanguagesEditor.querieshistory.error": "La requête a échouée", "textBasedEditor.query.textBasedLanguagesEditor.querieshistory.success": "La requête a été exécuté avec succès", "textBasedEditor.query.textBasedLanguagesEditor.querieshistoryCopy": "Copier la requête dans le presse-papier", @@ -7341,7 +7339,7 @@ "textBasedEditor.query.textBasedLanguagesEditor.recentQueriesColumnLabel": "Recherches récentes", "textBasedEditor.query.textBasedLanguagesEditor.runQuery": "Exécuter la requête", "textBasedEditor.query.textBasedLanguagesEditor.showQueriesLabel": "Afficher les recherches récentes", - "textBasedEditor.query.textBasedLanguagesEditor.sourceCommands": "Commandes sources", + "languageDocumentationPopover.documentationESQL.sourceCommands": "Commandes sources", "textBasedEditor.query.textBasedLanguagesEditor.submitFeedback": "Soumettre un commentaire", "textBasedEditor.query.textBasedLanguagesEditor.timeRanColumnLabel": "Temps exécuté", "textBasedEditor.query.textBasedLanguagesEditor.timestampNotDetected": "@timestamp non trouvé", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 0517e2df3beb4..e82ea9455271f 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -7077,255 +7077,253 @@ "telemetry.usageCollectionConstant": "使用状況の収集", "telemetry.usageDataTitle": "使用状況の収集", "textBasedEditor.query.textBasedLanguagesEditor.aborted": "リクエストが中断されました", - "textBasedEditor.query.textBasedLanguagesEditor.aggregationFunctions": "集約関数", - "textBasedEditor.query.textBasedLanguagesEditor.aggregationFunctionsDocumentationESQLDescription": "これらの関数はSTATS...BYで使用できます。", + "languageDocumentationPopover.documentationESQL.aggregationFunctions": "集約関数", + "languageDocumentationPopover.documentationESQL.aggregationFunctionsDocumentationESQLDescription": "これらの関数はSTATS...BYで使用できます。", "textBasedEditor.query.textBasedLanguagesEditor.cancel": "キャンセル", "textBasedEditor.query.textBasedLanguagesEditor.collapseLabel": "縮小", - "textBasedEditor.query.textBasedLanguagesEditor.commandsDescription": "通常、ソースコマンドはElasticsearchのデータを使ってテーブルを生成します。ES|QLは以下のソースコマンドをサポートしています。", + "languageDocumentationPopover.documentationESQL.commandsDescription": "通常、ソースコマンドはElasticsearchのデータを使ってテーブルを生成します。ES|QLは以下のソースコマンドをサポートしています。", "textBasedEditor.query.textBasedLanguagesEditor.disableWordWrapLabel": "パイプの改行を削除", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.abs": "ABS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.abs.markdown": "\n\n ### ABS\n 絶対値を返します。\n\n ```\n ROW number = -1.0 \n | EVAL abs_number = ABS(number)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.acos": "ACOS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.acos.markdown": "\n\n ### ACOS\n nのアークコサインをラジアンで表記された角度として返します。\n\n ```\n ROW a=.9\n | EVAL acos=ACOS(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.asin": "ASIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.asin.markdown": "\n\n ### ASIN\n 入力\n 数値式のアークサインをラジアンで表記された角度として返します。\n\n ```\n ROW a=.9\n | EVAL asin=ASIN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan": "ATAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan.markdown": "\n\n ### ATAN\n 入力\n 数値式のアークタンジェントをラジアンで表記された角度として返します。\n\n ```\n ROW a=12.9\n | EVAL atan=ATAN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan2": "ATAN2", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan2.markdown": "\n\n ### ATAN2\n 直交平面上の原点から点(x , y)に向かう光線と正のx軸のなす角(ラジアン表記)。\n \n\n ```\n ROW y=12.9, x=.6\n | EVAL atan2=ATAN2(y, x)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.autoBucketFunction": "BUCKET", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.autoBucketFunction.markdown": "### バケット\n日時または数値入力から、値(バケット)のグループを作成します。バケットのサイズは直接指定するか、推奨される数と値の範囲に基づいて選択できます。\n\nBUCKETは次の2つのモードで動作します。\n\n1.バケットのサイズがバケット数の提案(4つのパラメーター)と範囲に基づいて計算される。\n2.バケットサイズが直接指定される(2つのパラメーター)。\n\n目標バケット数、開始日、終了日を使用すると、目標バケット数以下のバケットを生成するために適切なバケットサイズがBUCKETによって選択されます。\n\nたとえば、1年に最大20バケットをリクエストすると、データが1か月間隔で整理されます。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT hire_date\n```\n\n**注**:ここでは、正確な目標バケット数を指定するのではなく、目標バケット数を_上限_として範囲を指定します。\n\nBUCKETを集約と組み合わせ、ヒストグラムを作成できます。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_month = COUNT(*) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT month\n```\n\n**注**:BUCKETは、どのドキュメントにも一致しないバケットを作成しません。そのため、前の例では1985-03-01やその他の日付が抜けています。\n\nその他のバケットを要求すると、範囲が小さくなることがあります。たとえば、1年に最大100バケットをリクエストすると、1週間単位のバケットになります。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 100, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT week\n```\n\n**注**:AUTO_BUCKETは行をフィルタリングしません。指定された範囲のみを使用して、適切なバケットサイズを選択します。範囲外の値の行に対しては、範囲外のバケツに対応するバケット値を返します。行をフィルタリングするには、BUCKETとWHEREを組み合わせます。\n\n事前に任意のバケットサイズがわかっている場合は、2番目の引数として指定し、範囲を除外します。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 1 week)\n| SORT week\n```\n\n**注**:バケットサイズを2番目のパラメーターとして指定するときには、時間の期間または日付の期間を選択する必要があります。\n\nBUCKETは数値フィールドでも動作します。たとえば、給与ヒストグラムを作成します。\n\n```\nFROM employees\n| STATS COUNT(*) by bs = BUCKET(salary, 20, 25324, 74999)\n| SORT bs\n```\n\n日付範囲で意図的フィルタリングする前の例とは異なり、数値フィールドでフィルタリングすることはほとんどありません。最小値と最大値を別々に見つける必要があります。ES|QLにはそれを自動的に実行するための簡単な方法がありません。\n\n任意のバケットサイズが事前にわかっている場合は、範囲を省略できます。2番目の引数として指定します。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS c = COUNT(1) BY b = BUCKET(salary, 5000.)\n| SORT b\n```\n\n**注**:バケットサイズを2番目のパラメーターとして指定するときには、**浮動小数点数型**でなければなりません。\n\n次の例は、過去24時間の1時間単位のバケットを作成し、1時間当たりのイベント数を計算します。\n\n```\nFROM sample_data\n| WHERE @timestamp >= NOW() - 1 day and @timestamp < NOW()\n| STATS COUNT(*) BY bucket = BUCKET(@timestamp, 25, NOW() - 1 day, NOW())\n```\n\n次の例は、1985年の1か月単位のバケットを作成し、採用月別に平均給与を計算します。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS AVG(salary) BY bucket = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT bucket\n```\n\n集約部で関数が**グループ部で定義されたエイリアスによって参照されている**場合、またはまったく同じ式で呼び出されている場合、BUCKETは、 STATS …​ BY …コマンドの集約部とグループ部の両方で使用できます。\n\n例:\n\n```\nFROM employees\n| STATS s1 = b1 + 1, s2 = BUCKET(salary / 1000 + 999, 50.) + 2 BY b1 = BUCKET(salary / 100 + 99, 50.), b2 = BUCKET(salary / 1000 + 999, 50.)\n| SORT b1, b2\n| KEEP s1, b1, s2, b2\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.binaryOperators": "バイナリ演算子", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.binaryOperators.markdown": "### バイナリ演算子\n次のバイナリ比較演算子がサポートされています。\n\n* 等号:`==`\n* 不等号:`!=`\n* より小さい:`<`\n* 以下:`<=`\n* より大きい:`>`\n* 以上:`>=`\n* 加算:`+`\n* 減算:`-`\n* 乗算:`*`\n* 除算:`/`\n* 係数:`%`\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.booleanOperators": "ブール演算子", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.booleanOperators.markdown": "### ブール演算子\n次のブール演算子がサポートされています。\n\n* `AND`\n* `OR`\n* `NOT`\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.bucket": "BUCKET", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.bucket.markdown": "\n\n ### BUCKET\n 日時または数値入力から、値(バケット)のグループを作成します。\n バケットのサイズは直接指定するか、推奨される数と値の範囲に基づいて選択できます。\n\n ```\n FROM employees\n | WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n | STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n | SORT hire_date\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.case": "CASE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.case.markdown": "\n\n ### CASE\n 条件と値のペアを指定できます。この関数は、trueと評価される\n 最初の条件に属する値を返します。\n\n 引数の数が奇数の場合、最後の引数は条件に一致しない場合に返されるデフォルト値になります。\n 引数の数が偶数で、\n 条件が一致しない場合、この関数はnullを返します。\n\n ```\n FROM employees\n | EVAL type = CASE(\n languages <= 1, \"monolingual\",\n languages <= 2, \"bilingual\",\n \"polyglot\")\n | KEEP emp_no, languages, type\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.castOperator": "Cast (::)", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.castOperator.markdown": "### CAST (`::`)\n::演算子はO_型変換関数に代わる便利な構文です。\n\n例:\n```\nROW ver = CONCAT((\"0\"::INT + 1)::STRING, \".2.3\")::VERSION\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cbrt": "CBRT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cbrt.markdown": "\n\n ### CBRT\n 数値の立方根を返します。入力は任意の数値で、戻り値は常にdoubleです。\n 無限大の立方根はnullです。\n\n ```\n ROW d = 1000.0\n | EVAL c = cbrt(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ceil": "CEIL", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ceil.markdown": "\n\n ### CEIL\n 最も近い整数に数値を切り上げます。\n\n ```\n ROW a=1.8\n | EVAL a=CEIL(a)\n ```\n 注:これはlong(符号なしを含む)とintegerのnoopです。doubleの場合、JavaのMath.ceilと同様に、整数に最も近いdoubleの値を選びます。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cidr_match": "CIDR_MATCH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cidr_match.markdown": "\n\n ### CIDR_MATCH\n 指定されたIPが指定されたCIDRブロックのいずれかに含まれていればtrueを返します。\n\n ```\n FROM hosts \n | WHERE CIDR_MATCH(ip1, \"127.0.0.2/32\", \"127.0.0.3/32\") \n | KEEP card, host, ip0, ip1\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.coalesce": "COALESCE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.coalesce.markdown": "\n\n ### COALESCE\n nullでない最初の引数を返します。すべての引数がnullの場合はnullを返します。\n\n ```\n ROW a=null, b=\"b\"\n | EVAL COALESCE(a, b)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.concat": "CONCAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.concat.markdown": "\n\n ### CONCAT\n 2つ以上の文字列を連結します。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fullname = CONCAT(first_name, \" \", last_name)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cos": "COS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cos.markdown": "\n\n ### COS\n 角度の余弦を返します。\n\n ```\n ROW a=1.8 \n | EVAL cos=COS(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cosh": "COSH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cosh.markdown": "\n\n ### COSH\n 角度の双曲余弦を返します。\n\n ```\n ROW a=1.8 \n | EVAL cosh=COSH(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_diff": "DATE_DIFF", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_diff.markdown": "\n\n ### DATE_DIFF\n startTimestampをendTimestampから減算し、unitの乗数の差を返します。\n startTimestampがendTimestampより後の場合は、負の値が返されます。\n\n ```\n ROW date1 = TO_DATETIME(\"2023-12-02T11:00:00.000Z\"), date2 = TO_DATETIME(\"2023-12-02T11:00:00.001Z\")\n | EVAL dd_ms = DATE_DIFF(\"microseconds\", date1, date2)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_extract": "DATE_EXTRACT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_extract.markdown": "\n\n ### DATE_EXTRACT\n 年、月、日、時間など、日付の一部を抽出します。\n\n ```\n ROW date = DATE_PARSE(\"yyyy-MM-dd\", \"2022-05-06\")\n | EVAL year = DATE_EXTRACT(\"year\", date)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_format": "DATE_FORMAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_format.markdown": "\n\n ### DATE_FORMAT\n 指定した書式の日付の文字列表現を返します。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL hired = DATE_FORMAT(\"YYYY-MM-dd\", hire_date)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_parse": "DATE_PARSE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_parse.markdown": "\n\n ### DATE_PARSE\n 最初の引数で指定した形式を使用して、2番目の引数を解析することで、日付を返します。\n\n ```\n ROW date_string = \"2022-05-06\"\n | EVAL date = DATE_PARSE(\"yyyy-MM-dd\", date_string)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_trunc": "DATE_TRUNC", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_trunc.markdown": "\n\n ### DATE_TRUNC\n 最も近い区間まで日付を切り捨てます。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL year_hired = DATE_TRUNC(1 year, hire_date)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.dissect": "DISSECT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.dissect.markdown": "### DISSECT\nDISSECTは文字列から構造化データを取り出すことができます。DISSECTは文字列を区切り文字ベースのパターンと照合し、指定されたキーを列として抽出します。\n\ndissectパターンの構文については、[dissectプロセッサードキュメント](https://www.elastic.co/guide/en/elasticsearch/reference/current/dissect-processor.html)を参照してください。\n\n```\nROW a = \"1953-01-23T12:15:00Z - some text - 127.0.0.1\"\n| DISSECT a \"%'{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip}'\"\n``` ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.drop": "DROP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.drop.markdown": "### DROP\nテーブルから列を削除するには、DROPを使用します。\n \n```\nFROM employees\n| DROP height\n```\n\n各列を名前で指定するのではなく、ワイルドカードを使って、パターンと一致する名前の列をすべて削除することができます。\n\n```\nFROM employees\n| DROP height*\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.e": "E", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.e.markdown": "\n\n ### E\n オイラー数を返します。\n\n ```\n ROW E()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ends_with": "ENDS_WITH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ends_with.markdown": "\n\n ### ENDS_WITH\n キーワード文字列が他の文字列で終わるかどうかを示すブール値を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_E = ENDS_WITH(last_name, \"d\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.enrich": "ENRICH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.enrich.markdown": "### ENRICH\nENRICH`を使用すると、既存のインデックスのデータを受信レコードに追加することができます。[インジェストエンリッチ](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html)と似ていますが、クエリー時に動作します。\n\n```\nROW language_code = \"1\"\n| ENRICH languages_policy\n```\n\nENRICHでは、[エンリッチポリシー](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-policy)を実行する必要があります。エンリッチポリシーは、一致フィールド (キーフィールド) とエンリッチフィールドのセットを定義します。\n\nENRICHは、一致フィールド値に基づいて、[エンリッチインデックス](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-index)のレコードを検索します。入力データセットの一致するキーは、ON を使用して定義できます。指定しない場合は、エンリッチポリシーで定義された一致フィールドと同じ名前のフィールドで一致が実行されます。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a\n```\n\nWITH , ...構文を使用して、結果に追加される属性(ポリシーでエンリッチフィールドとして定義された属性の間)を指定できます。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH language_name\n```\n\n属性の名前は、WITH new_name=を使用して変更できます。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH name = language_name\n```\n\nデフォルトでは、(WITHが定義されていない場合)、ENRICHはエンリッチポリシーで定義されたすべてのエンリッチフィールドを結果に追加します。\n\n名前の競合が発生した場合、新しく作成されたフィールドが既存のフィールドを上書きします。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.eval": "EVAL", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.eval.markdown": "### EVAL\nEVALでは、新しい列を追加できます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height_feet = height * 3.281, height_cm = height * 100\n```\n\n指定した列がすでに存在する場合、既存の列は削除され、新しい列がテーブルに追加されます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height = height * 3.281\n```\n\n#### 関数\nEVALは値を計算するためのさまざまな関数をサポートしています。関数をクリックすると詳細が表示されます。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.floor": "FLOOR", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.floor.markdown": "\n\n ### FLOOR\n 最も近い整数に数値を切り捨てます。\n\n ```\n ROW a=1.8\n | EVAL a=FLOOR(a)\n ```\n 注:これはlong(符号なしを含む)とintegerのnoopです。\n doubleの場合、Math.floorと同様に、整数に最も近いdoubleの値を選びます。\n \n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from": "FROM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from_base64": "FROM_BASE64", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from_base64.markdown": "\n\n ### FROM_BASE64\n base64文字列をデコードします。\n\n ```\n row a = \"ZWxhc3RpYw==\" \n | eval d = from_base64(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from.markdown": "### FROM\nソースコマンドFROMは、データストリーム、インデックス、またはエイリアスから、最大10,000ドキュメントを含むテーブルを返します。結果のテーブルの各行はドキュメントを表します。各列はフィールドに対応し、そのフィールドの名前でアクセスできます。\n\n```\nFROM employees\n```\n\n[日付演算](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#api-date-math-index-names) を使用して、インデックス、エイリアス、データストリームを参照できます。これは時系列データの場合に便利です。\n\nカンマ区切りのリストまたはワイルドカードを使用して、複数のデータストリーム、インデックス、またはエイリアスをクエリーします。\n\n```\nFROM employees-00001,employees-*\n```\n\n#### メタデータ\n\nES|QLは以下のメタデータフィールドにアクセスできます。\n\n* `_index`:ドキュメントが属するインデックス。このフィールドはkeyword型です。\n* `_id`:ソースドキュメントのID。このフィールドはkeyword型です。### `_version`:ソースドキュメントのバージョン。フィールドの型はlongです。\n\nメタデータフィールドを有効にするには、METADATAディレクティブを使います。\n\n```\nFROM index [METADATA _index, _id]\n```\n\nメタデータフィールドは、データのソースがインデックスである場合にのみ使用できます。その結果、FROMはMETADATAディレクティブをサポートする唯一のソースコマンドです。\n\nこのフィールドが有効になると、他のインデックスフィールドと同様に、後続の処理コマンドで利用できるようになります。\n\n```\nFROM ul_logs, apps [METADATA _index, _version]\n| WHERE id IN (13, 14) AND _version == 1\n| EVAL key = CONCAT(_index, \"_\", TO_STR(id))\n| SORT id, _index\n| KEEP id, _index, _version, key\n```\n\nまた、インデックス・フィールドと同様に、一度集約が実行されると、グループ化フィールドとして使用されないかぎり、メタデータフィールドは後続のコマンドからはアクセスできなくなります。\n\n```\nFROM employees [METADATA _index, _id]\n| STATS max = MAX(emp_no) BY _index\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.greatest": "GREATEST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.greatest.markdown": "\n\n ### GREATEST\n 多数の列から最大値を返します。これはMV_MAX\n と似ていますが、一度に複数の列に対して実行します。\n\n ```\n ROW a = 10, b = 20\n | EVAL g = GREATEST(a, b)\n ```\n 注:keywordまたはtextフィールドに対して実行すると、アルファベット順の最後の文字列を返します。boolean列に対して実行すると、値がtrueの場合にtrueを返します。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.grok": "GROK", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.grok.markdown": "### GROK\nGROKを使うと、文字列から構造化データを抽出できます。GROKは正規表現に基づいて文字列をパターンと一致させ、指定されたパターンを列として抽出します。\n\ngrokパターンの構文については、 [grokプロセッサードキュメント](https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html)を参照してください。\n\n```\nROW a = \"12 15.5 15.6 true\"\n| GROK a \"%'{NUMBER:b:int}' %'{NUMBER:c:float}' %'{NUMBER:d:double}' %'{WORD:e:boolean}'\"\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.inOperator": "IN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.inOperator.markdown": "### IN\nIN演算子は、フィールドや式がリテラル、フィールド、式のリストの要素と等しいかどうかをテストすることができます。\n\n```\nROW a = 1, b = 4, c = 3\n| WHERE c-a IN (3, b / 2, a)\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ip_prefix": "IP_PREFIX", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ip_prefix.markdown": "\n\n ### IP_PREFIX\n IPを特定のプレフィックス長に切り詰めます。\n\n ```\n row ip4 = to_ip(\"1.2.3.4\"), ip6 = to_ip(\"fe80::cae2:65ff:fece:feb9\")\n | eval ip4_prefix = ip_prefix(ip4, 24, 0), ip6_prefix = ip_prefix(ip6, 0, 112);\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.keep": "KEEP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.keep.markdown": "### KEEP\nKEEPコマンドは、返される列と、列が返される順序を指定することができます。\n\n返される列を制限するには、カンマで区切りの列名リストを使用します。列は指定された順序で返されます。\n \n```\nFROM employees\n| KEEP first_name, last_name, height\n```\n\n各列を名前で指定するのではなく、ワイルドカードを使って、パターンと一致する名前の列をすべて返すことができます。\n\n```\nFROM employees\n| KEEP h*\n```\n\nアスタリスクワイルドカード(*)は単独で、他の引数と一致しないすべての列に変換されます。このクエリーは、最初にhで始まる名前の列をすべて返し、その後にその他の列をすべて返します。\n\n```\nFROM employees\n| KEEP h*, *\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.least": "LEAST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.least.markdown": "\n\n ### LEAST\n 多数の列から最小値を返します。これはMV_MINと似ていますが、一度に複数の列に対して実行します。\n\n ```\n ROW a = 10, b = 20\n | EVAL l = LEAST(a, b)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.left": "LEFT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.left.markdown": "\n\n ### LEFT\n stringから左から順にlength文字を抜き出したサブ文字列を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL left = LEFT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.length": "LENGTH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.length.markdown": "\n\n ### LENGTH\n 文字列の文字数を返します。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fn_length = LENGTH(first_name)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.limit": "LIMIT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.limit.markdown": "### LIMIT\nLIMIT`処理コマンドは行数を制限することができます。\n \n```\nFROM employees\n| LIMIT 5\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.locate": "LOCATE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.locate.markdown": "\n\n ### LOCATE\n 別の文字列内のキーワードサブ文字列の位置を示す整数を返します。\n\n ```\n row a = \"hello\"\n | eval a_ll = locate(a, \"ll\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log": "LOG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log.markdown": "\n\n ### LOG\n 基数に対する値の対数を返します。入力は任意の数値で、戻り値は常にdoubleです。\n\n ゼロの対数、負数、1の基数はnullと警告を返します。\n\n ```\n ROW base = 2.0, value = 8.0\n | EVAL s = LOG(base, value)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log10": "LOG10", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log10.markdown": "\n\n ### LOG10\n 基数10に対する値の対数を返します。入力は任意の数値で、戻り値は常にdoubleです。\n\n 0の対数および負数はnullと警告を返します。\n\n ```\n ROW d = 1000.0 \n | EVAL s = LOG10(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ltrim": "LTRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ltrim.markdown": "\n\n ### LTRIM\n 文字列から先頭の空白を取り除きます。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = LTRIM(message)\n | EVAL color = LTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.markdown": "## ES|QL\n\nES|QL(Elasticsearch クエリー言語)クエリーは、パイプ文字の|で区切られた一連のコマンドで構成されます。各クエリーは**ソースコマンド**で始まり、通常はElasticsearchのデータを使ってテーブルを生成します。\n\nソースコマンドには、1つ以上の**処理コマンド**を続けることができます。処理コマンドは、行や列を追加、削除、変更することで、前のコマンドの出力テーブルを変更することができます。\n\n```\nsource-command\n| processing-command1\n| processing-command2\n```\n\nクエリーの結果は、最終的な処理コマンドによって生成されるテーブルです。 \n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_append": "MV_APPEND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_append.markdown": "\n\n ### MV_APPEND\n 2つの複数値フィールドの値を連結します\n\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_avg": "MV_AVG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_avg.markdown": "\n\n ### MV_AVG\n 複数値フィールドを、すべての値の平均を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 1, 6]\n | EVAL avg_a = MV_AVG(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_concat": "MV_CONCAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_concat.markdown": "\n\n ### MV_CONCAT\n 複数値文字列式を、区切り文字で区切られたすべての値を連結した単一値列に変換します。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL j = MV_CONCAT(a, \", \")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_count": "MV_COUNT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_count.markdown": "\n\n ### MV_COUNT\n 複数値式を、値の数をカウントする単一値列に変換します。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL count_a = MV_COUNT(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_dedupe": "MV_DEDUPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_dedupe.markdown": "\n\n ### MV_DEDUPE\n 複数値フィールドから重複する値を削除します。\n\n ```\n ROW a=[\"foo\", \"foo\", \"bar\", \"foo\"]\n | EVAL dedupe_a = MV_DEDUPE(a)\n ```\n 注:MV_DEDUPEは列の値をソートすることがありますが、常にソートするわけではありません。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_first": "MV_FIRST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_first.markdown": "\n\n ### MV_FIRST\n \n 複数値式を、最初の値を含む単一値列に変換します。これは、SPLITなどの既知の順序で複数値列を発行する関数から読み取るときに役立ちます。\n \n\n 複数値フィールドが基本ストレージから読み取られる順序は保証されません。\n \n 通常は昇順ですが、必ずしもそうであるわけではありません。最小値が必要な場合は、MV_FIRSTの代わりに、MV_MINを使用します。\n MV_MINは、ソートされた値向けに最適化されているため、\n MV_FIRSTにパフォーマンスの利点はありません。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL first_a = MV_FIRST(SPLIT(a, \";\"))\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_last": "MV_LAST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_last.markdown": "\n\n ### MV_LAST\n \n 複数値式を、最後の値を含む単一値列に変換します。これは、SPLITなどの既知の順序で複数値列を発行する関数から読み取るときに役立ちます。\n \n\n 複数値フィールドが基本ストレージから読み取られる順序は保証されません。\n \n 通常は昇順ですが、必ずしもそうであるわけではありません。最大値が必要な場合は、MV_LASTの代わりに、MV_MAXを使用します。\n MV_MAXは、ソートされた値向けに最適化されているため、\n MV_LASTにパフォーマンスの利点はありません。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL last_a = MV_LAST(SPLIT(a, \";\"))\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_max": "MV_MAX", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_max.markdown": "\n\n ### MV_MAX\n 複数値フィールドを、最大値を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL max_a = MV_MAX(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_median": "MV_MEDIAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_median.markdown": "\n\n ### MV_MEDIAN\n 複数値フィールドを、中央値を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL median_a = MV_MEDIAN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_min": "MV_MIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_min.markdown": "\n\n ### MV_MIN\n 複数値フィールドを、最小値を含む単一値フィールドに変換します。\n\n ```\n ROW a=[2, 1]\n | EVAL min_a = MV_MIN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_slice": "MV_SLICE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_slice.markdown": "\n\n ### MV_SLICE\n 開始インデックス値と終了インデックス値を使用して、複数値フィールドのサブセットを返します。\n\n ```\n row a = [1, 2, 2, 3]\n | eval a1 = mv_slice(a, 1), a2 = mv_slice(a, 2, 3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sort": "MV_SORT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sort.markdown": "\n\n ### MV_SORT\n 辞書の順序で複数値フィールドを並べ替えます。\n\n ```\n ROW a = [4, 2, -3, 2]\n | EVAL sa = mv_sort(a), sd = mv_sort(a, \"DESC\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sum": "MV_SUM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sum.markdown": "\n\n ### MV_SUM\n 複数値フィールドを、すべての値の合計を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 6]\n | EVAL sum_a = MV_SUM(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_zip": "MV_ZIP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_zip.markdown": "\n\n ### MV_ZIP\n 値を結合する区切り文字を使用して、2つの複数値フィールドの値を結合します。\n\n ```\n ROW a = [\"x\", \"y\", \"z\"], b = [\"1\", \"2\"]\n | EVAL c = mv_zip(a, b, \"-\")\n | KEEP a, b, c\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mvExpand": "MV_EXPAND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mvExpand.markdown": "### MV_EXPAND\nMV_EXPAND処理コマンドは、複数値フィールドを値ごとに1行に展開し、他のフィールドを複製します。 \n```\nROW a=[1,2,3], b=\"b\", j=[\"a\",\"b\"]\n| MV_EXPAND a\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.now": "NOW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.now.markdown": "\n\n ### NOW\n 現在の日付と時刻を返します。\n\n ```\n ROW current_date = NOW()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pi": "PI", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pi.markdown": "\n\n ### PI\n 円の円周と直径の比率であるPiを返します。\n\n ```\n ROW PI()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pow": "POW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pow.markdown": "\n\n ### POW\n exponentのべき乗にしたbaseの値を返します。\n\n ```\n ROW base = 2.0, exponent = 2\n | EVAL result = POW(base, exponent)\n ```\n 注:ここでは、倍精度浮動小数点数の結果でもオーバーフローする可能性があります。その場合は、NULLが返されます。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.predicates": "NULL値", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.predicates.markdown": "### NULL値\nNULLの比較には、IS NULLとIS NOT NULL述語を使います。\n\n```\nFROM employees\n| WHERE birth_date IS NULL\n| KEEP first_name, last_name\n| SORT first_name\n| LIMIT 3\n```\n\n```\nFROM employees\n| WHERE is_rehired IS NOT NULL\n| STATS count(emp_no)\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rename": "RENAME", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rename.markdown": "### RENAME\nRENAMEを使用して、次の構文で列の名前を変更します。\n\n```\nRENAME AS \n```\n\n例:\n\n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| RENAME still_hired AS employed\n```\n\n新しい名前の列がすでに存在する場合、その列は新しい列に置き換えられます。\n\n複数の列の名前を1つのRENAMEコマンドで変更することができます。\n\n```\nFROM employees\n| KEEP first_name, last_name\n| RENAME first_name AS fn, last_name AS ln\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.repeat": "REPEAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.repeat.markdown": "\n\n ### REPEAT\n 指定したnumberの回数、文字列stringとそれ自身を連結して構成された文字列を返します。\n\n ```\n ROW a = \"Hello!\"\n | EVAL triple_a = REPEAT(a, 3);\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.replace": "REPLACE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.replace.markdown": "\n\n ### REPLACE\n \n この関数は、正規表現regexと置換文字列newStrの任意の一致を文字列strに代入します。\n\n ```\n ROW str = \"Hello World\"\n | EVAL str = REPLACE(str, \"World\", \"Universe\")\n | KEEP str\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.right": "RIGHT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.right.markdown": "\n\n ### RIGHT\n strのうち右から数えてlength文字までのサブ文字列を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL right = RIGHT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.round": "ROUND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.round.markdown": "\n\n ### ROUND\n 数値を指定した小数点以下の桁数に丸めます。\n デフォルトは0で、最も近い整数を返します。\n 精度が負の場合、小数点以下の桁数に丸めます。\n \n\n ```\n FROM employees\n | KEEP first_name, last_name, height\n | EVAL height_ft = ROUND(height * 3.281, 1)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.row": "ROW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.row.markdown": "### ROW\nROWソースコマンドは、指定した値の列を1つ以上含む行を作成します。これはテストの場合に便利です。\n \n```\nROW a = 1, b = \"two\", c = null\n```\n\n複数の値を含む列を作成するには角括弧を使用します。\n\n```\nROW a = [2, 1]\n```\n\nROWは関数の使用をサポートしています。\n\n```\nROW a = ROUND(1.23, 0)\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rtrim": "RTRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rtrim.markdown": "\n\n ### RTRIM\n 文字列から末尾の空白を取り除きます。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = RTRIM(message)\n | EVAL color = RTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.show": "SHOW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.show.markdown": "### SHOW\nSHOW ソースコマンドはデプロイとその能力に関する情報を返します。\n\n* デプロイのバージョン、ビルド日、ハッシュを返すには、SHOW INFOを使用します。\n* SHOW FUNCTIONSを使用すると、サポートされているすべての関数のリストと各関数の概要を返します。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.signum": "SIGNUM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.signum.markdown": "\n\n ### SIGNUM\n 任意の数値の符号を返します。\n 負の数値の場合は-1を返します。0の場合は0を返します。正の数値の場合は1を返します。\n\n ```\n ROW d = 100.0\n | EVAL s = SIGNUM(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sin": "SIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sin.markdown": "\n\n ### SIN\n 角度の正弦三角関数を返します。\n\n ```\n ROW a=1.8 \n | EVAL sin=SIN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sinh": "SINH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sinh.markdown": "\n\n ### SINH\n 角度の双曲線正弦を返します。\n\n ```\n ROW a=1.8 \n | EVAL sinh=SINH(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sort": "SORT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sort.markdown": "### SORT\nSORTコマンドを使用すると、1つ以上のフィールドで行をソートすることができます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height\n```\n\nデフォルトのソート順は昇順です。ASCまたはDESCを使って明示的なソート順を設定します。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC\n```\n\n2つの行のソートキーが同じ場合、元の順序が保持されます。タイブレーカーとなるソート式を追加で指定できます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC, first_name ASC\n```\n\n#### null値\nデフォルトでは、null値は他のどの値よりも大きい値として扱われます。昇順のソートではnull値は最後にソートされ、降順のソートではnull値は最初にソートされます。NULLS FIRSTまたはNULLS LASTを指定することで変更できます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT first_name ASC NULLS FIRST\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.split": "SPLIT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.split.markdown": "\n\n ### SPLIT\n 単一の値の文字列を複数の文字列に分割します。\n\n ```\n ROW words=\"foo;bar;baz;qux;quux;corge\"\n | EVAL word = SPLIT(words, \";\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sqrt": "SQRT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sqrt.markdown": "\n\n ### SQRT\n 数値の平方根を返します。入力は任意の数値で、戻り値は常にdoubleです。\n 負数と無限大の平方根はnullです。\n\n ```\n ROW d = 100.0\n | EVAL s = SQRT(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_contains": "ST_CONTAINS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_contains.markdown": "\n\n ### ST_CONTAINS\n 最初のジオメトリに2番目のジオメトリが含まれるかどうかを返します。\n これはST_WITHIN関数の逆関数です。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_CONTAINS(city_boundary, TO_GEOSHAPE(\"POLYGON((109.35 18.3, 109.45 18.3, 109.45 18.4, 109.35 18.4, 109.35 18.3))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_disjoint": "ST_DISJOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_disjoint.markdown": "\n\n ### ST_DISJOINT\n 2つのジオメトリまたはジオメトリ列が結合解除されているかどうかを返します。\n これはST_INTERSECTS関数の逆関数です。\n 数学的には次のようになります。ST_Disjoint(A, B) ⇔ A ⋂ B = ∅\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_DISJOINT(city_boundary, TO_GEOSHAPE(\"POLYGON((-10 -60, 120 -60, 120 60, -10 60, -10 -60))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_distance": "ST_DISTANCE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_distance.markdown": "\n\n ### ST_DISTANCE\n 2点間の距離を計算します。\n デカルト幾何学の場合、これは元の座標と同じ単位でのピタゴラス距離です。\n 地理的幾何学では、これはメートル単位での円に沿った円周距離です。\n\n ```\n FROM airports\n | WHERE abbrev == \"CPH\"\n | EVAL distance = ST_DISTANCE(location, city_location)\n | KEEP abbrev, name, location, city_location, distance\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_intersects": "ST_INTERSECTS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_intersects.markdown": "\n\n ### ST_INTERSECTS\n 2つのジオメトリが交差している場合はTrueを返します。\n 内部点を含め、共通の点がある場合は交差しています\n (線に沿った点または多角形内の点)。\n これはST_DISJOINT関数の逆関数です。\n 数学的には次のようになります。ST_Intersects(A, B) ⇔ A ⋂ B ≠ ∅\n\n ```\n FROM airports\n | WHERE ST_INTERSECTS(location, TO_GEOSHAPE(\"POLYGON((42 14, 43 14, 43 15, 42 15, 42 14))\"))\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_within": "ST_WITHIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_within.markdown": "\n\n ### ST_WITHIN\n 最初のジオメトリが2番目のジオメトリ内にあるかどうかを返します。\n これはST_CONTAINS関数の逆関数です。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_WITHIN(city_boundary, TO_GEOSHAPE(\"POLYGON((109.1 18.15, 109.6 18.15, 109.6 18.65, 109.1 18.65, 109.1 18.15))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_x": "ST_X", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_x.markdown": "\n\n ### ST_X\n 指定された点からx座標を抽出します。\n この点がgeo_pointタイプの場合は、longitude値を抽出するのと同じ結果になります。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_y": "ST_Y", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_y.markdown": "\n\n ### ST_Y\n 指定された点からy座標を抽出します。\n この点がgeo_pointタイプの場合は、latitude値を抽出するのと同じ結果になります。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.starts_with": "STARTS_WITH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.starts_with.markdown": "\n\n ### STARTS_WITH\n キーワード文字列が他の文字列で始まるかどうかを示すブール値を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_S = STARTS_WITH(last_name, \"B\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.statsby": "STATS ...BY", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.statsby.markdown": "### STATS ...BY\nSTATS ...BYを使用すると、共通の値に従って行をグループ化し、グループ化された行に対する1つ以上の集約値を計算します。\n\n**例**:\n\n```\nFROM employees\n| STATS count = COUNT(emp_no) BY languages\n| SORT languages\n```\n\nBYが省略された場合、出力テーブルには、データセット全体に適用された集約が正確に1行だけ含まれます。\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages)\n```\n\n複数の値を計算することができます。\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages), max_lang = MAX(languages)\n```\n\n複数の値でグループ化することも可能です(longおよびkeywordファミリーフィールドでのみサポート)。\n\n```\nFROM employees\n| EVAL hired = DATE_FORMAT(hire_date, \"YYYY\")\n| STATS avg_salary = AVG(salary) BY hired, languages.long\n| EVAL avg_salary = ROUND(avg_salary)\n| SORT hired, languages.long\n```\n\nSTATS ...BYで使用できる関数の一覧については、**集計関数**を参照してください。\n\n集計関数とグループ式の両方で他の関数を使用できます。これは、複数値列でSTATS...BYを使用するときに有用です。たとえば、平均給与変動を計算するには、まず、MV_AVGを使用して従業員ごとに複数の値の平均を求め、その結果にAVG関数を適用します。\n\n```\nFROM employees\n| STATS avg_salary_change = AVG(MV_AVG(salary_change))\n```\n\n式によるグループ化の例は、姓の最初の文字で従業員をグループ化することです。\n\n```\nFROM employees\n| STATS my_count = COUNT() BY LEFT(last_name, 1)\n| SORT `LEFT(last_name, 1)`\n```\n\n出力列名の指定は任意です。指定しない場合は、新しい列名が式と等しくなります。次のクエリーは列\"AVG(salary)\"を返します。\n\n```\nFROM employees\n| STATS AVG(salary)\n```\n\nこの名前には特殊文字が含まれているため、後続のコマンドで使用するときには、バッククオート(`)で囲む必要があります。\n\n```\nFROM employees\n| STATS AVG(salary)\n| EVAL avg_salary_rounded = ROUND(`AVG(salary)`)\n```\n\n**注**:グループなしのSTATSは、グループを追加するよりも大幅に高速です。\n\n**注**:単一式でのグループは、現在、複数式でのグループよりも大幅に最適化されています。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.stringOperators": "LIKEおよびRLIKE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.stringOperators.markdown": "### LIKEおよびRLIKE\nワイルドカードや正規表現を使った文字列比較にはLIKEまたはRLIKEを使います。\n\nワイルドカードを使って文字列を一致させるにはLIKEを使います。次のワイルドカード文字がサポートされています。\n\n* `*`は0文字以上と一致します。\n* `?`は1文字と一致します。\n\n```\nFROM employees\n| WHERE first_name LIKE \"?b*\"\n| KEEP first_name, last_name\n```\n\n正規表現を使って文字列を一致させるには、RLIKEを使います。\n\n```\nFROM employees\n| WHERE first_name RLIKE \".leja.*\"\n| KEEP first_name, last_name\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.substring": "SUBSTRING", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.substring.markdown": "\n\n ### SUBSTRING\n 文字列のサブ文字列を、開始位置とオプションの長さで指定して返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_sub = SUBSTRING(last_name, 1, 3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tan": "TAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tan.markdown": "\n\n ### TAN\n 角度の正接三角関数を返します。\n\n ```\n ROW a=1.8 \n | EVAL tan=TAN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tanh": "TANH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tanh.markdown": "\n\n ### TANH\n 角度の正接双曲線関数を返します。\n\n ```\n ROW a=1.8 \n | EVAL tanh=TANH(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tau": "TAU", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tau.markdown": "\n\n ### TAU\n 円の円周と半径の比率を返します。\n\n ```\n ROW TAU()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_base64": "TO_BASE64", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_base64.markdown": "\n\n ### TO_BASE64\n 文字列をbase64文字列にエンコードします。\n\n ```\n row a = \"elastic\" \n | eval e = to_base64(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_boolean": "TO_BOOLEAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_boolean.markdown": "\n\n ### TO_BOOLEAN\n 入力値をブール値に変換します。\n 文字列値*true*は、大文字小文字を区別せずにブール値*true*に変換されます。\n 空文字列を含むそれ以外の値に対しては、この関数は*false*を返します。\n 数値*0*は*false*に変換され、それ以外は*true*に変換されます。\n\n ```\n ROW str = [\"true\", \"TRuE\", \"false\", \"\", \"yes\", \"1\"]\n | EVAL bool = TO_BOOLEAN(str)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianpoint": "TO_CARTESIANPOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianpoint.markdown": "\n\n ### TO_CARTESIANPOINT\n 入力値をcartesian_point値に変換します。\n 文字列は、WKT Point形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POINT(7580.93 2272.77)\"]\n | MV_EXPAND wkt\n | EVAL pt = TO_CARTESIANPOINT(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianshape": "TO_CARTESIANSHAPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianshape.markdown": "\n\n ### TO_CARTESIANSHAPE\n 入力値をcartesian_shape値に変換します。\n 文字列は、WKT形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POLYGON ((3339584.72 1118889.97, 4452779.63 4865942.27, 2226389.81 4865942.27, 1113194.90 2273030.92, 3339584.72 1118889.97))\"]\n | MV_EXPAND wkt\n | EVAL geom = TO_CARTESIANSHAPE(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_datetime": "TO_DATETIME", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_datetime.markdown": "\n\n ### TO_DATETIME\n 入力値を日付値に変換します。\n 文字列は、yyyy-MM-dd'T'HH:mm:ss.SSS'Z'の書式に従っている場合のみ変換が成功します。\n 日付を他の形式に変換するには、DATE_PARSEを使用します。\n\n ```\n ROW string = [\"1953-09-02T00:00:00.000Z\", \"1964-06-02T00:00:00.000Z\", \"1964-06-02 00:00:00\"]\n | EVAL datetime = TO_DATETIME(string)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_degrees": "TO_DEGREES", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_degrees.markdown": "\n\n ### TO_DEGREES\n ラジアンの数値を度数に変換します。\n\n ```\n ROW rad = [1.57, 3.14, 4.71]\n | EVAL deg = TO_DEGREES(rad)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_double": "TO_DOUBLE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_double.markdown": "\n\n ### TO_DOUBLE\n 入力値をdouble値に変換します。入力パラメーターが日付型の場合、その値はUnixのエポックからのミリ秒として解釈され、doubleに変換されます。\n \n ブール値の*true*はdouble値の*1.0*に、*false*は*0.0*に変換されます。\n\n ```\n ROW str1 = \"5.20128E11\", str2 = \"foo\"\n | EVAL dbl = TO_DOUBLE(\"520128000000\"), dbl1 = TO_DOUBLE(str1), dbl2 = TO_DOUBLE(str2)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geopoint": "TO_GEOPOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geopoint.markdown": "\n\n ### TO_GEOPOINT\n 入力値をgeo_point値に変換します。\n 文字列は、WKT Point形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = \"POINT(42.97109630194 14.7552534413725)\"\n | EVAL pt = TO_GEOPOINT(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geoshape": "TO_GEOSHAPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geoshape.markdown": "\n\n ### TO_GEOSHAPE\n 入力値をgeo_shape値に変換します。\n 文字列は、WKT形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = \"POLYGON ((30 10, 40 40, 20 40, 10 20, 30 10))\"\n | EVAL geom = TO_GEOSHAPE(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_integer": "TO_INTEGER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_integer.markdown": "\n\n ### TO_INTEGER\n 入力値を整数値に変換します。\n 入力パラメーターが日付型の場合、その値はUnixのエポックからのミリ秒として解釈され、整数に変換されます。\n \n ブール値*true*は整数*1*に、*false*は*0*に変換されます。\n\n ```\n ROW long = [5013792, 2147483647, 501379200000]\n | EVAL int = TO_INTEGER(long)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_ip": "TO_IP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_ip.markdown": "\n\n ### TO_IP\n 入力文字列をIP値に変換します。\n\n ```\n ROW str1 = \"1.1.1.1\", str2 = \"foo\"\n | EVAL ip1 = TO_IP(str1), ip2 = TO_IP(str2)\n | WHERE CIDR_MATCH(ip1, \"1.0.0.0/8\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_long": "TO_LONG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_long.markdown": "\n\n ### TO_LONG\n 入力値をlong値に変換します。入力パラメーターが日付型の場合、\n その値はUnixのエポックからのミリ秒として解釈され、longに変換されます。\n ブール値の*true*は*long*値の*1*に、*false*は*0*に変換されます。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_LONG(str1), long2 = TO_LONG(str2), long3 = TO_LONG(str3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_lower": "TO_LOWER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_lower.markdown": "\n\n ### TO_LOWER\n 小文字に変換された入力文字列を表す新しい文字列を返します。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_lower = TO_LOWER(message)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_radians": "TO_RADIANS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_radians.markdown": "\n\n ### TO_RADIANS\n 度数をラジアンに変換します。\n\n ```\n ROW deg = [90.0, 180.0, 270.0]\n | EVAL rad = TO_RADIANS(deg)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_string": "TO_STRING", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_string.markdown": "\n\n ### TO_STRING\n 入力値を文字列に変換します。\n\n ```\n ROW a=10\n | EVAL j = TO_STRING(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_unsigned_long": "TO_UNSIGNED_LONG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_unsigned_long.markdown": "\n\n ### TO_UNSIGNED_LONG\n 入力値を符号なしlong値に変換します。入力パラメーターが日付型の場合、\n その値はUnixのエポックからのミリ秒として解釈され、符号なしlong値に変換されます。\n ブール値の*true*は符号なし*long*値の*1*に、*false*は*0*に変換されます。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_UNSIGNED_LONG(str1), long2 = TO_ULONG(str2), long3 = TO_UL(str3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_upper": "TO_UPPER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_upper.markdown": "\n\n ### TO_UPPER\n 大文字に変換された入力文字列を表す新しい文字列を返します。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_upper = TO_UPPER(message)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_version": "TO_VERSION", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_version.markdown": "\n\n ### TO_VERSION\n 入力文字列をバージョン値に変換します。\n\n ```\n ROW v = TO_VERSION(\"1.2.3\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.trim": "TRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.trim.markdown": "\n\n ### TRIM\n 文字列から先頭と末尾の空白を削除します。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = TRIM(message)\n | EVAL color = TRIM(color)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.where": "WHERE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.where.markdown": "### WHERE\nWHEREを使用すると、入力テーブルから、指定した条件がtrueと評価されるすべての行を含むテーブルを作成します。\n \n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| WHERE still_hired == true\n```\n\n#### 演算子\n\nサポートされている演算子の概要については、**演算子**を参照してください。\n\n#### 関数\nWHEREは値を計算するためのさまざまな関数をサポートしています。**関数**をクリックすると詳細が表示されます。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationLabel": "ドキュメント", + "languageDocumentationPopover.documentationESQL.abs": "ABS", + "languageDocumentationPopover.documentationESQL.abs.markdown": "\n\n ### ABS\n 絶対値を返します。\n\n ```\n ROW number = -1.0 \n | EVAL abs_number = ABS(number)\n ```\n ", + "languageDocumentationPopover.documentationESQL.acos": "ACOS", + "languageDocumentationPopover.documentationESQL.acos.markdown": "\n\n ### ACOS\n nのアークコサインをラジアンで表記された角度として返します。\n\n ```\n ROW a=.9\n | EVAL acos=ACOS(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.asin": "ASIN", + "languageDocumentationPopover.documentationESQL.asin.markdown": "\n\n ### ASIN\n 入力\n 数値式のアークサインをラジアンで表記された角度として返します。\n\n ```\n ROW a=.9\n | EVAL asin=ASIN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.atan": "ATAN", + "languageDocumentationPopover.documentationESQL.atan.markdown": "\n\n ### ATAN\n 入力\n 数値式のアークタンジェントをラジアンで表記された角度として返します。\n\n ```\n ROW a=12.9\n | EVAL atan=ATAN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.atan2": "ATAN2", + "languageDocumentationPopover.documentationESQL.atan2.markdown": "\n\n ### ATAN2\n 直交平面上の原点から点(x , y)に向かう光線と正のx軸のなす角(ラジアン表記)。\n \n\n ```\n ROW y=12.9, x=.6\n | EVAL atan2=ATAN2(y, x)\n ```\n ", + "languageDocumentationPopover.documentationESQL.autoBucketFunction": "BUCKET", + "languageDocumentationPopover.documentationESQL.autoBucketFunction.markdown": "### バケット\n日時または数値入力から、値(バケット)のグループを作成します。バケットのサイズは直接指定するか、推奨される数と値の範囲に基づいて選択できます。\n\nBUCKETは次の2つのモードで動作します。\n\n1.バケットのサイズがバケット数の提案(4つのパラメーター)と範囲に基づいて計算される。\n2.バケットサイズが直接指定される(2つのパラメーター)。\n\n目標バケット数、開始日、終了日を使用すると、目標バケット数以下のバケットを生成するために適切なバケットサイズがBUCKETによって選択されます。\n\nたとえば、1年に最大20バケットをリクエストすると、データが1か月間隔で整理されます。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT hire_date\n```\n\n**注**:ここでは、正確な目標バケット数を指定するのではなく、目標バケット数を_上限_として範囲を指定します。\n\nBUCKETを集約と組み合わせ、ヒストグラムを作成できます。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_month = COUNT(*) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT month\n```\n\n**注**:BUCKETは、どのドキュメントにも一致しないバケットを作成しません。そのため、前の例では1985-03-01やその他の日付が抜けています。\n\nその他のバケットを要求すると、範囲が小さくなることがあります。たとえば、1年に最大100バケットをリクエストすると、1週間単位のバケットになります。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 100, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT week\n```\n\n**注**:AUTO_BUCKETは行をフィルタリングしません。指定された範囲のみを使用して、適切なバケットサイズを選択します。範囲外の値の行に対しては、範囲外のバケツに対応するバケット値を返します。行をフィルタリングするには、BUCKETとWHEREを組み合わせます。\n\n事前に任意のバケットサイズがわかっている場合は、2番目の引数として指定し、範囲を除外します。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 1 week)\n| SORT week\n```\n\n**注**:バケットサイズを2番目のパラメーターとして指定するときには、時間の期間または日付の期間を選択する必要があります。\n\nBUCKETは数値フィールドでも動作します。たとえば、給与ヒストグラムを作成します。\n\n```\nFROM employees\n| STATS COUNT(*) by bs = BUCKET(salary, 20, 25324, 74999)\n| SORT bs\n```\n\n日付範囲で意図的フィルタリングする前の例とは異なり、数値フィールドでフィルタリングすることはほとんどありません。最小値と最大値を別々に見つける必要があります。ES|QLにはそれを自動的に実行するための簡単な方法がありません。\n\n任意のバケットサイズが事前にわかっている場合は、範囲を省略できます。2番目の引数として指定します。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS c = COUNT(1) BY b = BUCKET(salary, 5000.)\n| SORT b\n```\n\n**注**:バケットサイズを2番目のパラメーターとして指定するときには、**浮動小数点数型**でなければなりません。\n\n次の例は、過去24時間の1時間単位のバケットを作成し、1時間当たりのイベント数を計算します。\n\n```\nFROM sample_data\n| WHERE @timestamp >= NOW() - 1 day and @timestamp < NOW()\n| STATS COUNT(*) BY bucket = BUCKET(@timestamp, 25, NOW() - 1 day, NOW())\n```\n\n次の例は、1985年の1か月単位のバケットを作成し、採用月別に平均給与を計算します。\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS AVG(salary) BY bucket = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT bucket\n```\n\n集約部で関数が**グループ部で定義されたエイリアスによって参照されている**場合、またはまったく同じ式で呼び出されている場合、BUCKETは、 STATS …​ BY …コマンドの集約部とグループ部の両方で使用できます。\n\n例:\n\n```\nFROM employees\n| STATS s1 = b1 + 1, s2 = BUCKET(salary / 1000 + 999, 50.) + 2 BY b1 = BUCKET(salary / 100 + 99, 50.), b2 = BUCKET(salary / 1000 + 999, 50.)\n| SORT b1, b2\n| KEEP s1, b1, s2, b2\n```\n ", + "languageDocumentationPopover.documentationESQL.binaryOperators": "バイナリ演算子", + "languageDocumentationPopover.documentationESQL.binaryOperators.markdown": "### バイナリ演算子\n次のバイナリ比較演算子がサポートされています。\n\n* 等号:`==`\n* 不等号:`!=`\n* より小さい:`<`\n* 以下:`<=`\n* より大きい:`>`\n* 以上:`>=`\n* 加算:`+`\n* 減算:`-`\n* 乗算:`*`\n* 除算:`/`\n* 係数:`%`\n ", + "languageDocumentationPopover.documentationESQL.booleanOperators": "ブール演算子", + "languageDocumentationPopover.documentationESQL.booleanOperators.markdown": "### ブール演算子\n次のブール演算子がサポートされています。\n\n* `AND`\n* `OR`\n* `NOT`\n ", + "languageDocumentationPopover.documentationESQL.bucket": "BUCKET", + "languageDocumentationPopover.documentationESQL.bucket.markdown": "\n\n ### BUCKET\n 日時または数値入力から、値(バケット)のグループを作成します。\n バケットのサイズは直接指定するか、推奨される数と値の範囲に基づいて選択できます。\n\n ```\n FROM employees\n | WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n | STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n | SORT hire_date\n ```\n ", + "languageDocumentationPopover.documentationESQL.case": "CASE", + "languageDocumentationPopover.documentationESQL.case.markdown": "\n\n ### CASE\n 条件と値のペアを指定できます。この関数は、trueと評価される\n 最初の条件に属する値を返します。\n\n 引数の数が奇数の場合、最後の引数は条件に一致しない場合に返されるデフォルト値になります。\n 引数の数が偶数で、\n 条件が一致しない場合、この関数はnullを返します。\n\n ```\n FROM employees\n | EVAL type = CASE(\n languages <= 1, \"monolingual\",\n languages <= 2, \"bilingual\",\n \"polyglot\")\n | KEEP emp_no, languages, type\n ```\n ", + "languageDocumentationPopover.documentationESQL.castOperator": "Cast (::)", + "languageDocumentationPopover.documentationESQL.castOperator.markdown": "### CAST (`::`)\n::演算子はO_型変換関数に代わる便利な構文です。\n\n例:\n```\nROW ver = CONCAT((\"0\"::INT + 1)::STRING, \".2.3\")::VERSION\n```\n ", + "languageDocumentationPopover.documentationESQL.cbrt": "CBRT", + "languageDocumentationPopover.documentationESQL.cbrt.markdown": "\n\n ### CBRT\n 数値の立方根を返します。入力は任意の数値で、戻り値は常にdoubleです。\n 無限大の立方根はnullです。\n\n ```\n ROW d = 1000.0\n | EVAL c = cbrt(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.ceil": "CEIL", + "languageDocumentationPopover.documentationESQL.ceil.markdown": "\n\n ### CEIL\n 最も近い整数に数値を切り上げます。\n\n ```\n ROW a=1.8\n | EVAL a=CEIL(a)\n ```\n 注:これはlong(符号なしを含む)とintegerのnoopです。doubleの場合、JavaのMath.ceilと同様に、整数に最も近いdoubleの値を選びます。\n ", + "languageDocumentationPopover.documentationESQL.cidr_match": "CIDR_MATCH", + "languageDocumentationPopover.documentationESQL.cidr_match.markdown": "\n\n ### CIDR_MATCH\n 指定されたIPが指定されたCIDRブロックのいずれかに含まれていればtrueを返します。\n\n ```\n FROM hosts \n | WHERE CIDR_MATCH(ip1, \"127.0.0.2/32\", \"127.0.0.3/32\") \n | KEEP card, host, ip0, ip1\n ```\n ", + "languageDocumentationPopover.documentationESQL.coalesce": "COALESCE", + "languageDocumentationPopover.documentationESQL.coalesce.markdown": "\n\n ### COALESCE\n nullでない最初の引数を返します。すべての引数がnullの場合はnullを返します。\n\n ```\n ROW a=null, b=\"b\"\n | EVAL COALESCE(a, b)\n ```\n ", + "languageDocumentationPopover.documentationESQL.concat": "CONCAT", + "languageDocumentationPopover.documentationESQL.concat.markdown": "\n\n ### CONCAT\n 2つ以上の文字列を連結します。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fullname = CONCAT(first_name, \" \", last_name)\n ```\n ", + "languageDocumentationPopover.documentationESQL.cos": "COS", + "languageDocumentationPopover.documentationESQL.cos.markdown": "\n\n ### COS\n 角度の余弦を返します。\n\n ```\n ROW a=1.8 \n | EVAL cos=COS(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.cosh": "COSH", + "languageDocumentationPopover.documentationESQL.cosh.markdown": "\n\n ### COSH\n 角度の双曲余弦を返します。\n\n ```\n ROW a=1.8 \n | EVAL cosh=COSH(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_diff": "DATE_DIFF", + "languageDocumentationPopover.documentationESQL.date_diff.markdown": "\n\n ### DATE_DIFF\n startTimestampをendTimestampから減算し、unitの乗数の差を返します。\n startTimestampがendTimestampより後の場合は、負の値が返されます。\n\n ```\n ROW date1 = TO_DATETIME(\"2023-12-02T11:00:00.000Z\"), date2 = TO_DATETIME(\"2023-12-02T11:00:00.001Z\")\n | EVAL dd_ms = DATE_DIFF(\"microseconds\", date1, date2)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_extract": "DATE_EXTRACT", + "languageDocumentationPopover.documentationESQL.date_extract.markdown": "\n\n ### DATE_EXTRACT\n 年、月、日、時間など、日付の一部を抽出します。\n\n ```\n ROW date = DATE_PARSE(\"yyyy-MM-dd\", \"2022-05-06\")\n | EVAL year = DATE_EXTRACT(\"year\", date)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_format": "DATE_FORMAT", + "languageDocumentationPopover.documentationESQL.date_format.markdown": "\n\n ### DATE_FORMAT\n 指定した書式の日付の文字列表現を返します。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL hired = DATE_FORMAT(\"YYYY-MM-dd\", hire_date)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_parse": "DATE_PARSE", + "languageDocumentationPopover.documentationESQL.date_parse.markdown": "\n\n ### DATE_PARSE\n 最初の引数で指定した形式を使用して、2番目の引数を解析することで、日付を返します。\n\n ```\n ROW date_string = \"2022-05-06\"\n | EVAL date = DATE_PARSE(\"yyyy-MM-dd\", date_string)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_trunc": "DATE_TRUNC", + "languageDocumentationPopover.documentationESQL.date_trunc.markdown": "\n\n ### DATE_TRUNC\n 最も近い区間まで日付を切り捨てます。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL year_hired = DATE_TRUNC(1 year, hire_date)\n ```\n ", + "languageDocumentationPopover.documentationESQL.dissect": "DISSECT", + "languageDocumentationPopover.documentationESQL.dissect.markdown": "### DISSECT\nDISSECTは文字列から構造化データを取り出すことができます。DISSECTは文字列を区切り文字ベースのパターンと照合し、指定されたキーを列として抽出します。\n\ndissectパターンの構文については、[dissectプロセッサードキュメント](https://www.elastic.co/guide/en/elasticsearch/reference/current/dissect-processor.html)を参照してください。\n\n```\nROW a = \"1953-01-23T12:15:00Z - some text - 127.0.0.1\"\n| DISSECT a \"%'{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip}'\"\n``` ", + "languageDocumentationPopover.documentationESQL.drop": "DROP", + "languageDocumentationPopover.documentationESQL.drop.markdown": "### DROP\nテーブルから列を削除するには、DROPを使用します。\n \n```\nFROM employees\n| DROP height\n```\n\n各列を名前で指定するのではなく、ワイルドカードを使って、パターンと一致する名前の列をすべて削除することができます。\n\n```\nFROM employees\n| DROP height*\n```\n ", + "languageDocumentationPopover.documentationESQL.e": "E", + "languageDocumentationPopover.documentationESQL.e.markdown": "\n\n ### E\n オイラー数を返します。\n\n ```\n ROW E()\n ```\n ", + "languageDocumentationPopover.documentationESQL.ends_with": "ENDS_WITH", + "languageDocumentationPopover.documentationESQL.ends_with.markdown": "\n\n ### ENDS_WITH\n キーワード文字列が他の文字列で終わるかどうかを示すブール値を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_E = ENDS_WITH(last_name, \"d\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.enrich": "ENRICH", + "languageDocumentationPopover.documentationESQL.enrich.markdown": "### ENRICH\nENRICH`を使用すると、既存のインデックスのデータを受信レコードに追加することができます。[インジェストエンリッチ](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html)と似ていますが、クエリー時に動作します。\n\n```\nROW language_code = \"1\"\n| ENRICH languages_policy\n```\n\nENRICHでは、[エンリッチポリシー](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-policy)を実行する必要があります。エンリッチポリシーは、一致フィールド (キーフィールド) とエンリッチフィールドのセットを定義します。\n\nENRICHは、一致フィールド値に基づいて、[エンリッチインデックス](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-index)のレコードを検索します。入力データセットの一致するキーは、ON を使用して定義できます。指定しない場合は、エンリッチポリシーで定義された一致フィールドと同じ名前のフィールドで一致が実行されます。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a\n```\n\nWITH , ...構文を使用して、結果に追加される属性(ポリシーでエンリッチフィールドとして定義された属性の間)を指定できます。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH language_name\n```\n\n属性の名前は、WITH new_name=を使用して変更できます。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH name = language_name\n```\n\nデフォルトでは、(WITHが定義されていない場合)、ENRICHはエンリッチポリシーで定義されたすべてのエンリッチフィールドを結果に追加します。\n\n名前の競合が発生した場合、新しく作成されたフィールドが既存のフィールドを上書きします。\n ", + "languageDocumentationPopover.documentationESQL.eval": "EVAL", + "languageDocumentationPopover.documentationESQL.eval.markdown": "### EVAL\nEVALでは、新しい列を追加できます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height_feet = height * 3.281, height_cm = height * 100\n```\n\n指定した列がすでに存在する場合、既存の列は削除され、新しい列がテーブルに追加されます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height = height * 3.281\n```\n\n#### 関数\nEVALは値を計算するためのさまざまな関数をサポートしています。関数をクリックすると詳細が表示されます。\n ", + "languageDocumentationPopover.documentationESQL.floor": "FLOOR", + "languageDocumentationPopover.documentationESQL.floor.markdown": "\n\n ### FLOOR\n 最も近い整数に数値を切り捨てます。\n\n ```\n ROW a=1.8\n | EVAL a=FLOOR(a)\n ```\n 注:これはlong(符号なしを含む)とintegerのnoopです。\n doubleの場合、Math.floorと同様に、整数に最も近いdoubleの値を選びます。\n \n ", + "languageDocumentationPopover.documentationESQL.from": "FROM", + "languageDocumentationPopover.documentationESQL.from_base64": "FROM_BASE64", + "languageDocumentationPopover.documentationESQL.from_base64.markdown": "\n\n ### FROM_BASE64\n base64文字列をデコードします。\n\n ```\n row a = \"ZWxhc3RpYw==\" \n | eval d = from_base64(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.from.markdown": "### FROM\nソースコマンドFROMは、データストリーム、インデックス、またはエイリアスから、最大10,000ドキュメントを含むテーブルを返します。結果のテーブルの各行はドキュメントを表します。各列はフィールドに対応し、そのフィールドの名前でアクセスできます。\n\n```\nFROM employees\n```\n\n[日付演算](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#api-date-math-index-names) を使用して、インデックス、エイリアス、データストリームを参照できます。これは時系列データの場合に便利です。\n\nカンマ区切りのリストまたはワイルドカードを使用して、複数のデータストリーム、インデックス、またはエイリアスをクエリーします。\n\n```\nFROM employees-00001,employees-*\n```\n\n#### メタデータ\n\nES|QLは以下のメタデータフィールドにアクセスできます。\n\n* `_index`:ドキュメントが属するインデックス。このフィールドはkeyword型です。\n* `_id`:ソースドキュメントのID。このフィールドはkeyword型です。### `_version`:ソースドキュメントのバージョン。フィールドの型はlongです。\n\nメタデータフィールドを有効にするには、METADATAディレクティブを使います。\n\n```\nFROM index [METADATA _index, _id]\n```\n\nメタデータフィールドは、データのソースがインデックスである場合にのみ使用できます。その結果、FROMはMETADATAディレクティブをサポートする唯一のソースコマンドです。\n\nこのフィールドが有効になると、他のインデックスフィールドと同様に、後続の処理コマンドで利用できるようになります。\n\n```\nFROM ul_logs, apps [METADATA _index, _version]\n| WHERE id IN (13, 14) AND _version == 1\n| EVAL key = CONCAT(_index, \"_\", TO_STR(id))\n| SORT id, _index\n| KEEP id, _index, _version, key\n```\n\nまた、インデックス・フィールドと同様に、一度集約が実行されると、グループ化フィールドとして使用されないかぎり、メタデータフィールドは後続のコマンドからはアクセスできなくなります。\n\n```\nFROM employees [METADATA _index, _id]\n| STATS max = MAX(emp_no) BY _index\n```\n ", + "languageDocumentationPopover.documentationESQL.greatest": "GREATEST", + "languageDocumentationPopover.documentationESQL.greatest.markdown": "\n\n ### GREATEST\n 多数の列から最大値を返します。これはMV_MAX\n と似ていますが、一度に複数の列に対して実行します。\n\n ```\n ROW a = 10, b = 20\n | EVAL g = GREATEST(a, b)\n ```\n 注:keywordまたはtextフィールドに対して実行すると、アルファベット順の最後の文字列を返します。boolean列に対して実行すると、値がtrueの場合にtrueを返します。\n ", + "languageDocumentationPopover.documentationESQL.grok": "GROK", + "languageDocumentationPopover.documentationESQL.grok.markdown": "### GROK\nGROKを使うと、文字列から構造化データを抽出できます。GROKは正規表現に基づいて文字列をパターンと一致させ、指定されたパターンを列として抽出します。\n\ngrokパターンの構文については、 [grokプロセッサードキュメント](https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html)を参照してください。\n\n```\nROW a = \"12 15.5 15.6 true\"\n| GROK a \"%'{NUMBER:b:int}' %'{NUMBER:c:float}' %'{NUMBER:d:double}' %'{WORD:e:boolean}'\"\n```\n ", + "languageDocumentationPopover.documentationESQL.inOperator": "IN", + "languageDocumentationPopover.documentationESQL.inOperator.markdown": "### IN\nIN演算子は、フィールドや式がリテラル、フィールド、式のリストの要素と等しいかどうかをテストすることができます。\n\n```\nROW a = 1, b = 4, c = 3\n| WHERE c-a IN (3, b / 2, a)\n```\n ", + "languageDocumentationPopover.documentationESQL.ip_prefix": "IP_PREFIX", + "languageDocumentationPopover.documentationESQL.ip_prefix.markdown": "\n\n ### IP_PREFIX\n IPを特定のプレフィックス長に切り詰めます。\n\n ```\n row ip4 = to_ip(\"1.2.3.4\"), ip6 = to_ip(\"fe80::cae2:65ff:fece:feb9\")\n | eval ip4_prefix = ip_prefix(ip4, 24, 0), ip6_prefix = ip_prefix(ip6, 0, 112);\n ```\n ", + "languageDocumentationPopover.documentationESQL.keep": "KEEP", + "languageDocumentationPopover.documentationESQL.keep.markdown": "### KEEP\nKEEPコマンドは、返される列と、列が返される順序を指定することができます。\n\n返される列を制限するには、カンマで区切りの列名リストを使用します。列は指定された順序で返されます。\n \n```\nFROM employees\n| KEEP first_name, last_name, height\n```\n\n各列を名前で指定するのではなく、ワイルドカードを使って、パターンと一致する名前の列をすべて返すことができます。\n\n```\nFROM employees\n| KEEP h*\n```\n\nアスタリスクワイルドカード(*)は単独で、他の引数と一致しないすべての列に変換されます。このクエリーは、最初にhで始まる名前の列をすべて返し、その後にその他の列をすべて返します。\n\n```\nFROM employees\n| KEEP h*, *\n```\n ", + "languageDocumentationPopover.documentationESQL.least": "LEAST", + "languageDocumentationPopover.documentationESQL.least.markdown": "\n\n ### LEAST\n 多数の列から最小値を返します。これはMV_MINと似ていますが、一度に複数の列に対して実行します。\n\n ```\n ROW a = 10, b = 20\n | EVAL l = LEAST(a, b)\n ```\n ", + "languageDocumentationPopover.documentationESQL.left": "LEFT", + "languageDocumentationPopover.documentationESQL.left.markdown": "\n\n ### LEFT\n stringから左から順にlength文字を抜き出したサブ文字列を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL left = LEFT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", + "languageDocumentationPopover.documentationESQL.length": "LENGTH", + "languageDocumentationPopover.documentationESQL.length.markdown": "\n\n ### LENGTH\n 文字列の文字数を返します。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fn_length = LENGTH(first_name)\n ```\n ", + "languageDocumentationPopover.documentationESQL.limit": "LIMIT", + "languageDocumentationPopover.documentationESQL.limit.markdown": "### LIMIT\nLIMIT`処理コマンドは行数を制限することができます。\n \n```\nFROM employees\n| LIMIT 5\n```\n ", + "languageDocumentationPopover.documentationESQL.locate": "LOCATE", + "languageDocumentationPopover.documentationESQL.locate.markdown": "\n\n ### LOCATE\n 別の文字列内のキーワードサブ文字列の位置を示す整数を返します。\n\n ```\n row a = \"hello\"\n | eval a_ll = locate(a, \"ll\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.log": "LOG", + "languageDocumentationPopover.documentationESQL.log.markdown": "\n\n ### LOG\n 基数に対する値の対数を返します。入力は任意の数値で、戻り値は常にdoubleです。\n\n ゼロの対数、負数、1の基数はnullと警告を返します。\n\n ```\n ROW base = 2.0, value = 8.0\n | EVAL s = LOG(base, value)\n ```\n ", + "languageDocumentationPopover.documentationESQL.log10": "LOG10", + "languageDocumentationPopover.documentationESQL.log10.markdown": "\n\n ### LOG10\n 基数10に対する値の対数を返します。入力は任意の数値で、戻り値は常にdoubleです。\n\n 0の対数および負数はnullと警告を返します。\n\n ```\n ROW d = 1000.0 \n | EVAL s = LOG10(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.ltrim": "LTRIM", + "languageDocumentationPopover.documentationESQL.ltrim.markdown": "\n\n ### LTRIM\n 文字列から先頭の空白を取り除きます。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = LTRIM(message)\n | EVAL color = LTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.markdown": "## ES|QL\n\nES|QL(Elasticsearch クエリー言語)クエリーは、パイプ文字の|で区切られた一連のコマンドで構成されます。各クエリーは**ソースコマンド**で始まり、通常はElasticsearchのデータを使ってテーブルを生成します。\n\nソースコマンドには、1つ以上の**処理コマンド**を続けることができます。処理コマンドは、行や列を追加、削除、変更することで、前のコマンドの出力テーブルを変更することができます。\n\n```\nsource-command\n| processing-command1\n| processing-command2\n```\n\nクエリーの結果は、最終的な処理コマンドによって生成されるテーブルです。 \n ", + "languageDocumentationPopover.documentationESQL.mv_append": "MV_APPEND", + "languageDocumentationPopover.documentationESQL.mv_append.markdown": "\n\n ### MV_APPEND\n 2つの複数値フィールドの値を連結します\n\n ", + "languageDocumentationPopover.documentationESQL.mv_avg": "MV_AVG", + "languageDocumentationPopover.documentationESQL.mv_avg.markdown": "\n\n ### MV_AVG\n 複数値フィールドを、すべての値の平均を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 1, 6]\n | EVAL avg_a = MV_AVG(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_concat": "MV_CONCAT", + "languageDocumentationPopover.documentationESQL.mv_concat.markdown": "\n\n ### MV_CONCAT\n 複数値文字列式を、区切り文字で区切られたすべての値を連結した単一値列に変換します。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL j = MV_CONCAT(a, \", \")\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_count": "MV_COUNT", + "languageDocumentationPopover.documentationESQL.mv_count.markdown": "\n\n ### MV_COUNT\n 複数値式を、値の数をカウントする単一値列に変換します。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL count_a = MV_COUNT(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_dedupe": "MV_DEDUPE", + "languageDocumentationPopover.documentationESQL.mv_dedupe.markdown": "\n\n ### MV_DEDUPE\n 複数値フィールドから重複する値を削除します。\n\n ```\n ROW a=[\"foo\", \"foo\", \"bar\", \"foo\"]\n | EVAL dedupe_a = MV_DEDUPE(a)\n ```\n 注:MV_DEDUPEは列の値をソートすることがありますが、常にソートするわけではありません。\n ", + "languageDocumentationPopover.documentationESQL.mv_first": "MV_FIRST", + "languageDocumentationPopover.documentationESQL.mv_first.markdown": "\n\n ### MV_FIRST\n \n 複数値式を、最初の値を含む単一値列に変換します。これは、SPLITなどの既知の順序で複数値列を発行する関数から読み取るときに役立ちます。\n \n\n 複数値フィールドが基本ストレージから読み取られる順序は保証されません。\n \n 通常は昇順ですが、必ずしもそうであるわけではありません。最小値が必要な場合は、MV_FIRSTの代わりに、MV_MINを使用します。\n MV_MINは、ソートされた値向けに最適化されているため、\n MV_FIRSTにパフォーマンスの利点はありません。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL first_a = MV_FIRST(SPLIT(a, \";\"))\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_last": "MV_LAST", + "languageDocumentationPopover.documentationESQL.mv_last.markdown": "\n\n ### MV_LAST\n \n 複数値式を、最後の値を含む単一値列に変換します。これは、SPLITなどの既知の順序で複数値列を発行する関数から読み取るときに役立ちます。\n \n\n 複数値フィールドが基本ストレージから読み取られる順序は保証されません。\n \n 通常は昇順ですが、必ずしもそうであるわけではありません。最大値が必要な場合は、MV_LASTの代わりに、MV_MAXを使用します。\n MV_MAXは、ソートされた値向けに最適化されているため、\n MV_LASTにパフォーマンスの利点はありません。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL last_a = MV_LAST(SPLIT(a, \";\"))\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_max": "MV_MAX", + "languageDocumentationPopover.documentationESQL.mv_max.markdown": "\n\n ### MV_MAX\n 複数値フィールドを、最大値を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL max_a = MV_MAX(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_median": "MV_MEDIAN", + "languageDocumentationPopover.documentationESQL.mv_median.markdown": "\n\n ### MV_MEDIAN\n 複数値フィールドを、中央値を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL median_a = MV_MEDIAN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_min": "MV_MIN", + "languageDocumentationPopover.documentationESQL.mv_min.markdown": "\n\n ### MV_MIN\n 複数値フィールドを、最小値を含む単一値フィールドに変換します。\n\n ```\n ROW a=[2, 1]\n | EVAL min_a = MV_MIN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_slice": "MV_SLICE", + "languageDocumentationPopover.documentationESQL.mv_slice.markdown": "\n\n ### MV_SLICE\n 開始インデックス値と終了インデックス値を使用して、複数値フィールドのサブセットを返します。\n\n ```\n row a = [1, 2, 2, 3]\n | eval a1 = mv_slice(a, 1), a2 = mv_slice(a, 2, 3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_sort": "MV_SORT", + "languageDocumentationPopover.documentationESQL.mv_sort.markdown": "\n\n ### MV_SORT\n 辞書の順序で複数値フィールドを並べ替えます。\n\n ```\n ROW a = [4, 2, -3, 2]\n | EVAL sa = mv_sort(a), sd = mv_sort(a, \"DESC\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_sum": "MV_SUM", + "languageDocumentationPopover.documentationESQL.mv_sum.markdown": "\n\n ### MV_SUM\n 複数値フィールドを、すべての値の合計を含む単一値フィールドに変換します。\n\n ```\n ROW a=[3, 5, 6]\n | EVAL sum_a = MV_SUM(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_zip": "MV_ZIP", + "languageDocumentationPopover.documentationESQL.mv_zip.markdown": "\n\n ### MV_ZIP\n 値を結合する区切り文字を使用して、2つの複数値フィールドの値を結合します。\n\n ```\n ROW a = [\"x\", \"y\", \"z\"], b = [\"1\", \"2\"]\n | EVAL c = mv_zip(a, b, \"-\")\n | KEEP a, b, c\n ```\n ", + "languageDocumentationPopover.documentationESQL.mvExpand": "MV_EXPAND", + "languageDocumentationPopover.documentationESQL.mvExpand.markdown": "### MV_EXPAND\nMV_EXPAND処理コマンドは、複数値フィールドを値ごとに1行に展開し、他のフィールドを複製します。 \n```\nROW a=[1,2,3], b=\"b\", j=[\"a\",\"b\"]\n| MV_EXPAND a\n```\n ", + "languageDocumentationPopover.documentationESQL.now": "NOW", + "languageDocumentationPopover.documentationESQL.now.markdown": "\n\n ### NOW\n 現在の日付と時刻を返します。\n\n ```\n ROW current_date = NOW()\n ```\n ", + "languageDocumentationPopover.documentationESQL.pi": "PI", + "languageDocumentationPopover.documentationESQL.pi.markdown": "\n\n ### PI\n 円の円周と直径の比率であるPiを返します。\n\n ```\n ROW PI()\n ```\n ", + "languageDocumentationPopover.documentationESQL.pow": "POW", + "languageDocumentationPopover.documentationESQL.pow.markdown": "\n\n ### POW\n exponentのべき乗にしたbaseの値を返します。\n\n ```\n ROW base = 2.0, exponent = 2\n | EVAL result = POW(base, exponent)\n ```\n 注:ここでは、倍精度浮動小数点数の結果でもオーバーフローする可能性があります。その場合は、NULLが返されます。\n ", + "languageDocumentationPopover.documentationESQL.predicates": "NULL値", + "languageDocumentationPopover.documentationESQL.predicates.markdown": "### NULL値\nNULLの比較には、IS NULLとIS NOT NULL述語を使います。\n\n```\nFROM employees\n| WHERE birth_date IS NULL\n| KEEP first_name, last_name\n| SORT first_name\n| LIMIT 3\n```\n\n```\nFROM employees\n| WHERE is_rehired IS NOT NULL\n| STATS count(emp_no)\n```\n ", + "languageDocumentationPopover.documentationESQL.rename": "RENAME", + "languageDocumentationPopover.documentationESQL.rename.markdown": "### RENAME\nRENAMEを使用して、次の構文で列の名前を変更します。\n\n```\nRENAME AS \n```\n\n例:\n\n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| RENAME still_hired AS employed\n```\n\n新しい名前の列がすでに存在する場合、その列は新しい列に置き換えられます。\n\n複数の列の名前を1つのRENAMEコマンドで変更することができます。\n\n```\nFROM employees\n| KEEP first_name, last_name\n| RENAME first_name AS fn, last_name AS ln\n```\n ", + "languageDocumentationPopover.documentationESQL.repeat": "REPEAT", + "languageDocumentationPopover.documentationESQL.repeat.markdown": "\n\n ### REPEAT\n 指定したnumberの回数、文字列stringとそれ自身を連結して構成された文字列を返します。\n\n ```\n ROW a = \"Hello!\"\n | EVAL triple_a = REPEAT(a, 3);\n ```\n ", + "languageDocumentationPopover.documentationESQL.replace": "REPLACE", + "languageDocumentationPopover.documentationESQL.replace.markdown": "\n\n ### REPLACE\n \n この関数は、正規表現regexと置換文字列newStrの任意の一致を文字列strに代入します。\n\n ```\n ROW str = \"Hello World\"\n | EVAL str = REPLACE(str, \"World\", \"Universe\")\n | KEEP str\n ```\n ", + "languageDocumentationPopover.documentationESQL.right": "RIGHT", + "languageDocumentationPopover.documentationESQL.right.markdown": "\n\n ### RIGHT\n strのうち右から数えてlength文字までのサブ文字列を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL right = RIGHT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", + "languageDocumentationPopover.documentationESQL.round": "ROUND", + "languageDocumentationPopover.documentationESQL.round.markdown": "\n\n ### ROUND\n 数値を指定した小数点以下の桁数に丸めます。\n デフォルトは0で、最も近い整数を返します。\n 精度が負の場合、小数点以下の桁数に丸めます。\n \n\n ```\n FROM employees\n | KEEP first_name, last_name, height\n | EVAL height_ft = ROUND(height * 3.281, 1)\n ```\n ", + "languageDocumentationPopover.documentationESQL.row": "ROW", + "languageDocumentationPopover.documentationESQL.row.markdown": "### ROW\nROWソースコマンドは、指定した値の列を1つ以上含む行を作成します。これはテストの場合に便利です。\n \n```\nROW a = 1, b = \"two\", c = null\n```\n\n複数の値を含む列を作成するには角括弧を使用します。\n\n```\nROW a = [2, 1]\n```\n\nROWは関数の使用をサポートしています。\n\n```\nROW a = ROUND(1.23, 0)\n```\n ", + "languageDocumentationPopover.documentationESQL.rtrim": "RTRIM", + "languageDocumentationPopover.documentationESQL.rtrim.markdown": "\n\n ### RTRIM\n 文字列から末尾の空白を取り除きます。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = RTRIM(message)\n | EVAL color = RTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.show": "SHOW", + "languageDocumentationPopover.documentationESQL.show.markdown": "### SHOW\nSHOW ソースコマンドはデプロイとその能力に関する情報を返します。\n\n* デプロイのバージョン、ビルド日、ハッシュを返すには、SHOW INFOを使用します。\n* SHOW FUNCTIONSを使用すると、サポートされているすべての関数のリストと各関数の概要を返します。\n ", + "languageDocumentationPopover.documentationESQL.signum": "SIGNUM", + "languageDocumentationPopover.documentationESQL.signum.markdown": "\n\n ### SIGNUM\n 任意の数値の符号を返します。\n 負の数値の場合は-1を返します。0の場合は0を返します。正の数値の場合は1を返します。\n\n ```\n ROW d = 100.0\n | EVAL s = SIGNUM(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.sin": "SIN", + "languageDocumentationPopover.documentationESQL.sin.markdown": "\n\n ### SIN\n 角度の正弦三角関数を返します。\n\n ```\n ROW a=1.8 \n | EVAL sin=SIN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.sinh": "SINH", + "languageDocumentationPopover.documentationESQL.sinh.markdown": "\n\n ### SINH\n 角度の双曲線正弦を返します。\n\n ```\n ROW a=1.8 \n | EVAL sinh=SINH(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.sort": "SORT", + "languageDocumentationPopover.documentationESQL.sort.markdown": "### SORT\nSORTコマンドを使用すると、1つ以上のフィールドで行をソートすることができます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height\n```\n\nデフォルトのソート順は昇順です。ASCまたはDESCを使って明示的なソート順を設定します。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC\n```\n\n2つの行のソートキーが同じ場合、元の順序が保持されます。タイブレーカーとなるソート式を追加で指定できます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC, first_name ASC\n```\n\n#### null値\nデフォルトでは、null値は他のどの値よりも大きい値として扱われます。昇順のソートではnull値は最後にソートされ、降順のソートではnull値は最初にソートされます。NULLS FIRSTまたはNULLS LASTを指定することで変更できます。\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT first_name ASC NULLS FIRST\n```\n ", + "languageDocumentationPopover.documentationESQL.split": "SPLIT", + "languageDocumentationPopover.documentationESQL.split.markdown": "\n\n ### SPLIT\n 単一の値の文字列を複数の文字列に分割します。\n\n ```\n ROW words=\"foo;bar;baz;qux;quux;corge\"\n | EVAL word = SPLIT(words, \";\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.sqrt": "SQRT", + "languageDocumentationPopover.documentationESQL.sqrt.markdown": "\n\n ### SQRT\n 数値の平方根を返します。入力は任意の数値で、戻り値は常にdoubleです。\n 負数と無限大の平方根はnullです。\n\n ```\n ROW d = 100.0\n | EVAL s = SQRT(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_contains": "ST_CONTAINS", + "languageDocumentationPopover.documentationESQL.st_contains.markdown": "\n\n ### ST_CONTAINS\n 最初のジオメトリに2番目のジオメトリが含まれるかどうかを返します。\n これはST_WITHIN関数の逆関数です。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_CONTAINS(city_boundary, TO_GEOSHAPE(\"POLYGON((109.35 18.3, 109.45 18.3, 109.45 18.4, 109.35 18.4, 109.35 18.3))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_disjoint": "ST_DISJOINT", + "languageDocumentationPopover.documentationESQL.st_disjoint.markdown": "\n\n ### ST_DISJOINT\n 2つのジオメトリまたはジオメトリ列が結合解除されているかどうかを返します。\n これはST_INTERSECTS関数の逆関数です。\n 数学的には次のようになります。ST_Disjoint(A, B) ⇔ A ⋂ B = ∅\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_DISJOINT(city_boundary, TO_GEOSHAPE(\"POLYGON((-10 -60, 120 -60, 120 60, -10 60, -10 -60))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_distance": "ST_DISTANCE", + "languageDocumentationPopover.documentationESQL.st_distance.markdown": "\n\n ### ST_DISTANCE\n 2点間の距離を計算します。\n デカルト幾何学の場合、これは元の座標と同じ単位でのピタゴラス距離です。\n 地理的幾何学では、これはメートル単位での円に沿った円周距離です。\n\n ```\n FROM airports\n | WHERE abbrev == \"CPH\"\n | EVAL distance = ST_DISTANCE(location, city_location)\n | KEEP abbrev, name, location, city_location, distance\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_intersects": "ST_INTERSECTS", + "languageDocumentationPopover.documentationESQL.st_intersects.markdown": "\n\n ### ST_INTERSECTS\n 2つのジオメトリが交差している場合はTrueを返します。\n 内部点を含め、共通の点がある場合は交差しています\n (線に沿った点または多角形内の点)。\n これはST_DISJOINT関数の逆関数です。\n 数学的には次のようになります。ST_Intersects(A, B) ⇔ A ⋂ B ≠ ∅\n\n ```\n FROM airports\n | WHERE ST_INTERSECTS(location, TO_GEOSHAPE(\"POLYGON((42 14, 43 14, 43 15, 42 15, 42 14))\"))\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_within": "ST_WITHIN", + "languageDocumentationPopover.documentationESQL.st_within.markdown": "\n\n ### ST_WITHIN\n 最初のジオメトリが2番目のジオメトリ内にあるかどうかを返します。\n これはST_CONTAINS関数の逆関数です。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_WITHIN(city_boundary, TO_GEOSHAPE(\"POLYGON((109.1 18.15, 109.6 18.15, 109.6 18.65, 109.1 18.65, 109.1 18.15))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_x": "ST_X", + "languageDocumentationPopover.documentationESQL.st_x.markdown": "\n\n ### ST_X\n 指定された点からx座標を抽出します。\n この点がgeo_pointタイプの場合は、longitude値を抽出するのと同じ結果になります。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_y": "ST_Y", + "languageDocumentationPopover.documentationESQL.st_y.markdown": "\n\n ### ST_Y\n 指定された点からy座標を抽出します。\n この点がgeo_pointタイプの場合は、latitude値を抽出するのと同じ結果になります。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", + "languageDocumentationPopover.documentationESQL.starts_with": "STARTS_WITH", + "languageDocumentationPopover.documentationESQL.starts_with.markdown": "\n\n ### STARTS_WITH\n キーワード文字列が他の文字列で始まるかどうかを示すブール値を返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_S = STARTS_WITH(last_name, \"B\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.statsby": "STATS ...BY", + "languageDocumentationPopover.documentationESQL.statsby.markdown": "### STATS ...BY\nSTATS ...BYを使用すると、共通の値に従って行をグループ化し、グループ化された行に対する1つ以上の集約値を計算します。\n\n**例**:\n\n```\nFROM employees\n| STATS count = COUNT(emp_no) BY languages\n| SORT languages\n```\n\nBYが省略された場合、出力テーブルには、データセット全体に適用された集約が正確に1行だけ含まれます。\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages)\n```\n\n複数の値を計算することができます。\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages), max_lang = MAX(languages)\n```\n\n複数の値でグループ化することも可能です(longおよびkeywordファミリーフィールドでのみサポート)。\n\n```\nFROM employees\n| EVAL hired = DATE_FORMAT(hire_date, \"YYYY\")\n| STATS avg_salary = AVG(salary) BY hired, languages.long\n| EVAL avg_salary = ROUND(avg_salary)\n| SORT hired, languages.long\n```\n\nSTATS ...BYで使用できる関数の一覧については、**集計関数**を参照してください。\n\n集計関数とグループ式の両方で他の関数を使用できます。これは、複数値列でSTATS...BYを使用するときに有用です。たとえば、平均給与変動を計算するには、まず、MV_AVGを使用して従業員ごとに複数の値の平均を求め、その結果にAVG関数を適用します。\n\n```\nFROM employees\n| STATS avg_salary_change = AVG(MV_AVG(salary_change))\n```\n\n式によるグループ化の例は、姓の最初の文字で従業員をグループ化することです。\n\n```\nFROM employees\n| STATS my_count = COUNT() BY LEFT(last_name, 1)\n| SORT `LEFT(last_name, 1)`\n```\n\n出力列名の指定は任意です。指定しない場合は、新しい列名が式と等しくなります。次のクエリーは列\"AVG(salary)\"を返します。\n\n```\nFROM employees\n| STATS AVG(salary)\n```\n\nこの名前には特殊文字が含まれているため、後続のコマンドで使用するときには、バッククオート(`)で囲む必要があります。\n\n```\nFROM employees\n| STATS AVG(salary)\n| EVAL avg_salary_rounded = ROUND(`AVG(salary)`)\n```\n\n**注**:グループなしのSTATSは、グループを追加するよりも大幅に高速です。\n\n**注**:単一式でのグループは、現在、複数式でのグループよりも大幅に最適化されています。\n ", + "languageDocumentationPopover.documentationESQL.stringOperators": "LIKEおよびRLIKE", + "languageDocumentationPopover.documentationESQL.stringOperators.markdown": "### LIKEおよびRLIKE\nワイルドカードや正規表現を使った文字列比較にはLIKEまたはRLIKEを使います。\n\nワイルドカードを使って文字列を一致させるにはLIKEを使います。次のワイルドカード文字がサポートされています。\n\n* `*`は0文字以上と一致します。\n* `?`は1文字と一致します。\n\n```\nFROM employees\n| WHERE first_name LIKE \"?b*\"\n| KEEP first_name, last_name\n```\n\n正規表現を使って文字列を一致させるには、RLIKEを使います。\n\n```\nFROM employees\n| WHERE first_name RLIKE \".leja.*\"\n| KEEP first_name, last_name\n```\n ", + "languageDocumentationPopover.documentationESQL.substring": "SUBSTRING", + "languageDocumentationPopover.documentationESQL.substring.markdown": "\n\n ### SUBSTRING\n 文字列のサブ文字列を、開始位置とオプションの長さで指定して返します。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_sub = SUBSTRING(last_name, 1, 3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.tan": "TAN", + "languageDocumentationPopover.documentationESQL.tan.markdown": "\n\n ### TAN\n 角度の正接三角関数を返します。\n\n ```\n ROW a=1.8 \n | EVAL tan=TAN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.tanh": "TANH", + "languageDocumentationPopover.documentationESQL.tanh.markdown": "\n\n ### TANH\n 角度の正接双曲線関数を返します。\n\n ```\n ROW a=1.8 \n | EVAL tanh=TANH(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.tau": "TAU", + "languageDocumentationPopover.documentationESQL.tau.markdown": "\n\n ### TAU\n 円の円周と半径の比率を返します。\n\n ```\n ROW TAU()\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_base64": "TO_BASE64", + "languageDocumentationPopover.documentationESQL.to_base64.markdown": "\n\n ### TO_BASE64\n 文字列をbase64文字列にエンコードします。\n\n ```\n row a = \"elastic\" \n | eval e = to_base64(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_boolean": "TO_BOOLEAN", + "languageDocumentationPopover.documentationESQL.to_boolean.markdown": "\n\n ### TO_BOOLEAN\n 入力値をブール値に変換します。\n 文字列値*true*は、大文字小文字を区別せずにブール値*true*に変換されます。\n 空文字列を含むそれ以外の値に対しては、この関数は*false*を返します。\n 数値*0*は*false*に変換され、それ以外は*true*に変換されます。\n\n ```\n ROW str = [\"true\", \"TRuE\", \"false\", \"\", \"yes\", \"1\"]\n | EVAL bool = TO_BOOLEAN(str)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_cartesianpoint": "TO_CARTESIANPOINT", + "languageDocumentationPopover.documentationESQL.to_cartesianpoint.markdown": "\n\n ### TO_CARTESIANPOINT\n 入力値をcartesian_point値に変換します。\n 文字列は、WKT Point形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POINT(7580.93 2272.77)\"]\n | MV_EXPAND wkt\n | EVAL pt = TO_CARTESIANPOINT(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_cartesianshape": "TO_CARTESIANSHAPE", + "languageDocumentationPopover.documentationESQL.to_cartesianshape.markdown": "\n\n ### TO_CARTESIANSHAPE\n 入力値をcartesian_shape値に変換します。\n 文字列は、WKT形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POLYGON ((3339584.72 1118889.97, 4452779.63 4865942.27, 2226389.81 4865942.27, 1113194.90 2273030.92, 3339584.72 1118889.97))\"]\n | MV_EXPAND wkt\n | EVAL geom = TO_CARTESIANSHAPE(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_datetime": "TO_DATETIME", + "languageDocumentationPopover.documentationESQL.to_datetime.markdown": "\n\n ### TO_DATETIME\n 入力値を日付値に変換します。\n 文字列は、yyyy-MM-dd'T'HH:mm:ss.SSS'Z'の書式に従っている場合のみ変換が成功します。\n 日付を他の形式に変換するには、DATE_PARSEを使用します。\n\n ```\n ROW string = [\"1953-09-02T00:00:00.000Z\", \"1964-06-02T00:00:00.000Z\", \"1964-06-02 00:00:00\"]\n | EVAL datetime = TO_DATETIME(string)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_degrees": "TO_DEGREES", + "languageDocumentationPopover.documentationESQL.to_degrees.markdown": "\n\n ### TO_DEGREES\n ラジアンの数値を度数に変換します。\n\n ```\n ROW rad = [1.57, 3.14, 4.71]\n | EVAL deg = TO_DEGREES(rad)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_double": "TO_DOUBLE", + "languageDocumentationPopover.documentationESQL.to_double.markdown": "\n\n ### TO_DOUBLE\n 入力値をdouble値に変換します。入力パラメーターが日付型の場合、その値はUnixのエポックからのミリ秒として解釈され、doubleに変換されます。\n \n ブール値の*true*はdouble値の*1.0*に、*false*は*0.0*に変換されます。\n\n ```\n ROW str1 = \"5.20128E11\", str2 = \"foo\"\n | EVAL dbl = TO_DOUBLE(\"520128000000\"), dbl1 = TO_DOUBLE(str1), dbl2 = TO_DOUBLE(str2)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_geopoint": "TO_GEOPOINT", + "languageDocumentationPopover.documentationESQL.to_geopoint.markdown": "\n\n ### TO_GEOPOINT\n 入力値をgeo_point値に変換します。\n 文字列は、WKT Point形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = \"POINT(42.97109630194 14.7552534413725)\"\n | EVAL pt = TO_GEOPOINT(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_geoshape": "TO_GEOSHAPE", + "languageDocumentationPopover.documentationESQL.to_geoshape.markdown": "\n\n ### TO_GEOSHAPE\n 入力値をgeo_shape値に変換します。\n 文字列は、WKT形式に従っている場合にのみ、正常に変換されます。\n\n ```\n ROW wkt = \"POLYGON ((30 10, 40 40, 20 40, 10 20, 30 10))\"\n | EVAL geom = TO_GEOSHAPE(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_integer": "TO_INTEGER", + "languageDocumentationPopover.documentationESQL.to_integer.markdown": "\n\n ### TO_INTEGER\n 入力値を整数値に変換します。\n 入力パラメーターが日付型の場合、その値はUnixのエポックからのミリ秒として解釈され、整数に変換されます。\n \n ブール値*true*は整数*1*に、*false*は*0*に変換されます。\n\n ```\n ROW long = [5013792, 2147483647, 501379200000]\n | EVAL int = TO_INTEGER(long)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_ip": "TO_IP", + "languageDocumentationPopover.documentationESQL.to_ip.markdown": "\n\n ### TO_IP\n 入力文字列をIP値に変換します。\n\n ```\n ROW str1 = \"1.1.1.1\", str2 = \"foo\"\n | EVAL ip1 = TO_IP(str1), ip2 = TO_IP(str2)\n | WHERE CIDR_MATCH(ip1, \"1.0.0.0/8\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_long": "TO_LONG", + "languageDocumentationPopover.documentationESQL.to_long.markdown": "\n\n ### TO_LONG\n 入力値をlong値に変換します。入力パラメーターが日付型の場合、\n その値はUnixのエポックからのミリ秒として解釈され、longに変換されます。\n ブール値の*true*は*long*値の*1*に、*false*は*0*に変換されます。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_LONG(str1), long2 = TO_LONG(str2), long3 = TO_LONG(str3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_lower": "TO_LOWER", + "languageDocumentationPopover.documentationESQL.to_lower.markdown": "\n\n ### TO_LOWER\n 小文字に変換された入力文字列を表す新しい文字列を返します。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_lower = TO_LOWER(message)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_radians": "TO_RADIANS", + "languageDocumentationPopover.documentationESQL.to_radians.markdown": "\n\n ### TO_RADIANS\n 度数をラジアンに変換します。\n\n ```\n ROW deg = [90.0, 180.0, 270.0]\n | EVAL rad = TO_RADIANS(deg)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_string": "TO_STRING", + "languageDocumentationPopover.documentationESQL.to_string.markdown": "\n\n ### TO_STRING\n 入力値を文字列に変換します。\n\n ```\n ROW a=10\n | EVAL j = TO_STRING(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_unsigned_long": "TO_UNSIGNED_LONG", + "languageDocumentationPopover.documentationESQL.to_unsigned_long.markdown": "\n\n ### TO_UNSIGNED_LONG\n 入力値を符号なしlong値に変換します。入力パラメーターが日付型の場合、\n その値はUnixのエポックからのミリ秒として解釈され、符号なしlong値に変換されます。\n ブール値の*true*は符号なし*long*値の*1*に、*false*は*0*に変換されます。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_UNSIGNED_LONG(str1), long2 = TO_ULONG(str2), long3 = TO_UL(str3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_upper": "TO_UPPER", + "languageDocumentationPopover.documentationESQL.to_upper.markdown": "\n\n ### TO_UPPER\n 大文字に変換された入力文字列を表す新しい文字列を返します。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_upper = TO_UPPER(message)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_version": "TO_VERSION", + "languageDocumentationPopover.documentationESQL.to_version.markdown": "\n\n ### TO_VERSION\n 入力文字列をバージョン値に変換します。\n\n ```\n ROW v = TO_VERSION(\"1.2.3\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.trim": "TRIM", + "languageDocumentationPopover.documentationESQL.trim.markdown": "\n\n ### TRIM\n 文字列から先頭と末尾の空白を削除します。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = TRIM(message)\n | EVAL color = TRIM(color)\n ```\n ", + "languageDocumentationPopover.documentationESQL.where": "WHERE", + "languageDocumentationPopover.documentationESQL.where.markdown": "### WHERE\nWHEREを使用すると、入力テーブルから、指定した条件がtrueと評価されるすべての行を含むテーブルを作成します。\n \n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| WHERE still_hired == true\n```\n\n#### 演算子\n\nサポートされている演算子の概要については、**演算子**を参照してください。\n\n#### 関数\nWHEREは値を計算するためのさまざまな関数をサポートしています。**関数**をクリックすると詳細が表示されます。\n ", "textBasedEditor.query.textBasedLanguagesEditor.EnableWordWrapLabel": "パイプの改行を追加", "textBasedEditor.query.textBasedLanguagesEditor.errorCount": "{count} {count, plural, other {# 件のエラー}}", "textBasedEditor.query.textBasedLanguagesEditor.errorsTitle": "エラー", - "textBasedEditor.query.textBasedLanguagesEditor.esql": "ES|QL", "textBasedEditor.query.textBasedLanguagesEditor.expandLabel": "拡張", "textBasedEditor.query.textBasedLanguagesEditor.feedback": "フィードバック", - "textBasedEditor.query.textBasedLanguagesEditor.functions": "関数", - "textBasedEditor.query.textBasedLanguagesEditor.functionsDocumentationESQLDescription": "関数はROW、EVAL、WHEREでサポートされています。", - "textBasedEditor.query.textBasedLanguagesEditor.groupingFunctions": "グループ関数", - "textBasedEditor.query.textBasedLanguagesEditor.groupingFunctionsDocumentationESQLDescription": "これらのグループ関数はSTATS...BYで使用できます。", + "languageDocumentationPopover.documentationESQL.functions": "関数", + "languageDocumentationPopover.documentationESQL.functionsDocumentationESQLDescription": "関数はROW、EVAL、WHEREでサポートされています。", + "languageDocumentationPopover.documentationESQL.groupingFunctions": "グループ関数", + "languageDocumentationPopover.documentationESQL.groupingFunctionsDocumentationESQLDescription": "これらのグループ関数はSTATS...BYで使用できます。", "textBasedEditor.query.textBasedLanguagesEditor.hideQueriesLabel": "最近のクエリーを非表示", "textBasedEditor.query.textBasedLanguagesEditor.lineCount": "{count} {count, plural, other {行}}", "textBasedEditor.query.textBasedLanguagesEditor.lineNumber": "行{lineNumber}", - "textBasedEditor.query.textBasedLanguagesEditor.operators": "演算子", - "textBasedEditor.query.textBasedLanguagesEditor.operatorsDocumentationESQLDescription": "ES|QLは以下の演算子をサポートしています。", - "textBasedEditor.query.textBasedLanguagesEditor.processingCommands": "処理コマンド", - "textBasedEditor.query.textBasedLanguagesEditor.processingCommandsDescription": "処理コマンドは、行や列を追加、削除、変更することによって入力テーブルを変更します。ES|QLは以下の処理コマンドをサポートしています。", + "languageDocumentationPopover.documentationESQL.operators": "演算子", + "languageDocumentationPopover.documentationESQL.operatorsDocumentationESQLDescription": "ES|QLは以下の演算子をサポートしています。", + "languageDocumentationPopover.documentationESQL.processingCommands": "処理コマンド", + "languageDocumentationPopover.documentationESQL.processingCommandsDescription": "処理コマンドは、行や列を追加、削除、変更することによって入力テーブルを変更します。ES|QLは以下の処理コマンドをサポートしています。", "textBasedEditor.query.textBasedLanguagesEditor.querieshistory.error": "クエリ失敗", "textBasedEditor.query.textBasedLanguagesEditor.querieshistory.success": "クエリは正常に実行されました", "textBasedEditor.query.textBasedLanguagesEditor.querieshistoryCopy": "クエリをクリップボードにコピー", @@ -7334,7 +7332,7 @@ "textBasedEditor.query.textBasedLanguagesEditor.recentQueriesColumnLabel": "最近のクエリー", "textBasedEditor.query.textBasedLanguagesEditor.runQuery": "クエリーを実行", "textBasedEditor.query.textBasedLanguagesEditor.showQueriesLabel": "最近のクエリを表示", - "textBasedEditor.query.textBasedLanguagesEditor.sourceCommands": "ソースコマンド", + "languageDocumentationPopover.documentationESQL.sourceCommands": "ソースコマンド", "textBasedEditor.query.textBasedLanguagesEditor.submitFeedback": "フィードバックを送信", "textBasedEditor.query.textBasedLanguagesEditor.timeRanColumnLabel": "実行時間", "textBasedEditor.query.textBasedLanguagesEditor.timestampNotDetected": "@timestampが見つかりません", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 243dbfe47dcfe..6933773e814d3 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -7090,255 +7090,253 @@ "telemetry.usageCollectionConstant": "使用情况收集", "telemetry.usageDataTitle": "使用情况收集", "textBasedEditor.query.textBasedLanguagesEditor.aborted": "请求已中止", - "textBasedEditor.query.textBasedLanguagesEditor.aggregationFunctions": "聚合函数", - "textBasedEditor.query.textBasedLanguagesEditor.aggregationFunctionsDocumentationESQLDescription": "这些函数可以与 STATS...BY 搭配使用:", + "languageDocumentationPopover.documentationESQL.aggregationFunctions": "聚合函数", + "languageDocumentationPopover.documentationESQL.aggregationFunctionsDocumentationESQLDescription": "这些函数可以与 STATS...BY 搭配使用:", "textBasedEditor.query.textBasedLanguagesEditor.cancel": "取消", "textBasedEditor.query.textBasedLanguagesEditor.collapseLabel": "折叠", - "textBasedEditor.query.textBasedLanguagesEditor.commandsDescription": "源命令会生成一个表,其中通常包含来自 Elasticsearch 的数据。ES|QL 支持以下源命令。", + "languageDocumentationPopover.documentationESQL.commandsDescription": "源命令会生成一个表,其中通常包含来自 Elasticsearch 的数据。ES|QL 支持以下源命令。", "textBasedEditor.query.textBasedLanguagesEditor.disableWordWrapLabel": "移除管道符上的换行符", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.abs": "ABS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.abs.markdown": "\n\n ### ABS\n 返回绝对值。\n\n ```\n ROW number = -1.0 \n | EVAL abs_number = ABS(number)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.acos": "ACOS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.acos.markdown": "\n\n ### ACOS\n 返回 `n` 的反余弦作为角度,以弧度表示。\n\n ```\n ROW a=.9\n | EVAL acos=ACOS(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.asin": "ASIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.asin.markdown": "\n\n ### ASIN\n 返回输入数字表达式的反正弦\n 作为角度,以弧度表示。\n\n ```\n ROW a=.9\n | EVAL asin=ASIN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan": "ATAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan.markdown": "\n\n ### ATAN\n 返回输入数字表达式的反正切\n 作为角度,以弧度表示。\n\n ```\n ROW a=12.9\n | EVAL atan=ATAN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan2": "ATAN2", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.atan2.markdown": "\n\n ### ATAN2\n 笛卡儿平面中正 x 轴\n 与从原点到点 (x , y) 构成的射线之间的角度,以弧度表示。\n\n ```\n ROW y=12.9, x=.6\n | EVAL atan2=ATAN2(y, x)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.autoBucketFunction": "BUCKET", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.autoBucketFunction.markdown": "### BUCKET\n用日期时间或数字输入创建值(存储桶)的分组。存储桶的大小可以直接提供,或基于建议的计数和值范围进行选择。\n\n`BUCKET` 以两种模式运行:\n\n1.在此模式下基于存储桶计数建议(四个参数)和范围计算存储桶的大小。\n2.在此模式下直接提供存储桶大小(两个参数)。\n\n使用存储桶的目标数量、起始范围和结束范围,`BUCKET` 将选取适当的存储桶大小以生成目标数量或更小数量的存储桶。\n\n例如,一年请求多达 20 个存储桶会按每月时间间隔组织数据:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT hire_date\n```\n\n**注意**:目标并不是提供存储桶的确切目标数量,而是选择一个范围,最多提供存储桶的目标数量。\n\n可以组合 `BUCKET` 与聚合以创建直方图:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_month = COUNT(*) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT month\n```\n\n**注意**:`BUCKET` 不会创建未匹配任何文档的存储桶。因此,上一示例缺少 `1985-03-01` 和其他日期。\n\n如果需要更多存储桶,可能导致更小的范围。例如,如果一年内最多请求 100 个存储桶,会导致周期为周的存储桶:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 100, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT week\n```\n\n**注意**:`AUTO_BUCKET` 不筛选任何行。它只会使用提供的范围来选取适当的存储桶大小。对于值超出范围的行,它会返回与超出范围的存储桶对应的存储桶值。组合 `BUCKET` 与 `WHERE` 可筛选行。\n\n如果提前已知所需存储桶大小,则只需提供它作为第二个参数,而忽略范围:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 1 week)\n| SORT week\n```\n\n**注意**:提供存储桶大小作为第二个参数时,它必须为持续时间或日期期间。\n\n`BUCKET` 还可对数字字段执行操作。例如,要创建工资直方图:\n\n```\nFROM employees\n| STATS COUNT(*) by bs = BUCKET(salary, 20, 25324, 74999)\n| SORT bs\n```\n\n与前面的有意筛选日期范围示例不同,您极少想要筛选数值范围。您必须分别查找最小值和最大值。ES|QL 尚未提供简便方法来自动执行此操作。\n\n如果提前已知所需存储桶大小,则可以忽略该范围。只需提供它作为第二个参数即可:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS c = COUNT(1) BY b = BUCKET(salary, 5000.)\n| SORT b\n```\n\n**注意**:提供存储桶大小作为第二个参数时,它必须为 **浮点类型**。\n\n这里提供了一个示例,用于为过去 24 小时创建小时存储桶,并计算每小时的事件数:\n\n```\nFROM sample_data\n| WHERE @timestamp >= NOW() - 1 day and @timestamp < NOW()\n| STATS COUNT(*) BY bucket = BUCKET(@timestamp, 25, NOW() - 1 day, NOW())\n```\n\n这里提供了一个示例,用于为 1985 年创建月度存储桶,并按聘用月份计算平均工资:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS AVG(salary) BY bucket = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT bucket\n```\n\n`BUCKET` 可用在 `STATS …​ BY …`​ 命令的聚合和分组部分, 前提是在聚合部分中,该函数 **由在分组部分中定义的别名引用**,或使用完全相同的表达式调用。\n\n例如:\n\n```\nFROM employees\n| STATS s1 = b1 + 1, s2 = BUCKET(salary / 1000 + 999, 50.) + 2 BY b1 = BUCKET(salary / 100 + 99, 50.), b2 = BUCKET(salary / 1000 + 999, 50.)\n| SORT b1, b2\n| KEEP s1, b1, s2, b2\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.binaryOperators": "二进制运算符", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.binaryOperators.markdown": "### 二进制运算符\n支持这些二进制比较运算符:\n\n* 等于:`==`\n* 不等于:`!=`\n* 小于:`<`\n* 小于或等于:`<=`\n* 大于:`>`\n* 大于或等于:`>=`\n* 加:`+`\n* 减:`-`\n* 乘:`*`\n* 除:`/`\n* 取模:`%`\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.booleanOperators": "布尔运算符", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.booleanOperators.markdown": "### 布尔运算符\n支持以下布尔运算符:\n\n* `AND`\n* `OR`\n* `NOT`\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.bucket": "BUCKET", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.bucket.markdown": "\n\n ### BUCKET\n 用日期时间或数字输入创建值(存储桶)的分组。\n 存储桶的大小可以直接提供,或基于建议的计数和值范围进行选择。\n\n ```\n FROM employees\n | WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n | STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n | SORT hire_date\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.case": "CASE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.case.markdown": "\n\n ### CASE\n 接受成对的条件和值。此函数返回属于第一个\n 评估为 `true` 的条件的值。\n\n 如果参数数量为奇数,则最后一个参数为\n 在无条件匹配时返回的默认值。如果参数数量为偶数,且\n 无任何条件匹配,则此函数返回 `null`。\n\n ```\n FROM employees\n | EVAL type = CASE(\n languages <= 1, \"monolingual\",\n languages <= 2, \"bilingual\",\n \"polyglot\")\n | KEEP emp_no, languages, type\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.castOperator": "Cast (::)", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.castOperator.markdown": "### CAST (`::`)\n`::` 运算符为 `TO_` 类型转换函数提供了实用的替代语法。\n\n例如:\n```\nROW ver = CONCAT((\"0\"::INT + 1)::STRING, \".2.3\")::VERSION\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cbrt": "CBRT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cbrt.markdown": "\n\n ### CBRT\n 返回数字的立方根。输入可以为任何数字值,返回值始终为双精度值。\n 无穷大的立方根为 null。\n\n ```\n ROW d = 1000.0\n | EVAL c = cbrt(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ceil": "CEIL", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ceil.markdown": "\n\n ### CEIL\n 将数字四舍五入为最近的整数。\n\n ```\n ROW a=1.8\n | EVAL a=CEIL(a)\n ```\n 注意:对于 `long`(包括无符号值)和 `integer`,这相当于“无操作”。对于 `double`,这会提取最接近整数的 `double` 值,类似于 Math.ceil。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cidr_match": "CIDR_MATCH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cidr_match.markdown": "\n\n ### CIDR_MATCH\n 如果提供的 IP 包含在所提供的其中一个 CIDR 块中,则返回 true。\n\n ```\n FROM hosts \n | WHERE CIDR_MATCH(ip1, \"127.0.0.2/32\", \"127.0.0.3/32\") \n | KEEP card, host, ip0, ip1\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.coalesce": "COALESCE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.coalesce.markdown": "\n\n ### COALESCE\n 返回它的第一个不为 null 的参数。如果所有参数均为 null,则返回 `null`。\n\n ```\n ROW a=null, b=\"b\"\n | EVAL COALESCE(a, b)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.concat": "CONCAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.concat.markdown": "\n\n ### CONCAT\n 串联两个或多个字符串。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fullname = CONCAT(first_name, \" \", last_name)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cos": "COS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cos.markdown": "\n\n ### COS\n 返回角度的余弦。\n\n ```\n ROW a=1.8 \n | EVAL cos=COS(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cosh": "COSH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.cosh.markdown": "\n\n ### COSH\n 返回角度的双曲余弦。\n\n ```\n ROW a=1.8 \n | EVAL cosh=COSH(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_diff": "DATE_DIFF", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_diff.markdown": "\n\n ### DATE_DIFF\n 从 `endTimestamp` 中减去 `startTimestamp`,并以倍数 `unit` 返回差异。\n 如果 `startTimestamp` 晚于 `endTimestamp`,则返回负值。\n\n ```\n ROW date1 = TO_DATETIME(\"2023-12-02T11:00:00.000Z\"), date2 = TO_DATETIME(\"2023-12-02T11:00:00.001Z\")\n | EVAL dd_ms = DATE_DIFF(\"microseconds\", date1, date2)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_extract": "DATE_EXTRACT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_extract.markdown": "\n\n ### DATE_EXTRACT\n 提取日期的某些部分,如年、月、日、小时。\n\n ```\n ROW date = DATE_PARSE(\"yyyy-MM-dd\", \"2022-05-06\")\n | EVAL year = DATE_EXTRACT(\"year\", date)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_format": "DATE_FORMAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_format.markdown": "\n\n ### DATE_FORMAT\n 以提供的格式返回日期的字符串表示形式。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL hired = DATE_FORMAT(\"YYYY-MM-dd\", hire_date)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_parse": "DATE_PARSE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_parse.markdown": "\n\n ### DATE_PARSE\n 通过使用在第一个参数中指定的格式来解析第二个参数,从而返回日期。\n\n ```\n ROW date_string = \"2022-05-06\"\n | EVAL date = DATE_PARSE(\"yyyy-MM-dd\", date_string)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_trunc": "DATE_TRUNC", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.date_trunc.markdown": "\n\n ### DATE_TRUNC\n 将日期向下舍入到最近的时间间隔。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL year_hired = DATE_TRUNC(1 year, hire_date)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.dissect": "DISSECT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.dissect.markdown": "### DISSECT\n使用 `DISSECT`,您可以从字符串中提取结构化数据。`DISSECT` 将根据基于分隔符的模式来匹配字符串,并提取指定键作为列。\n\n请参阅[分解处理器文档](https://www.elastic.co/guide/en/elasticsearch/reference/current/dissect-processor.html)了解分解模式的语法。\n\n```\nROW a = \"1953-01-23T12:15:00Z - some text - 127.0.0.1\"\n| DISSECT a \"%'{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip}'\"\n``` ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.drop": "DROP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.drop.markdown": "### DROP\n使用 `DROP` 可从表中移除列:\n \n```\nFROM employees\n| DROP height\n```\n\n您不必按名称指定每个列,而可以使用通配符丢弃名称匹配某种模式的所有列:\n\n```\nFROM employees\n| DROP height*\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.e": "E", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.e.markdown": "\n\n ### E\n 返回 Euler 函数的编号。\n\n ```\n ROW E()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ends_with": "ENDS_WITH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ends_with.markdown": "\n\n ### ENDS_WITH\n 返回布尔值,指示关键字字符串是否以另一个字符串结尾。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_E = ENDS_WITH(last_name, \"d\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.enrich": "ENRICH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.enrich.markdown": "### ENRICH\n您可以使用 `ENRICH` 将来自现有索引的数据添加到传入记录中。它类似于[采集扩充](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html),但作用于查询时间。\n\n```\nROW language_code = \"1\"\n| ENRICH languages_policy\n```\n\n执行 `ENRICH` 需要[扩充策略](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-policy)。扩充策略定义一个匹配字段(键字段)和一组扩充字段。\n\n`ENRICH` 将根据匹配字段值在[扩充索引](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-index)中查找记录。输入数据集中的匹配键可以使用 `ON ` 来定义;如果未指定,将对字段名称与在扩充策略中定义的匹配字段相同的字段执行匹配。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a\n```\n\n您可以使用 `WITH , ...` 语法指定必须将哪些属性(在那些在策略中定义为扩充字段的字段之间)添加到结果中。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH language_name\n```\n\n还可以使用 `WITH new_name=` 重命名属性\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH name = language_name\n```\n\n默认情况下(如果未定义任何 `WITH`),`ENRICH` 会将在扩充策略中定义的所有扩充字段添加到结果中。\n\n如果出现名称冲突,新创建的字段将覆盖现有字段。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.eval": "EVAL", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.eval.markdown": "### EVAL\n`EVAL` 允许您添加新列:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height_feet = height * 3.281, height_cm = height * 100\n```\n\n如果指定列已存在,将丢弃现有列,并将新列追加到表后面:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height = height * 3.281\n```\n\n#### 函数\n`EVAL` 支持各种用于计算值的函数。请参阅“函数”了解更多信息。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.floor": "FLOOR", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.floor.markdown": "\n\n ### FLOOR\n 将数字向下舍入到最近的整数。\n\n ```\n ROW a=1.8\n | EVAL a=FLOOR(a)\n ```\n 注意:对于 `long`(包括无符号值)和 `integer`,这相当于“无操作”。\n 对于 `double`,这会提取最接近整数的 `double` 值,\n 类似于 Math.floor。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from": "FROM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from_base64": "FROM_BASE64", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from_base64.markdown": "\n\n ### FROM_BASE64\n 解码 base64 字符串。\n\n ```\n row a = \"ZWxhc3RpYw==\" \n | eval d = from_base64(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.from.markdown": "### FROM\n`FROM` 源命令返回一个表,其中最多包含 10,000 个来自数据流、索引或别名的文档。生成的表中的每一行代表一个文档。每一列对应一个字段,并可以通过该字段的名称进行访问。\n\n```\nFROM employees\n```\n\n您可以使用[日期数学表达式](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#api-date-math-index-names)来引用索引、别名和数据流。这可能对时间序列数据非常有用。\n\n使用逗号分隔列表或通配符可查询多个数据流、索引或别名:\n\n```\nFROM employees-00001,employees-*\n```\n\n#### 元数据\n\nES|QL 可访问以下元数据字段:\n\n* `_index`:文档所属的索引。字段类型为 `keyword`.\n* `_id`:源文档的 ID。字段类型为 `keyword`.\n* `_version`:源文档的版本。字段类型为 `long`。\n\n使用 `METADATA` 指令可启用元数据字段:\n\n```\nFROM index [METADATA _index, _id]\n```\n\n元数据字段仅在数据源为索引时可用。因此,`FROM` 是唯一支持 `METADATA` 指令的源命令。\n\n启用后,这些字段将可用于后续处理命令,就像其他索引字段一样:\n\n```\nFROM ul_logs, apps [METADATA _index, _version]\n| WHERE id IN (13, 14) AND _version == 1\n| EVAL key = CONCAT(_index, \"_\", TO_STR(id))\n| SORT id, _index\n| KEEP id, _index, _version, key\n```\n\n此外,与索引字段类似,一旦执行了聚合,后续命令将无法再访问元数据字段,除非它用作分组字段:\n\n```\nFROM employees [METADATA _index, _id]\n| STATS max = MAX(emp_no) BY _index\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.greatest": "GREATEST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.greatest.markdown": "\n\n ### GREATEST\n 返回多个列中的最大值。除了可一次对多个列运行以外,\n 此函数与 `MV_MAX` 类似。\n\n ```\n ROW a = 10, b = 20\n | EVAL g = GREATEST(a, b)\n ```\n 注意:对 `keyword` 或 `text` 字段运行时,此函数将按字母顺序返回最后一个字符串。对 `boolean` 列运行时,如果任何值为 `true`,此函数将返回 `true`。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.grok": "GROK", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.grok.markdown": "### GROK\n使用 `GROK`,您可以从字符串中提取结构化数据。`GROK` 将基于正则表达式根据模式来匹配字符串,并提取指定模式作为列。\n\n请参阅 [grok 处理器文档](https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html)了解 grok 模式的语法。\n\n```\nROW a = \"12 15.5 15.6 true\"\n| GROK a \"%'{NUMBER:b:int}' %'{NUMBER:c:float}' %'{NUMBER:d:double}' %'{WORD:e:boolean}'\"\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.inOperator": "IN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.inOperator.markdown": "### IN\n`IN` 运算符允许测试字段或表达式是否等于文本、字段或表达式列表中的元素:\n\n```\nROW a = 1, b = 4, c = 3\n| WHERE c-a IN (3, b / 2, a)\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ip_prefix": "IP_PREFIX", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ip_prefix.markdown": "\n\n ### IP_PREFIX\n 截短 IP 至给定的前缀长度。\n\n ```\n row ip4 = to_ip(\"1.2.3.4\"), ip6 = to_ip(\"fe80::cae2:65ff:fece:feb9\")\n | eval ip4_prefix = ip_prefix(ip4, 24, 0), ip6_prefix = ip_prefix(ip6, 0, 112);\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.keep": "KEEP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.keep.markdown": "### KEEP\n使用 `KEEP` 命令,您可以指定将返回哪些列以及返回这些列的顺序。\n\n要限制返回的列数,请使用列名的逗号分隔列表。将按指定顺序返回这些列:\n \n```\nFROM employees\n| KEEP first_name, last_name, height\n```\n\n您不必按名称指定每个列,而可以使用通配符返回名称匹配某种模式的所有列:\n\n```\nFROM employees\n| KEEP h*\n```\n\n星号通配符 (`*`) 自身将转换为不与其他参数匹配的所有列。此查询将首先返回所有名称以 h 开头的所有列,随后返回所有其他列:\n\n```\nFROM employees\n| KEEP h*, *\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.least": "LEAST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.least.markdown": "\n\n ### LEAST\n 返回多个列中的最小值。除了可一次对多个列运行以外,此函数与 `MV_MIN` 类似。\n\n ```\n ROW a = 10, b = 20\n | EVAL l = LEAST(a, b)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.left": "LEFT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.left.markdown": "\n\n ### LEFT\n 返回从“字符串”中提取“长度”字符的子字符串,从左侧开始。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL left = LEFT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.length": "LENGTH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.length.markdown": "\n\n ### LENGTH\n 返回字符串的字符长度。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fn_length = LENGTH(first_name)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.limit": "LIMIT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.limit.markdown": "### LIMIT\n`LIMIT` 处理命令允许您限制行数:\n \n```\nFROM employees\n| LIMIT 5\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.locate": "LOCATE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.locate.markdown": "\n\n ### LOCATE\n 返回一个整数,指示关键字子字符串在另一字符串中的位置\n\n ```\n row a = \"hello\"\n | eval a_ll = locate(a, \"ll\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log": "LOG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log.markdown": "\n\n ### LOG\n 以某底数返回值的对数。输入可以为任何数字值,返回值始终为双精度值。\n\n 求零、负数的对数,以及底数为一时将返回 `null`,并显示警告。\n\n ```\n ROW base = 2.0, value = 8.0\n | EVAL s = LOG(base, value)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log10": "LOG10", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.log10.markdown": "\n\n ### LOG10\n 以底数 10 返回值的对数。输入可以为任何数字值,返回值始终为双精度值。\n\n 求 0 和负数的对数时将返回 `null`,并显示警告。\n\n ```\n ROW d = 1000.0 \n | EVAL s = LOG10(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ltrim": "LTRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.ltrim.markdown": "\n\n ### LTRIM\n 从字符串中移除前导空格。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = LTRIM(message)\n | EVAL color = LTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.markdown": "## ES|QL\n\nES|QL(Elasticsearch 查询语言)查询包含一系列命令,它们用管道字符分隔:`|`。每个查询以**源命令**开头,它会生成一个表,其中通常包含来自 Elasticsearch 的数据。\n\n源命令可后接一个或多个**处理命令**。处理命令可通过添加、移除以及更改行和列来更改前一个命令的输出表。\n\n```\nsource-command\n| processing-command1\n| processing-command2\n```\n\n查询的结果为由最后的处理命令生成的表。 \n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_append": "MV_APPEND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_append.markdown": "\n\n ### MV_APPEND\n 串联两个多值字段的值。\n\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_avg": "MV_AVG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_avg.markdown": "\n\n ### MV_AVG\n 将多值字段转换为包含所有值的平均值的单值字段。\n\n ```\n ROW a=[3, 5, 1, 6]\n | EVAL avg_a = MV_AVG(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_concat": "MV_CONCAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_concat.markdown": "\n\n ### MV_CONCAT\n 将多值字符串表达式转换为单值列,其中包含由分隔符分隔的所有值的串联形式。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL j = MV_CONCAT(a, \", \")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_count": "MV_COUNT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_count.markdown": "\n\n ### MV_COUNT\n 将多值表达式转换为包含值计数的单值列。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL count_a = MV_COUNT(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_dedupe": "MV_DEDUPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_dedupe.markdown": "\n\n ### MV_DEDUPE\n 移除多值字段中的重复值。\n\n ```\n ROW a=[\"foo\", \"foo\", \"bar\", \"foo\"]\n | EVAL dedupe_a = MV_DEDUPE(a)\n ```\n 注意:`MV_DEDUPE` 可能但不会始终对列中的值进行排序。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_first": "MV_FIRST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_first.markdown": "\n\n ### MV_FIRST\n 将多值表达式转换为包含第一个值的\n 单值列。这在从按已知顺序发出多值列的\n 函数(如 `SPLIT`)中读取数据时尤其有用。\n\n 无法保证从底层存储\n 读取多值字段的顺序。它 *通常* 为升序,但不应\n 依赖于此。如果需要最小值,请使用 `MV_MIN` 而不是\n `MV_FIRST`。`MV_MIN` 针对排序值进行了优化,因此\n 对 `MV_FIRST` 没有性能优势。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL first_a = MV_FIRST(SPLIT(a, \";\"))\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_last": "MV_LAST", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_last.markdown": "\n\n ### MV_LAST\n 将多值表达式转换为包含最后一个值的单值\n 列。这在从按已知顺序发出多值列的函数\n (如 `SPLIT`)中读取数据时尤其有用。\n\n 无法保证从底层存储\n 读取多值字段的顺序。它 *通常* 为升序,但不应\n 依赖于此。如果需要最大值,请使用 `MV_MAX` 而不是\n `MV_LAST`。`MV_MAX` 针对排序值进行了优化,因此\n 对 `MV_LAST` 没有性能优势。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL last_a = MV_LAST(SPLIT(a, \";\"))\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_max": "MV_MAX", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_max.markdown": "\n\n ### MV_MAX\n 将多值表达式转换为包含最大值的单值列。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL max_a = MV_MAX(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_median": "MV_MEDIAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_median.markdown": "\n\n ### MV_MEDIAN\n 将多值字段转换为包含中位数值的单值字段。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL median_a = MV_MEDIAN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_min": "MV_MIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_min.markdown": "\n\n ### MV_MIN\n 将多值表达式转换为包含最小值的单值列。\n\n ```\n ROW a=[2, 1]\n | EVAL min_a = MV_MIN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_slice": "MV_SLICE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_slice.markdown": "\n\n ### MV_SLICE\n 使用起始和结束索引值返回多值字段的子集。\n\n ```\n row a = [1, 2, 2, 3]\n | eval a1 = mv_slice(a, 1), a2 = mv_slice(a, 2, 3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sort": "MV_SORT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sort.markdown": "\n\n ### MV_SORT\n 按字典顺序对多值字段排序。\n\n ```\n ROW a = [4, 2, -3, 2]\n | EVAL sa = mv_sort(a), sd = mv_sort(a, \"DESC\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sum": "MV_SUM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_sum.markdown": "\n\n ### MV_SUM\n 将多值字段转换为包含所有值的总和的单值字段。\n\n ```\n ROW a=[3, 5, 6]\n | EVAL sum_a = MV_SUM(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_zip": "MV_ZIP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mv_zip.markdown": "\n\n ### MV_ZIP\n 组合两个使用分隔符联接在一起的多值字段中的值。\n\n ```\n ROW a = [\"x\", \"y\", \"z\"], b = [\"1\", \"2\"]\n | EVAL c = mv_zip(a, b, \"-\")\n | KEEP a, b, c\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mvExpand": "MV_EXPAND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.mvExpand.markdown": "### MV_EXPAND\n`MV_EXPAND` 处理命令将多值字段扩展成每个值一行,从而复制其他字段: \n```\nROW a=[1,2,3], b=\"b\", j=[\"a\",\"b\"]\n| MV_EXPAND a\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.now": "NOW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.now.markdown": "\n\n ### NOW\n 返回当前日期和时间。\n\n ```\n ROW current_date = NOW()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pi": "PI", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pi.markdown": "\n\n ### PI\n 返回 Pi,即圆的周长与其直径的比率。\n\n ```\n ROW PI()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pow": "POW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.pow.markdown": "\n\n ### POW\n 返回提升为 `exponent` 幂的 `base` 的值。\n\n ```\n ROW base = 2.0, exponent = 2\n | EVAL result = POW(base, exponent)\n ```\n 注意:此处仍可能使双精度结果溢出;在该情况下,将返回 null。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.predicates": "Null 值", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.predicates.markdown": "### NULL 值\n对于 NULL 比较,请使用 `IS NULL` 和 `IS NOT NULL` 谓词:\n\n```\nFROM employees\n| WHERE birth_date IS NULL\n| KEEP first_name, last_name\n| SORT first_name\n| LIMIT 3\n```\n\n```\nFROM employees\n| WHERE is_rehired IS NOT NULL\n| STATS count(emp_no)\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rename": "RENAME", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rename.markdown": "### RENAME\n请使用 `RENAME` 通过以下语法对列重命名:\n\n```\nRENAME AS \n```\n\n例如:\n\n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| RENAME still_hired AS employed\n```\n\n如果使用新名称的列已存在,将用新列替换该列。\n\n可以使用单个 `RENAME` 命令对多个列重命名:\n\n```\nFROM employees\n| KEEP first_name, last_name\n| RENAME first_name AS fn, last_name AS ln\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.repeat": "REPEAT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.repeat.markdown": "\n\n ### REPEAT\n 返回通过串联 `string` 自身与指定次数 `number` 构造而成的字符串。\n\n ```\n ROW a = \"Hello!\"\n | EVAL triple_a = REPEAT(a, 3);\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.replace": "REPLACE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.replace.markdown": "\n\n ### REPLACE\n 此函数将字符串 `str` 中正则表达式 `regex` 的任何匹配项\n 替换为替代字符串 `newStr`。\n\n ```\n ROW str = \"Hello World\"\n | EVAL str = REPLACE(str, \"World\", \"Universe\")\n | KEEP str\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.right": "RIGHT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.right.markdown": "\n\n ### RIGHT\n 返回从“字符串”中提取“长度”字符的子字符串,从右侧开始。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL right = RIGHT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.round": "ROUND", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.round.markdown": "\n\n ### ROUND\n 将数字舍入到指定小数位数。\n 默认值为 0,即返回最近的整数。如果\n 精确度为负数,则将数字舍入到\n 小数点左侧的位数。\n\n ```\n FROM employees\n | KEEP first_name, last_name, height\n | EVAL height_ft = ROUND(height * 3.281, 1)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.row": "ROW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.row.markdown": "### ROW\n`ROW` 源命令会生成一个行,其中包含一个或多个含有您指定的值的列。这可以用于测试。\n \n```\nROW a = 1, b = \"two\", c = null\n```\n\n请使用方括号创建多值列:\n\n```\nROW a = [2, 1]\n```\n\nROW 支持使用函数:\n\n```\nROW a = ROUND(1.23, 0)\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rtrim": "RTRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.rtrim.markdown": "\n\n ### RTRIM\n 从字符串中移除尾随空格。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = RTRIM(message)\n | EVAL color = RTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.show": "SHOW", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.show.markdown": "### SHOW\n`SHOW ` 源命令返回有关部署及其功能的信息:\n\n* 使用 `SHOW INFO` 可返回部署的版本、构建日期和哈希。\n* 使用 `SHOW FUNCTIONS` 可返回所有受支持函数的列表和每个函数的概要。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.signum": "SIGNUM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.signum.markdown": "\n\n ### SIGNUM\n 返回给定数字的符号。\n 它对负数返回 `-1`,对 `0` 返回 `0`,对正数返回 `1`。\n\n ```\n ROW d = 100.0\n | EVAL s = SIGNUM(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sin": "SIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sin.markdown": "\n\n ### SIN\n 返回角度的正弦三角函数。\n\n ```\n ROW a=1.8 \n | EVAL sin=SIN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sinh": "SINH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sinh.markdown": "\n\n ### SINH\n 返回角度的双曲正弦。\n\n ```\n ROW a=1.8 \n | EVAL sinh=SINH(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sort": "SORT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sort.markdown": "### SORT\n使用 `SORT` 命令可对一个或多个字段上的行排序:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height\n```\n\n默认排序顺序为升序。请使用 `ASC` 或 `DESC` 设置显式排序顺序:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC\n```\n\n如果两个行具有相同的排序键,则保留原始顺序。您可以提供其他排序表达式充当连接断路器:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC, first_name ASC\n```\n\n#### `null` 值\n默认情况下,会将 `null` 值视为大于任何其他值。使用升序排序顺序时,会最后对 `null` 值排序,而使用降序排序顺序时,会首先对 `null` 值排序。您可以通过提供 `NULLS FIRST` 或 `NULLS LAST` 来更改该排序:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT first_name ASC NULLS FIRST\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.split": "SPLIT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.split.markdown": "\n\n ### SPLIT\n 将单值字符串拆分成多个字符串。\n\n ```\n ROW words=\"foo;bar;baz;qux;quux;corge\"\n | EVAL word = SPLIT(words, \";\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sqrt": "SQRT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.sqrt.markdown": "\n\n ### SQRT\n 返回数字的平方根。输入可以为任何数字值,返回值始终为双精度值。\n 负数和无穷大的平方根为 null。\n\n ```\n ROW d = 100.0\n | EVAL s = SQRT(d)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_contains": "ST_CONTAINS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_contains.markdown": "\n\n ### ST_CONTAINS\n 返回第一个几何形状是否包含第二个几何形状。\n 这是 `ST_WITHIN` 函数的反向函数。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_CONTAINS(city_boundary, TO_GEOSHAPE(\"POLYGON((109.35 18.3, 109.45 18.3, 109.45 18.4, 109.35 18.4, 109.35 18.3))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_disjoint": "ST_DISJOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_disjoint.markdown": "\n\n ### ST_DISJOINT\n 返回两个几何图形或几何图形列是否不相交。\n 这是 `ST_INTERSECTS` 函数的反向函数。\n 从数学上讲:ST_Disjoint(A, B) ⇔ A ⋂ B = ∅\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_DISJOINT(city_boundary, TO_GEOSHAPE(\"POLYGON((-10 -60, 120 -60, 120 60, -10 60, -10 -60))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_distance": "ST_DISTANCE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_distance.markdown": "\n\n ### ST_DISTANCE\n 计算两点之间的距离。\n 对于笛卡尔几何形状,这是以相同单位作为原始坐标时的毕达哥拉斯距离。\n 对于地理几何形状而言,这是沿着地球大圆的圆周距离(以米为单位)。\n\n ```\n FROM airports\n | WHERE abbrev == \"CPH\"\n | EVAL distance = ST_DISTANCE(location, city_location)\n | KEEP abbrev, name, location, city_location, distance\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_intersects": "ST_INTERSECTS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_intersects.markdown": "\n\n ### ST_INTERSECTS\n 如果两个几何形状相交,则返回 true。\n 如果它们有任何共同点,包括其内点\n (沿线的点或多边形内的点),则表示它们相交。\n 这是 `ST_DISJOINT` 函数的反向函数。\n 从数学上讲:ST_Intersects(A, B) ⇔ A ⋂ B ≠ ∅\n\n ```\n FROM airports\n | WHERE ST_INTERSECTS(location, TO_GEOSHAPE(\"POLYGON((42 14, 43 14, 43 15, 42 15, 42 14))\"))\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_within": "ST_WITHIN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_within.markdown": "\n\n ### ST_WITHIN\n 返回第一个几何形状是否在第二个几何形状内。\n 这是 `ST_CONTAINS` 函数的反向函数。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_WITHIN(city_boundary, TO_GEOSHAPE(\"POLYGON((109.1 18.15, 109.6 18.15, 109.6 18.65, 109.1 18.65, 109.1 18.15))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_x": "ST_X", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_x.markdown": "\n\n ### ST_X\n 从提供的点中提取 `x` 坐标。\n 如果点的类型为 `geo_point`,则这等同于提取 `longitude` 值。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_y": "ST_Y", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.st_y.markdown": "\n\n ### ST_Y\n 从提供的点中提取 `y` 坐标。\n 如果点的类型为 `geo_point`,则这等同于提取 `latitude` 值。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.starts_with": "STARTS_WITH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.starts_with.markdown": "\n\n ### STARTS_WITH\n 返回指示关键字字符串是否以另一个字符串开头的布尔值。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_S = STARTS_WITH(last_name, \"B\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.statsby": "STATS ...BY", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.statsby.markdown": "### STATS ...BY\n使用 `STATS ...BY` 可根据公共值对行分组,并计算已分组行中的一个或多个聚合值。\n\n**示例**:\n\n```\nFROM employees\n| STATS count = COUNT(emp_no) BY languages\n| SORT languages\n```\n\n如果省略 `BY`,输出表实际将包含一行,其中为应用于整个数据集的聚合:\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages)\n```\n\n可以计算多个值:\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages), max_lang = MAX(languages)\n```\n\n也可以按多个值分组(仅长整型和关键字家族字段支持):\n\n```\nFROM employees\n| EVAL hired = DATE_FORMAT(hire_date, \"YYYY\")\n| STATS avg_salary = AVG(salary) BY hired, languages.long\n| EVAL avg_salary = ROUND(avg_salary)\n| SORT hired, languages.long\n```\n\n请参阅**聚合函数**获取可与 `STATS ...BY` 搭配使用的函数列表。\n\n聚合函数和分组表达式均接受其他函数。这在对多值列使用 `STATS...BY` 时有用。例如,要计算平均工资变动,可以首先使用 `MV_AVG` 对每名员工的多个值求平均值,然后将结果用于 `AVG` 函数:\n\n```\nFROM employees\n| STATS avg_salary_change = AVG(MV_AVG(salary_change))\n```\n\n按表达式分组的示例为根据员工姓氏的第一个字母对其进行分组:\n\n```\nFROM employees\n| STATS my_count = COUNT() BY LEFT(last_name, 1)\n| SORT `LEFT(last_name, 1)`\n```\n\n指定输出列名称为可选操作。如果未指定,新列名称等于该表达式。以下查询将返回名为 `AVG(salary)` 的列:\n\n```\nFROM employees\n| STATS AVG(salary)\n```\n\n由于此名称包含特殊字符,在后续命令中使用该名称时,需要用反撇号 (`) 引用它:\n\n```\nFROM employees\n| STATS AVG(salary)\n| EVAL avg_salary_rounded = ROUND(`AVG(salary)`)\n```\n\n**注意**:不包含任何组的 `STATS` 比添加组更快。\n\n**注意**:当前,根据单一表达式进行分组比根据许多表达式进行分组更为优化。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.stringOperators": "LIKE 和 RLIKE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.stringOperators.markdown": "### LIKE 和 RLIKE\n使用通配符或正则表达式比较字符串时,请使用 `LIKE` 或 `RLIKE`:\n\n使用 `LIKE` 时,可使用通配符来匹配字符串。支持以下通配符字符:\n\n* `*` 匹配零个或更多字符。\n* `?` 匹配一个字符。\n\n```\nFROM employees\n| WHERE first_name LIKE \"?b*\"\n| KEEP first_name, last_name\n```\n\n使用 `RLIKE` 时,可使用正则表达式来匹配字符串:\n\n```\nFROM employees\n| WHERE first_name RLIKE \".leja.*\"\n| KEEP first_name, last_name\n```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.substring": "SUBSTRING", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.substring.markdown": "\n\n ### SUBSTRING\n 返回字符串的子字符串,用起始位置和可选长度指定\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_sub = SUBSTRING(last_name, 1, 3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tan": "TAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tan.markdown": "\n\n ### TAN\n 返回角度的正切三角函数。\n\n ```\n ROW a=1.8 \n | EVAL tan=TAN(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tanh": "TANH", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tanh.markdown": "\n\n ### TANH\n 返回角度的双曲正切函数。\n\n ```\n ROW a=1.8 \n | EVAL tanh=TANH(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tau": "TAU", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.tau.markdown": "\n\n ### TAU\n 返回圆的圆周长与其半径的比率。\n\n ```\n ROW TAU()\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_base64": "TO_BASE64", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_base64.markdown": "\n\n ### TO_BASE64\n 将字符串编码为 base64 字符串。\n\n ```\n row a = \"elastic\" \n | eval e = to_base64(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_boolean": "TO_BOOLEAN", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_boolean.markdown": "\n\n ### TO_BOOLEAN\n 将输入值转换为布尔值。\n 字符串值 *true* 将不区分大小写并被转换为布尔值 *true*。\n 对于任何其他值,包括空字符串,此函数将返回 *false*。\n 数字值 *0* 将转换为 *false*,任何其他值将转换为 *true*。\n\n ```\n ROW str = [\"true\", \"TRuE\", \"false\", \"\", \"yes\", \"1\"]\n | EVAL bool = TO_BOOLEAN(str)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianpoint": "TO_CARTESIANPOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianpoint.markdown": "\n\n ### TO_CARTESIANPOINT\n 将输入值转换为 `cartesian_point` 值。\n 字符串只有符合 WKT 点格式时,才能成功转换。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POINT(7580.93 2272.77)\"]\n | MV_EXPAND wkt\n | EVAL pt = TO_CARTESIANPOINT(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianshape": "TO_CARTESIANSHAPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_cartesianshape.markdown": "\n\n ### TO_CARTESIANSHAPE\n 将输入值转换为 `cartesian_shape` 值。\n 字符串只有符合 WKT 格式时,才能成功转换。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POLYGON ((3339584.72 1118889.97, 4452779.63 4865942.27, 2226389.81 4865942.27, 1113194.90 2273030.92, 3339584.72 1118889.97))\"]\n | MV_EXPAND wkt\n | EVAL geom = TO_CARTESIANSHAPE(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_datetime": "TO_DATETIME", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_datetime.markdown": "\n\n ### TO_DATETIME\n 将输入值转换为日期值。\n 仅当字符串采用 `yyyy-MM-dd'T'HH:mm:ss.SSS'Z'` 格式时,才可进行成功转换。\n 要转换其他格式的日期,请使用 `DATE_PARSE`。\n\n ```\n ROW string = [\"1953-09-02T00:00:00.000Z\", \"1964-06-02T00:00:00.000Z\", \"1964-06-02 00:00:00\"]\n | EVAL datetime = TO_DATETIME(string)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_degrees": "TO_DEGREES", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_degrees.markdown": "\n\n ### TO_DEGREES\n 将弧度转换为度数。\n\n ```\n ROW rad = [1.57, 3.14, 4.71]\n | EVAL deg = TO_DEGREES(rad)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_double": "TO_DOUBLE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_double.markdown": "\n\n ### TO_DOUBLE\n 将输入值转换为双精度值。如果输入参数为日期类型,\n 会将其值解析为自 Unix epoch 以来的毫秒数,\n 并转换为双精度值。布尔值 *true* 将转换为双精度值 *1.0*,*false* 转换为 *0.0*。\n\n ```\n ROW str1 = \"5.20128E11\", str2 = \"foo\"\n | EVAL dbl = TO_DOUBLE(\"520128000000\"), dbl1 = TO_DOUBLE(str1), dbl2 = TO_DOUBLE(str2)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geopoint": "TO_GEOPOINT", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geopoint.markdown": "\n\n ### TO_GEOPOINT\n 将输入值转换为 `geo_point` 值。\n 字符串只有符合 WKT 点格式时,才能成功转换。\n\n ```\n ROW wkt = \"POINT(42.97109630194 14.7552534413725)\"\n | EVAL pt = TO_GEOPOINT(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geoshape": "TO_GEOSHAPE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_geoshape.markdown": "\n\n ### TO_GEOSHAPE\n 将输入值转换为 `geo_shape` 值。\n 字符串只有符合 WKT 格式时,才能成功转换。\n\n ```\n ROW wkt = \"POLYGON ((30 10, 40 40, 20 40, 10 20, 30 10))\"\n | EVAL geom = TO_GEOSHAPE(wkt)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_integer": "TO_INTEGER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_integer.markdown": "\n\n ### TO_INTEGER\n 将输入值转换为整数值。\n 如果输入参数为日期类型,会将其值解析为自 Unix epoch 以来\n 的毫秒数,并转换为整数。\n 布尔值 *true* 将转换为整数 *1*,*false* 转换为 *0*。\n\n ```\n ROW long = [5013792, 2147483647, 501379200000]\n | EVAL int = TO_INTEGER(long)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_ip": "TO_IP", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_ip.markdown": "\n\n ### TO_IP\n 将输入字符串转换为 IP 值。\n\n ```\n ROW str1 = \"1.1.1.1\", str2 = \"foo\"\n | EVAL ip1 = TO_IP(str1), ip2 = TO_IP(str2)\n | WHERE CIDR_MATCH(ip1, \"1.0.0.0/8\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_long": "TO_LONG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_long.markdown": "\n\n ### TO_LONG\n 将输入值转换为长整型值。如果输入参数为日期类型,\n 会将其值解析为自 Unix epoch 以来的毫秒数,并转换为长整型值。\n 布尔值 *true* 将转换为长整型值 *1*,*false* 转换为 *0*。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_LONG(str1), long2 = TO_LONG(str2), long3 = TO_LONG(str3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_lower": "TO_LOWER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_lower.markdown": "\n\n ### TO_LOWER\n 返回一个新字符串,表示已将输入字符串转为小写。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_lower = TO_LOWER(message)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_radians": "TO_RADIANS", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_radians.markdown": "\n\n ### TO_RADIANS\n 将度数转换为弧度。\n\n ```\n ROW deg = [90.0, 180.0, 270.0]\n | EVAL rad = TO_RADIANS(deg)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_string": "TO_STRING", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_string.markdown": "\n\n ### TO_STRING\n 将输入值转换为字符串。\n\n ```\n ROW a=10\n | EVAL j = TO_STRING(a)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_unsigned_long": "TO_UNSIGNED_LONG", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_unsigned_long.markdown": "\n\n ### TO_UNSIGNED_LONG\n 将输入值转换为无符号长整型值。如果输入参数为日期类型,\n 会将其值解析为自 Unix epoch 以来的毫秒数,并转换为无符号长整型值。\n 布尔值 *true* 将转换为无符号长整型值 *1*,*false* 转换为 *0*。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_UNSIGNED_LONG(str1), long2 = TO_ULONG(str2), long3 = TO_UL(str3)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_upper": "TO_UPPER", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_upper.markdown": "\n\n ### TO_UPPER\n 返回一个新字符串,表示已将输入字符串转为大写。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_upper = TO_UPPER(message)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_version": "TO_VERSION", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.to_version.markdown": "\n\n ### TO_VERSION\n 将输入字符串转换为版本值。\n\n ```\n ROW v = TO_VERSION(\"1.2.3\")\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.trim": "TRIM", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.trim.markdown": "\n\n ### TRIM\n 从字符串中移除前导和尾随空格。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = TRIM(message)\n | EVAL color = TRIM(color)\n ```\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.where": "WHERE", - "textBasedEditor.query.textBasedLanguagesEditor.documentationESQL.where.markdown": "### WHERE\n使用 `WHERE` 可生成一个表,其中包含输入表中所提供的条件评估为 `true` 的所有行:\n \n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| WHERE still_hired == true\n```\n\n#### 运算符\n\n请参阅**运算符**了解所支持的运算符的概览。\n\n#### 函数\n`WHERE` 支持各种用于计算值的函数。请参阅**函数**了解更多信息。\n ", - "textBasedEditor.query.textBasedLanguagesEditor.documentationLabel": "文档", + "languageDocumentationPopover.documentationESQL.abs": "ABS", + "languageDocumentationPopover.documentationESQL.abs.markdown": "\n\n ### ABS\n 返回绝对值。\n\n ```\n ROW number = -1.0 \n | EVAL abs_number = ABS(number)\n ```\n ", + "languageDocumentationPopover.documentationESQL.acos": "ACOS", + "languageDocumentationPopover.documentationESQL.acos.markdown": "\n\n ### ACOS\n 返回 `n` 的反余弦作为角度,以弧度表示。\n\n ```\n ROW a=.9\n | EVAL acos=ACOS(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.asin": "ASIN", + "languageDocumentationPopover.documentationESQL.asin.markdown": "\n\n ### ASIN\n 返回输入数字表达式的反正弦\n 作为角度,以弧度表示。\n\n ```\n ROW a=.9\n | EVAL asin=ASIN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.atan": "ATAN", + "languageDocumentationPopover.documentationESQL.atan.markdown": "\n\n ### ATAN\n 返回输入数字表达式的反正切\n 作为角度,以弧度表示。\n\n ```\n ROW a=12.9\n | EVAL atan=ATAN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.atan2": "ATAN2", + "languageDocumentationPopover.documentationESQL.atan2.markdown": "\n\n ### ATAN2\n 笛卡儿平面中正 x 轴\n 与从原点到点 (x , y) 构成的射线之间的角度,以弧度表示。\n\n ```\n ROW y=12.9, x=.6\n | EVAL atan2=ATAN2(y, x)\n ```\n ", + "languageDocumentationPopover.documentationESQL.autoBucketFunction": "BUCKET", + "languageDocumentationPopover.documentationESQL.autoBucketFunction.markdown": "### BUCKET\n用日期时间或数字输入创建值(存储桶)的分组。存储桶的大小可以直接提供,或基于建议的计数和值范围进行选择。\n\n`BUCKET` 以两种模式运行:\n\n1.在此模式下基于存储桶计数建议(四个参数)和范围计算存储桶的大小。\n2.在此模式下直接提供存储桶大小(两个参数)。\n\n使用存储桶的目标数量、起始范围和结束范围,`BUCKET` 将选取适当的存储桶大小以生成目标数量或更小数量的存储桶。\n\n例如,一年请求多达 20 个存储桶会按每月时间间隔组织数据:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT hire_date\n```\n\n**注意**:目标并不是提供存储桶的确切目标数量,而是选择一个范围,最多提供存储桶的目标数量。\n\n可以组合 `BUCKET` 与聚合以创建直方图:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_month = COUNT(*) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT month\n```\n\n**注意**:`BUCKET` 不会创建未匹配任何文档的存储桶。因此,上一示例缺少 `1985-03-01` 和其他日期。\n\n如果需要更多存储桶,可能导致更小的范围。例如,如果一年内最多请求 100 个存储桶,会导致周期为周的存储桶:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 100, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT week\n```\n\n**注意**:`AUTO_BUCKET` 不筛选任何行。它只会使用提供的范围来选取适当的存储桶大小。对于值超出范围的行,它会返回与超出范围的存储桶对应的存储桶值。组合 `BUCKET` 与 `WHERE` 可筛选行。\n\n如果提前已知所需存储桶大小,则只需提供它作为第二个参数,而忽略范围:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS hires_per_week = COUNT(*) BY week = BUCKET(hire_date, 1 week)\n| SORT week\n```\n\n**注意**:提供存储桶大小作为第二个参数时,它必须为持续时间或日期期间。\n\n`BUCKET` 还可对数字字段执行操作。例如,要创建工资直方图:\n\n```\nFROM employees\n| STATS COUNT(*) by bs = BUCKET(salary, 20, 25324, 74999)\n| SORT bs\n```\n\n与前面的有意筛选日期范围示例不同,您极少想要筛选数值范围。您必须分别查找最小值和最大值。ES|QL 尚未提供简便方法来自动执行此操作。\n\n如果提前已知所需存储桶大小,则可以忽略该范围。只需提供它作为第二个参数即可:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS c = COUNT(1) BY b = BUCKET(salary, 5000.)\n| SORT b\n```\n\n**注意**:提供存储桶大小作为第二个参数时,它必须为 **浮点类型**。\n\n这里提供了一个示例,用于为过去 24 小时创建小时存储桶,并计算每小时的事件数:\n\n```\nFROM sample_data\n| WHERE @timestamp >= NOW() - 1 day and @timestamp < NOW()\n| STATS COUNT(*) BY bucket = BUCKET(@timestamp, 25, NOW() - 1 day, NOW())\n```\n\n这里提供了一个示例,用于为 1985 年创建月度存储桶,并按聘用月份计算平均工资:\n\n```\nFROM employees\n| WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n| STATS AVG(salary) BY bucket = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n| SORT bucket\n```\n\n`BUCKET` 可用在 `STATS …​ BY …`​ 命令的聚合和分组部分, 前提是在聚合部分中,该函数 **由在分组部分中定义的别名引用**,或使用完全相同的表达式调用。\n\n例如:\n\n```\nFROM employees\n| STATS s1 = b1 + 1, s2 = BUCKET(salary / 1000 + 999, 50.) + 2 BY b1 = BUCKET(salary / 100 + 99, 50.), b2 = BUCKET(salary / 1000 + 999, 50.)\n| SORT b1, b2\n| KEEP s1, b1, s2, b2\n```\n ", + "languageDocumentationPopover.documentationESQL.binaryOperators": "二进制运算符", + "languageDocumentationPopover.documentationESQL.binaryOperators.markdown": "### 二进制运算符\n支持这些二进制比较运算符:\n\n* 等于:`==`\n* 不等于:`!=`\n* 小于:`<`\n* 小于或等于:`<=`\n* 大于:`>`\n* 大于或等于:`>=`\n* 加:`+`\n* 减:`-`\n* 乘:`*`\n* 除:`/`\n* 取模:`%`\n ", + "languageDocumentationPopover.documentationESQL.booleanOperators": "布尔运算符", + "languageDocumentationPopover.documentationESQL.booleanOperators.markdown": "### 布尔运算符\n支持以下布尔运算符:\n\n* `AND`\n* `OR`\n* `NOT`\n ", + "languageDocumentationPopover.documentationESQL.bucket": "BUCKET", + "languageDocumentationPopover.documentationESQL.bucket.markdown": "\n\n ### BUCKET\n 用日期时间或数字输入创建值(存储桶)的分组。\n 存储桶的大小可以直接提供,或基于建议的计数和值范围进行选择。\n\n ```\n FROM employees\n | WHERE hire_date >= \"1985-01-01T00:00:00Z\" AND hire_date < \"1986-01-01T00:00:00Z\"\n | STATS hire_date = MV_SORT(VALUES(hire_date)) BY month = BUCKET(hire_date, 20, \"1985-01-01T00:00:00Z\", \"1986-01-01T00:00:00Z\")\n | SORT hire_date\n ```\n ", + "languageDocumentationPopover.documentationESQL.case": "CASE", + "languageDocumentationPopover.documentationESQL.case.markdown": "\n\n ### CASE\n 接受成对的条件和值。此函数返回属于第一个\n 评估为 `true` 的条件的值。\n\n 如果参数数量为奇数,则最后一个参数为\n 在无条件匹配时返回的默认值。如果参数数量为偶数,且\n 无任何条件匹配,则此函数返回 `null`。\n\n ```\n FROM employees\n | EVAL type = CASE(\n languages <= 1, \"monolingual\",\n languages <= 2, \"bilingual\",\n \"polyglot\")\n | KEEP emp_no, languages, type\n ```\n ", + "languageDocumentationPopover.documentationESQL.castOperator": "Cast (::)", + "languageDocumentationPopover.documentationESQL.castOperator.markdown": "### CAST (`::`)\n`::` 运算符为 `TO_` 类型转换函数提供了实用的替代语法。\n\n例如:\n```\nROW ver = CONCAT((\"0\"::INT + 1)::STRING, \".2.3\")::VERSION\n```\n ", + "languageDocumentationPopover.documentationESQL.cbrt": "CBRT", + "languageDocumentationPopover.documentationESQL.cbrt.markdown": "\n\n ### CBRT\n 返回数字的立方根。输入可以为任何数字值,返回值始终为双精度值。\n 无穷大的立方根为 null。\n\n ```\n ROW d = 1000.0\n | EVAL c = cbrt(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.ceil": "CEIL", + "languageDocumentationPopover.documentationESQL.ceil.markdown": "\n\n ### CEIL\n 将数字四舍五入为最近的整数。\n\n ```\n ROW a=1.8\n | EVAL a=CEIL(a)\n ```\n 注意:对于 `long`(包括无符号值)和 `integer`,这相当于“无操作”。对于 `double`,这会提取最接近整数的 `double` 值,类似于 Math.ceil。\n ", + "languageDocumentationPopover.documentationESQL.cidr_match": "CIDR_MATCH", + "languageDocumentationPopover.documentationESQL.cidr_match.markdown": "\n\n ### CIDR_MATCH\n 如果提供的 IP 包含在所提供的其中一个 CIDR 块中,则返回 true。\n\n ```\n FROM hosts \n | WHERE CIDR_MATCH(ip1, \"127.0.0.2/32\", \"127.0.0.3/32\") \n | KEEP card, host, ip0, ip1\n ```\n ", + "languageDocumentationPopover.documentationESQL.coalesce": "COALESCE", + "languageDocumentationPopover.documentationESQL.coalesce.markdown": "\n\n ### COALESCE\n 返回它的第一个不为 null 的参数。如果所有参数均为 null,则返回 `null`。\n\n ```\n ROW a=null, b=\"b\"\n | EVAL COALESCE(a, b)\n ```\n ", + "languageDocumentationPopover.documentationESQL.concat": "CONCAT", + "languageDocumentationPopover.documentationESQL.concat.markdown": "\n\n ### CONCAT\n 串联两个或多个字符串。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fullname = CONCAT(first_name, \" \", last_name)\n ```\n ", + "languageDocumentationPopover.documentationESQL.cos": "COS", + "languageDocumentationPopover.documentationESQL.cos.markdown": "\n\n ### COS\n 返回角度的余弦。\n\n ```\n ROW a=1.8 \n | EVAL cos=COS(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.cosh": "COSH", + "languageDocumentationPopover.documentationESQL.cosh.markdown": "\n\n ### COSH\n 返回角度的双曲余弦。\n\n ```\n ROW a=1.8 \n | EVAL cosh=COSH(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_diff": "DATE_DIFF", + "languageDocumentationPopover.documentationESQL.date_diff.markdown": "\n\n ### DATE_DIFF\n 从 `endTimestamp` 中减去 `startTimestamp`,并以倍数 `unit` 返回差异。\n 如果 `startTimestamp` 晚于 `endTimestamp`,则返回负值。\n\n ```\n ROW date1 = TO_DATETIME(\"2023-12-02T11:00:00.000Z\"), date2 = TO_DATETIME(\"2023-12-02T11:00:00.001Z\")\n | EVAL dd_ms = DATE_DIFF(\"microseconds\", date1, date2)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_extract": "DATE_EXTRACT", + "languageDocumentationPopover.documentationESQL.date_extract.markdown": "\n\n ### DATE_EXTRACT\n 提取日期的某些部分,如年、月、日、小时。\n\n ```\n ROW date = DATE_PARSE(\"yyyy-MM-dd\", \"2022-05-06\")\n | EVAL year = DATE_EXTRACT(\"year\", date)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_format": "DATE_FORMAT", + "languageDocumentationPopover.documentationESQL.date_format.markdown": "\n\n ### DATE_FORMAT\n 以提供的格式返回日期的字符串表示形式。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL hired = DATE_FORMAT(\"YYYY-MM-dd\", hire_date)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_parse": "DATE_PARSE", + "languageDocumentationPopover.documentationESQL.date_parse.markdown": "\n\n ### DATE_PARSE\n 通过使用在第一个参数中指定的格式来解析第二个参数,从而返回日期。\n\n ```\n ROW date_string = \"2022-05-06\"\n | EVAL date = DATE_PARSE(\"yyyy-MM-dd\", date_string)\n ```\n ", + "languageDocumentationPopover.documentationESQL.date_trunc": "DATE_TRUNC", + "languageDocumentationPopover.documentationESQL.date_trunc.markdown": "\n\n ### DATE_TRUNC\n 将日期向下舍入到最近的时间间隔。\n\n ```\n FROM employees\n | KEEP first_name, last_name, hire_date\n | EVAL year_hired = DATE_TRUNC(1 year, hire_date)\n ```\n ", + "languageDocumentationPopover.documentationESQL.dissect": "DISSECT", + "languageDocumentationPopover.documentationESQL.dissect.markdown": "### DISSECT\n使用 `DISSECT`,您可以从字符串中提取结构化数据。`DISSECT` 将根据基于分隔符的模式来匹配字符串,并提取指定键作为列。\n\n请参阅[分解处理器文档](https://www.elastic.co/guide/en/elasticsearch/reference/current/dissect-processor.html)了解分解模式的语法。\n\n```\nROW a = \"1953-01-23T12:15:00Z - some text - 127.0.0.1\"\n| DISSECT a \"%'{Y}-%{M}-%{D}T%{h}:%{m}:%{s}Z - %{msg} - %{ip}'\"\n``` ", + "languageDocumentationPopover.documentationESQL.drop": "DROP", + "languageDocumentationPopover.documentationESQL.drop.markdown": "### DROP\n使用 `DROP` 可从表中移除列:\n \n```\nFROM employees\n| DROP height\n```\n\n您不必按名称指定每个列,而可以使用通配符丢弃名称匹配某种模式的所有列:\n\n```\nFROM employees\n| DROP height*\n```\n ", + "languageDocumentationPopover.documentationESQL.e": "E", + "languageDocumentationPopover.documentationESQL.e.markdown": "\n\n ### E\n 返回 Euler 函数的编号。\n\n ```\n ROW E()\n ```\n ", + "languageDocumentationPopover.documentationESQL.ends_with": "ENDS_WITH", + "languageDocumentationPopover.documentationESQL.ends_with.markdown": "\n\n ### ENDS_WITH\n 返回布尔值,指示关键字字符串是否以另一个字符串结尾。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_E = ENDS_WITH(last_name, \"d\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.enrich": "ENRICH", + "languageDocumentationPopover.documentationESQL.enrich.markdown": "### ENRICH\n您可以使用 `ENRICH` 将来自现有索引的数据添加到传入记录中。它类似于[采集扩充](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html),但作用于查询时间。\n\n```\nROW language_code = \"1\"\n| ENRICH languages_policy\n```\n\n执行 `ENRICH` 需要[扩充策略](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-policy)。扩充策略定义一个匹配字段(键字段)和一组扩充字段。\n\n`ENRICH` 将根据匹配字段值在[扩充索引](https://www.elastic.co/guide/en/elasticsearch/reference/current/ingest-enriching-data.html#enrich-index)中查找记录。输入数据集中的匹配键可以使用 `ON ` 来定义;如果未指定,将对字段名称与在扩充策略中定义的匹配字段相同的字段执行匹配。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a\n```\n\n您可以使用 `WITH , ...` 语法指定必须将哪些属性(在那些在策略中定义为扩充字段的字段之间)添加到结果中。\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH language_name\n```\n\n还可以使用 `WITH new_name=` 重命名属性\n\n```\nROW a = \"1\"\n| ENRICH languages_policy ON a WITH name = language_name\n```\n\n默认情况下(如果未定义任何 `WITH`),`ENRICH` 会将在扩充策略中定义的所有扩充字段添加到结果中。\n\n如果出现名称冲突,新创建的字段将覆盖现有字段。\n ", + "languageDocumentationPopover.documentationESQL.eval": "EVAL", + "languageDocumentationPopover.documentationESQL.eval.markdown": "### EVAL\n`EVAL` 允许您添加新列:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height_feet = height * 3.281, height_cm = height * 100\n```\n\n如果指定列已存在,将丢弃现有列,并将新列追加到表后面:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| EVAL height = height * 3.281\n```\n\n#### 函数\n`EVAL` 支持各种用于计算值的函数。请参阅“函数”了解更多信息。\n ", + "languageDocumentationPopover.documentationESQL.floor": "FLOOR", + "languageDocumentationPopover.documentationESQL.floor.markdown": "\n\n ### FLOOR\n 将数字向下舍入到最近的整数。\n\n ```\n ROW a=1.8\n | EVAL a=FLOOR(a)\n ```\n 注意:对于 `long`(包括无符号值)和 `integer`,这相当于“无操作”。\n 对于 `double`,这会提取最接近整数的 `double` 值,\n 类似于 Math.floor。\n ", + "languageDocumentationPopover.documentationESQL.from": "FROM", + "languageDocumentationPopover.documentationESQL.from_base64": "FROM_BASE64", + "languageDocumentationPopover.documentationESQL.from_base64.markdown": "\n\n ### FROM_BASE64\n 解码 base64 字符串。\n\n ```\n row a = \"ZWxhc3RpYw==\" \n | eval d = from_base64(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.from.markdown": "### FROM\n`FROM` 源命令返回一个表,其中最多包含 10,000 个来自数据流、索引或别名的文档。生成的表中的每一行代表一个文档。每一列对应一个字段,并可以通过该字段的名称进行访问。\n\n```\nFROM employees\n```\n\n您可以使用[日期数学表达式](https://www.elastic.co/guide/en/elasticsearch/reference/current/api-conventions.html#api-date-math-index-names)来引用索引、别名和数据流。这可能对时间序列数据非常有用。\n\n使用逗号分隔列表或通配符可查询多个数据流、索引或别名:\n\n```\nFROM employees-00001,employees-*\n```\n\n#### 元数据\n\nES|QL 可访问以下元数据字段:\n\n* `_index`:文档所属的索引。字段类型为 `keyword`.\n* `_id`:源文档的 ID。字段类型为 `keyword`.\n* `_version`:源文档的版本。字段类型为 `long`。\n\n使用 `METADATA` 指令可启用元数据字段:\n\n```\nFROM index [METADATA _index, _id]\n```\n\n元数据字段仅在数据源为索引时可用。因此,`FROM` 是唯一支持 `METADATA` 指令的源命令。\n\n启用后,这些字段将可用于后续处理命令,就像其他索引字段一样:\n\n```\nFROM ul_logs, apps [METADATA _index, _version]\n| WHERE id IN (13, 14) AND _version == 1\n| EVAL key = CONCAT(_index, \"_\", TO_STR(id))\n| SORT id, _index\n| KEEP id, _index, _version, key\n```\n\n此外,与索引字段类似,一旦执行了聚合,后续命令将无法再访问元数据字段,除非它用作分组字段:\n\n```\nFROM employees [METADATA _index, _id]\n| STATS max = MAX(emp_no) BY _index\n```\n ", + "languageDocumentationPopover.documentationESQL.greatest": "GREATEST", + "languageDocumentationPopover.documentationESQL.greatest.markdown": "\n\n ### GREATEST\n 返回多个列中的最大值。除了可一次对多个列运行以外,\n 此函数与 `MV_MAX` 类似。\n\n ```\n ROW a = 10, b = 20\n | EVAL g = GREATEST(a, b)\n ```\n 注意:对 `keyword` 或 `text` 字段运行时,此函数将按字母顺序返回最后一个字符串。对 `boolean` 列运行时,如果任何值为 `true`,此函数将返回 `true`。\n ", + "languageDocumentationPopover.documentationESQL.grok": "GROK", + "languageDocumentationPopover.documentationESQL.grok.markdown": "### GROK\n使用 `GROK`,您可以从字符串中提取结构化数据。`GROK` 将基于正则表达式根据模式来匹配字符串,并提取指定模式作为列。\n\n请参阅 [grok 处理器文档](https://www.elastic.co/guide/en/elasticsearch/reference/current/grok-processor.html)了解 grok 模式的语法。\n\n```\nROW a = \"12 15.5 15.6 true\"\n| GROK a \"%'{NUMBER:b:int}' %'{NUMBER:c:float}' %'{NUMBER:d:double}' %'{WORD:e:boolean}'\"\n```\n ", + "languageDocumentationPopover.documentationESQL.inOperator": "IN", + "languageDocumentationPopover.documentationESQL.inOperator.markdown": "### IN\n`IN` 运算符允许测试字段或表达式是否等于文本、字段或表达式列表中的元素:\n\n```\nROW a = 1, b = 4, c = 3\n| WHERE c-a IN (3, b / 2, a)\n```\n ", + "languageDocumentationPopover.documentationESQL.ip_prefix": "IP_PREFIX", + "languageDocumentationPopover.documentationESQL.ip_prefix.markdown": "\n\n ### IP_PREFIX\n 截短 IP 至给定的前缀长度。\n\n ```\n row ip4 = to_ip(\"1.2.3.4\"), ip6 = to_ip(\"fe80::cae2:65ff:fece:feb9\")\n | eval ip4_prefix = ip_prefix(ip4, 24, 0), ip6_prefix = ip_prefix(ip6, 0, 112);\n ```\n ", + "languageDocumentationPopover.documentationESQL.keep": "KEEP", + "languageDocumentationPopover.documentationESQL.keep.markdown": "### KEEP\n使用 `KEEP` 命令,您可以指定将返回哪些列以及返回这些列的顺序。\n\n要限制返回的列数,请使用列名的逗号分隔列表。将按指定顺序返回这些列:\n \n```\nFROM employees\n| KEEP first_name, last_name, height\n```\n\n您不必按名称指定每个列,而可以使用通配符返回名称匹配某种模式的所有列:\n\n```\nFROM employees\n| KEEP h*\n```\n\n星号通配符 (`*`) 自身将转换为不与其他参数匹配的所有列。此查询将首先返回所有名称以 h 开头的所有列,随后返回所有其他列:\n\n```\nFROM employees\n| KEEP h*, *\n```\n ", + "languageDocumentationPopover.documentationESQL.least": "LEAST", + "languageDocumentationPopover.documentationESQL.least.markdown": "\n\n ### LEAST\n 返回多个列中的最小值。除了可一次对多个列运行以外,此函数与 `MV_MIN` 类似。\n\n ```\n ROW a = 10, b = 20\n | EVAL l = LEAST(a, b)\n ```\n ", + "languageDocumentationPopover.documentationESQL.left": "LEFT", + "languageDocumentationPopover.documentationESQL.left.markdown": "\n\n ### LEFT\n 返回从“字符串”中提取“长度”字符的子字符串,从左侧开始。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL left = LEFT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", + "languageDocumentationPopover.documentationESQL.length": "LENGTH", + "languageDocumentationPopover.documentationESQL.length.markdown": "\n\n ### LENGTH\n 返回字符串的字符长度。\n\n ```\n FROM employees\n | KEEP first_name, last_name\n | EVAL fn_length = LENGTH(first_name)\n ```\n ", + "languageDocumentationPopover.documentationESQL.limit": "LIMIT", + "languageDocumentationPopover.documentationESQL.limit.markdown": "### LIMIT\n`LIMIT` 处理命令允许您限制行数:\n \n```\nFROM employees\n| LIMIT 5\n```\n ", + "languageDocumentationPopover.documentationESQL.locate": "LOCATE", + "languageDocumentationPopover.documentationESQL.locate.markdown": "\n\n ### LOCATE\n 返回一个整数,指示关键字子字符串在另一字符串中的位置\n\n ```\n row a = \"hello\"\n | eval a_ll = locate(a, \"ll\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.log": "LOG", + "languageDocumentationPopover.documentationESQL.log.markdown": "\n\n ### LOG\n 以某底数返回值的对数。输入可以为任何数字值,返回值始终为双精度值。\n\n 求零、负数的对数,以及底数为一时将返回 `null`,并显示警告。\n\n ```\n ROW base = 2.0, value = 8.0\n | EVAL s = LOG(base, value)\n ```\n ", + "languageDocumentationPopover.documentationESQL.log10": "LOG10", + "languageDocumentationPopover.documentationESQL.log10.markdown": "\n\n ### LOG10\n 以底数 10 返回值的对数。输入可以为任何数字值,返回值始终为双精度值。\n\n 求 0 和负数的对数时将返回 `null`,并显示警告。\n\n ```\n ROW d = 1000.0 \n | EVAL s = LOG10(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.ltrim": "LTRIM", + "languageDocumentationPopover.documentationESQL.ltrim.markdown": "\n\n ### LTRIM\n 从字符串中移除前导空格。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = LTRIM(message)\n | EVAL color = LTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.markdown": "## ES|QL\n\nES|QL(Elasticsearch 查询语言)查询包含一系列命令,它们用管道字符分隔:`|`。每个查询以**源命令**开头,它会生成一个表,其中通常包含来自 Elasticsearch 的数据。\n\n源命令可后接一个或多个**处理命令**。处理命令可通过添加、移除以及更改行和列来更改前一个命令的输出表。\n\n```\nsource-command\n| processing-command1\n| processing-command2\n```\n\n查询的结果为由最后的处理命令生成的表。 \n ", + "languageDocumentationPopover.documentationESQL.mv_append": "MV_APPEND", + "languageDocumentationPopover.documentationESQL.mv_append.markdown": "\n\n ### MV_APPEND\n 串联两个多值字段的值。\n\n ", + "languageDocumentationPopover.documentationESQL.mv_avg": "MV_AVG", + "languageDocumentationPopover.documentationESQL.mv_avg.markdown": "\n\n ### MV_AVG\n 将多值字段转换为包含所有值的平均值的单值字段。\n\n ```\n ROW a=[3, 5, 1, 6]\n | EVAL avg_a = MV_AVG(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_concat": "MV_CONCAT", + "languageDocumentationPopover.documentationESQL.mv_concat.markdown": "\n\n ### MV_CONCAT\n 将多值字符串表达式转换为单值列,其中包含由分隔符分隔的所有值的串联形式。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL j = MV_CONCAT(a, \", \")\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_count": "MV_COUNT", + "languageDocumentationPopover.documentationESQL.mv_count.markdown": "\n\n ### MV_COUNT\n 将多值表达式转换为包含值计数的单值列。\n\n ```\n ROW a=[\"foo\", \"zoo\", \"bar\"]\n | EVAL count_a = MV_COUNT(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_dedupe": "MV_DEDUPE", + "languageDocumentationPopover.documentationESQL.mv_dedupe.markdown": "\n\n ### MV_DEDUPE\n 移除多值字段中的重复值。\n\n ```\n ROW a=[\"foo\", \"foo\", \"bar\", \"foo\"]\n | EVAL dedupe_a = MV_DEDUPE(a)\n ```\n 注意:`MV_DEDUPE` 可能但不会始终对列中的值进行排序。\n ", + "languageDocumentationPopover.documentationESQL.mv_first": "MV_FIRST", + "languageDocumentationPopover.documentationESQL.mv_first.markdown": "\n\n ### MV_FIRST\n 将多值表达式转换为包含第一个值的\n 单值列。这在从按已知顺序发出多值列的\n 函数(如 `SPLIT`)中读取数据时尤其有用。\n\n 无法保证从底层存储\n 读取多值字段的顺序。它 *通常* 为升序,但不应\n 依赖于此。如果需要最小值,请使用 `MV_MIN` 而不是\n `MV_FIRST`。`MV_MIN` 针对排序值进行了优化,因此\n 对 `MV_FIRST` 没有性能优势。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL first_a = MV_FIRST(SPLIT(a, \";\"))\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_last": "MV_LAST", + "languageDocumentationPopover.documentationESQL.mv_last.markdown": "\n\n ### MV_LAST\n 将多值表达式转换为包含最后一个值的单值\n 列。这在从按已知顺序发出多值列的函数\n (如 `SPLIT`)中读取数据时尤其有用。\n\n 无法保证从底层存储\n 读取多值字段的顺序。它 *通常* 为升序,但不应\n 依赖于此。如果需要最大值,请使用 `MV_MAX` 而不是\n `MV_LAST`。`MV_MAX` 针对排序值进行了优化,因此\n 对 `MV_LAST` 没有性能优势。\n\n ```\n ROW a=\"foo;bar;baz\"\n | EVAL last_a = MV_LAST(SPLIT(a, \";\"))\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_max": "MV_MAX", + "languageDocumentationPopover.documentationESQL.mv_max.markdown": "\n\n ### MV_MAX\n 将多值表达式转换为包含最大值的单值列。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL max_a = MV_MAX(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_median": "MV_MEDIAN", + "languageDocumentationPopover.documentationESQL.mv_median.markdown": "\n\n ### MV_MEDIAN\n 将多值字段转换为包含中位数值的单值字段。\n\n ```\n ROW a=[3, 5, 1]\n | EVAL median_a = MV_MEDIAN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_min": "MV_MIN", + "languageDocumentationPopover.documentationESQL.mv_min.markdown": "\n\n ### MV_MIN\n 将多值表达式转换为包含最小值的单值列。\n\n ```\n ROW a=[2, 1]\n | EVAL min_a = MV_MIN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_slice": "MV_SLICE", + "languageDocumentationPopover.documentationESQL.mv_slice.markdown": "\n\n ### MV_SLICE\n 使用起始和结束索引值返回多值字段的子集。\n\n ```\n row a = [1, 2, 2, 3]\n | eval a1 = mv_slice(a, 1), a2 = mv_slice(a, 2, 3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_sort": "MV_SORT", + "languageDocumentationPopover.documentationESQL.mv_sort.markdown": "\n\n ### MV_SORT\n 按字典顺序对多值字段排序。\n\n ```\n ROW a = [4, 2, -3, 2]\n | EVAL sa = mv_sort(a), sd = mv_sort(a, \"DESC\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_sum": "MV_SUM", + "languageDocumentationPopover.documentationESQL.mv_sum.markdown": "\n\n ### MV_SUM\n 将多值字段转换为包含所有值的总和的单值字段。\n\n ```\n ROW a=[3, 5, 6]\n | EVAL sum_a = MV_SUM(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.mv_zip": "MV_ZIP", + "languageDocumentationPopover.documentationESQL.mv_zip.markdown": "\n\n ### MV_ZIP\n 组合两个使用分隔符联接在一起的多值字段中的值。\n\n ```\n ROW a = [\"x\", \"y\", \"z\"], b = [\"1\", \"2\"]\n | EVAL c = mv_zip(a, b, \"-\")\n | KEEP a, b, c\n ```\n ", + "languageDocumentationPopover.documentationESQL.mvExpand": "MV_EXPAND", + "languageDocumentationPopover.documentationESQL.mvExpand.markdown": "### MV_EXPAND\n`MV_EXPAND` 处理命令将多值字段扩展成每个值一行,从而复制其他字段: \n```\nROW a=[1,2,3], b=\"b\", j=[\"a\",\"b\"]\n| MV_EXPAND a\n```\n ", + "languageDocumentationPopover.documentationESQL.now": "NOW", + "languageDocumentationPopover.documentationESQL.now.markdown": "\n\n ### NOW\n 返回当前日期和时间。\n\n ```\n ROW current_date = NOW()\n ```\n ", + "languageDocumentationPopover.documentationESQL.pi": "PI", + "languageDocumentationPopover.documentationESQL.pi.markdown": "\n\n ### PI\n 返回 Pi,即圆的周长与其直径的比率。\n\n ```\n ROW PI()\n ```\n ", + "languageDocumentationPopover.documentationESQL.pow": "POW", + "languageDocumentationPopover.documentationESQL.pow.markdown": "\n\n ### POW\n 返回提升为 `exponent` 幂的 `base` 的值。\n\n ```\n ROW base = 2.0, exponent = 2\n | EVAL result = POW(base, exponent)\n ```\n 注意:此处仍可能使双精度结果溢出;在该情况下,将返回 null。\n ", + "languageDocumentationPopover.documentationESQL.predicates": "Null 值", + "languageDocumentationPopover.documentationESQL.predicates.markdown": "### NULL 值\n对于 NULL 比较,请使用 `IS NULL` 和 `IS NOT NULL` 谓词:\n\n```\nFROM employees\n| WHERE birth_date IS NULL\n| KEEP first_name, last_name\n| SORT first_name\n| LIMIT 3\n```\n\n```\nFROM employees\n| WHERE is_rehired IS NOT NULL\n| STATS count(emp_no)\n```\n ", + "languageDocumentationPopover.documentationESQL.rename": "RENAME", + "languageDocumentationPopover.documentationESQL.rename.markdown": "### RENAME\n请使用 `RENAME` 通过以下语法对列重命名:\n\n```\nRENAME AS \n```\n\n例如:\n\n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| RENAME still_hired AS employed\n```\n\n如果使用新名称的列已存在,将用新列替换该列。\n\n可以使用单个 `RENAME` 命令对多个列重命名:\n\n```\nFROM employees\n| KEEP first_name, last_name\n| RENAME first_name AS fn, last_name AS ln\n```\n ", + "languageDocumentationPopover.documentationESQL.repeat": "REPEAT", + "languageDocumentationPopover.documentationESQL.repeat.markdown": "\n\n ### REPEAT\n 返回通过串联 `string` 自身与指定次数 `number` 构造而成的字符串。\n\n ```\n ROW a = \"Hello!\"\n | EVAL triple_a = REPEAT(a, 3);\n ```\n ", + "languageDocumentationPopover.documentationESQL.replace": "REPLACE", + "languageDocumentationPopover.documentationESQL.replace.markdown": "\n\n ### REPLACE\n 此函数将字符串 `str` 中正则表达式 `regex` 的任何匹配项\n 替换为替代字符串 `newStr`。\n\n ```\n ROW str = \"Hello World\"\n | EVAL str = REPLACE(str, \"World\", \"Universe\")\n | KEEP str\n ```\n ", + "languageDocumentationPopover.documentationESQL.right": "RIGHT", + "languageDocumentationPopover.documentationESQL.right.markdown": "\n\n ### RIGHT\n 返回从“字符串”中提取“长度”字符的子字符串,从右侧开始。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL right = RIGHT(last_name, 3)\n | SORT last_name ASC\n | LIMIT 5\n ```\n ", + "languageDocumentationPopover.documentationESQL.round": "ROUND", + "languageDocumentationPopover.documentationESQL.round.markdown": "\n\n ### ROUND\n 将数字舍入到指定小数位数。\n 默认值为 0,即返回最近的整数。如果\n 精确度为负数,则将数字舍入到\n 小数点左侧的位数。\n\n ```\n FROM employees\n | KEEP first_name, last_name, height\n | EVAL height_ft = ROUND(height * 3.281, 1)\n ```\n ", + "languageDocumentationPopover.documentationESQL.row": "ROW", + "languageDocumentationPopover.documentationESQL.row.markdown": "### ROW\n`ROW` 源命令会生成一个行,其中包含一个或多个含有您指定的值的列。这可以用于测试。\n \n```\nROW a = 1, b = \"two\", c = null\n```\n\n请使用方括号创建多值列:\n\n```\nROW a = [2, 1]\n```\n\nROW 支持使用函数:\n\n```\nROW a = ROUND(1.23, 0)\n```\n ", + "languageDocumentationPopover.documentationESQL.rtrim": "RTRIM", + "languageDocumentationPopover.documentationESQL.rtrim.markdown": "\n\n ### RTRIM\n 从字符串中移除尾随空格。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = RTRIM(message)\n | EVAL color = RTRIM(color)\n | EVAL message = CONCAT(\"'\", message, \"'\")\n | EVAL color = CONCAT(\"'\", color, \"'\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.show": "SHOW", + "languageDocumentationPopover.documentationESQL.show.markdown": "### SHOW\n`SHOW ` 源命令返回有关部署及其功能的信息:\n\n* 使用 `SHOW INFO` 可返回部署的版本、构建日期和哈希。\n* 使用 `SHOW FUNCTIONS` 可返回所有受支持函数的列表和每个函数的概要。\n ", + "languageDocumentationPopover.documentationESQL.signum": "SIGNUM", + "languageDocumentationPopover.documentationESQL.signum.markdown": "\n\n ### SIGNUM\n 返回给定数字的符号。\n 它对负数返回 `-1`,对 `0` 返回 `0`,对正数返回 `1`。\n\n ```\n ROW d = 100.0\n | EVAL s = SIGNUM(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.sin": "SIN", + "languageDocumentationPopover.documentationESQL.sin.markdown": "\n\n ### SIN\n 返回角度的正弦三角函数。\n\n ```\n ROW a=1.8 \n | EVAL sin=SIN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.sinh": "SINH", + "languageDocumentationPopover.documentationESQL.sinh.markdown": "\n\n ### SINH\n 返回角度的双曲正弦。\n\n ```\n ROW a=1.8 \n | EVAL sinh=SINH(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.sort": "SORT", + "languageDocumentationPopover.documentationESQL.sort.markdown": "### SORT\n使用 `SORT` 命令可对一个或多个字段上的行排序:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height\n```\n\n默认排序顺序为升序。请使用 `ASC` 或 `DESC` 设置显式排序顺序:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC\n```\n\n如果两个行具有相同的排序键,则保留原始顺序。您可以提供其他排序表达式充当连接断路器:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT height DESC, first_name ASC\n```\n\n#### `null` 值\n默认情况下,会将 `null` 值视为大于任何其他值。使用升序排序顺序时,会最后对 `null` 值排序,而使用降序排序顺序时,会首先对 `null` 值排序。您可以通过提供 `NULLS FIRST` 或 `NULLS LAST` 来更改该排序:\n\n```\nFROM employees\n| KEEP first_name, last_name, height\n| SORT first_name ASC NULLS FIRST\n```\n ", + "languageDocumentationPopover.documentationESQL.split": "SPLIT", + "languageDocumentationPopover.documentationESQL.split.markdown": "\n\n ### SPLIT\n 将单值字符串拆分成多个字符串。\n\n ```\n ROW words=\"foo;bar;baz;qux;quux;corge\"\n | EVAL word = SPLIT(words, \";\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.sqrt": "SQRT", + "languageDocumentationPopover.documentationESQL.sqrt.markdown": "\n\n ### SQRT\n 返回数字的平方根。输入可以为任何数字值,返回值始终为双精度值。\n 负数和无穷大的平方根为 null。\n\n ```\n ROW d = 100.0\n | EVAL s = SQRT(d)\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_contains": "ST_CONTAINS", + "languageDocumentationPopover.documentationESQL.st_contains.markdown": "\n\n ### ST_CONTAINS\n 返回第一个几何形状是否包含第二个几何形状。\n 这是 `ST_WITHIN` 函数的反向函数。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_CONTAINS(city_boundary, TO_GEOSHAPE(\"POLYGON((109.35 18.3, 109.45 18.3, 109.45 18.4, 109.35 18.4, 109.35 18.3))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_disjoint": "ST_DISJOINT", + "languageDocumentationPopover.documentationESQL.st_disjoint.markdown": "\n\n ### ST_DISJOINT\n 返回两个几何图形或几何图形列是否不相交。\n 这是 `ST_INTERSECTS` 函数的反向函数。\n 从数学上讲:ST_Disjoint(A, B) ⇔ A ⋂ B = ∅\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_DISJOINT(city_boundary, TO_GEOSHAPE(\"POLYGON((-10 -60, 120 -60, 120 60, -10 60, -10 -60))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_distance": "ST_DISTANCE", + "languageDocumentationPopover.documentationESQL.st_distance.markdown": "\n\n ### ST_DISTANCE\n 计算两点之间的距离。\n 对于笛卡尔几何形状,这是以相同单位作为原始坐标时的毕达哥拉斯距离。\n 对于地理几何形状而言,这是沿着地球大圆的圆周距离(以米为单位)。\n\n ```\n FROM airports\n | WHERE abbrev == \"CPH\"\n | EVAL distance = ST_DISTANCE(location, city_location)\n | KEEP abbrev, name, location, city_location, distance\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_intersects": "ST_INTERSECTS", + "languageDocumentationPopover.documentationESQL.st_intersects.markdown": "\n\n ### ST_INTERSECTS\n 如果两个几何形状相交,则返回 true。\n 如果它们有任何共同点,包括其内点\n (沿线的点或多边形内的点),则表示它们相交。\n 这是 `ST_DISJOINT` 函数的反向函数。\n 从数学上讲:ST_Intersects(A, B) ⇔ A ⋂ B ≠ ∅\n\n ```\n FROM airports\n | WHERE ST_INTERSECTS(location, TO_GEOSHAPE(\"POLYGON((42 14, 43 14, 43 15, 42 15, 42 14))\"))\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_within": "ST_WITHIN", + "languageDocumentationPopover.documentationESQL.st_within.markdown": "\n\n ### ST_WITHIN\n 返回第一个几何形状是否在第二个几何形状内。\n 这是 `ST_CONTAINS` 函数的反向函数。\n\n ```\n FROM airport_city_boundaries\n | WHERE ST_WITHIN(city_boundary, TO_GEOSHAPE(\"POLYGON((109.1 18.15, 109.6 18.15, 109.6 18.65, 109.1 18.65, 109.1 18.15))\"))\n | KEEP abbrev, airport, region, city, city_location\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_x": "ST_X", + "languageDocumentationPopover.documentationESQL.st_x.markdown": "\n\n ### ST_X\n 从提供的点中提取 `x` 坐标。\n 如果点的类型为 `geo_point`,则这等同于提取 `longitude` 值。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", + "languageDocumentationPopover.documentationESQL.st_y": "ST_Y", + "languageDocumentationPopover.documentationESQL.st_y.markdown": "\n\n ### ST_Y\n 从提供的点中提取 `y` 坐标。\n 如果点的类型为 `geo_point`,则这等同于提取 `latitude` 值。\n\n ```\n ROW point = TO_GEOPOINT(\"POINT(42.97109629958868 14.7552534006536)\")\n | EVAL x = ST_X(point), y = ST_Y(point)\n ```\n ", + "languageDocumentationPopover.documentationESQL.starts_with": "STARTS_WITH", + "languageDocumentationPopover.documentationESQL.starts_with.markdown": "\n\n ### STARTS_WITH\n 返回指示关键字字符串是否以另一个字符串开头的布尔值。\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_S = STARTS_WITH(last_name, \"B\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.statsby": "STATS ...BY", + "languageDocumentationPopover.documentationESQL.statsby.markdown": "### STATS ...BY\n使用 `STATS ...BY` 可根据公共值对行分组,并计算已分组行中的一个或多个聚合值。\n\n**示例**:\n\n```\nFROM employees\n| STATS count = COUNT(emp_no) BY languages\n| SORT languages\n```\n\n如果省略 `BY`,输出表实际将包含一行,其中为应用于整个数据集的聚合:\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages)\n```\n\n可以计算多个值:\n\n```\nFROM employees\n| STATS avg_lang = AVG(languages), max_lang = MAX(languages)\n```\n\n也可以按多个值分组(仅长整型和关键字家族字段支持):\n\n```\nFROM employees\n| EVAL hired = DATE_FORMAT(hire_date, \"YYYY\")\n| STATS avg_salary = AVG(salary) BY hired, languages.long\n| EVAL avg_salary = ROUND(avg_salary)\n| SORT hired, languages.long\n```\n\n请参阅**聚合函数**获取可与 `STATS ...BY` 搭配使用的函数列表。\n\n聚合函数和分组表达式均接受其他函数。这在对多值列使用 `STATS...BY` 时有用。例如,要计算平均工资变动,可以首先使用 `MV_AVG` 对每名员工的多个值求平均值,然后将结果用于 `AVG` 函数:\n\n```\nFROM employees\n| STATS avg_salary_change = AVG(MV_AVG(salary_change))\n```\n\n按表达式分组的示例为根据员工姓氏的第一个字母对其进行分组:\n\n```\nFROM employees\n| STATS my_count = COUNT() BY LEFT(last_name, 1)\n| SORT `LEFT(last_name, 1)`\n```\n\n指定输出列名称为可选操作。如果未指定,新列名称等于该表达式。以下查询将返回名为 `AVG(salary)` 的列:\n\n```\nFROM employees\n| STATS AVG(salary)\n```\n\n由于此名称包含特殊字符,在后续命令中使用该名称时,需要用反撇号 (`) 引用它:\n\n```\nFROM employees\n| STATS AVG(salary)\n| EVAL avg_salary_rounded = ROUND(`AVG(salary)`)\n```\n\n**注意**:不包含任何组的 `STATS` 比添加组更快。\n\n**注意**:当前,根据单一表达式进行分组比根据许多表达式进行分组更为优化。\n ", + "languageDocumentationPopover.documentationESQL.stringOperators": "LIKE 和 RLIKE", + "languageDocumentationPopover.documentationESQL.stringOperators.markdown": "### LIKE 和 RLIKE\n使用通配符或正则表达式比较字符串时,请使用 `LIKE` 或 `RLIKE`:\n\n使用 `LIKE` 时,可使用通配符来匹配字符串。支持以下通配符字符:\n\n* `*` 匹配零个或更多字符。\n* `?` 匹配一个字符。\n\n```\nFROM employees\n| WHERE first_name LIKE \"?b*\"\n| KEEP first_name, last_name\n```\n\n使用 `RLIKE` 时,可使用正则表达式来匹配字符串:\n\n```\nFROM employees\n| WHERE first_name RLIKE \".leja.*\"\n| KEEP first_name, last_name\n```\n ", + "languageDocumentationPopover.documentationESQL.substring": "SUBSTRING", + "languageDocumentationPopover.documentationESQL.substring.markdown": "\n\n ### SUBSTRING\n 返回字符串的子字符串,用起始位置和可选长度指定\n\n ```\n FROM employees\n | KEEP last_name\n | EVAL ln_sub = SUBSTRING(last_name, 1, 3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.tan": "TAN", + "languageDocumentationPopover.documentationESQL.tan.markdown": "\n\n ### TAN\n 返回角度的正切三角函数。\n\n ```\n ROW a=1.8 \n | EVAL tan=TAN(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.tanh": "TANH", + "languageDocumentationPopover.documentationESQL.tanh.markdown": "\n\n ### TANH\n 返回角度的双曲正切函数。\n\n ```\n ROW a=1.8 \n | EVAL tanh=TANH(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.tau": "TAU", + "languageDocumentationPopover.documentationESQL.tau.markdown": "\n\n ### TAU\n 返回圆的圆周长与其半径的比率。\n\n ```\n ROW TAU()\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_base64": "TO_BASE64", + "languageDocumentationPopover.documentationESQL.to_base64.markdown": "\n\n ### TO_BASE64\n 将字符串编码为 base64 字符串。\n\n ```\n row a = \"elastic\" \n | eval e = to_base64(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_boolean": "TO_BOOLEAN", + "languageDocumentationPopover.documentationESQL.to_boolean.markdown": "\n\n ### TO_BOOLEAN\n 将输入值转换为布尔值。\n 字符串值 *true* 将不区分大小写并被转换为布尔值 *true*。\n 对于任何其他值,包括空字符串,此函数将返回 *false*。\n 数字值 *0* 将转换为 *false*,任何其他值将转换为 *true*。\n\n ```\n ROW str = [\"true\", \"TRuE\", \"false\", \"\", \"yes\", \"1\"]\n | EVAL bool = TO_BOOLEAN(str)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_cartesianpoint": "TO_CARTESIANPOINT", + "languageDocumentationPopover.documentationESQL.to_cartesianpoint.markdown": "\n\n ### TO_CARTESIANPOINT\n 将输入值转换为 `cartesian_point` 值。\n 字符串只有符合 WKT 点格式时,才能成功转换。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POINT(7580.93 2272.77)\"]\n | MV_EXPAND wkt\n | EVAL pt = TO_CARTESIANPOINT(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_cartesianshape": "TO_CARTESIANSHAPE", + "languageDocumentationPopover.documentationESQL.to_cartesianshape.markdown": "\n\n ### TO_CARTESIANSHAPE\n 将输入值转换为 `cartesian_shape` 值。\n 字符串只有符合 WKT 格式时,才能成功转换。\n\n ```\n ROW wkt = [\"POINT(4297.11 -1475.53)\", \"POLYGON ((3339584.72 1118889.97, 4452779.63 4865942.27, 2226389.81 4865942.27, 1113194.90 2273030.92, 3339584.72 1118889.97))\"]\n | MV_EXPAND wkt\n | EVAL geom = TO_CARTESIANSHAPE(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_datetime": "TO_DATETIME", + "languageDocumentationPopover.documentationESQL.to_datetime.markdown": "\n\n ### TO_DATETIME\n 将输入值转换为日期值。\n 仅当字符串采用 `yyyy-MM-dd'T'HH:mm:ss.SSS'Z'` 格式时,才可进行成功转换。\n 要转换其他格式的日期,请使用 `DATE_PARSE`。\n\n ```\n ROW string = [\"1953-09-02T00:00:00.000Z\", \"1964-06-02T00:00:00.000Z\", \"1964-06-02 00:00:00\"]\n | EVAL datetime = TO_DATETIME(string)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_degrees": "TO_DEGREES", + "languageDocumentationPopover.documentationESQL.to_degrees.markdown": "\n\n ### TO_DEGREES\n 将弧度转换为度数。\n\n ```\n ROW rad = [1.57, 3.14, 4.71]\n | EVAL deg = TO_DEGREES(rad)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_double": "TO_DOUBLE", + "languageDocumentationPopover.documentationESQL.to_double.markdown": "\n\n ### TO_DOUBLE\n 将输入值转换为双精度值。如果输入参数为日期类型,\n 会将其值解析为自 Unix epoch 以来的毫秒数,\n 并转换为双精度值。布尔值 *true* 将转换为双精度值 *1.0*,*false* 转换为 *0.0*。\n\n ```\n ROW str1 = \"5.20128E11\", str2 = \"foo\"\n | EVAL dbl = TO_DOUBLE(\"520128000000\"), dbl1 = TO_DOUBLE(str1), dbl2 = TO_DOUBLE(str2)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_geopoint": "TO_GEOPOINT", + "languageDocumentationPopover.documentationESQL.to_geopoint.markdown": "\n\n ### TO_GEOPOINT\n 将输入值转换为 `geo_point` 值。\n 字符串只有符合 WKT 点格式时,才能成功转换。\n\n ```\n ROW wkt = \"POINT(42.97109630194 14.7552534413725)\"\n | EVAL pt = TO_GEOPOINT(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_geoshape": "TO_GEOSHAPE", + "languageDocumentationPopover.documentationESQL.to_geoshape.markdown": "\n\n ### TO_GEOSHAPE\n 将输入值转换为 `geo_shape` 值。\n 字符串只有符合 WKT 格式时,才能成功转换。\n\n ```\n ROW wkt = \"POLYGON ((30 10, 40 40, 20 40, 10 20, 30 10))\"\n | EVAL geom = TO_GEOSHAPE(wkt)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_integer": "TO_INTEGER", + "languageDocumentationPopover.documentationESQL.to_integer.markdown": "\n\n ### TO_INTEGER\n 将输入值转换为整数值。\n 如果输入参数为日期类型,会将其值解析为自 Unix epoch 以来\n 的毫秒数,并转换为整数。\n 布尔值 *true* 将转换为整数 *1*,*false* 转换为 *0*。\n\n ```\n ROW long = [5013792, 2147483647, 501379200000]\n | EVAL int = TO_INTEGER(long)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_ip": "TO_IP", + "languageDocumentationPopover.documentationESQL.to_ip.markdown": "\n\n ### TO_IP\n 将输入字符串转换为 IP 值。\n\n ```\n ROW str1 = \"1.1.1.1\", str2 = \"foo\"\n | EVAL ip1 = TO_IP(str1), ip2 = TO_IP(str2)\n | WHERE CIDR_MATCH(ip1, \"1.0.0.0/8\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_long": "TO_LONG", + "languageDocumentationPopover.documentationESQL.to_long.markdown": "\n\n ### TO_LONG\n 将输入值转换为长整型值。如果输入参数为日期类型,\n 会将其值解析为自 Unix epoch 以来的毫秒数,并转换为长整型值。\n 布尔值 *true* 将转换为长整型值 *1*,*false* 转换为 *0*。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_LONG(str1), long2 = TO_LONG(str2), long3 = TO_LONG(str3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_lower": "TO_LOWER", + "languageDocumentationPopover.documentationESQL.to_lower.markdown": "\n\n ### TO_LOWER\n 返回一个新字符串,表示已将输入字符串转为小写。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_lower = TO_LOWER(message)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_radians": "TO_RADIANS", + "languageDocumentationPopover.documentationESQL.to_radians.markdown": "\n\n ### TO_RADIANS\n 将度数转换为弧度。\n\n ```\n ROW deg = [90.0, 180.0, 270.0]\n | EVAL rad = TO_RADIANS(deg)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_string": "TO_STRING", + "languageDocumentationPopover.documentationESQL.to_string.markdown": "\n\n ### TO_STRING\n 将输入值转换为字符串。\n\n ```\n ROW a=10\n | EVAL j = TO_STRING(a)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_unsigned_long": "TO_UNSIGNED_LONG", + "languageDocumentationPopover.documentationESQL.to_unsigned_long.markdown": "\n\n ### TO_UNSIGNED_LONG\n 将输入值转换为无符号长整型值。如果输入参数为日期类型,\n 会将其值解析为自 Unix epoch 以来的毫秒数,并转换为无符号长整型值。\n 布尔值 *true* 将转换为无符号长整型值 *1*,*false* 转换为 *0*。\n\n ```\n ROW str1 = \"2147483648\", str2 = \"2147483648.2\", str3 = \"foo\"\n | EVAL long1 = TO_UNSIGNED_LONG(str1), long2 = TO_ULONG(str2), long3 = TO_UL(str3)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_upper": "TO_UPPER", + "languageDocumentationPopover.documentationESQL.to_upper.markdown": "\n\n ### TO_UPPER\n 返回一个新字符串,表示已将输入字符串转为大写。\n\n ```\n ROW message = \"Some Text\"\n | EVAL message_upper = TO_UPPER(message)\n ```\n ", + "languageDocumentationPopover.documentationESQL.to_version": "TO_VERSION", + "languageDocumentationPopover.documentationESQL.to_version.markdown": "\n\n ### TO_VERSION\n 将输入字符串转换为版本值。\n\n ```\n ROW v = TO_VERSION(\"1.2.3\")\n ```\n ", + "languageDocumentationPopover.documentationESQL.trim": "TRIM", + "languageDocumentationPopover.documentationESQL.trim.markdown": "\n\n ### TRIM\n 从字符串中移除前导和尾随空格。\n\n ```\n ROW message = \" some text \", color = \" red \"\n | EVAL message = TRIM(message)\n | EVAL color = TRIM(color)\n ```\n ", + "languageDocumentationPopover.documentationESQL.where": "WHERE", + "languageDocumentationPopover.documentationESQL.where.markdown": "### WHERE\n使用 `WHERE` 可生成一个表,其中包含输入表中所提供的条件评估为 `true` 的所有行:\n \n```\nFROM employees\n| KEEP first_name, last_name, still_hired\n| WHERE still_hired == true\n```\n\n#### 运算符\n\n请参阅**运算符**了解所支持的运算符的概览。\n\n#### 函数\n`WHERE` 支持各种用于计算值的函数。请参阅**函数**了解更多信息。\n ", "textBasedEditor.query.textBasedLanguagesEditor.EnableWordWrapLabel": "在管道符上添加换行符", "textBasedEditor.query.textBasedLanguagesEditor.errorCount": "{count} 个{count, plural, other {错误}}", "textBasedEditor.query.textBasedLanguagesEditor.errorsTitle": "错误", - "textBasedEditor.query.textBasedLanguagesEditor.esql": "ES|QL", "textBasedEditor.query.textBasedLanguagesEditor.expandLabel": "展开", "textBasedEditor.query.textBasedLanguagesEditor.feedback": "反馈", - "textBasedEditor.query.textBasedLanguagesEditor.functions": "函数", - "textBasedEditor.query.textBasedLanguagesEditor.functionsDocumentationESQLDescription": "ROW、EVAL 和 WHERE 支持的函数。", - "textBasedEditor.query.textBasedLanguagesEditor.groupingFunctions": "分组函数", - "textBasedEditor.query.textBasedLanguagesEditor.groupingFunctionsDocumentationESQLDescription": "这些分组函数可以与 `STATS...BY` 搭配使用:", + "languageDocumentationPopover.documentationESQL.functions": "函数", + "languageDocumentationPopover.documentationESQL.functionsDocumentationESQLDescription": "ROW、EVAL 和 WHERE 支持的函数。", + "languageDocumentationPopover.documentationESQL.groupingFunctions": "分组函数", + "languageDocumentationPopover.documentationESQL.groupingFunctionsDocumentationESQLDescription": "这些分组函数可以与 `STATS...BY` 搭配使用:", "textBasedEditor.query.textBasedLanguagesEditor.hideQueriesLabel": "隐藏最近查询", "textBasedEditor.query.textBasedLanguagesEditor.lineCount": "{count} {count, plural, other {行}}", "textBasedEditor.query.textBasedLanguagesEditor.lineNumber": "第 {lineNumber} 行", - "textBasedEditor.query.textBasedLanguagesEditor.operators": "运算符", - "textBasedEditor.query.textBasedLanguagesEditor.operatorsDocumentationESQLDescription": "ES|QL 支持以下运算符:", - "textBasedEditor.query.textBasedLanguagesEditor.processingCommands": "处理命令", - "textBasedEditor.query.textBasedLanguagesEditor.processingCommandsDescription": "处理命令会通过添加、移除或更改行和列来更改输入表。ES|QL 支持以下处理命令。", + "languageDocumentationPopover.documentationESQL.operators": "运算符", + "languageDocumentationPopover.documentationESQL.operatorsDocumentationESQLDescription": "ES|QL 支持以下运算符:", + "languageDocumentationPopover.documentationESQL.processingCommands": "处理命令", + "languageDocumentationPopover.documentationESQL.processingCommandsDescription": "处理命令会通过添加、移除或更改行和列来更改输入表。ES|QL 支持以下处理命令。", "textBasedEditor.query.textBasedLanguagesEditor.querieshistory.error": "查询失败", "textBasedEditor.query.textBasedLanguagesEditor.querieshistory.success": "已成功运行查询", "textBasedEditor.query.textBasedLanguagesEditor.querieshistoryCopy": "复制查询到剪贴板", @@ -7347,7 +7345,7 @@ "textBasedEditor.query.textBasedLanguagesEditor.recentQueriesColumnLabel": "最近查询", "textBasedEditor.query.textBasedLanguagesEditor.runQuery": "运行查询", "textBasedEditor.query.textBasedLanguagesEditor.showQueriesLabel": "显示最近查询", - "textBasedEditor.query.textBasedLanguagesEditor.sourceCommands": "源命令", + "languageDocumentationPopover.documentationESQL.sourceCommands": "源命令", "textBasedEditor.query.textBasedLanguagesEditor.submitFeedback": "提交反馈", "textBasedEditor.query.textBasedLanguagesEditor.timeRanColumnLabel": "运行时间", "textBasedEditor.query.textBasedLanguagesEditor.timestampNotDetected": "未找到 @timestamp", From 44adb7353d001836b48279de28244931da4a9861 Mon Sep 17 00:00:00 2001 From: Stratoula Kalafateli Date: Thu, 19 Sep 2024 17:57:44 +0200 Subject: [PATCH 02/74] [ES|QL] Performance journey for dashboards made with ES|QL (#193322) ## Summary Closes https://github.com/elastic/kibana/issues/182548 Creates an dashboard journey similar to the web logs one but the majority of the visualizations are using ES|QL. Note: There is one Lens viz not converted yet because it needs inlinestats. We could also convert it when inlinestats go to GA. --- .buildkite/ftr_platform_stateful_configs.yml | 1 + src/dev/performance/run_performance_cli.ts | 1 + .../journeys_e2e/web_logs_dashboard_esql.ts | 24 ++ .../logs_no_map_dashboard_esql.json | 330 ++++++++++++++++++ 4 files changed, 356 insertions(+) create mode 100644 x-pack/performance/journeys_e2e/web_logs_dashboard_esql.ts create mode 100644 x-pack/performance/kbn_archives/logs_no_map_dashboard_esql.json diff --git a/.buildkite/ftr_platform_stateful_configs.yml b/.buildkite/ftr_platform_stateful_configs.yml index 02d6355c212bd..301670605a0dd 100644 --- a/.buildkite/ftr_platform_stateful_configs.yml +++ b/.buildkite/ftr_platform_stateful_configs.yml @@ -351,6 +351,7 @@ enabled: - x-pack/performance/journeys_e2e/tsdb_logs_data_visualizer.ts - x-pack/performance/journeys_e2e/promotion_tracking_dashboard.ts - x-pack/performance/journeys_e2e/web_logs_dashboard.ts + - x-pack/performance/journeys_e2e/web_logs_dashboard_esql.ts - x-pack/performance/journeys_e2e/data_stress_test_lens.ts - x-pack/performance/journeys_e2e/ecommerce_dashboard_saved_search_only.ts - x-pack/performance/journeys_e2e/ecommerce_dashboard_tsvb_gauge_only.ts diff --git a/src/dev/performance/run_performance_cli.ts b/src/dev/performance/run_performance_cli.ts index 72f2bc46495a2..df6020ba62a34 100644 --- a/src/dev/performance/run_performance_cli.ts +++ b/src/dev/performance/run_performance_cli.ts @@ -46,6 +46,7 @@ const journeyTargetGroups: JourneyTargetGroups = { discover: ['many_fields_discover', 'many_fields_discover_esql'], maps: ['ecommerce_dashboard_map_only'], ml: ['aiops_log_rate_analysis', 'many_fields_transform', 'tsdb_logs_data_visualizer'], + esql: ['many_fields_discover_esql', 'web_logs_dashboard_esql'], }; const readFilesRecursively = (dir: string, callback: Function) => { diff --git a/x-pack/performance/journeys_e2e/web_logs_dashboard_esql.ts b/x-pack/performance/journeys_e2e/web_logs_dashboard_esql.ts new file mode 100644 index 0000000000000..47422c2735bba --- /dev/null +++ b/x-pack/performance/journeys_e2e/web_logs_dashboard_esql.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { Journey } from '@kbn/journeys'; +import { subj } from '@kbn/test-subj-selector'; + +export const journey = new Journey({ + esArchives: ['x-pack/performance/es_archives/sample_data_logs'], + kbnArchives: ['x-pack/performance/kbn_archives/logs_no_map_dashboard_esql'], +}) + + .step('Go to Dashboards Page', async ({ page, kbnUrl, kibanaPage }) => { + await page.goto(kbnUrl.get(`/app/dashboards`)); + await kibanaPage.waitForListViewTable(); + }) + + .step('Go to Web Logs Dashboard', async ({ page, kibanaPage }) => { + await page.click(subj('dashboardListingTitleLink-Logs-dashboard-with-ES|QL')); + await kibanaPage.waitForVisualizations({ count: 11 }); + }); diff --git a/x-pack/performance/kbn_archives/logs_no_map_dashboard_esql.json b/x-pack/performance/kbn_archives/logs_no_map_dashboard_esql.json new file mode 100644 index 0000000000000..7d06e25ef09cb --- /dev/null +++ b/x-pack/performance/kbn_archives/logs_no_map_dashboard_esql.json @@ -0,0 +1,330 @@ +{ + "attributes": { + "fieldFormatMap": "{\"hour_of_day\":{}}", + "name": "Kibana Sample Data Logs", + "runtimeFieldMap": "{\"hour_of_day\":{\"type\":\"long\",\"script\":{\"source\":\"emit(doc['timestamp'].value.getHour());\"}}}", + "timeFieldName": "timestamp", + "title": "kibana_sample_data_logs" + }, + "coreMigrationVersion": "8.6.0", + "created_at": "2022-10-26T13:11:17.374Z", + "id": "90943e30-9a47-11e8-b64d-95841ca0b247", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2022-10-26T13:11:17.374Z", + "version": "WzEzNiwxXQ==" +} + +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "title": "[Logs] Machine OS and Destination Sankey Chart", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"[Logs] Machine OS and Destination Sankey Chart\",\"type\":\"vega\",\"params\":{\"spec\":\"{ \\n $schema: https://vega.github.io/schema/vega/v5.json\\n data: [\\n\\t{\\n \\t// query ES based on the currently selected time range and filter string\\n \\tname: rawData\\n \\turl: {\\n \\t%context%: true\\n \\t%timefield%: timestamp\\n \\tindex: kibana_sample_data_logs\\n \\tbody: {\\n \\tsize: 0\\n \\taggs: {\\n \\ttable: {\\n \\tcomposite: {\\n \\tsize: 10000\\n \\tsources: [\\n \\t{\\n \\tstk1: {\\n \\tterms: {field: \\\"machine.os.keyword\\\"}\\n \\t}\\n \\t}\\n \\t{\\n \\tstk2: {\\n \\tterms: {field: \\\"geo.dest\\\"}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t}\\n \\t// From the result, take just the data we are interested in\\n \\tformat: {property: \\\"aggregations.table.buckets\\\"}\\n \\t// Convert key.stk1 -> stk1 for simpler access below\\n \\ttransform: [\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk1\\\", as: \\\"stk1\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.key.stk2\\\", as: \\\"stk2\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"datum.doc_count\\\", as: \\\"size\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: nodes\\n \\tsource: rawData\\n \\ttransform: [\\n \\t// when a country is selected, filter out unrelated data\\n \\t{\\n \\ttype: filter\\n \\texpr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n \\t}\\n \\t// Set new key for later lookups - identifies each node\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stk1+datum.stk2\\\", as: \\\"key\\\"}\\n \\t// instead of each table row, create two new rows,\\n \\t// one for the source (stack=stk1) and one for destination node (stack=stk2).\\n \\t// The country code stored in stk1 and stk2 fields is placed into grpId field.\\n \\t{\\n \\ttype: fold\\n \\tfields: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tas: [\\\"stack\\\", \\\"grpId\\\"]\\n \\t}\\n \\t// Create a sortkey, different for stk1 and stk2 stacks.\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\n \\tas: sortField\\n \\t}\\n \\t// Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n \\t// independently for each stack, and ensuring they are in the proper order,\\n \\t// alphabetical from the top (reversed on the y axis)\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"sortField\\\", order: \\\"descending\\\"}\\n \\tfield: size\\n \\t}\\n \\t// calculate vertical center point for each node, used to draw edges\\n \\t{type: \\\"formula\\\", expr: \\\"(datum.y0+datum.y1)/2\\\", as: \\\"yc\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: groups\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// combine all nodes into country groups, summing up the doc counts\\n \\t{\\n \\ttype: aggregate\\n \\tgroupby: [\\\"stack\\\", \\\"grpId\\\"]\\n \\tfields: [\\\"size\\\"]\\n \\tops: [\\\"sum\\\"]\\n \\tas: [\\\"total\\\"]\\n \\t}\\n \\t// re-calculate the stacking y0,y1 values\\n \\t{\\n \\ttype: stack\\n \\tgroupby: [\\\"stack\\\"]\\n \\tsort: {field: \\\"grpId\\\", order: \\\"descending\\\"}\\n \\tfield: total\\n \\t}\\n \\t// project y0 and y1 values to screen coordinates\\n \\t// doing it once here instead of doing it several times in marks\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y0)\\\", as: \\\"scaledY0\\\"}\\n \\t{type: \\\"formula\\\", expr: \\\"scale('y', datum.y1)\\\", as: \\\"scaledY1\\\"}\\n \\t// boolean flag if the label should be on the right of the stack\\n \\t{type: \\\"formula\\\", expr: \\\"datum.stack == 'stk1'\\\", as: \\\"rightLabel\\\"}\\n \\t// Calculate traffic percentage for this country using \\\"y\\\" scale\\n \\t// domain upper bound, which represents the total traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.total/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n\\t{\\n \\t// This is a temp lookup table with all the 'stk2' stack nodes\\n \\tname: destinationNodes\\n \\tsource: nodes\\n \\ttransform: [\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk2'\\\"}\\n \\t]\\n\\t}\\n\\t{\\n \\tname: edges\\n \\tsource: nodes\\n \\ttransform: [\\n \\t// we only want nodes from the left stack\\n \\t{type: \\\"filter\\\", expr: \\\"datum.stack == 'stk1'\\\"}\\n \\t// find corresponding node from the right stack, keep it as \\\"target\\\"\\n \\t{\\n \\ttype: lookup\\n \\tfrom: destinationNodes\\n \\tkey: key\\n \\tfields: [\\\"key\\\"]\\n \\tas: [\\\"target\\\"]\\n \\t}\\n \\t// calculate SVG link path between stk1 and stk2 stacks for the node pair\\n \\t{\\n \\ttype: linkpath\\n \\torient: horizontal\\n \\tshape: diagonal\\n \\tsourceY: {expr: \\\"scale('y', datum.yc)\\\"}\\n \\tsourceX: {expr: \\\"scale('x', 'stk1') + bandwidth('x')\\\"}\\n \\ttargetY: {expr: \\\"scale('y', datum.target.yc)\\\"}\\n \\ttargetX: {expr: \\\"scale('x', 'stk2')\\\"}\\n \\t}\\n \\t// A little trick to calculate the thickness of the line.\\n \\t// The value needs to be the same as the hight of the node, but scaling\\n \\t// size to screen's height gives inversed value because screen's Y\\n \\t// coordinate goes from the top to the bottom, whereas the graph's Y=0\\n \\t// is at the bottom. So subtracting scaled doc count from screen height\\n \\t// (which is the \\\"lower\\\" bound of the \\\"y\\\" scale) gives us the right value\\n \\t{\\n \\ttype: formula\\n \\texpr: range('y')[0]-scale('y', datum.size)\\n \\tas: strokeWidth\\n \\t}\\n \\t// Tooltip needs individual link's percentage of all traffic\\n \\t{\\n \\ttype: formula\\n \\texpr: datum.size/domain('y')[1]\\n \\tas: percentage\\n \\t}\\n \\t]\\n\\t}\\n ]\\n scales: [\\n\\t{\\n \\t// calculates horizontal stack positioning\\n \\tname: x\\n \\ttype: band\\n \\trange: width\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n \\tpaddingOuter: 0.05\\n \\tpaddingInner: 0.95\\n\\t}\\n\\t{\\n \\t// this scale goes up as high as the highest y1 value of all nodes\\n \\tname: y\\n \\ttype: linear\\n \\trange: height\\n \\tdomain: {data: \\\"nodes\\\", field: \\\"y1\\\"}\\n\\t}\\n\\t{\\n \\t// use rawData to ensure the colors stay the same when clicking.\\n \\tname: color\\n \\ttype: ordinal\\n \\trange: category\\n \\tdomain: {data: \\\"rawData\\\", field: \\\"stk1\\\"}\\n\\t}\\n\\t{\\n \\t// this scale is used to map internal ids (stk1, stk2) to stack names\\n \\tname: stackNames\\n \\ttype: ordinal\\n \\trange: [\\\"Source\\\", \\\"Destination\\\"]\\n \\tdomain: [\\\"stk1\\\", \\\"stk2\\\"]\\n\\t}\\n ]\\n axes: [\\n\\t{\\n \\t// x axis should use custom label formatting to print proper stack names\\n \\torient: bottom\\n \\tscale: x\\n \\tencode: {\\n \\tlabels: {\\n \\tupdate: {\\n \\ttext: {scale: \\\"stackNames\\\", field: \\\"value\\\"}\\n \\t}\\n \\t}\\n \\t}\\n\\t}\\n\\t{orient: \\\"left\\\", scale: \\\"y\\\"}\\n ]\\n marks: [\\n\\t{\\n \\t// draw the connecting line between stacks\\n \\ttype: path\\n \\tname: edgeMark\\n \\tfrom: {data: \\\"edges\\\"}\\n \\t// this prevents some autosizing issues with large strokeWidth for paths\\n \\tclip: true\\n \\tencode: {\\n \\tupdate: {\\n \\t// By default use color of the left node, except when showing traffic\\n \\t// from just one country, in which case use destination color.\\n \\tstroke: [\\n \\t{\\n \\ttest: groupSelector && groupSelector.stack=='stk1'\\n \\tscale: color\\n \\tfield: stk2\\n \\t}\\n \\t{scale: \\\"color\\\", field: \\\"stk1\\\"}\\n \\t]\\n \\tstrokeWidth: {field: \\\"strokeWidth\\\"}\\n \\tpath: {field: \\\"path\\\"}\\n \\t// when showing all traffic, and hovering over a country,\\n \\t// highlight the traffic from that country.\\n \\tstrokeOpacity: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.9 : 0.3\\n \\t}\\n \\t// Ensure that the hover-selected edges show on top\\n \\tzindex: {\\n \\tsignal: !groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\n \\t}\\n \\t// format tooltip string\\n \\ttooltip: {\\n \\tsignal: datum.stk1 + ' → ' + datum.stk2 + '\\t' + format(datum.size, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\t// Simple mouseover highlighting of a single line\\n \\thover: {\\n \\tstrokeOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw stack groups (countries)\\n \\ttype: rect\\n \\tname: groupMark\\n \\tfrom: {data: \\\"groups\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tfill: {scale: \\\"color\\\", field: \\\"grpId\\\"}\\n \\twidth: {scale: \\\"x\\\", band: 1}\\n \\t}\\n \\tupdate: {\\n \\tx: {scale: \\\"x\\\", field: \\\"stack\\\"}\\n \\ty: {field: \\\"scaledY0\\\"}\\n \\ty2: {field: \\\"scaledY1\\\"}\\n \\tfillOpacity: {value: 0.6}\\n \\ttooltip: {\\n \\tsignal: datum.grpId + ' ' + format(datum.total, ',.0f') + ' (' + format(datum.percentage, '.1%') + ')'\\n \\t}\\n \\t}\\n \\thover: {\\n \\tfillOpacity: {value: 1}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// draw country code labels on the inner side of the stack\\n \\ttype: text\\n \\tfrom: {data: \\\"groups\\\"}\\n \\t// don't process events for the labels - otherwise line mouseover is unclean\\n \\tinteractive: false\\n \\tencode: {\\n \\tupdate: {\\n \\t// depending on which stack it is, position x with some padding\\n \\tx: {\\n \\tsignal: scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\n \\t}\\n \\t// middle of the group\\n \\tyc: {signal: \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"}\\n \\talign: {signal: \\\"datum.rightLabel ? 'left' : 'right'\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\t// only show text label if the group's height is large enough\\n \\ttext: {signal: \\\"abs(datum.scaledY0-datum.scaledY1) > 13 ? datum.grpId : ''\\\"}\\n \\t}\\n \\t}\\n\\t}\\n\\t{\\n \\t// Create a \\\"show all\\\" button. Shown only when a country is selected.\\n \\ttype: group\\n \\tdata: [\\n \\t// We need to make the button show only when groupSelector signal is true.\\n \\t// Each mark is drawn as many times as there are elements in the backing data.\\n \\t// Which means that if values list is empty, it will not be drawn.\\n \\t// Here I create a data source with one empty object, and filter that list\\n \\t// based on the signal value. This can only be done in a group.\\n \\t{\\n \\tname: dataForShowAll\\n \\tvalues: [{}]\\n \\ttransform: [{type: \\\"filter\\\", expr: \\\"groupSelector\\\"}]\\n \\t}\\n \\t]\\n \\t// Set button size and positioning\\n \\tencode: {\\n \\tenter: {\\n \\txc: {signal: \\\"width/2\\\"}\\n \\ty: {value: 30}\\n \\twidth: {value: 80}\\n \\theight: {value: 30}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\t// This group is shown as a button with rounded corners.\\n \\ttype: group\\n \\t// mark name allows signal capturing\\n \\tname: groupReset\\n \\t// Only shows button if dataForShowAll has values.\\n \\tfrom: {data: \\\"dataForShowAll\\\"}\\n \\tencode: {\\n \\tenter: {\\n \\tcornerRadius: {value: 6}\\n \\tfill: {value: \\\"#F5F7FA\\\"}\\n \\tstroke: {value: \\\"#c1c1c1\\\"}\\n \\tstrokeWidth: {value: 2}\\n \\t// use parent group's size\\n \\theight: {\\n \\tfield: {group: \\\"height\\\"}\\n \\t}\\n \\twidth: {\\n \\tfield: {group: \\\"width\\\"}\\n \\t}\\n \\t}\\n \\tupdate: {\\n \\t// groups are transparent by default\\n \\topacity: {value: 1}\\n \\t}\\n \\thover: {\\n \\topacity: {value: 0.7}\\n \\t}\\n \\t}\\n \\tmarks: [\\n \\t{\\n \\ttype: text\\n \\t// if true, it will prevent clicking on the button when over text.\\n \\tinteractive: false\\n \\tencode: {\\n \\tenter: {\\n \\t// center text in the paren group\\n \\txc: {\\n \\tfield: {group: \\\"width\\\"}\\n \\tmult: 0.5\\n \\t}\\n \\tyc: {\\n \\tfield: {group: \\\"height\\\"}\\n \\tmult: 0.5\\n \\toffset: 2\\n \\t}\\n \\talign: {value: \\\"center\\\"}\\n \\tbaseline: {value: \\\"middle\\\"}\\n \\tfontWeight: {value: \\\"bold\\\"}\\n \\ttext: {value: \\\"Show All\\\"}\\n \\t}\\n \\t}\\n \\t}\\n \\t]\\n \\t}\\n \\t]\\n\\t}\\n ]\\n signals: [\\n\\t{\\n \\t// used to highlight traffic to/from the same country\\n \\tname: groupHover\\n \\tvalue: {}\\n \\ton: [\\n \\t{\\n \\tevents: @groupMark:mouseover\\n \\tupdate: \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{events: \\\"mouseout\\\", update: \\\"{}\\\"}\\n \\t]\\n\\t}\\n\\t// used to filter only the data related to the selected country\\n\\t{\\n \\tname: groupSelector\\n \\tvalue: false\\n \\ton: [\\n \\t{\\n \\t// Clicking groupMark sets this signal to the filter values\\n \\tevents: @groupMark:click!\\n \\tupdate: \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n \\t}\\n \\t{\\n \\t// Clicking \\\"show all\\\" button, or double-clicking anywhere resets it\\n \\tevents: [\\n \\t{type: \\\"click\\\", markname: \\\"groupReset\\\"}\\n \\t{type: \\\"dblclick\\\"}\\n \\t]\\n \\tupdate: \\\"false\\\"\\n \\t}\\n \\t]\\n\\t}\\n ]\\n}\\n\"},\"aggs\":[]}" + }, + "coreMigrationVersion": "8.6.0", + "created_at": "2022-10-26T13:11:17.374Z", + "id": "7cbd2350-2223-11e8-b802-5bcf64c2cfb4", + "migrationVersion": { + "visualization": "8.5.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2022-10-26T13:11:17.374Z", + "version": "WzEzMywxXQ==" +} + +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "title": "[Logs] Unique Destination Heatmap", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"[Logs] Unique Destination Heatmap\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: https://vega.github.io/schema/vega-lite/v5.json\\n data: {\\n url: {\\n %context%: true\\n %timefield%: @timestamp\\n index: kibana_sample_data_logs\\n body: {\\n aggs: {\\n countries: {\\n terms: {\\n field: geo.dest\\n size: 25\\n }\\n aggs: {\\n hours: {\\n histogram: {\\n field: hour_of_day\\n interval: 1\\n }\\n aggs: {\\n unique: {\\n cardinality: {\\n field: clientip\\n }\\n }\\n }\\n }\\n }\\n }\\n }\\n size: 0\\n }\\n }\\n format: {property: \\\"aggregations.countries.buckets\\\"}\\n }\\n \\n transform: [\\n {\\n flatten: [\\\"hours.buckets\\\"],\\n as: [\\\"buckets\\\"]\\n },\\n {\\n filter: \\\"datum.buckets.unique.value > 0\\\"\\n }\\n ]\\n\\n mark: {\\n type: rect\\n tooltip: {\\n expr: \\\"{\\\\\\\"Unique Visitors\\\\\\\": datum.buckets.unique.value,\\\\\\\"geo.src\\\\\\\": datum.key,\\\\\\\"Hour\\\\\\\": datum.buckets.key}\\\"\\n }\\n }\\n\\n encoding: {\\n x: {\\n field: buckets.key\\n type: nominal\\n scale: {\\n domain: {\\n expr: \\\"sequence(0, 24)\\\"\\n }\\n }\\n axis: {\\n title: false\\n labelAngle: 0\\n }\\n }\\n y: {\\n field: key\\n type: nominal\\n sort: {\\n field: -buckets.unique.value\\n }\\n axis: {title: false}\\n }\\n color: {\\n field: buckets.unique.value\\n type: quantitative\\n axis: {title: false}\\n scale: {\\n scheme: blues\\n }\\n }\\n }\\n}\\n\"}}" + }, + "coreMigrationVersion": "8.6.0", + "created_at": "2022-10-26T13:11:17.374Z", + "id": "cb099a20-ea66-11eb-9425-113343a037e3", + "migrationVersion": { + "visualization": "8.5.0" + }, + "references": [], + "type": "visualization", + "updated_at": "2022-10-26T13:11:17.374Z", + "version": "WzEzMCwxXQ==" +} + +{ + "attributes": { + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "7d9a32b1-8cc2-410c-83a5-2eb66a3f0321": { + "columnOrder": [ + "a8511a62-2b78-4ba4-9425-a417df6e059f", + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260", + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0", + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X1", + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2", + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X3" + ], + "columns": { + "a8511a62-2b78-4ba4-9425-a417df6e059f": { + "dataType": "number", + "isBucketed": true, + "label": "bytes", + "operationType": "range", + "params": { + "maxBars": "auto", + "ranges": [ + { + "from": 0, + "label": "", + "to": 1000 + } + ], + "type": "histogram" + }, + "scale": "interval", + "sourceField": "bytes" + }, + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "% of visits", + "operationType": "formula", + "params": { + "format": { + "id": "percent", + "params": { + "decimals": 1 + } + }, + "formula": "count() / overall_sum(count())", + "isFormulaBroken": false + }, + "references": [ + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X3" + ], + "scale": "ratio" + }, + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of count() / overall_sum(count())", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of count() / overall_sum(count())", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of count() / overall_sum(count())", + "operationType": "overall_sum", + "references": [ + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X1" + ], + "scale": "ratio" + }, + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X3": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of count() / overall_sum(count())", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0", + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2" + ], + "location": { + "max": 30, + "min": 0 + }, + "name": "divide", + "text": "count() / overall_sum(count())", + "type": "function" + } + }, + "references": [ + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0", + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "b5f3dc78-dba8-4db8-87b6-24a0b9cca260" + ], + "layerId": "7d9a32b1-8cc2-410c-83a5-2eb66a3f0321", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "a8511a62-2b78-4ba4-9425-a417df6e059f" + } + ], + "legend": { + "isVisible": true, + "legendSize": "auto", + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "[Logs] Bytes distribution", + "visualizationType": "lnsXY" + }, + "coreMigrationVersion": "8.6.0", + "created_at": "2022-10-26T13:11:17.374Z", + "id": "16b1d7d0-ea71-11eb-8b4b-f7b600de0f7d", + "migrationVersion": { + "lens": "8.6.0" + }, + "references": [ + { + "id": "90943e30-9a47-11e8-b64d-95841ca0b247", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "90943e30-9a47-11e8-b64d-95841ca0b247", + "name": "indexpattern-datasource-layer-7d9a32b1-8cc2-410c-83a5-2eb66a3f0321", + "type": "index-pattern" + } + ], + "type": "lens", + "updated_at": "2022-10-26T13:11:17.374Z", + "version": "WzEzNSwxXQ==" +} + +{ + "attributes": { + "version": 2, + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"612f8db8-9ba9-41cf-a809-d133fe9b83a8\":{\"order\":0,\"width\":\"small\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"geo.src\",\"title\":\"Source Country\",\"id\":\"612f8db8-9ba9-41cf-a809-d133fe9b83a8\",\"enhancements\":{}}},\"9807212f-5078-4c42-879c-6f28b3033fc9\":{\"order\":1,\"width\":\"small\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"machine.os.keyword\",\"parentFieldName\":\"machine.os\",\"title\":\"OS\",\"id\":\"9807212f-5078-4c42-879c-6f28b3033fc9\",\"enhancements\":{}}},\"6bf7a1b4-282e-43ac-aa46-81b97fa3acae\":{\"order\":2,\"width\":\"small\",\"grow\":true,\"type\":\"rangeSliderControl\",\"explicitInput\":{\"fieldName\":\"bytes\",\"title\":\"Bytes\",\"id\":\"6bf7a1b4-282e-43ac-aa46-81b97fa3acae\",\"enhancements\":{}}}}" + }, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "description": "", + "refreshInterval": { + "pause": true, + "value": 60000 + }, + "timeRestore": true, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":7,\"i\":\"4fe72258-efdd-4bdd-abdf-05262776290e\"},\"panelIndex\":\"4fe72258-efdd-4bdd-abdf-05262776290e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{\"dynamicActions\":{\"events\":[]}},\"savedVis\":{\"title\":\"[Logs] Markdown Instructions\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":true,\"markdown\":\"## Sample Logs Data\\nThis dashboard contains sample data for you to play with. You can view it, search it, and interact with the visualizations. For more information about Kibana, check our [docs](https://www.elastic.co/guide/en/kibana/current/index.html).\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}}}},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":11,\"h\":8,\"i\":\"a44f3813-2797-4593-bd35-6cede8306306\"},\"panelIndex\":\"a44f3813-2797-4593-bd35-6cede8306306\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Metric\",\"references\":[],\"state\":{\"datasourceStates\":{\"textBased\":{\"layers\":{\"64a4cc71-c831-4644-9022-3fc833b8be77\":{\"index\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"query\":{\"esql\":\"FROM kibana_sample_data_logs | STATS COUNT(*) | RENAME `COUNT(*)` as `Visits`\"},\"columns\":[{\"columnId\":\"Visits\",\"fieldName\":\"Visits\",\"meta\":{\"type\":\"number\",\"esType\":\"long\"},\"inMetricDimension\":true}],\"timeField\":\"@timestamp\"}},\"indexPatternRefs\":[{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeField\":\"@timestamp\"}]}},\"filters\":[],\"query\":{\"esql\":\"FROM kibana_sample_data_logs | STATS COUNT(*) | RENAME `COUNT(*)` as `Visits`\"},\"visualization\":{\"layerId\":\"64a4cc71-c831-4644-9022-3fc833b8be77\",\"layerType\":\"data\",\"metricAccessor\":\"Visits\"},\"adHocDataViews\":{\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\":{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"type\":\"esql\",\"fieldFormats\":{},\"runtimeFieldMap\":{},\"allowNoIndex\":false,\"name\":\"kibana_sample_data_logs\",\"allowHidden\":false}}},\"visualizationType\":\"lnsMetric\",\"type\":\"lens\"},\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"enhancements\":{}},\"title\":\"\"},{\"type\":\"lens\",\"gridData\":{\"x\":35,\"y\":0,\"w\":12,\"h\":8,\"i\":\"5fe87c12-e623-4fbb-81af-d3cea2fb7861\"},\"panelIndex\":\"5fe87c12-e623-4fbb-81af-d3cea2fb7861\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Metric\",\"references\":[],\"state\":{\"datasourceStates\":{\"textBased\":{\"layers\":{\"323d8ae0-0a4e-4540-84e2-0d36c8f15b46\":{\"index\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"query\":{\"esql\":\"FROM kibana_sample_data_logs | STATS COUNT_DISTINCT(clientip) | RENAME `COUNT_DISTINCT(clientip)` as `Unique Visitors`\"},\"columns\":[{\"columnId\":\"Unique Visitors\",\"fieldName\":\"Unique Visitors\",\"meta\":{\"type\":\"number\",\"esType\":\"long\"},\"inMetricDimension\":true}],\"timeField\":\"@timestamp\"}},\"indexPatternRefs\":[{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeField\":\"@timestamp\"}]}},\"filters\":[],\"query\":{\"esql\":\"FROM kibana_sample_data_logs | STATS COUNT_DISTINCT(clientip) | RENAME `COUNT_DISTINCT(clientip)` as `Unique Visitors`\"},\"visualization\":{\"layerId\":\"323d8ae0-0a4e-4540-84e2-0d36c8f15b46\",\"layerType\":\"data\",\"metricAccessor\":\"Unique Visitors\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":0,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#D23115\",\"stop\":500},{\"color\":\"#FCC400\",\"stop\":1000},{\"color\":\"#68BC00\",\"stop\":1640}],\"colorStops\":[{\"color\":\"#D23115\",\"stop\":0},{\"color\":\"#FCC400\",\"stop\":500},{\"color\":\"#68BC00\",\"stop\":1000}],\"continuity\":\"above\",\"maxSteps\":5}}},\"adHocDataViews\":{\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\":{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"type\":\"esql\",\"fieldFormats\":{},\"runtimeFieldMap\":{},\"allowNoIndex\":false,\"name\":\"kibana_sample_data_logs\",\"allowHidden\":false}}},\"visualizationType\":\"lnsMetric\",\"type\":\"lens\"},\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"enhancements\":{}},\"title\":\"\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":9,\"i\":\"8f731f6b-9bf3-44b8-bc3c-c4dfe6f1aef8\"},\"panelIndex\":\"8f731f6b-9bf3-44b8-bc3c-c4dfe6f1aef8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"results over Over time\",\"references\":[],\"state\":{\"datasourceStates\":{\"textBased\":{\"layers\":{\"03e904c7-6fa2-4c18-953f-bd1c87c53826\":{\"index\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| EVAL timestamp=DATE_TRUNC(3 hour, @timestamp), status = CASE( TO_INTEGER(response.keyword) >= 200 and TO_INTEGER(response.keyword) < 400, \\\"HTTP 2xx and 3xx\\\", TO_INTEGER(response.keyword) >= 400 and TO_INTEGER(response.keyword) < 500, \\\"HTTP 4xx\\\", \\\"HTTP 5xx\\\")\\n| STATS results = COUNT(*) by `Over time` = BUCKET(timestamp, 50, ?_tstart, ?_tend), status\"},\"columns\":[{\"columnId\":\"results\",\"fieldName\":\"results\",\"meta\":{\"type\":\"number\",\"esType\":\"long\"},\"inMetricDimension\":true},{\"columnId\":\"Over time\",\"fieldName\":\"Over time\",\"meta\":{\"type\":\"date\",\"esType\":\"date\"}},{\"columnId\":\"status\",\"fieldName\":\"status\",\"meta\":{\"type\":\"string\",\"esType\":\"keyword\"}}],\"timeField\":\"@timestamp\"}},\"indexPatternRefs\":[{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeField\":\"@timestamp\"}]}},\"filters\":[],\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| EVAL timestamp=DATE_TRUNC(3 hour, @timestamp), status = CASE( TO_INTEGER(response.keyword) >= 200 and TO_INTEGER(response.keyword) < 400, \\\"HTTP 2xx and 3xx\\\", TO_INTEGER(response.keyword) >= 400 and TO_INTEGER(response.keyword) < 500, \\\"HTTP 4xx\\\", \\\"HTTP 5xx\\\")\\n| STATS results = COUNT(*) by `Over time` = BUCKET(timestamp, 50, ?_tstart, ?_tend), status\"},\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_percentage_stacked\",\"layers\":[{\"layerId\":\"03e904c7-6fa2-4c18-953f-bd1c87c53826\",\"seriesType\":\"area_percentage_stacked\",\"xAccessor\":\"Over time\",\"splitAccessor\":\"status\",\"accessors\":[\"results\"],\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"eui_amsterdam_color_blind\",\"colorMode\":{\"type\":\"categorical\"}}}]},\"adHocDataViews\":{\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\":{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"type\":\"esql\",\"fieldFormats\":{},\"runtimeFieldMap\":{},\"allowNoIndex\":false,\"name\":\"kibana_sample_data_logs\",\"allowHidden\":false}}},\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"description\":\"\"},\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"enhancements\":{},\"description\":\"\"},\"title\":\"[Logs] Response Codes Over Time\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":8,\"w\":11,\"h\":8,\"i\":\"5fe9ddf8-b36b-4a81-b7b4-57278d7f4e7a\"},\"panelIndex\":\"5fe9ddf8-b36b-4a81-b7b4-57278d7f4e7a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Metric\",\"references\":[],\"state\":{\"datasourceStates\":{\"textBased\":{\"layers\":{\"bc54f0c9-40ec-4082-92f5-3d6a6fdc4463\":{\"index\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| EVAL type = CASE(TO_INTEGER(response.keyword) >= 400 and TO_INTEGER(response.keyword) < 500, \\\"4xx\\\", \\\"Other\\\")\\n| STATS count = COUNT(*) by type\\n| EVAL count_4xx = CASE(type == \\\"4xx\\\", count), count_rest = CASE(type == \\\"Other\\\", count)\\n| DROP count, type\\n| STATS count_4xx = MAX(count_4xx), count_rest = MAX(count_rest)\\n| EVAL percentage = ROUND(count_4xx / TO_DOUBLE(count_4xx + count_rest), 3) * 100\\n| RENAME percentage as `HTTP 4xx (%)`\\n| DROP count_4xx, count_rest\"},\"columns\":[{\"columnId\":\"HTTP 4xx (%)\",\"fieldName\":\"HTTP 4xx (%)\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true}],\"timeField\":\"@timestamp\"}},\"indexPatternRefs\":[{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeField\":\"@timestamp\"}]}},\"filters\":[],\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| EVAL type = CASE(TO_INTEGER(response.keyword) >= 400 and TO_INTEGER(response.keyword) < 500, \\\"4xx\\\", \\\"Other\\\")\\n| STATS count = COUNT(*) by type\\n| EVAL count_4xx = CASE(type == \\\"4xx\\\", count), count_rest = CASE(type == \\\"Other\\\", count)\\n| DROP count, type\\n| STATS count_4xx = MAX(count_4xx), count_rest = MAX(count_rest)\\n| EVAL percentage = ROUND(count_4xx / TO_DOUBLE(count_4xx + count_rest), 3) * 100\\n| RENAME percentage as `HTTP 4xx (%)`\\n| DROP count_4xx, count_rest\"},\"visualization\":{\"layerId\":\"bc54f0c9-40ec-4082-92f5-3d6a6fdc4463\",\"layerType\":\"data\",\"metricAccessor\":\"HTTP 4xx (%)\"},\"adHocDataViews\":{\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\":{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"type\":\"esql\",\"fieldFormats\":{},\"runtimeFieldMap\":{},\"allowNoIndex\":false,\"name\":\"kibana_sample_data_logs\",\"allowHidden\":false}}},\"visualizationType\":\"lnsMetric\",\"type\":\"lens\"},\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"count_4xx & count_rest & HTTP 4xx of (empty)\"},{\"type\":\"lens\",\"gridData\":{\"x\":35,\"y\":8,\"w\":12,\"h\":8,\"i\":\"08ff3801-880c-492d-8bd2-64987ebcd20e\"},\"panelIndex\":\"08ff3801-880c-492d-8bd2-64987ebcd20e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Metric\",\"references\":[],\"state\":{\"datasourceStates\":{\"textBased\":{\"layers\":{\"81ca7215-7fcf-4d72-98d7-911faade8c71\":{\"index\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| EVAL type = CASE(TO_INTEGER(response.keyword) >= 500, \\\"5xx\\\", \\\"Other\\\")\\n| STATS count = COUNT(*) by type\\n| EVAL count_5xx = CASE(type == \\\"5xx\\\", count), count_rest = CASE(type == \\\"Other\\\", count)\\n| DROP count, type\\n| STATS count_5xx = MAX(count_5xx), count_rest = MAX(count_rest)\\n| EVAL percentage = ROUND(count_5xx / TO_DOUBLE(count_5xx + count_rest), 3) * 100\\n| RENAME percentage as `HTTP 5xx (%)`\\n| DROP count_5xx, count_rest\"},\"columns\":[{\"columnId\":\"HTTP 5xx (%)\",\"fieldName\":\"HTTP 5xx (%)\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true}],\"timeField\":\"@timestamp\"}},\"indexPatternRefs\":[{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeField\":\"@timestamp\"}]}},\"filters\":[],\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| EVAL type = CASE(TO_INTEGER(response.keyword) >= 500, \\\"5xx\\\", \\\"Other\\\")\\n| STATS count = COUNT(*) by type\\n| EVAL count_5xx = CASE(type == \\\"5xx\\\", count), count_rest = CASE(type == \\\"Other\\\", count)\\n| DROP count, type\\n| STATS count_5xx = MAX(count_5xx), count_rest = MAX(count_rest)\\n| EVAL percentage = ROUND(count_5xx / TO_DOUBLE(count_5xx + count_rest), 3) * 100\\n| RENAME percentage as `HTTP 5xx (%)`\\n| DROP count_5xx, count_rest\"},\"visualization\":{\"layerId\":\"81ca7215-7fcf-4d72-98d7-911faade8c71\",\"layerType\":\"data\",\"metricAccessor\":\"HTTP 5xx (%)\"},\"adHocDataViews\":{\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\":{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"type\":\"esql\",\"fieldFormats\":{},\"runtimeFieldMap\":{},\"allowNoIndex\":false,\"name\":\"kibana_sample_data_logs\",\"allowHidden\":false}}},\"visualizationType\":\"lnsMetric\",\"type\":\"lens\"},\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"count_4xx & count_rest & HTTP 4xx of (empty) (copy)\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":16,\"w\":24,\"h\":15,\"i\":\"b7c1b7cb-4e8b-44cd-b47b-624922ab4881\"},\"panelIndex\":\"b7c1b7cb-4e8b-44cd-b47b-624922ab4881\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"panelRefName\":\"panel_b7c1b7cb-4e8b-44cd-b47b-624922ab4881\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":16,\"w\":22,\"h\":38,\"i\":\"243222f6-1f49-4cfd-85eb-68c1028f06cf\"},\"panelIndex\":\"243222f6-1f49-4cfd-85eb-68c1028f06cf\",\"embeddableConfig\":{\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"panelRefName\":\"panel_243222f6-1f49-4cfd-85eb-68c1028f06cf\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":31,\"w\":24,\"h\":11,\"i\":\"3b5a152d-3747-4c1c-8e4f-00395008210f\"},\"panelIndex\":\"3b5a152d-3747-4c1c-8e4f-00395008210f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Unique Visits (Last hour) & Unique Visits (Total) & Bytes(Total - MB) & Bytes(Last hour - KB) of Type\",\"references\":[],\"state\":{\"datasourceStates\":{\"textBased\":{\"layers\":{\"60e6000b-e8d9-4143-b43c-f4c9b60ec127\":{\"index\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| SORT @timestamp\\n| EVAL t = now()\\n| EVAL key = CASE(timestamp < t - 1 hour AND timestamp > t - 2 hour, \\\"Last hour\\\", \\\"Other\\\")\\n| STATS sum = SUM(bytes), count = COUNT_DISTINCT(clientip) by key, extension.keyword\\n| EVAL sum_last_hour = CASE(key == \\\"Last hour\\\", sum), sum_rest = CASE(key == \\\"Other\\\", sum), count_last_hour = CASE(key == \\\"Last hour\\\", count), count_rest = CASE(key == \\\"Other\\\", count)\\n| STATS sum_last_hour = MAX(sum_last_hour), sum_rest = MAX(sum_rest), count_last_hour = MAX(count_last_hour), count_rest = MAX(count_rest) by key, extension.keyword\\n| EVAL total_bytes = TO_DOUBLE(COALESCE(sum_last_hour, 0::LONG) + COALESCE(sum_rest, 0::LONG))\\n| EVAL total_visits = TO_DOUBLE(COALESCE(count_last_hour, 0::LONG) + COALESCE(count_rest, 0::LONG))\\n| EVAL bytes_transform = ROUND(total_bytes / 1000000.0, 1)\\n| EVAL bytes_transform_last_hour = ROUND(sum_last_hour / 1000.0, 2)\\n| KEEP count_last_hour, total_visits, bytes_transform, bytes_transform_last_hour, extension.keyword\\n| STATS count_last_hour = SUM(count_last_hour), total_visits = SUM(total_visits), bytes_transform = SUM(bytes_transform), bytes_transform_last_hour = SUM(bytes_transform_last_hour) BY extension.keyword\\n| RENAME total_visits as `Unique Visits (Total)`, count_last_hour as `Unique Visits (Last hour)`, bytes_transform as `Bytes(Total - MB)`, bytes_transform_last_hour as `Bytes(Last hour - KB)`, extension.keyword as `Type`\"},\"columns\":[{\"columnId\":\"Unique Visits (Last hour)\",\"fieldName\":\"Unique Visits (Last hour)\",\"meta\":{\"type\":\"number\",\"esType\":\"long\"},\"inMetricDimension\":true},{\"columnId\":\"Unique Visits (Total)\",\"fieldName\":\"Unique Visits (Total)\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true},{\"columnId\":\"Bytes(Total - MB)\",\"fieldName\":\"Bytes(Total - MB)\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true},{\"columnId\":\"Bytes(Last hour - KB)\",\"fieldName\":\"Bytes(Last hour - KB)\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true},{\"columnId\":\"Type\",\"fieldName\":\"Type\",\"meta\":{\"type\":\"string\",\"esType\":\"keyword\"},\"inMetricDimension\":true}],\"timeField\":\"@timestamp\"}},\"indexPatternRefs\":[{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeField\":\"@timestamp\"}]}},\"filters\":[],\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| SORT @timestamp\\n| EVAL t = now()\\n| EVAL key = CASE(timestamp < t - 1 hour AND timestamp > t - 2 hour, \\\"Last hour\\\", \\\"Other\\\")\\n| STATS sum = SUM(bytes), count = COUNT_DISTINCT(clientip) by key, extension.keyword\\n| EVAL sum_last_hour = CASE(key == \\\"Last hour\\\", sum), sum_rest = CASE(key == \\\"Other\\\", sum), count_last_hour = CASE(key == \\\"Last hour\\\", count), count_rest = CASE(key == \\\"Other\\\", count)\\n| STATS sum_last_hour = MAX(sum_last_hour), sum_rest = MAX(sum_rest), count_last_hour = MAX(count_last_hour), count_rest = MAX(count_rest) by key, extension.keyword\\n| EVAL total_bytes = TO_DOUBLE(COALESCE(sum_last_hour, 0::LONG) + COALESCE(sum_rest, 0::LONG))\\n| EVAL total_visits = TO_DOUBLE(COALESCE(count_last_hour, 0::LONG) + COALESCE(count_rest, 0::LONG))\\n| EVAL bytes_transform = ROUND(total_bytes / 1000000.0, 1)\\n| EVAL bytes_transform_last_hour = ROUND(sum_last_hour / 1000.0, 2)\\n| KEEP count_last_hour, total_visits, bytes_transform, bytes_transform_last_hour, extension.keyword\\n| STATS count_last_hour = SUM(count_last_hour), total_visits = SUM(total_visits), bytes_transform = SUM(bytes_transform), bytes_transform_last_hour = SUM(bytes_transform_last_hour) BY extension.keyword\\n| RENAME total_visits as `Unique Visits (Total)`, count_last_hour as `Unique Visits (Last hour)`, bytes_transform as `Bytes(Total - MB)`, bytes_transform_last_hour as `Bytes(Last hour - KB)`, extension.keyword as `Type`\"},\"visualization\":{\"layerId\":\"60e6000b-e8d9-4143-b43c-f4c9b60ec127\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"Unique Visits (Last hour)\",\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#D23115\",\"stop\":10},{\"color\":\"#FCC400\",\"stop\":25},{\"color\":\"#68BC00\",\"stop\":26}],\"rangeType\":\"number\",\"rangeMin\":0,\"rangeMax\":null,\"continuity\":\"above\",\"colorStops\":[{\"color\":\"#D23115\",\"stop\":0},{\"color\":\"#FCC400\",\"stop\":10},{\"color\":\"#68BC00\",\"stop\":25}],\"name\":\"custom\"}}},{\"columnId\":\"Unique Visits (Total)\",\"colorMode\":\"text\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#D23115\",\"stop\":1000},{\"color\":\"#FCC400\",\"stop\":1500},{\"color\":\"#68BC00\",\"stop\":1501}],\"rangeType\":\"number\",\"rangeMin\":0,\"rangeMax\":null,\"continuity\":\"above\",\"colorStops\":[{\"color\":\"#D23115\",\"stop\":0},{\"color\":\"#FCC400\",\"stop\":1000},{\"color\":\"#68BC00\",\"stop\":1500}],\"name\":\"custom\"}}},{\"columnId\":\"Bytes(Total - MB)\"},{\"columnId\":\"Bytes(Last hour - KB)\"},{\"columnId\":\"Type\"}]},\"adHocDataViews\":{\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\":{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"type\":\"esql\",\"fieldFormats\":{},\"runtimeFieldMap\":{},\"allowNoIndex\":false,\"name\":\"kibana_sample_data_logs\",\"allowHidden\":false}}},\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\"},\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"SUM(bytes) & Unique Visits (Total - MB) & Bytes(Total) of Type\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":42,\"w\":24,\"h\":12,\"i\":\"26ecb41a-f605-4bc9-8c84-7936ce98f348\"},\"panelIndex\":\"26ecb41a-f605-4bc9-8c84-7936ce98f348\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"attributes\":{\"title\":\"[Logs] Bytes distribution\",\"visualizationType\":\"lnsXY\",\"state\":{\"datasourceStates\":{\"formBased\":{\"layers\":{\"7d9a32b1-8cc2-410c-83a5-2eb66a3f0321\":{\"columnOrder\":[\"a8511a62-2b78-4ba4-9425-a417df6e059f\",\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260\",\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0\",\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X1\",\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2\",\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X3\"],\"columns\":{\"a8511a62-2b78-4ba4-9425-a417df6e059f\":{\"dataType\":\"number\",\"isBucketed\":true,\"label\":\"bytes\",\"operationType\":\"range\",\"params\":{\"maxBars\":\"auto\",\"ranges\":[{\"from\":0,\"label\":\"\",\"to\":1000}],\"type\":\"histogram\"},\"scale\":\"interval\",\"sourceField\":\"bytes\"},\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0\":{\"label\":\"Part of % of visits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X1\":{\"label\":\"Part of % of visits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2\":{\"label\":\"Part of % of visits\",\"dataType\":\"number\",\"operationType\":\"overall_sum\",\"isBucketed\":false,\"scale\":\"ratio\",\"references\":[\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X1\"],\"customLabel\":true},\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X3\":{\"label\":\"Part of % of visits\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0\",\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2\"],\"location\":{\"min\":0,\"max\":30},\"text\":\"count() / overall_sum(count())\"}},\"references\":[\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X0\",\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X2\"],\"customLabel\":true},\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"% of visits\",\"operationType\":\"formula\",\"params\":{\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":1}},\"formula\":\"count() / overall_sum(count())\",\"isFormulaBroken\":false},\"references\":[\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260X3\"],\"scale\":\"ratio\"}},\"incompleteColumns\":{},\"indexPatternId\":\"90943e30-9a47-11e8-b64d-95841ca0b247\"}},\"currentIndexPatternId\":\"90943e30-9a47-11e8-b64d-95841ca0b247\"}},\"filters\":[],\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"fittingFunction\":\"None\",\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"layers\":[{\"accessors\":[\"b5f3dc78-dba8-4db8-87b6-24a0b9cca260\"],\"layerId\":\"7d9a32b1-8cc2-410c-83a5-2eb66a3f0321\",\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"xAccessor\":\"a8511a62-2b78-4ba4-9425-a417df6e059f\",\"layerType\":\"data\"}],\"legend\":{\"isVisible\":true,\"position\":\"right\",\"legendSize\":\"auto\"},\"preferredSeriesType\":\"bar_stacked\",\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"valueLabels\":\"hide\",\"yLeftExtent\":{\"mode\":\"full\"},\"yRightExtent\":{\"mode\":\"full\"}}},\"references\":[{\"type\":\"index-pattern\",\"id\":\"90943e30-9a47-11e8-b64d-95841ca0b247\",\"name\":\"indexpattern-datasource-layer-7d9a32b1-8cc2-410c-83a5-2eb66a3f0321\"}],\"type\":\"lens\",\"savedObjectId\":\"16b1d7d0-ea71-11eb-8b4b-f7b600de0f7d\"}},\"title\":\"[Logs] Bytes distribution\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":54,\"w\":48,\"h\":13,\"i\":\"ef74e09a-4bf9-4a38-8251-e754404871fd\"},\"panelIndex\":\"ef74e09a-4bf9-4a38-8251-e754404871fd\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Unique & 95th percentile of bytes & Median of bytes & count_5xx of url.keyword\",\"references\":[],\"state\":{\"datasourceStates\":{\"textBased\":{\"layers\":{\"8d5e3fae-adad-4bfc-8ec2-a1926a447315\":{\"index\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| KEEP bytes, clientip, url.keyword, response.keyword\\n| EVAL type = CASE(TO_INTEGER(response.keyword) >= 400 and TO_INTEGER(response.keyword) < 500, \\\"4xx\\\", TO_INTEGER(response.keyword) >= 500, \\\"5xx\\\", \\\"Other\\\")\\n| STATS Visits = COUNT(), Unique = COUNT_DISTINCT(clientip), p95 = percentile(bytes, 95), median = median(bytes) by type, url.keyword\\n| EVAL count_4xx = CASE(type == \\\"4xx\\\", Visits), count_5xx = CASE(type == \\\"5xx\\\", Visits), count_rest = CASE(type == \\\"Other\\\", Visits)\\n| STATS count_4xx = SUM(count_4xx), count_5xx = SUM(count_5xx), count_rest = SUM(count_rest), Unique = SUM(Unique),`95th percentile of bytes` = MAX(p95), `Median of bytes` = MAX(median) BY url.keyword\\n| EVAL count_4xx = COALESCE(count_4xx, 0::LONG), count_5xx = COALESCE(count_5xx, 0::LONG), count_rest = COALESCE(count_rest, 0::LONG)\\n| EVAL total_records = TO_DOUBLE(count_4xx + count_5xx + count_rest)\\n| EVAL percentage_4xx = count_4xx / total_records, percentage_5xx = count_5xx / total_records\\n| EVAL percentage_4xx = ROUND(100 * percentage_4xx, 2)\\n| EVAL percentage_5xx = ROUND(100 * percentage_5xx, 2)\\n| DROP count_4xx, count_rest, total_records\\n| RENAME percentage_4xx as `HTTP 4xx`, percentage_5xx as `HTTP 5xx`\"},\"columns\":[{\"columnId\":\"Unique\",\"fieldName\":\"Unique\",\"meta\":{\"type\":\"number\",\"esType\":\"long\"},\"inMetricDimension\":true},{\"columnId\":\"95th percentile of bytes\",\"fieldName\":\"95th percentile of bytes\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true},{\"columnId\":\"Median of bytes\",\"fieldName\":\"Median of bytes\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true},{\"columnId\":\"url.keyword\",\"fieldName\":\"url.keyword\",\"meta\":{\"type\":\"string\",\"esType\":\"keyword\"},\"inMetricDimension\":true},{\"columnId\":\"count_5xx\",\"fieldName\":\"HTTP 5xx\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"},\"inMetricDimension\":true},{\"columnId\":\"0089839c-ab91-420e-bdec-9583ce4d6015\",\"fieldName\":\"HTTP 4xx\",\"meta\":{\"type\":\"number\",\"esType\":\"double\"}}],\"timeField\":\"@timestamp\"}},\"indexPatternRefs\":[{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeField\":\"@timestamp\"}]}},\"filters\":[],\"query\":{\"esql\":\"FROM kibana_sample_data_logs\\n| KEEP bytes, clientip, url.keyword, response.keyword\\n| EVAL type = CASE(TO_INTEGER(response.keyword) >= 400 and TO_INTEGER(response.keyword) < 500, \\\"4xx\\\", TO_INTEGER(response.keyword) >= 500, \\\"5xx\\\", \\\"Other\\\")\\n| STATS Visits = COUNT(), Unique = COUNT_DISTINCT(clientip), p95 = percentile(bytes, 95), median = median(bytes) by type, url.keyword\\n| EVAL count_4xx = CASE(type == \\\"4xx\\\", Visits), count_5xx = CASE(type == \\\"5xx\\\", Visits), count_rest = CASE(type == \\\"Other\\\", Visits)\\n| STATS count_4xx = SUM(count_4xx), count_5xx = SUM(count_5xx), count_rest = SUM(count_rest), Unique = SUM(Unique),`95th percentile of bytes` = MAX(p95), `Median of bytes` = MAX(median) BY url.keyword\\n| EVAL count_4xx = COALESCE(count_4xx, 0::LONG), count_5xx = COALESCE(count_5xx, 0::LONG), count_rest = COALESCE(count_rest, 0::LONG)\\n| EVAL total_records = TO_DOUBLE(count_4xx + count_5xx + count_rest)\\n| EVAL percentage_4xx = count_4xx / total_records, percentage_5xx = count_5xx / total_records\\n| EVAL percentage_4xx = ROUND(100 * percentage_4xx, 2)\\n| EVAL percentage_5xx = ROUND(100 * percentage_5xx, 2)\\n| DROP count_4xx, count_rest, total_records\\n| RENAME percentage_4xx as `HTTP 4xx`, percentage_5xx as `HTTP 5xx`\"},\"visualization\":{\"layerId\":\"8d5e3fae-adad-4bfc-8ec2-a1926a447315\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"Unique\"},{\"columnId\":\"95th percentile of bytes\"},{\"columnId\":\"Median of bytes\"},{\"columnId\":\"url.keyword\"},{\"columnId\":\"count_5xx\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#FBDDD6\",\"stop\":10},{\"color\":\"#CC5642\",\"stop\":100}],\"rangeType\":\"number\",\"rangeMin\":5,\"rangeMax\":null,\"continuity\":\"above\",\"colorStops\":[{\"color\":\"#FBDDD6\",\"stop\":5},{\"color\":\"#CC5642\",\"stop\":10}],\"name\":\"custom\"}}},{\"columnId\":\"0089839c-ab91-420e-bdec-9583ce4d6015\",\"isTransposed\":false,\"isMetric\":true,\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#FBDDD6\",\"stop\":10},{\"color\":\"#CC5642\",\"stop\":100}],\"rangeType\":\"number\",\"rangeMin\":0.05,\"rangeMax\":null,\"continuity\":\"above\",\"colorStops\":[{\"color\":\"#FBDDD6\",\"stop\":0.05},{\"color\":\"#CC5642\",\"stop\":10}],\"name\":\"custom\"}}}]},\"adHocDataViews\":{\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\":{\"id\":\"e3465e67bdeced2befff9f9dca7ecf9c48504cad68a10efd881f4c7dd5ade28a\",\"title\":\"kibana_sample_data_logs\",\"timeFieldName\":\"@timestamp\",\"sourceFilters\":[],\"type\":\"esql\",\"fieldFormats\":{},\"runtimeFieldMap\":{},\"allowNoIndex\":false,\"name\":\"kibana_sample_data_logs\",\"allowHidden\":false}}},\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\"},\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"enhancements\":{}}}]", + "refreshInterval": { + "pause": false, + "value": 900000 + }, + "timeTo": "2022-10-26T09:00:00.000Z", + "timeFrom": "2022-10-19T09:00:00.000Z", + "timeRestore": true, + "title": "Logs dashboard with ES|QL" + }, + "managed": false, + "coreMigrationVersion": "8.8.0", + "typeMigrationVersion": "10.2.0", + "updated_at": "2024-09-18T12:44:30.513Z", + "created_at": "2024-09-17T10:56:39.390Z", + "id": "edf84fe0-e1a0-11e7-b6d5-4dc382ef7f5b", + "references": [ + { + "name": "b7c1b7cb-4e8b-44cd-b47b-624922ab4881:panel_b7c1b7cb-4e8b-44cd-b47b-624922ab4881", + "type": "visualization", + "id": "cb099a20-ea66-11eb-9425-113343a037e3" + }, + { + "name": "243222f6-1f49-4cfd-85eb-68c1028f06cf:panel_243222f6-1f49-4cfd-85eb-68c1028f06cf", + "type": "visualization", + "id": "7cbd2350-2223-11e8-b802-5bcf64c2cfb4" + }, + { + "type": "index-pattern", + "id": "90943e30-9a47-11e8-b64d-95841ca0b247", + "name": "26ecb41a-f605-4bc9-8c84-7936ce98f348:indexpattern-datasource-layer-7d9a32b1-8cc2-410c-83a5-2eb66a3f0321" + }, + { + "id": "90943e30-9a47-11e8-b64d-95841ca0b247", + "name": "controlGroup_612f8db8-9ba9-41cf-a809-d133fe9b83a8:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "90943e30-9a47-11e8-b64d-95841ca0b247", + "name": "controlGroup_9807212f-5078-4c42-879c-6f28b3033fc9:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "90943e30-9a47-11e8-b64d-95841ca0b247", + "name": "controlGroup_6bf7a1b4-282e-43ac-aa46-81b97fa3acae:rangeSliderDataView", + "type": "index-pattern" + } + ], + "type": "dashboard", + "version": "WzIyNiwxXQ==" +} From 460ca2a83f0fd14b9d8c78c6b695e742c3f25930 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Thu, 19 Sep 2024 09:02:45 -0700 Subject: [PATCH 03/74] [Global Search, Saved Objects Management] Use new parse option to specify recognized fields (#190464) This PR adds a new option to the `SchemaType` interface for parsing a query from a search in EuiSearchBar. This new field controls how EuiSearchBar text is parsed into a Query object. It enables better accuracy in how search terms are parsed when they include a `:` character. ## Release note Fixed an issue when using search bars with a term that includes a colon `:` character. ## Summary Closes https://github.com/elastic/kibana/issues/184496 Depends on https://github.com/elastic/eui/pull/7960 **GLOBAL SEARCH: BEFORE** ![akshfgkalsfh-before](https://github.com/user-attachments/assets/22377a3e-394e-43fb-83db-ae2477ce22d7) **GLOBAL SEARCH: AFTER** ![akshfgkalsfh-after](https://github.com/user-attachments/assets/406d56eb-c946-493b-94f3-abb0380611f3) **SAVED OBJECTS MANAGEMENT: BEFORE** ![okjoyofjiuh-before](https://github.com/user-attachments/assets/c1c56572-31aa-41df-b0c5-3eef421a06c5) **SAVED OBJECTS MANAGEMENT: AFTER** ![okjoyofjiuh-after](https://github.com/user-attachments/assets/9e19bbcf-72e7-43d5-a9e7-3c5805632a38) **SAVED OBJECTS FINDER: BEFORE** ![lfdgnhklfd-before](https://github.com/user-attachments/assets/b826987d-8af6-4c20-93b0-0d0bb76d9501) **SAVED OBJECTS FINDER: AFTER** ![lfdgnhklfd-after](https://github.com/user-attachments/assets/e8e007b9-91f7-4209-bfd5-ce43a2cbc894) ## Checklist - [x] Ensure that filtering using `type:` and `tags:` still works --- .../public/finder/saved_object_finder.tsx | 3 +++ .../__snapshots__/table.test.tsx.snap | 12 ++++++++++++ .../objects_table/components/table.tsx | 7 ++++++- .../search_syntax/parse_search_params.test.ts | 15 +++------------ .../search_syntax/parse_search_params.ts | 19 +++++-------------- .../public/search_syntax/types.ts | 4 ---- 6 files changed, 29 insertions(+), 31 deletions(-) diff --git a/src/plugins/saved_objects_finder/public/finder/saved_object_finder.tsx b/src/plugins/saved_objects_finder/public/finder/saved_object_finder.tsx index b280e626467d7..86940d52a81b3 100644 --- a/src/plugins/saved_objects_finder/public/finder/saved_object_finder.tsx +++ b/src/plugins/saved_objects_finder/public/finder/saved_object_finder.tsx @@ -349,6 +349,9 @@ export class SavedObjectFinderUi extends React.Component< box: { incremental: true, 'data-test-subj': 'savedObjectFinderSearchInput', + schema: { + recognizedFields: ['type', 'tag'], + }, }, filters: this.props.showFilter ? [ diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/table.test.tsx.snap b/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/table.test.tsx.snap index 7e88de9674cc4..bc0eda7e6d5a5 100644 --- a/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/table.test.tsx.snap +++ b/src/plugins/saved_objects_management/public/management_section/objects_table/components/__snapshots__/table.test.tsx.snap @@ -6,6 +6,12 @@ exports[`Table prevents hidden saved objects from being deleted 1`] = ` box={ Object { "data-test-subj": "savedObjectSearchBar", + "schema": Object { + "recognizedFields": Array [ + "type", + "tag", + ], + }, } } filters={ @@ -234,6 +240,12 @@ exports[`Table should render normally 1`] = ` box={ Object { "data-test-subj": "savedObjectSearchBar", + "schema": Object { + "recognizedFields": Array [ + "type", + "tag", + ], + }, } } filters={ diff --git a/src/plugins/saved_objects_management/public/management_section/objects_table/components/table.tsx b/src/plugins/saved_objects_management/public/management_section/objects_table/components/table.tsx index dbd9b2a550605..a32a1e9e958e1 100644 --- a/src/plugins/saved_objects_management/public/management_section/objects_table/components/table.tsx +++ b/src/plugins/saved_objects_management/public/management_section/objects_table/components/table.tsx @@ -392,7 +392,12 @@ export class Table extends PureComponent { {activeActionContents} { const searchParams = parseSearchParams('tag:((()^invalid'); expect(searchParams).toEqual({ term: 'tag:((()^invalid', - filters: { - unknowns: {}, - }, + filters: {}, }); }); @@ -33,7 +31,6 @@ describe('parseSearchParams', () => { expect(searchParams.filters).toEqual({ tags: undefined, types: undefined, - unknowns: {}, }); }); @@ -44,20 +41,16 @@ describe('parseSearchParams', () => { filters: { tags: ['foo', 'dolly'], types: ['bar'], - unknowns: {}, }, }); }); - it('handles unknowns field clauses', () => { + it('considers unknown field clauses to be part of the raw search term', () => { const searchParams = parseSearchParams('tag:foo unknown:bar hello'); expect(searchParams).toEqual({ - term: 'hello', + term: 'unknown:bar hello', filters: { tags: ['foo'], - unknowns: { - unknown: ['bar'], - }, }, }); }); @@ -69,7 +62,6 @@ describe('parseSearchParams', () => { filters: { tags: ['foo', 'bar'], types: ['dash', 'board'], - unknowns: {}, }, }); }); @@ -81,7 +73,6 @@ describe('parseSearchParams', () => { filters: { tags: ['42', 'true'], types: ['69', 'false'], - unknowns: {}, }, }); }); diff --git a/x-pack/plugins/global_search_bar/public/search_syntax/parse_search_params.ts b/x-pack/plugins/global_search_bar/public/search_syntax/parse_search_params.ts index 989accdf2ea11..1df6c1123a328 100644 --- a/x-pack/plugins/global_search_bar/public/search_syntax/parse_search_params.ts +++ b/x-pack/plugins/global_search_bar/public/search_syntax/parse_search_params.ts @@ -17,32 +17,24 @@ const aliasMap = { }; export const parseSearchParams = (term: string): ParsedSearchParams => { + const recognizedFields = knownFilters.concat(...Object.values(aliasMap)); let query: Query; try { - query = Query.parse(term); + query = Query.parse(term, { + schema: { recognizedFields }, + }); } catch (e) { // if the query fails to parse, we just perform the search against the raw search term. return { term, - filters: { - unknowns: {}, - }, + filters: {}, }; } const searchTerm = getSearchTerm(query); const filterValues = applyAliases(getFieldValueMap(query), aliasMap); - const unknownFilters = [...filterValues.entries()] - .filter(([key]) => !knownFilters.includes(key)) - .reduce((unknowns, [key, value]) => { - return { - ...unknowns, - [key]: value, - }; - }, {} as Record); - const tags = filterValues.get('tag'); const types = filterValues.get('type'); @@ -51,7 +43,6 @@ export const parseSearchParams = (term: string): ParsedSearchParams => { filters: { tags: tags ? valuesToString(tags) : undefined, types: types ? valuesToString(types) : undefined, - unknowns: unknownFilters, }, }; }; diff --git a/x-pack/plugins/global_search_bar/public/search_syntax/types.ts b/x-pack/plugins/global_search_bar/public/search_syntax/types.ts index dc931a469fd7c..7b1ce5b762c87 100644 --- a/x-pack/plugins/global_search_bar/public/search_syntax/types.ts +++ b/x-pack/plugins/global_search_bar/public/search_syntax/types.ts @@ -27,9 +27,5 @@ export interface ParsedSearchParams { * Aggregation of `type` and `types` field clauses */ types?: FilterValues; - /** - * All unknown field clauses - */ - unknowns: Record; }; } From f32ba5ce6cdcd82bd2de2d865d868c81d578b53a Mon Sep 17 00:00:00 2001 From: Tomasz Ciecierski Date: Thu, 19 Sep 2024 18:39:33 +0200 Subject: [PATCH 04/74] [EDR Workflows] Update Osquery and ECS fields schemas (#193399) --- .../plugins/osquery/public/common/schemas/ecs/v8.11.0.json | 1 - .../plugins/osquery/public/common/schemas/ecs/v8.12.0.json | 1 + .../osquery/public/common/schemas/osquery/v5.10.2.json | 1 - .../osquery/public/common/schemas/osquery/v5.13.1.json | 1 + x-pack/plugins/osquery/public/editor/osquery_tables.ts | 2 +- .../public/packs/queries/ecs_mapping_editor_field.tsx | 4 ++-- x-pack/plugins/osquery/scripts/readme.md | 6 ++++-- .../osquery/scripts/schema_formatter/osquery_formatter.ts | 2 +- 8 files changed, 10 insertions(+), 8 deletions(-) delete mode 100644 x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json create mode 100644 x-pack/plugins/osquery/public/common/schemas/ecs/v8.12.0.json delete mode 100644 x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json create mode 100644 x-pack/plugins/osquery/public/common/schemas/osquery/v5.13.1.json diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json deleted file mode 100644 index dc58c07386899..0000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.11.0.json +++ /dev/null @@ -1 +0,0 @@ -[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the client."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.origin.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.origin.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.origin.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.origin.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.origin.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.origin.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.origin.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.origin.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.origin.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.target.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.target.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.target.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.target.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.target.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.target.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.target.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.target.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.target.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.target.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.target.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"container.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"container.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.hash.all","type":"keyword","normalization":"array","example":"[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]","description":"An array of digests of the image the container was built on."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.memory.usage","type":"scaled_float","normalization":"","example":"","description":"Percent memory used, between 0 and 1."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"container.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"container.security_context.privileged","type":"boolean","normalization":"","example":"","description":"Indicates whether the container is running in privileged mode."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the destination."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"device.id","type":"keyword","normalization":"","example":"00000000-54b3-e7c7-0000-000046bffd97","description":"The unique identifier of a device."},{"field":"device.manufacturer","type":"keyword","normalization":"","example":"Samsung","description":"The vendor name of the device manufacturer."},{"field":"device.model.identifier","type":"keyword","normalization":"","example":"SM-G920F","description":"The machine readable identifier of the device model."},{"field":"device.model.name","type":"keyword","normalization":"","example":"Samsung Galaxy S6","description":"The human readable marketing name of the device model."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"dll.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"dll.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"dll.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"dll.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dll.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"dll.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"dll.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"dll.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"dll.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"dll.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"email.attachments","type":"nested","normalization":"array","example":"","description":"List of objects describing the attachments."},{"field":"email.attachments.file.extension","type":"keyword","normalization":"","example":"txt","description":"Attachment file extension."},{"field":"email.attachments.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"email.attachments.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"email.attachments.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"email.attachments.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"email.attachments.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"email.attachments.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"email.attachments.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"email.attachments.file.mime_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the attachment file."},{"field":"email.attachments.file.name","type":"keyword","normalization":"","example":"attachment.txt","description":"Name of the attachment file."},{"field":"email.attachments.file.size","type":"long","normalization":"","example":64329,"description":"Attachment file size."},{"field":"email.bcc.address","type":"keyword","normalization":"array","example":"bcc.user1@example.com","description":"Email address of BCC recipient"},{"field":"email.cc.address","type":"keyword","normalization":"array","example":"cc.user1@example.com","description":"Email address of CC recipient"},{"field":"email.content_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the email message."},{"field":"email.delivery_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time when message was delivered."},{"field":"email.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the message."},{"field":"email.from.address","type":"keyword","normalization":"array","example":"sender@example.com","description":"The sender's email address."},{"field":"email.local_id","type":"keyword","normalization":"","example":"c26dbea0-80d5-463b-b93c-4e8b708219ce","description":"Unique identifier given by the source."},{"field":"email.message_id","type":"wildcard","normalization":"","example":"81ce15$8r2j59@mail01.example.com","description":"Value from the Message-ID header."},{"field":"email.origination_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time the email was composed."},{"field":"email.reply_to.address","type":"keyword","normalization":"array","example":"reply.here@example.com","description":"Address replies should be delivered to."},{"field":"email.sender.address","type":"keyword","normalization":"","example":"","description":"Address of the message sender."},{"field":"email.subject","type":"keyword","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.subject.text","type":"match_only_text","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.to.address","type":"keyword","normalization":"array","example":"user1@example.com","description":"Email address of recipient"},{"field":"email.x_mailer","type":"keyword","normalization":"","example":"Spambot v2.5","description":"Application that drafted email."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"`event.end` contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"`event.start` contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"faas.coldstart","type":"boolean","normalization":"","example":"","description":"Boolean value indicating a cold start of a function."},{"field":"faas.execution","type":"keyword","normalization":"","example":"af9d5aa4-a685-4c5f-a22b-444f80b3cc28","description":"The execution ID of the current function execution."},{"field":"faas.id","type":"keyword","normalization":"","example":"arn:aws:lambda:us-west-2:123456789012:function:my-function","description":"The unique identifier of a serverless function."},{"field":"faas.name","type":"keyword","normalization":"","example":"my-function","description":"The name of a serverless function."},{"field":"faas.trigger.request_id","type":"keyword","normalization":"","example":123456789,"description":"The ID of the trigger request , message, event, etc."},{"field":"faas.trigger.type","type":"keyword","normalization":"","example":"http","description":"The trigger for the function execution."},{"field":"faas.version","type":"keyword","normalization":"","example":123,"description":"The version of a serverless function."},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"file.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"file.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"file.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"file.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"file.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"file.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.boot.id","type":"keyword","normalization":"","example":"88a1f0ed-5ae5-41ee-af6b-41921c311872","description":"Linux boot uuid taken from /proc/sys/kernel/random/boot_id"},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.pid_ns_ino","type":"keyword","normalization":"","example":256383,"description":"Pid namespace inode"},{"field":"host.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"host.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"POST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"long","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.appname","type":"keyword","normalization":"","example":"sshd","description":"The device or application that originated the Syslog message."},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.hostname","type":"keyword","normalization":"","example":"example-host","description":"The host that originated the Syslog message."},{"field":"log.syslog.msgid","type":"keyword","normalization":"","example":"ID47","description":"An identifier for the type of Syslog message."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.procid","type":"keyword","normalization":"","example":12345,"description":"The process name or ID that originated the Syslog message."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"log.syslog.structured_data","type":"flattened","normalization":"","example":"","description":"Structured data expressed in RFC 5424 messages."},{"field":"log.syslog.version","type":"keyword","normalization":"","example":1,"description":"Syslog protocol version."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"Application protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the cluster."},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.annotation","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of annotations added to the resource."},{"field":"orchestrator.resource.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the resource being acted upon."},{"field":"orchestrator.resource.ip","type":"ip","normalization":"array","example":"","description":"IP address assigned to the resource associated with the event being observed."},{"field":"orchestrator.resource.label","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of labels added to the resource."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.parent.type","type":"keyword","normalization":"","example":"DaemonSet","description":"Type or kind of the parent resource associated with the event being observed."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.entry_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.entry_leader.attested_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.attested_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.attested_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.attested_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.entry_meta.source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"process.entry_leader.entry_meta.type","type":"keyword","normalization":"","example":"","description":"The entry type for the entry session leader."},{"field":"process.entry_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.entry_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.entry_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.entry_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.entry_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.entry_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.entry_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.env_vars","type":"keyword","normalization":"array","example":["PATH=/usr/local/bin:/usr/bin","USER=ubuntu"],"description":"Array of environment variable bindings."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.group_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.group_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.group_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.group_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.group_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.group_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.group_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.group_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.group_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.group_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.group_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.group_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.group_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.io","type":"object","normalization":"","example":"","description":"A chunk of input or output (IO) from a single process."},{"field":"process.io.bytes_skipped","type":"object","normalization":"array","example":"","description":"An array of byte offsets and lengths denoting where IO data has been skipped."},{"field":"process.io.bytes_skipped.length","type":"long","normalization":"","example":"","description":"The length of bytes skipped."},{"field":"process.io.bytes_skipped.offset","type":"long","normalization":"","example":"","description":"The byte offset into this event's io.text (or io.bytes in the future) where length bytes were skipped."},{"field":"process.io.max_bytes_per_process_exceeded","type":"boolean","normalization":"","example":"","description":"If true, the process producing the output has exceeded the max_kilobytes_per_process configuration setting."},{"field":"process.io.text","type":"wildcard","normalization":"","example":"","description":"A chunk of output or input sanitized to UTF-8."},{"field":"process.io.total_bytes_captured","type":"long","normalization":"","example":"","description":"The total number of bytes captured in this event."},{"field":"process.io.total_bytes_skipped","type":"long","normalization":"","example":"","description":"The total number of bytes that were not captured due to implementation restrictions such as buffer size limits."},{"field":"process.io.type","type":"keyword","normalization":"","example":"","description":"The type of object on which the IO action (read or write) was taken."},{"field":"process.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.parent.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.parent.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.parent.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.parent.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.parent.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.parent.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.parent.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.parent.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.parent.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.parent.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.parent.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.parent.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.parent.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.parent.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.previous.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.previous.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.previous.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.previous.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.session_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.session_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.session_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.session_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.session_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.session_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.session_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.session_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.tty.columns","type":"long","normalization":"","example":80,"description":"The number of character columns per line. e.g terminal width"},{"field":"process.tty.rows","type":"long","normalization":"","example":24,"description":"The number of character rows in the terminal. e.g terminal height"},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the server."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.origin.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.origin.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.origin.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.origin.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.origin.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.origin.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.origin.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.origin.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.target.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.target.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.target.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.target.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.target.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.target.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.target.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.target.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.target.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the source."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.enrichments.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.enrichments.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.enrichments.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.occurred","type":"date","normalization":"","example":"2021-10-05T17:00:58.326Z","description":"Date of match"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.feed.dashboard_id","type":"keyword","normalization":"","example":"5ba16340-72e6-11eb-a3e3-b3cc7c78a70f","description":"Feed dashboard ID."},{"field":"threat.feed.description","type":"keyword","normalization":"","example":"Threat feed from the AlienVault Open Threat eXchange network.","description":"Description of the threat feed."},{"field":"threat.feed.name","type":"keyword","normalization":"","example":"AlienVault OTX","description":"Name of the threat feed."},{"field":"threat.feed.reference","type":"keyword","normalization":"","example":"https://otx.alienvault.com","description":"Reference for the threat feed."},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"user.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v8.12.0.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.12.0.json new file mode 100644 index 0000000000000..6d034129f5763 --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/ecs/v8.12.0.json @@ -0,0 +1 @@ +[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the client."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.origin.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.origin.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.origin.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.origin.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.origin.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.origin.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.origin.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.origin.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.origin.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.origin.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"cloud.target.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.target.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.target.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.target.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.target.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.target.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.target.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.target.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.target.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.target.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.target.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"container.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"container.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.hash.all","type":"keyword","normalization":"array","example":"[sha256:f8fefc80e3273dc756f288a63945820d6476ad64883892c771b5e2ece6bf1b26]","description":"An array of digests of the image the container was built on."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.memory.usage","type":"scaled_float","normalization":"","example":"","description":"Percent memory used, between 0 and 1."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"container.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"container.security_context.privileged","type":"boolean","normalization":"","example":"","description":"Indicates whether the container is running in privileged mode."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the destination."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"device.id","type":"keyword","normalization":"","example":"00000000-54b3-e7c7-0000-000046bffd97","description":"The unique identifier of a device."},{"field":"device.manufacturer","type":"keyword","normalization":"","example":"Samsung","description":"The vendor name of the device manufacturer."},{"field":"device.model.identifier","type":"keyword","normalization":"","example":"SM-G920F","description":"The machine readable identifier of the device model."},{"field":"device.model.name","type":"keyword","normalization":"","example":"Samsung Galaxy S6","description":"The human readable marketing name of the device model."},{"field":"device.serial_number","type":"keyword","normalization":"","example":"DJGAQS4CW5","description":"Serial Number of the device"},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.flags","type":"string","normalization":"","example":570522385,"description":"Code signing flags of the process"},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.cdhash","type":"keyword","normalization":"","example":"3783b4052fd474dbe30676b45c329e7a6d44acd9","description":"The Code Directory (CD) hash of an executable."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"dll.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"dll.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"dll.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"dll.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"dll.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dll.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"dll.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"dll.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"dll.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"dll.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"dll.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"email.attachments","type":"nested","normalization":"array","example":"","description":"List of objects describing the attachments."},{"field":"email.attachments.file.extension","type":"keyword","normalization":"","example":"txt","description":"Attachment file extension."},{"field":"email.attachments.file.hash.cdhash","type":"keyword","normalization":"","example":"3783b4052fd474dbe30676b45c329e7a6d44acd9","description":"The Code Directory (CD) hash of an executable."},{"field":"email.attachments.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"email.attachments.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"email.attachments.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"email.attachments.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"email.attachments.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"email.attachments.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"email.attachments.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"email.attachments.file.mime_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the attachment file."},{"field":"email.attachments.file.name","type":"keyword","normalization":"","example":"attachment.txt","description":"Name of the attachment file."},{"field":"email.attachments.file.size","type":"long","normalization":"","example":64329,"description":"Attachment file size."},{"field":"email.bcc.address","type":"keyword","normalization":"array","example":"bcc.user1@example.com","description":"Email address of BCC recipient"},{"field":"email.cc.address","type":"keyword","normalization":"array","example":"cc.user1@example.com","description":"Email address of CC recipient"},{"field":"email.content_type","type":"keyword","normalization":"","example":"text/plain","description":"MIME type of the email message."},{"field":"email.delivery_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time when message was delivered."},{"field":"email.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the message."},{"field":"email.from.address","type":"keyword","normalization":"array","example":"sender@example.com","description":"The sender's email address."},{"field":"email.local_id","type":"keyword","normalization":"","example":"c26dbea0-80d5-463b-b93c-4e8b708219ce","description":"Unique identifier given by the source."},{"field":"email.message_id","type":"wildcard","normalization":"","example":"81ce15$8r2j59@mail01.example.com","description":"Value from the Message-ID header."},{"field":"email.origination_timestamp","type":"date","normalization":"","example":"2020-11-10T22:12:34.8196921Z","description":"Date and time the email was composed."},{"field":"email.reply_to.address","type":"keyword","normalization":"array","example":"reply.here@example.com","description":"Address replies should be delivered to."},{"field":"email.sender.address","type":"keyword","normalization":"","example":"","description":"Address of the message sender."},{"field":"email.subject","type":"keyword","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.subject.text","type":"match_only_text","normalization":"","example":"Please see this important message.","description":"The subject of the email message."},{"field":"email.to.address","type":"keyword","normalization":"array","example":"user1@example.com","description":"Email address of recipient"},{"field":"email.x_mailer","type":"keyword","normalization":"","example":"Spambot v2.5","description":"Application that drafted email."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"`event.end` contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"`event.start` contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"faas.coldstart","type":"boolean","normalization":"","example":"","description":"Boolean value indicating a cold start of a function."},{"field":"faas.execution","type":"keyword","normalization":"","example":"af9d5aa4-a685-4c5f-a22b-444f80b3cc28","description":"The execution ID of the current function execution."},{"field":"faas.id","type":"keyword","normalization":"","example":"arn:aws:lambda:us-west-2:123456789012:function:my-function","description":"The unique identifier of a serverless function."},{"field":"faas.name","type":"keyword","normalization":"","example":"my-function","description":"The name of a serverless function."},{"field":"faas.trigger.request_id","type":"keyword","normalization":"","example":123456789,"description":"The ID of the trigger request , message, event, etc."},{"field":"faas.trigger.type","type":"keyword","normalization":"","example":"http","description":"The trigger for the function execution."},{"field":"faas.version","type":"keyword","normalization":"","example":123,"description":"The version of a serverless function."},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.flags","type":"string","normalization":"","example":570522385,"description":"Code signing flags of the process"},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.cdhash","type":"keyword","normalization":"","example":"3783b4052fd474dbe30676b45c329e7a6d44acd9","description":"The Code Directory (CD) hash of an executable."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"file.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"file.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"file.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"file.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"file.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"file.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.boot.id","type":"keyword","normalization":"","example":"88a1f0ed-5ae5-41ee-af6b-41921c311872","description":"Linux boot uuid taken from /proc/sys/kernel/random/boot_id"},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.pid_ns_ino","type":"keyword","normalization":"","example":256383,"description":"Pid namespace inode"},{"field":"host.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"host.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"host.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"host.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"POST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"long","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.appname","type":"keyword","normalization":"","example":"sshd","description":"The device or application that originated the Syslog message."},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.hostname","type":"keyword","normalization":"","example":"example-host","description":"The host that originated the Syslog message."},{"field":"log.syslog.msgid","type":"keyword","normalization":"","example":"ID47","description":"An identifier for the type of Syslog message."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.procid","type":"keyword","normalization":"","example":12345,"description":"The process name or ID that originated the Syslog message."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"log.syslog.structured_data","type":"flattened","normalization":"","example":"","description":"Structured data expressed in RFC 5424 messages."},{"field":"log.syslog.version","type":"keyword","normalization":"","example":1,"description":"Syslog protocol version."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"Application protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the cluster."},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.annotation","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of annotations added to the resource."},{"field":"orchestrator.resource.id","type":"keyword","normalization":"","example":"","description":"Unique ID of the resource being acted upon."},{"field":"orchestrator.resource.ip","type":"ip","normalization":"array","example":"","description":"IP address assigned to the resource associated with the event being observed."},{"field":"orchestrator.resource.label","type":"keyword","normalization":"array","example":"['key1:value1', 'key2:value2', 'key3:value3']","description":"The list of labels added to the resource."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.parent.type","type":"keyword","normalization":"","example":"DaemonSet","description":"Type or kind of the parent resource associated with the event being observed."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.flags","type":"string","normalization":"","example":570522385,"description":"Code signing flags of the process"},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.entry_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.entry_leader.attested_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.attested_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.attested_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.attested_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.entry_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.entry_meta.source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"process.entry_leader.entry_meta.type","type":"keyword","normalization":"","example":"","description":"The entry type for the entry session leader."},{"field":"process.entry_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.entry_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.entry_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.entry_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.entry_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.entry_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.entry_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.entry_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.entry_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.entry_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.entry_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.entry_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.entry_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.entry_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.entry_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.entry_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.entry_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.env_vars","type":"keyword","normalization":"array","example":["PATH=/usr/local/bin:/usr/bin","USER=ubuntu"],"description":"Array of environment variable bindings."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.group_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.group_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.group_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.group_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.group_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.group_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.group_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.group_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.group_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.group_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.group_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.group_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.group_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.group_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.group_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.group_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.hash.cdhash","type":"keyword","normalization":"","example":"3783b4052fd474dbe30676b45c329e7a6d44acd9","description":"The Code Directory (CD) hash of an executable."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.io","type":"object","normalization":"","example":"","description":"A chunk of input or output (IO) from a single process."},{"field":"process.io.bytes_skipped","type":"object","normalization":"array","example":"","description":"An array of byte offsets and lengths denoting where IO data has been skipped."},{"field":"process.io.bytes_skipped.length","type":"long","normalization":"","example":"","description":"The length of bytes skipped."},{"field":"process.io.bytes_skipped.offset","type":"long","normalization":"","example":"","description":"The byte offset into this event's io.text (or io.bytes in the future) where length bytes were skipped."},{"field":"process.io.max_bytes_per_process_exceeded","type":"boolean","normalization":"","example":"","description":"If true, the process producing the output has exceeded the max_kilobytes_per_process configuration setting."},{"field":"process.io.text","type":"wildcard","normalization":"","example":"","description":"A chunk of output or input sanitized to UTF-8."},{"field":"process.io.total_bytes_captured","type":"long","normalization":"","example":"","description":"The total number of bytes captured in this event."},{"field":"process.io.total_bytes_skipped","type":"long","normalization":"","example":"","description":"The total number of bytes that were not captured due to implementation restrictions such as buffer size limits."},{"field":"process.io.type","type":"keyword","normalization":"","example":"","description":"The type of object on which the IO action (read or write) was taken."},{"field":"process.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.flags","type":"string","normalization":"","example":570522385,"description":"Code signing flags of the process"},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"process.parent.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.group_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.group_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.group_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.group_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.hash.cdhash","type":"keyword","normalization":"","example":"3783b4052fd474dbe30676b45c329e7a6d44acd9","description":"The Code Directory (CD) hash of an executable."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"process.parent.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.parent.macho.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a Mach-O file."},{"field":"process.parent.macho.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.macho.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.macho.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.macho.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.macho.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.macho.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.macho.sections","type":"nested","normalization":"array","example":"","description":"Section information of the Mach-O file."},{"field":"process.parent.macho.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.name","type":"keyword","normalization":"","example":"","description":"Mach-O Section List name."},{"field":"process.parent.macho.sections.physical_size","type":"long","normalization":"","example":"","description":"Mach-O Section List physical size."},{"field":"process.parent.macho.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.macho.sections.virtual_size","type":"long","normalization":"","example":"","description":"Mach-O Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.macho.symhash","type":"keyword","normalization":"","example":"d3ccf195b62a9279c3c19af1080497ec","description":"A hash of the imports in a Mach-O file."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.parent.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.parent.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.parent.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.parent.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.parent.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.parent.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.parent.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.parent.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.parent.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.parent.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.parent.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.parent.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.parent.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"process.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"process.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"process.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"process.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"process.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"process.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"process.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"process.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Deprecated identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.previous.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.previous.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.previous.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.previous.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.session_leader.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.session_leader.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.session_leader.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.interactive","type":"boolean","normalization":"","example":"True","description":"Whether the process is connected to an interactive shell."},{"field":"process.session_leader.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.session_leader.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.session_leader.parent.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.parent.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.parent.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.session_leader.real_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.real_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.real_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.real_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.real_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.same_as_process","type":"boolean","normalization":"","example":"True","description":"This boolean is used to identify if a leader process is the same as the top level process."},{"field":"process.session_leader.saved_group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.saved_group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.saved_user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.saved_user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.saved_user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.session_leader.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.session_leader.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.session_leader.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.session_leader.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.session_leader.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.session_leader.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.session_leader.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.session_leader.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.session_leader.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.session_leader.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.supplemental_groups.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"process.supplemental_groups.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"process.thread.capabilities.effective","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities used for permission checks."},{"field":"process.thread.capabilities.permitted","type":"keyword","normalization":"array","example":["CAP_BPF","CAP_SYS_ADMIN"],"description":"Array of capabilities a thread could assume."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.tty","type":"object","normalization":"","example":"","description":"Information about the controlling TTY device."},{"field":"process.tty.char_device.major","type":"long","normalization":"","example":4,"description":"The TTY character device's major number."},{"field":"process.tty.char_device.minor","type":"long","normalization":"","example":1,"description":"The TTY character device's minor number."},{"field":"process.tty.columns","type":"long","normalization":"","example":80,"description":"The number of character columns per line. e.g terminal width"},{"field":"process.tty.rows","type":"long","normalization":"","example":24,"description":"The number of character rows in the terminal. e.g terminal height"},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"process.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"process.vpid","type":"long","normalization":"","example":4242,"description":"Virtual process id."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the server."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.origin.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.origin.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.origin.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.origin.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.origin.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.origin.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.origin.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.origin.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.origin.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.origin.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.target.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.target.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.target.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.target.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.target.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.target.node.role","type":"keyword","normalization":"","example":"background_tasks","description":"Deprecated role (singular) of the service node."},{"field":"service.target.node.roles","type":"keyword","normalization":"array","example":["ui","background_tasks"],"description":"Roles of the service node."},{"field":"service.target.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.target.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.target.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"foo.example.com","description":"The domain name of the source."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.flags","type":"string","normalization":"","example":570522385,"description":"Code signing flags of the process"},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.cdhash","type":"keyword","normalization":"","example":"3783b4052fd474dbe30676b45c329e7a6d44acd9","description":"The Code Directory (CD) hash of an executable."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.enrichments.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.enrichments.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.enrichments.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.enrichments.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.occurred","type":"date","normalization":"","example":"2021-10-05T17:00:58.326Z","description":"Date of match"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.feed.dashboard_id","type":"keyword","normalization":"","example":"5ba16340-72e6-11eb-a3e3-b3cc7c78a70f","description":"Feed dashboard ID."},{"field":"threat.feed.description","type":"keyword","normalization":"","example":"Threat feed from the AlienVault Open Threat eXchange network.","description":"Description of the threat feed."},{"field":"threat.feed.name","type":"keyword","normalization":"","example":"AlienVault OTX","description":"Name of the threat feed."},{"field":"threat.feed.reference","type":"keyword","normalization":"","example":"https://otx.alienvault.com","description":"Reference for the threat feed."},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"Medium","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.flags","type":"string","normalization":"","example":570522385,"description":"Code signing flags of the process"},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in an ELF file."},{"field":"threat.indicator.file.elf.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.elf.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.elf.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in an ELF file."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.cdhash","type":"keyword","normalization":"","example":"3783b4052fd474dbe30676b45c329e7a6d44acd9","description":"The Code Directory (CD) hash of an executable."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha384","type":"keyword","normalization":"","example":"","description":"SHA384 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.hash.tlsh","type":"keyword","normalization":"","example":"","description":"TLSH hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.go_import_hash","type":"keyword","normalization":"","example":"10bddcb4cee42080f76c88d9ff964491","description":"A hash of the Go language imports in a PE file."},{"field":"threat.indicator.file.pe.go_imports","type":"flattened","normalization":"","example":"","description":"List of imported Go language element names and types."},{"field":"threat.indicator.file.pe.go_imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of Go imports."},{"field":"threat.indicator.file.pe.go_stripped","type":"boolean","normalization":"","example":"","description":"Whether the file is a stripped or obfuscated Go executable."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.import_hash","type":"keyword","normalization":"","example":"d41d8cd98f00b204e9800998ecf8427e","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.imports_names_var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the list of imported element names and types."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.pehash","type":"keyword","normalization":"","example":"73ff189b63cd6be375a7ff25179a38d347651975","description":"A hash of the PE header and data from one or more PE sections."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.sections","type":"nested","normalization":"array","example":"","description":"Section information of the PE file."},{"field":"threat.indicator.file.pe.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.name","type":"keyword","normalization":"","example":"","description":"PE Section List name."},{"field":"threat.indicator.file.pe.sections.physical_size","type":"long","normalization":"","example":"","description":"PE Section List physical size."},{"field":"threat.indicator.file.pe.sections.var_entropy","type":"long","normalization":"","example":"","description":"Variance for Shannon entropy calculation from the section."},{"field":"threat.indicator.file.pe.sections.virtual_size","type":"long","normalization":"","example":"","description":"PE Section List virtual size. This is always the same as `physical_size`."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.id","type":"keyword","normalization":"array","example":"[indicator--d7008e06-ab86-415a-9803-3c81ce2d3c37]","description":"ID of the indicator"},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"CLEAR","description":"Indicator TLP marking"},{"field":"threat.indicator.marking.tlp_version","type":"keyword","normalization":"","example":2,"description":"Indicator TLP version"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.name","type":"keyword","normalization":"","example":"5.2.75.227","description":"Indicator display name"},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16T03:15:39Z","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16T01:40:25Z","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country \\(C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.risk.calculated_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score","type":"float","normalization":"","example":880.73,"description":"A risk classification score calculated by an internal system as part of entity analytics and entity risk scoring."},{"field":"user.risk.calculated_score_norm","type":"float","normalization":"","example":88.73,"description":"A normalized risk score calculated by an internal system."},{"field":"user.risk.static_level","type":"keyword","normalization":"","example":"High","description":"A risk classification level obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score","type":"float","normalization":"","example":830,"description":"A risk classification score obtained from outside the system, such as from some external Threat Intelligence Platform."},{"field":"user.risk.static_score_norm","type":"float","normalization":"","example":83,"description":"A normalized risk score calculated by an external system."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix, windows, ios or android)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"volume.bus_type","type":"keyword","normalization":"","example":"FileBackedVirtual","description":"Bus type of the device."},{"field":"volume.default_access","type":"keyword","normalization":"","example":"","description":"Bus type of the device."},{"field":"volume.device_name","type":"keyword","normalization":"","example":"","description":"Device name of the volume."},{"field":"volume.device_type","type":"keyword","normalization":"","example":"CD-ROM File System","description":"Volume device type."},{"field":"volume.dos_name","type":"keyword","normalization":"","example":"E:","description":"DOS name of the device."},{"field":"volume.file_system_type","type":"keyword","normalization":"","example":"","description":"Volume device file system type."},{"field":"volume.mount_name","type":"keyword","normalization":"","example":"","description":"Mount name of the volume."},{"field":"volume.nt_name","type":"keyword","normalization":"","example":"\\Device\\Cdrom1","description":"NT name of the device."},{"field":"volume.product_id","type":"keyword","normalization":"","example":"","description":"ProductID of the device."},{"field":"volume.product_name","type":"keyword","normalization":"","example":"Virtual DVD-ROM","description":"Produce name of the volume."},{"field":"volume.removable","type":"boolean","normalization":"","example":"","description":"Indicates if the volume is removable."},{"field":"volume.serial_number","type":"keyword","normalization":"","example":"","description":"Serial number of the device."},{"field":"volume.size","type":"long","normalization":"","example":"","description":"Size of the volume device in bytes."},{"field":"volume.vendor_id","type":"keyword","normalization":"","example":"","description":"VendorID of the device."},{"field":"volume.vendor_name","type":"keyword","normalization":"","example":"Msft","description":"Vendor name of the device."},{"field":"volume.writable","type":"boolean","normalization":"","example":"","description":"Indicates if the volume is writable."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json deleted file mode 100644 index 41b1607e995ce..0000000000000 --- a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.10.2.json +++ /dev/null @@ -1 +0,0 @@ -[{"name":"account_policy_data","description":"Additional macOS user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"macOS Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The macOS-specific configuration name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"macOS application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"macOS application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name explicitly allowed","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"macOS application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on macOS by default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by macOS, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Policy name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"macOS applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of macOS required for the app to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"atom_packages","description":"Lists all atom packages in a directory or globally installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package's package.json path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License for package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"The value of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"macOS Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"plugin","description":"Authorization plugin name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"macOS Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"modified","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"Key type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key encoded as base64","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Optional list of login options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"vm_size","description":"VM size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a Macbook.","platforms":["darwin"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's unique serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current charged capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The battery's current amperage in mA","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users. C/NPAPI has been deprecated on all major browsers. To query for plugins on modern browsers, try: `chrome_extensions` `firefox_addons` `safari_extensions`.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Plugin display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles.","platforms":["darwin","linux","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name (deprecated, use subject2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name (deprecated, use issuer2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_location","description":"Certificate system store location","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store","description":"Certificate system store","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"username","description":"Username","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"issuer2","description":"Certificate issuer distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"subject2","description":"Certificate distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"connected_displays","description":"Provides information about the connected displays of the machine.","platforms":["darwin"],"columns":[{"name":"name","description":"The name of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_id","description":"The product ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The serial number of the display. (may not be unique)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"The vendor ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_week","description":"The manufacture week of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_year","description":"The manufacture year of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"display_id","description":"The display ID.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pixels","description":"The number of pixels of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resolution","description":"The resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ambient_brightness_enabled","description":"The ambient brightness setting associated with the display. This will be 1 if enabled and is 0 if disabled or not supported.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"connection_type","description":"The connection type associated with the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_type","description":"The type of display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"main","description":"If the display is the main display.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mirror","description":"If the display is mirrored or not. This field is 1 if mirrored and 0 if not mirrored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"online","description":"The online status of the display. This field is 1 if the display is online and 0 if it is offline.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rotation","description":"The orientation of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["darwin","linux","windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"number_of_efficiency_cores","description":"The number of efficiency cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"number_of_performance_cores","description":"The number of performance cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Identifier of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows"],"columns":[{"name":"url","description":"The url for the request","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"method","description":"The HTTP method for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Hostname to CURL (domain[:port], e.g. osquery.io)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"admindir","description":"libdpkg admindir. Defaults to /var/lib/dpkg","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"A logical path within the device node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Firmware version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_container_envs","description":"Docker container environment variables.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Type of mount (bind, volume)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source path on host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"network_id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pids","description":"Number of processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_cached","description":"Memory cached","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"ipc_namespace","description":"IPC namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"mnt_namespace","description":"Mount namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"net_namespace","description":"Network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pid_namespace","description":"PID namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"user_namespace","description":"User namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"uts_namespace","description":"UTS namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"layer_id","description":"Layer ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"driver","description":"Volume driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of thd process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"codesigning_flags","description":"Codesigning flags matching one of these options, in a comma separated list: NOT_VALID, ADHOC, NOT_RUNTIME, INSTALLER. See kern/cs_blobs.h in XNU for descriptions.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_file_events","description":"File integrity monitoring events from EndpointSecurity including process context.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"The source or target filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_filename","description":"Destination filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IP address mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Protocol name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"volume_serial","description":"Volume serial number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_id","description":"file ID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_version","description":"File version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"product_version","description":"File product version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"original_filename","description":"(Executable files only) Original filename","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"creator","description":"Addon-supported creator string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"macOS Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["linux","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"pci_slot","description":"PCI slot number","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"description","description":"Short description of the object a one-line string.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"macOS's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows"],"columns":[{"name":"version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_keys","description":"List of security data, authentication keys and encryption keys.","platforms":["linux"],"columns":[{"name":"serial_number","description":"The serial key of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"A set of flags describing the state of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"usage","description":"the number of threads and open file references thatrefer to this key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"The amount of time until the key will expire,expressed in human-readable form. The string perm heremeans that the key is permanent (no timeout). Thestring expd means that the key has already expired.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The key permissions, expressed as four hexadecimalbytes containing, from left to right, thepossessor, user, group, and other permissions.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The user ID of the key owner.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The group ID of the key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The key type.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The key description.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account","description":"Optional item account","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Date item was created","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pk_hash","description":"Hash of associated public key (SHA1 of subjectPublicKey, see RFC 8520 4.2.1.2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"parsed authorized keys line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"File name of plist (used by launchd)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"type","description":"Login type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"architecture","description":"Target architecture for the image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"key","description":"Configuration parameter name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"device","description":"Name of the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux","windows"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_available","description":"The amount of physical RAM, in bytes, available for starting new applications, without swapping","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Node packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package-supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Package-supplied author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where node_modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Optional extra release specification","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"install_date","description":"The install date of the OS.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: core, extension, or module","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Cumulative total number of bytes generated by the resultant rows of the query","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time in seconds spent executing (deprecated), hidden=True","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time_ms","description":"Total wall time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_wall_time_ms","description":"Wall time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_user_time","description":"User time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_system_time","description":"System time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average of the bytes of resident memory left allocated after collecting results","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_memory","description":"Resident memory in bytes left allocated after collecting results of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"macOS package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"macOS package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"macOS package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","notes":"","hidden":true,"required":false,"index":true},{"name":"version","description":"Installed package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"password_policy","description":"Password Policies for macOS.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID for the policy, -1 for policies that are global","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"policy_identifier","description":"Policy Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_content","description":"Policy content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_description","description":"Policy description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the pipe","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_type","description":"The type of firmware (uefi, bios, iboot, openfirmware, unknown).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"size","description":"Size in bytes of firmware","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"macOS defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_etw_events","description":"Windows process execution events.","platforms":["windows"],"columns":[{"name":"type","description":"Event Type (ProcessStart, ProcessStop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"Session ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Process Flags","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit Code - Present only on ProcessStop events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command Line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"User rights - primary token username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_type","description":"Primary token elevation type - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_status","description":"Primary token elevation status - Present only on ProcessStart events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mandatory_label","description":"Primary token mandatory label sid - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Event timestamp in DATETIME format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time_windows","description":"Event timestamp in Windows format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Event timestamp in Unix format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"header_pid","description":"Process ID of the process reporting the event","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"process_sequence_number","description":"Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"parent_process_sequence_number","description":"Parent Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"suid","description":"Saved user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"start","description":"Virtual start address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"quicklook_cache","description":"Files and thumbnails within macOS's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the registry value entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"path","description":"File path within the package","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"username","description":"File default username from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"release","description":"Package release","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source RPM package name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"epoch","description":"Package epoch value","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"install_time","description":"When the package was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"is_active","description":"(DEPRECATED)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users. This table requires Full Disk Access (FDA) permission.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"The version of the build that identifies an iteration of the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"A human-readable copyright notice for the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extension_type","description":"Extension Type: WebOrAppExtension or LegacyExtension","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"macOS application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status. Note: only fetches results for osquery's current logged-in user context. The user must also have recently logged in.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["darwin","linux","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"secure_mode","description":"Secure mode for Intel-based macOS: 0 disabled, 1 full security, 2 medium security","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","windows","win32","cygwin"]}]},{"name":"security_profile_info","description":"Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.","platforms":["windows"],"columns":[{"name":"minimum_password_age","description":"Determines the minimum number of days that a password must be used before the user can change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_password_age","description":"Determines the maximum number of days that a password can be used before the client requires the user to change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_password_length","description":"Determines the least number of characters that can make up a password for a user account","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_complexity","description":"Determines whether passwords must meet a series of strong-password guidelines","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_history_size","description":"Number of unique new passwords that must be associated with a user account before an old password can be reused","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lockout_bad_count","description":"Number of failed logon attempts after which a user account MUST be locked out","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_to_change_password","description":"Determines if logon session is required to change the password","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"force_logoff_when_expire","description":"Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"new_administrator_name","description":"Determines the name of the Administrator account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"new_guest_name","description":"Determines the name of the Guest account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"clear_text_password","description":"Determines whether passwords MUST be stored by using reversible encryption","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lsa_anonymous_name_lookup","description":"Determines if an anonymous user is allowed to query the local LSA policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_admin_account","description":"Determines whether the Administrator account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_guest_account","description":"Determines whether the Guest account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_system_events","description":"Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_logon_events","description":"Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_object_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_privilege_use","description":"Determines whether the operating system MUST audit each instance of user attempts to exercise a user right","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_policy_change","description":"Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_manage","description":"Determines whether the operating system MUST audit each event of account management on a computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_process_tracking","description":"Determines whether the operating system MUST audit process-related events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_ds_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_logon","description":"Determines whether the operating system MUST audit each time this computer validates the credentials of an account","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Human readable value for the 'type' column","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"macOS Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"SMC-reported type literal type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Name of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"oid","description":"Control MIB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_sockets","description":"Number of processor sockets in the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unit_file_state","description":"Whether the unit file is enabled, e.g. `enabled`, `masked`, `disabled`, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of temperature source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in UTC.","platforms":["darwin","linux","windows"],"columns":[{"name":"weekday","description":"Current weekday in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Timezone for reported time (hardcoded to UTC)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in of the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is owned","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"unified_log","description":"Queries the OSLog framework for entries in the system log. The maximum number of rows returned is limited for performance issues. Use timestamp > or >= constraints to optimize query performance. This table introduces a new idiom for extracting sequential data in batches using multiple queries, ordered by timestamp. To trigger it, the user should include the condition \"timestamp > -1\", and the table will handle pagination. Note that the saved pagination counter is incremented globally across all queries and table invocations within a query. To avoid multiple table invocations within a query, use only AND and = constraints in WHERE clause.","platforms":["darwin"],"columns":[{"name":"timestamp","description":"unix timestamp associated with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"storage","description":"the storage category for the entry","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"composed message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"activity","description":"the activity ID associate with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"process","description":"the name of the process that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the pid of the process that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"the name of the binary image that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"the tid of the thread that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"the category of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"the subsystem of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"the severity level of the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_rows","description":"the max number of rows returned (defaults to 100)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"predicate","description":"predicate to search (see `log help predicates`), note that this is merged into the predicate created from the column constraints","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"macOS known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this network was connected to as a unix_time","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"add_reason","description":"Shows why this network was added, via menubar or command line or something else ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"added_at","description":"Time this network was added as a unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_login_date","description":"Time this network logged in to a captive portal as unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"was_captive_network","description":"1 if this network was previously a captive network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_join","description":"1 if this network set to join automatically, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"personal_hotspot","description":"1 if this network is a personal hotspot, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"macOS current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","notes":"","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_firewall_rules","description":"Provides the list of Windows firewall rules.","platforms":["windows"],"columns":[{"name":"name","description":"Friendly name of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"app_name","description":"Friendly name of the application to which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Action for the rule or default setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if the rule is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grouping","description":"Group to which an individual rule belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"direction","description":"Direction of traffic for which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"IP protocol of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_addresses","description":"Local addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_addresses","description":"Remote addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ports","description":"Local ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_ports","description":"Remote ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icmp_types_codes","description":"ICMP types and codes for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_domain","description":"1 if the rule profile type is domain","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_private","description":"1 if the rule profile type is private","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_public","description":"1 if the rule profile type is public","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_name","description":"Service name property of the application","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_search","description":"Run searches against the Windows system index database using Advanced Query Syntax. See https://learn.microsoft.com/en-us/windows/win32/search/-search-3x-advancedquerysyntax for details.","platforms":["windows"],"columns":[{"name":"name","description":"The name of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The full path of the item.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The item size in bytes.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"date_created","description":"The unix timestamp of when the item was created.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"date_modified","description":"The unix timestamp of when the item was last modified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner","description":"The owner of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The item type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"properties","description":"Additional property values JSON","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows search query","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"sort","description":"Sort for windows api","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"max_results","description":"Maximum number of results returned by windows api, set to -1 for unlimited","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"additional_properties","description":"Comma separated list of columns to include in properties JSON","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"Deprecated (always 'Good').","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products. Note: Not compatible with Windows Server.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_update_history","description":"Provides the history of the windows update events.","platforms":["windows"],"columns":[{"name":"client_app_id","description":"Identifier of the client application that processed an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Date and the time an update was applied","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hresult","description":"HRESULT value that is returned from the operation on an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result_code","description":"Result of an operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_selection","description":"Value that indicates which server provided an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_id","description":"Service identifier of an update service that is not a Windows update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"support_url","description":"Hyperlink to the language-specific support information for an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"title","description":"Title of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_id","description":"Revision-independent identifier of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_revision","description":"Revision number of an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Triggers one-off YARA query for files at the specified path. Requires one of `sig_group`, `sigfile`, or `sigrule`.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cloud_id","description":"Cloud identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mirrorlist","description":"Mirrorlist URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/common/schemas/osquery/v5.13.1.json b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.13.1.json new file mode 100644 index 0000000000000..22791a67e71d0 --- /dev/null +++ b/x-pack/plugins/osquery/public/common/schemas/osquery/v5.13.1.json @@ -0,0 +1 @@ +[{"name":"account_policy_data","description":"Additional macOS user account data from the AccountPolicy section of OpenDirectory.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the account was first created","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_count","description":"The number of failed login attempts using an incorrect password. Count resets after a correct password is entered.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_login_timestamp","description":"The time of the last failed login attempt. Resets after a correct password is entered","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"password_last_set_time","description":"The time the password was last changed","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"acpi_tables","description":"Firmware ACPI functional table common metadata and content.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"ACPI table name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of compiled table data","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ad_config","description":"macOS Active Directory configuration.","platforms":["darwin"],"columns":[{"name":"name","description":"The macOS-specific configuration name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain","description":"Active Directory trust domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"Canonical name of option","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Variable typed option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf","description":"macOS application layer firewall (ALF) service details.","platforms":["darwin"],"columns":[{"name":"allow_signed_enabled","description":"1 If allow signed mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"firewall_unload","description":"1 If firewall unloading enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"global_state","description":"1 If the firewall is enabled with exceptions, 2 if the firewall is configured to block all incoming connections, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_enabled","description":"1 If logging mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_option","description":"Firewall logging option","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stealth_enabled","description":"1 If stealth mode is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Application Layer Firewall version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_exceptions","description":"macOS application layer firewall (ALF) service exceptions.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to the executable that is excepted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Firewall exception state","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"alf_explicit_auths","description":"ALF services explicitly allowed to perform networking.","platforms":["darwin"],"columns":[{"name":"process","description":"Process name that is explicitly allowed","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"app_schemes","description":"macOS application schemes and handlers (e.g., http, file, mailto).","platforms":["darwin"],"columns":[{"name":"scheme","description":"Name of the scheme/protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handler","description":"Application label for the handler","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this handler is the OS default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"external","description":"1 if this handler does NOT exist on macOS by default, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protected","description":"1 if this handler is protected (reserved) by macOS, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_events","description":"Track AppArmor events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Raw audit message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"apparmor","description":"Apparmor Status like ALLOWED, DENIED etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Permission requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process PID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"Apparmor profile name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"denied_mask","description":"Denied permissions for the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"capname","description":"Capability requested by the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ouid","description":"Object owner's user ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"capability","description":"Capability number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"requested_mask","description":"Requested access mask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info","description":"Additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error","description":"Error information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"namespace","description":"AppArmor namespace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"AppArmor label","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apparmor_profiles","description":"Track active AppArmor profiles.","platforms":["linux"],"columns":[{"name":"path","description":"Unique, aa-status compatible, policy identifier.","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Policy name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attach","description":"Which executable(s) a profile will attach to.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"How the policy is applied.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"A unique hash that identifies this policy.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A unique hash that identifies this policy.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"appcompat_shims","description":"Application Compatibility shims are a way to persist malware. This table presents the AppCompat Shim information from the registry in a nice format. See http://files.brucon.org/2015/Tomczak_and_Ballenthin_Shims_for_the_Win.pdf for more details.","platforms":["windows"],"columns":[{"name":"executable","description":"Name of the executable that is being shimmed. This is pulled from the registry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Install time of the SDB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the SDB database.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdb_id","description":"Unique GUID of the SDB.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apps","description":"macOS applications installed in known search paths (e.g., /Applications).","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the Name.app folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute and full Name.app path","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_executable","description":"Info properties CFBundleExecutable label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_identifier","description":"Info properties CFBundleIdentifier label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_name","description":"Info properties CFBundleName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_short_version","description":"Info properties CFBundleShortVersionString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"Info properties CFBundleVersion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_package_type","description":"Info properties CFBundlePackageType label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"environment","description":"Application-set environment variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"element","description":"Does the app identify as a background agent","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compiler","description":"Info properties DTCompiler label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Info properties CFBundleDevelopmentRegion label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Info properties CFBundleDisplayName label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_string","description":"Info properties CFBundleGetInfoString label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_system_version","description":"Minimum version of macOS required for the app to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The UTI that categorizes the app for the App Store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"applescript_enabled","description":"Info properties NSAppleScriptEnabled label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"Info properties NSHumanReadableCopyright label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"The time that the app was last used","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"apt_sources","description":"Current list of APT repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_uri","description":"Repository base URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"Release name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Repository source version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Repository maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"components","description":"Repository components","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architectures","description":"Repository architectures","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"arp_cache","description":"Address resolution cache, both static and dynamic (from ARP, NDP).","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IPv4 address target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address of broadcasted address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Interface of the network for the MAC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permanent","description":"1 for true, 0 for false","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"asl","description":"Queries the Apple System Log data structure for system events.","platforms":["darwin"],"columns":[{"name":"time","description":"Unix timestamp. Set automatically","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_nano_sec","description":"Nanosecond time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Sender's address (set by the server).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"Sender's identification string. Default is process name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Sender's facility. Default is 'user'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Sending process ID encoded as a string. Set automatically.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"GID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"UID that sent the log message (set by the server).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Log level number. See levels in asl.h.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message text.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_pid","description":"Reference PID for messages proxied by launchd","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ref_proc","description":"Reference process for messages proxied by launchd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Extra columns, in JSON format. Queries against this column are performed entirely in SQLite, so do not benefit from efficient querying via asl.h.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"augeas","description":"Configuration files parsed by augeas.","platforms":["darwin","linux"],"columns":[{"name":"node","description":"The node path of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"The value of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"The label of the configuration item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path to the configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authenticode","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"original_program_name","description":"The original program name that the publisher has signed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_name","description":"The certificate issuer name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_name","description":"The certificate subject name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The signature check result","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorization_mechanisms","description":"macOS Authorization mechanisms database.","platforms":["darwin"],"columns":[{"name":"label","description":"Label of the authorization right","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"plugin","description":"Authorization plugin name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mechanism","description":"Name of the mechanism that will be called","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"If privileged it will run as root, else as an anonymous user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"entry","description":"The whole string entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorizations","description":"macOS Authorization rights database.","platforms":["darwin"],"columns":[{"name":"label","description":"Item name, usually in reverse domain format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"modified","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_root","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tries","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authenticate_user","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shared","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_owner","description":"Label top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"authorized_keys","description":"A line-delimited authorized_keys table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local owner of authorized_keys file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"algorithm","description":"Key type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key encoded as base64","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Optional list of login options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to the authorized_keys file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"autoexec","description":"Aggregate of executables that will automatically execute on the target machine. This is an amalgamation of other tables like services, scheduled_tasks, startup_items and more.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the executable","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source table of the autoexec item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_metadata","description":"Azure instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"location","description":"Azure Region the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offer","description":"Offer information for the VM image (Azure image gallery VMs only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"SKU for the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the VM image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Linux or Windows","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_update_domain","description":"Update domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_fault_domain","description":"Fault domain the VM is running in","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"vm_size","description":"VM size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscription_id","description":"Azure subscription for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resource_group_name","description":"Resource group for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"placement_group_id","description":"Placement group for the VM scale set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vm_scale_set_name","description":"VM scale set name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"azure_instance_tags","description":"Azure instance tags.","platforms":["darwin","linux","windows"],"columns":[{"name":"vm_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"The tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"background_activities_moderator","description":"Background Activities Moderator (BAM) tracks application execution.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"battery","description":"Provides information about the internal battery of a laptop. Note: On Windows, columns with Ah or mAh units assume that the battery is 12V.","platforms":["darwin","windows"],"columns":[{"name":"manufacturer","description":"The battery manufacturer's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The battery's model number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The battery's serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cycle_count","description":"The number of charge/discharge cycles","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"One of the following: \"AC Power\" indicates the battery is connected to an external power source, \"Battery Power\" indicates that the battery is drawing internal power, \"Off Line\" indicates the battery is off-line or no longer connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"charging","description":"1 if the battery is currently being charged by a power source. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"charged","description":"1 if the battery is currently completely charged. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"designed_capacity","description":"The battery's designed capacity in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"The battery's actual capacity when it is fully charged in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_capacity","description":"The battery's current capacity (level of charge) in mAh","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_remaining","description":"The percentage of battery remaining before it is drained","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"amperage","description":"The current amperage in/out of the battery in mA (positive means charging, negative means discharging)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"voltage","description":"The battery's current voltage in mV","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_until_empty","description":"The number of minutes until the battery is fully depleted. This value is -1 if this time is still being calculated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes_to_full_charge","description":"The number of minutes until the battery is fully charged. This value is -1 if this time is still being calculated. On Windows this is calculated from the charge rate and capacity and may not agree with the number reported in \"Power & Battery\"","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"chemistry","description":"The battery chemistry type (eg. LiP). Some possible values are documented in https://learn.microsoft.com/en-us/windows/win32/power/battery-information-str.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"health","description":"One of the following: \"Good\" describes a well-performing battery, \"Fair\" describes a functional battery with limited capacity, or \"Poor\" describes a battery that's not capable of providing power","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"condition","description":"One of the following: \"Normal\" indicates the condition of the battery is within normal tolerances, \"Service Needed\" indicates that the battery should be checked out by a licensed Mac repair service, \"Permanent Failure\" indicates the battery needs replacement","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"manufacture_date","description":"The date the battery was manufactured UNIX Epoch","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"bitlocker_info","description":"Retrieve bitlocker status of the machine.","platforms":["windows"],"columns":[{"name":"device_id","description":"ID of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"Drive letter of the encrypted drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent_volume_id","description":"Persistent ID of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"conversion_status","description":"The bitlocker conversion status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_status","description":"The bitlocker protection status of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_method","description":"The encryption type of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The FVE metadata version of the drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percentage_encrypted","description":"The percentage of the drive that is encrypted.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lock_status","description":"The accessibility status of the drive from Windows.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"block_devices","description":"Block (buffered access) device file nodes: disks, ramdisks, and DMG containers.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Block device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Block device parent name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Block device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Block device model string identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Block device size in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Block device Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Block device type string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Block device label string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"bpf_process_events","description":"Track time/action process executions.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"json_cmdline","description":"Command line arguments, in JSON format","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"bpf_socket_events","description":"Track network socket opens and closes.","platforms":["linux"],"columns":[{"name":"tid","description":"Thread ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cid","description":"Cgroup ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"probe_error","description":"Set to 1 if one or more buffers could not be captured","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"System call name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The socket type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"duration","description":"How much time was spent inside the syscall (nsecs)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ntime","description":"The nsecs uptime timestamp as obtained from BPF","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"browser_plugins","description":"All C/NPAPI browser plugin details for all users. C/NPAPI has been deprecated on all major browsers. To query for plugins on modern browsers, try: `chrome_extensions` `firefox_addons` `safari_extensions`.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Plugin display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Plugin identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Plugin short version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Build SDK used to compile plugin","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Plugin description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"development_region","description":"Plugin language-localization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"native","description":"Plugin requires native execution","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"disabled","description":"Is the plugin disabled. 1 = Disabled","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carbon_black_info","description":"Returns info about a Carbon Black sensor install.","platforms":["darwin","linux","windows"],"columns":[{"name":"sensor_id","description":"Sensor ID of the Carbon Black sensor","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"config_name","description":"Sensor group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_store_files","description":"If the sensor is configured to send back binaries to the Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_loads","description":"If the sensor is configured to capture module loads","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_module_info","description":"If the sensor is configured to collect metadata of binaries","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_file_mods","description":"If the sensor is configured to collect file modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_reg_mods","description":"If the sensor is configured to collect registry modification events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_net_conns","description":"If the sensor is configured to collect network connections","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_processes","description":"If the sensor is configured to process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_cross_processes","description":"If the sensor is configured to cross process events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_emet_events","description":"If the sensor is configured to EMET events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_data_file_writes","description":"If the sensor is configured to collect non binary file writes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_process_user_context","description":"If the sensor is configured to collect the user running a process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"collect_sensor_operations","description":"Unknown","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_mb","description":"Event file disk quota in MB","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"log_file_disk_quota_percentage","description":"Event file disk quota in a percentage","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protection_disabled","description":"If the sensor is configured to report tamper events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_ip_addr","description":"IP address of the sensor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sensor_backend_server","description":"Carbon Black server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_queue","description":"Size in bytes of Carbon Black event files on disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"binary_queue","description":"Size in bytes of binaries waiting to be sent to Carbon Black server","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"carves","description":"List the set of completed and in-progress carves. If carve=1 then the query is treated as a new carve request.","platforms":["darwin","linux","windows"],"columns":[{"name":"time","description":"Time at which the carve was kicked off","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"A SHA256 sum of the carved archive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the carved archive","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the requested carve","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the carve, can be STARTING, PENDING, SUCCESS, or FAILED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve_guid","description":"Identifying value of the carve session","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"request_id","description":"Identifying value of the carve request (e.g., scheduled query name, distributed request, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"carve","description":"Set this value to '1' to start a file carve","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"certificates","description":"Certificate Authorities installed in Keychains/ca-bundles. NOTE: osquery limits frequent access to keychain files on macOS. This limit is controlled by keychain_access_interval flag.","platforms":["darwin","linux","windows"],"columns":[{"name":"common_name","description":"Certificate CommonName","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject","description":"Certificate distinguished name (deprecated, use subject2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer","description":"Certificate issuer distinguished name (deprecated, use issuer2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ca","description":"1 if CA: true (certificate is an authority) else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"self_signed","description":"1 if self-signed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_before","description":"Lower bound of valid date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"not_valid_after","description":"Certificate expiration data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_algorithm","description":"Signing algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_algorithm","description":"Key algorithm used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_strength","description":"Key size used for RSA/DSA, or curve name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Certificate key usage and extended key usage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_id","description":"SKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_id","description":"AKID an optionally included SHA1","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the raw certificate contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Keychain or PEM bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"SID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_location","description":"Certificate system store location","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store","description":"Certificate system store","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"username","description":"Username","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"store_id","description":"Exists for service/user stores. Contains raw store id provided by WinAPI.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"issuer2","description":"Certificate issuer distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"subject2","description":"Certificate distinguished name","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"chassis_info","description":"Display information pertaining to the chassis and its security status.","platforms":["windows"],"columns":[{"name":"audible_alarm","description":"If TRUE, the frame is equipped with an audible alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"breach_description","description":"If provided, gives a more detailed description of a detected security breach.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chassis_types","description":"A comma-separated list of chassis types, such as Desktop or Laptop.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"An extended description of the chassis if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"lock","description":"If TRUE, the frame is equipped with a lock.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_breach","description":"The physical status of the chassis such as Breach Successful, Breach Attempted, etc.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"smbios_tag","description":"The assigned asset tag number of the chassis.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sku","description":"The Stock Keeping Unit number if available.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"If available, gives various operational or nonoperational statuses such as OK, Degraded, and Pred Fail.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible_alarm","description":"If TRUE, the frame is equipped with a visual alarm.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chocolatey_packages","description":"Chocolatey packages installed in a system.","platforms":["windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this package resides","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extension_content_scripts","description":"Chrome browser extension content scripts.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script","description":"The content script used by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"The pattern that the script is matched against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"chrome_extensions","description":"Chrome-based browser extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"browser_type","description":"The browser type (Valid values: chrome, chromium, opera, yandex, brave, edge, edge_beta)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile","description":"The name of the Chrome profile that contains this extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The profile path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced_identifier","description":"Extension identifier, as specified by the preferences file. Empty if the extension is not in the profile.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier, computed from its manifest. Empty in case of error.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Extension-optional description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_locale","description":"Default locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_locale","description":"Current locale supported by extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"persistent","description":"1 If extension is persistent across all tabs else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension folder","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The permissions required by the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions_json","description":"The JSON-encoded permissions required by the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"optional_permissions","description":"The permissions optionally required by the extensions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional_permissions_json","description":"The JSON-encoded permissions optionally required by the extensions","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"manifest_hash","description":"The SHA256 hash of the manifest.json file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"referenced","description":"1 if this extension is referenced by the Preferences file of the profile","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"from_webstore","description":"True if this extension was installed from the web store","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"1 if this extension is enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Extension install time, in its original Webkit format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_timestamp","description":"Extension install time, converted to unix time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manifest_json","description":"The manifest file of the extension","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"key","description":"The extension key, from the manifest file","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"connected_displays","description":"Provides information about the connected displays of the machine.","platforms":["darwin"],"columns":[{"name":"name","description":"The name of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_id","description":"The product ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"The serial number of the display. (may not be unique)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"The vendor ID of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_week","description":"The manufacture week of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufactured_year","description":"The manufacture year of the display. This field is 0 if not supported","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"display_id","description":"The display ID.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pixels","description":"The number of pixels of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resolution","description":"The resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ambient_brightness_enabled","description":"The ambient brightness setting associated with the display. This will be 1 if enabled and is 0 if disabled or not supported.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"connection_type","description":"The connection type associated with the display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_type","description":"The type of display.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"main","description":"If the display is the main display.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mirror","description":"If the display is mirrored or not. This field is 1 if mirrored and 0 if not mirrored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"online","description":"The online status of the display. This field is 1 if the display is online and 0 if it is offline.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rotation","description":"The orientation of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"connectivity","description":"Provides the overall system's network state.","platforms":["windows"],"columns":[{"name":"disconnected","description":"True if the all interfaces are not connected to any network","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_no_traffic","description":"True if any interface is connected via IPv4, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_no_traffic","description":"True if any interface is connected via IPv6, but has seen no traffic","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_subnet","description":"True if any interface is connected to the local subnet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_local_network","description":"True if any interface is connected to a routed network via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_internet","description":"True if any interface is connected to the Internet via IPv4","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_subnet","description":"True if any interface is connected to the local subnet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_local_network","description":"True if any interface is connected to a routed network via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_internet","description":"True if any interface is connected to the Internet via IPv6","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpu_info","description":"Retrieve cpu hardware info of the machine.","platforms":["darwin","linux","windows"],"columns":[{"name":"device_id","description":"The DeviceID of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"processor_type","description":"The processor type, such as Central, Math, or Video.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_status","description":"The current operating status of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"number_of_cores","description":"The number of cores of the CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logical_processors","description":"The number of logical processors of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address_width","description":"The width of the CPU address bus.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_clock_speed","description":"The current frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_clock_speed","description":"The maximum possible frequency of the CPU.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket_designation","description":"The assigned socket on the board for the given CPU.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability","description":"The availability and status of the CPU.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"load_percentage","description":"The current percentage of utilization of the CPU.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"number_of_efficiency_cores","description":"The number of efficiency cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"number_of_performance_cores","description":"The number of performance cores of the CPU. Only available on Apple Silicon","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"cpu_time","description":"Displays information from /proc/stat file about the time the cpu cores spent in different parts of the system.","platforms":["darwin","linux"],"columns":[{"name":"core","description":"Name of the cpu (core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Time spent in user mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Time spent in user mode with low priority (nice)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system","description":"Time spent in system mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idle","description":"Time spent in the idle task","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"iowait","description":"Time spent waiting for I/O to complete","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"irq","description":"Time spent servicing interrupts","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"softirq","description":"Time spent servicing softirqs","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"steal","description":"Time spent in other operating systems when running in a virtualized environment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest","description":"Time spent running a virtual CPU for a guest OS under the control of the Linux kernel","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"guest_nice","description":"Time spent running a niced guest ","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cpuid","description":"Useful CPU features from the cpuid ASM call.","platforms":["darwin","linux","windows"],"columns":[{"name":"feature","description":"Present feature flags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Bit value or string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_register","description":"Register used to for feature value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"output_bit","description":"Bit in register value for feature value","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"input_eax","description":"Value of EAX used","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crashes","description":"Application, System, and Mobile App crash logs.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"identifier","description":"Identifier of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent PID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"responsible","description":"Process responsible for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the crashed process","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"datetime","description":"Date/Time at which the crash occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crashed_thread","description":"Thread ID which crashed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Most recent frame from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_type","description":"Exception type of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_codes","description":"Exception codes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_notes","description":"Exception notes from the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The value of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"crontab","description":"Line parsed values from system and user cron/tab.","platforms":["darwin","linux"],"columns":[{"name":"event","description":"The job @event name (rare)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"minute","description":"The exact minute for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"The hour of the day for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_month","description":"The day of the month for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"The month of the year for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"day_of_week","description":"The day of the week for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Raw command string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File parsed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"cups_destinations","description":"Returns all configured printers.","platforms":["darwin"],"columns":[{"name":"name","description":"Name of the printer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_name","description":"Option name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option_value","description":"Option value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"cups_jobs","description":"Returns all completed print jobs from cups.","platforms":["darwin"],"columns":[{"name":"title","description":"Title of the printed job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"The printer the job was sent to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The user who printed the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"format","description":"The format of the print job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the print job","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"completed_time","description":"When the job completed printing","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processing_time","description":"How long the job took to process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"creation_time","description":"When the print request was initiated","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl","description":"Perform an http request and return stats about it.","platforms":["darwin","linux","windows"],"columns":[{"name":"url","description":"The url for the request","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"method","description":"The HTTP method for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_agent","description":"The user-agent string to use for the request","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"response_code","description":"The HTTP status code for the response","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"round_trip_time","description":"Time taken to complete the request","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of bytes in the response","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"result","description":"The HTTP response body","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"curl_certificate","description":"Inspect TLS certificates by connecting to input hostnames.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Hostname to CURL (domain[:port], e.g. osquery.io)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"common_name","description":"Common name of company issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization","description":"Organization issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"organization_unit","description":"Organization unit issued to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Certificate serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_common_name","description":"Issuer common name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization","description":"Issuer organization","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_organization_unit","description":"Issuer organization unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_from","description":"Period of validity start date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valid_to","description":"Period of validity end date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256_fingerprint","description":"SHA-256 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1_fingerprint","description":"SHA1 fingerprint","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version Number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"signature_algorithm","description":"Signature Algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signature","description":"Signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_key_identifier","description":"Subject Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority_key_identifier","description":"Authority Key Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_usage","description":"Usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extended_key_usage","description":"Extended usage of key in certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policies","description":"Certificate Policies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_alternative_names","description":"Subject Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"issuer_alternative_names","description":"Issuer Alternative Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"info_access","description":"Authority Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subject_info_access","description":"Subject Information Access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_mappings","description":"Policy Mappings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"has_expired","description":"1 if the certificate has expired, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"basic_constraint","description":"Basic Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name_constraints","description":"Name Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_constraints","description":"Policy Constraints","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dump_certificate","description":"Set this value to '1' to dump certificate","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"timeout","description":"Set this value to the timeout in seconds to complete the TLS handshake (default 4s, use 0 for no timeout)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"pem","description":"Certificate PEM format","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"deb_packages","description":"The installed DEB package database.","platforms":["linux"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Package source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Package architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Package revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Package status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"maintainer","description":"Package maintainer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"section","description":"Package section","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"priority","description":"Package priority","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"admindir","description":"libdpkg admindir. Defaults to /var/lib/dpkg","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"default_environment","description":"Default environment variables and values.","platforms":["windows"],"columns":[{"name":"variable","description":"Name of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the environment variable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expand","description":"1 if the variable needs expanding, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_file","description":"Similar to the file table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"A logical path within the device node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Creation time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_firmware","description":"A best-effort list of discovered firmware versions.","platforms":["darwin"],"columns":[{"name":"type","description":"Type of device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"The device name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Firmware version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_hash","description":"Similar to the hash table, but use TSK and allow block address access.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided inode data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"device_partitions","description":"Use TSK to enumerate details about partitions on a disk device.","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Absolute file path to device node","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"partition","description":"A partition number or description","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"The partition name as stored in the partition table","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Filesystem type if recognized, otherwise, 'meta', 'normal', or 'unallocated'","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"Byte offset from the start of the volume","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Byte size of each block","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Number of blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Number of meta nodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Value that describes the partition (TSK_VS_PART_FLAG_ENUM)","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"disk_encryption","description":"Disk encryption status and information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Disk name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Disk Universally Unique Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encrypted","description":"1 If encrypted: true (disk is encrypted), else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Description of cipher type and mode if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption_status","description":"Disk encryption status with one of following values: encrypted | not encrypted | undefined","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Currently authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"user_uuid","description":"UUID of authenticated user if available","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"filevault_status","description":"FileVault status with one of following values: on | off | unknown","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"disk_events","description":"Track DMG disk image events (appearance/disappearance) when opened.","platforms":["darwin"],"columns":[{"name":"action","description":"Appear or disappear","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the DMG file accessed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Disk event name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Disk event BSD name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"UUID of the volume inside DMG if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of partition in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ejectable","description":"1 if ejectable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mountable","description":"1 if mountable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"writable","description":"1 if writable, 0 if not","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content","description":"Disk event content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"media_name","description":"Disk event media name string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Disk event vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filesystem","description":"Filesystem if available","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"checksum","description":"UDIF Master checksum if available (CRC32)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of appearance/disappearance in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"disk_info","description":"Retrieve basic information about the physical disks of a system.","platforms":["windows"],"columns":[{"name":"partitions","description":"Number of detected partitions on disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_index","description":"Physical drive number of the disk.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The interface type of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pnp_device_id","description":"The unique identifier of the drive on the system.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_size","description":"Size of the disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hard drive model.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"The label of the disk object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"The serial number of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The OS's description of the disk.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_cache","description":"Enumerate the DNS cache using the undocumented DnsGetCacheDataTable function in dnsapi.dll.","platforms":["windows"],"columns":[{"name":"name","description":"DNS record name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"DNS record type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"DNS record flags","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"dns_resolvers","description":"Resolvers used by this host.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Address type index or order","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Address type: sortlist, nameserver, search","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Resolver IP/IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Address (sortlist) netmask length","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Resolver options","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_container_envs","description":"Docker container environment variables.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_fs_changes","description":"Changes to files or directories on container's filesystem.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"path","description":"FIle or directory path relative to rootfs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"change_type","description":"Type of change: C:Modified, A:Added, D:Deleted","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_labels","description":"Docker container labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_mounts","description":"Docker container mounts.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Type of mount (bind, volume)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Optional mount name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source path on host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination","description":"Destination path inside container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver providing the mount","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Mount options (rw, ro)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rw","description":"1 if read/write. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"propagation","description":"Mount propagation","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_networks","description":"Docker container networks.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"network_id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"endpoint_id","description":"Endpoint ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_address","description":"IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ip_prefix_len","description":"IP subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_gateway","description":"IPv6 gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_prefix_len","description":"IPv6 subnet prefix length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mac_address","description":"MAC address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_ports","description":"Docker container ports.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Protocol (tcp, udp)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Port inside the container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host_ip","description":"Host IP address on which public port is listening","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host_port","description":"Host port","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_processes","description":"Docker container processes.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start in seconds since boot (non-sleeping)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Cumulative CPU time. [DD-]HH:MM:SS format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu","description":"CPU utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mem","description":"Memory utilization as percentage","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_container_stats","description":"Docker container statistics. Queries on this table take at least one second.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pids","description":"Number of processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"read","description":"UNIX time when stats were read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"preread","description":"UNIX time when stats were last read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"Difference between read and preread in nano-seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_read","description":"Total disk read bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_write","description":"Total disk write bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"num_procs","description":"Number of processors","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_total_usage","description":"Total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_kernelmode_usage","description":"CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_usermode_usage","description":"CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_cpu_usage","description":"CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"online_cpus","description":"Online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_total_usage","description":"Last read total CPU usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_kernelmode_usage","description":"Last read CPU kernel mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_cpu_usermode_usage","description":"Last read CPU user mode usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_system_cpu_usage","description":"Last read CPU system usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pre_online_cpus","description":"Last read online CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_usage","description":"Memory usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_cached","description":"Memory cached","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_max_usage","description":"Memory maximum usage","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"Memory limit","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_rx_bytes","description":"Total network bytes read","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"network_tx_bytes","description":"Total network bytes transmitted","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_containers","description":"Docker containers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Container ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Container name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"image","description":"Docker image (name) used to launch this container","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image_id","description":"Docker image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Command with arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Container state (created, restarting, running, removing, paused, exited, dead)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Container status information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Identifier of the initial process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Container path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_entrypoint","description":"Container entrypoint(s)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"started_at","description":"Container start time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"finished_at","description":"Container finish time as string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"privileged","description":"Is the container privileged","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"security_options","description":"List of container security options","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_variables","description":"Container environmental variables","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly_rootfs","description":"Is the root filesystem mounted as read only","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_namespace","description":"cgroup namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"ipc_namespace","description":"IPC namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"mnt_namespace","description":"Mount namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"net_namespace","description":"Network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pid_namespace","description":"PID namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"user_namespace","description":"User namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"uts_namespace","description":"UTS namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"docker_image_history","description":"Docker image history information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of instruction in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_by","description":"Created by instruction","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Instruction comment","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_labels","description":"Docker image labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_image_layers","description":"Docker image layers information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"layer_id","description":"Layer ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"layer_order","description":"Layer Order (1 = base layer)","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_images","description":"Docker images information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size_bytes","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Comma-separated list of repository tags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_info","description":"Docker system information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Docker system ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"containers","description":"Total number of containers","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_running","description":"Number of containers currently running","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_paused","description":"Number of containers in paused state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"containers_stopped","description":"Number of containers in stopped state","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"images","description":"Number of images","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"storage_driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_limit","description":"1 if memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_limit","description":"1 if swap limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_memory","description":"1 if kernel memory limit support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_period","description":"1 if CPU Completely Fair Scheduler (CFS) period support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_cfs_quota","description":"1 if CPU Completely Fair Scheduler (CFS) quota support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_shares","description":"1 if CPU share weighting support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_set","description":"1 if CPU set selection support is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_forwarding","description":"1 if IPv4 forwarding is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_iptables","description":"1 if bridge netfilter iptables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bridge_nf_ip6tables","description":"1 if bridge netfilter ip6tables is enabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"oom_kill_disable","description":"1 if Out-of-memory kill is disabled. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logging_driver","description":"Logging driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cgroup_driver","description":"Control groups driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_type","description":"Operating system type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpus","description":"Number of CPUs","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory","description":"Total memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"http_proxy","description":"HTTP proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"https_proxy","description":"HTTPS proxy","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"no_proxy","description":"Comma-separated list of domain extensions proxy should not be used for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the docker host","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_version","description":"Server version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_dir","description":"Docker root directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_network_labels","description":"Docker network labels.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_networks","description":"Docker networks information.","platforms":["darwin","linux"],"columns":[{"name":"id","description":"Network ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Network name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Network driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Time of creation as UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_ipv6","description":"1 if IPv6 is enabled on this network. 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"subnet","description":"Network subnet","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Network gateway","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_version","description":"Docker version information.","platforms":["darwin","linux"],"columns":[{"name":"version","description":"Docker version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"api_version","description":"API version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_api_version","description":"Minimum API version supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"git_commit","description":"Docker build git commit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"go_version","description":"Go version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"Operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Hardware architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Build time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volume_labels","description":"Docker volume labels.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Label key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"value","description":"Optional label value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"docker_volumes","description":"Docker volumes information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Volume name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"driver","description":"Volume driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mount_point","description":"Mount point","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Volume type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"drivers","description":"Details for in-use Windows device drivers. This does not display installed but unused drivers.","platforms":["windows"],"columns":[{"name":"device_id","description":"Device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_name","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"image","description":"Path to driver image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Driver description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"Driver service name, if one exists","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_key","description":"Driver service registry key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Driver version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inf","description":"Associated inf file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Device/driver class name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider","description":"Driver provider","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Device manufacturer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_key","description":"Driver key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Driver date","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"Whether the driver is signed or not","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_metadata","description":"EC2 instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_type","description":"EC2 instance type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Hardware architecture of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"region","description":"AWS region in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"availability_zone","description":"Availability zone in which this instance launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Private IPv4 DNS hostname of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ipv4","description":"Private IPv4 address of the first interface of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC address for the first network interface of this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_groups","description":"Comma separated list of security group names","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iam_arn","description":"If there is an IAM role associated with the instance, contains instance profile ARN","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ami_id","description":"AMI ID used to launch this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reservation_id","description":"ID of the reservation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account_id","description":"AWS account ID which owns this EC2 instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ec2_instance_tags","description":"EC2 instance tag key value pairs.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"EC2 instance ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Tag key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Tag value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_events","description":"Process execution events from EndpointSecurity.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"original_parent","description":"Original parent process ID in case of reparenting","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_count","description":"Number of command line arguments","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective User ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective Group ID of the process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signing_id","description":"Signature identifier of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_id","description":"Team identifier of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Codesigning hash of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_binary","description":"Indicates if the binary is Apple signed binary (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit code of a process in case of an exit event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"child_pid","description":"Process ID of a child process in case of a fork event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"codesigning_flags","description":"Codesigning flags matching one of these options, in a comma separated list: NOT_VALID, ADHOC, NOT_RUNTIME, INSTALLER. See kern/cs_blobs.h in XNU for descriptions.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"es_process_file_events","description":"File integrity monitoring events from EndpointSecurity including process context.","platforms":["darwin"],"columns":[{"name":"version","description":"Version of EndpointSecurity event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seq_num","description":"Per event sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"global_seq_num","description":"Global sequence number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"The source or target filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_filename","description":"Destination filename for the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"event_type","description":"Type of EndpointSecurity event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"etc_hosts","description":"Line-parsed /etc/hosts.","platforms":["darwin","linux","windows"],"columns":[{"name":"address","description":"IP address mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostnames","description":"Raw hosts mapping","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"etc_protocols","description":"Line-parsed /etc/protocols.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Protocol name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"Protocol number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"alias","description":"Protocol alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Comment with protocol description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"etc_services","description":"Line-parsed /etc/services.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Service port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Optional space separated list of other names for a service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional comment for a service.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"event_taps","description":"Returns information about installed event taps.","platforms":["darwin"],"columns":[{"name":"enabled","description":"Is the Event Tap enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tap_id","description":"Unique ID for the Tap","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"event_tapped","description":"The mask that identifies the set of events to be observed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_being_tapped","description":"The process ID of the target application","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tapping_process","description":"The process ID of the application that created the event tap.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"extended_attributes","description":"Returns the extended attributes for files (similar to Windows ADS).","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the value generated from the extended attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The parsed information from the attribute","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base64","description":"1 if the value is base64 encoded else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"fan_speed_sensors","description":"Fan speeds.","platforms":["darwin"],"columns":[{"name":"fan","description":"Fan number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Fan name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"actual","description":"Actual speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum speed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target speed","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"file","description":"Interactive filesystem attributes and metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Absolute file path","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Directory of file(s)","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"filename","description":"Name portion of file path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Device ID (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block_size","description":"Block size of filesystem","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"(B)irth or (cr)eate time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_links","description":"Number of hard links","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"symlink","description":"1 if the path is a symlink, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"File status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"attributes","description":"File attrib string. See: https://ss64.com/nt/attrib.html","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"volume_serial","description":"Volume serial number","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_id","description":"file ID","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"file_version","description":"File version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"product_version","description":"File product version","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"original_filename","description":"(Executable files only) Original filename","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"shortcut_target_path","description":"Full path to the file the shortcut points to","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"shortcut_target_type","description":"Display name for the target type","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"shortcut_target_location","description":"Folder name where the shortcut target resides","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"shortcut_start_in","description":"Full path to the working directory to use when executing the shortcut target","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"shortcut_run","description":"Window mode the target of the shortcut should be run in","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"shortcut_comment","description":"Comment on the shortcut","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"bsd_flags","description":"The BSD file flags (chflags). Possible values: NODUMP, UF_IMMUTABLE, UF_APPEND, OPAQUE, HIDDEN, ARCHIVED, SF_IMMUTABLE, SF_APPEND","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"file_events","description":"Track time/action changes to files specified in configuration data.","platforms":["darwin","linux"],"columns":[{"name":"target_path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file defined in the config","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Filesystem inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Owning user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Owning group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Permission bits","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of file in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Last access time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last status change time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"The MD5 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"The SHA1 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"The SHA256 of the file after change","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hashed","description":"1 if the file was hashed, 0 if not, -1 if hashing failed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"firefox_addons","description":"Firefox browser extensions, webapps, and addons.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the addon","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Addon display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Addon identifier","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"creator","description":"Addon-supported creator string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Extension, addon, webapp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Addon-supplied version string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Addon-supplied description string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_url","description":"URL that installed the addon","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"visible","description":"1 If the addon is shown in browser else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If the addon is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 If the addon is application-disabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"1 If the addon applies background updates else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Global, profile location","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to plugin bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper","description":"macOS Gatekeeper Details.","platforms":["darwin"],"columns":[{"name":"assessments_enabled","description":"1 If a Gatekeeper is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"dev_id_enabled","description":"1 If a Gatekeeper allows execution from identified developers else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of Gatekeeper's gke.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"opaque_version","description":"Version of Gatekeeper's gkopaque.bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"gatekeeper_approved_apps","description":"Gatekeeper apps a user has allowed to run.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of executable allowed to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"requirement","description":"Code signing requirement language","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Last change time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Last modification time","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"hardware_events","description":"Hardware (PCI/USB/HID) events from UDEV or IOKit.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"Remove, insert, change properties, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local device path assigned (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of hardware and hardware event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Driver claiming the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Hardware device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded Hardware vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"Hardware device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded Hardware model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"Device serial (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"Device revision (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of hardware event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hash","description":"Filesystem hash data.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"directory","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"md5","description":"MD5 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 hash of provided filesystem data","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"homebrew_packages","description":"The installed homebrew package database.","platforms":["darwin"],"columns":[{"name":"name","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Package install path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Current 'linked' version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Package type ('formula' or 'cask')","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"prefix","description":"Homebrew install prefix","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"hvci_status","description":"Retrieve HVCI info of the machine.","platforms":["windows"],"columns":[{"name":"version","description":"The version number of the Device Guard build.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_identifier","description":"The instance ID of Device Guard.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vbs_status","description":"The status of the virtualization based security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code_integrity_policy_enforcement_status","description":"The status of the code integrity policy enforcement settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"umci_policy_status","description":"The status of the User Mode Code Integrity security settings. Returns UNKNOWN if an error is encountered.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ibridge_info","description":"Information about the Apple iBridge hardware controller.","platforms":["darwin"],"columns":[{"name":"boot_uuid","description":"Boot UUID of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"coprocessor_version","description":"The manufacturer and chip version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_version","description":"The build version of the firmware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unique_chip_id","description":"Unique id of the iBridge controller","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ie_extensions","description":"Internet Explorer browser extensions.","platforms":["windows"],"columns":[{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registry_path","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Version of the executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executable","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"intel_me_info","description":"Intel ME/CSE Info.","platforms":["linux","windows"],"columns":[{"name":"version","description":"Intel ME version","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"interface_addresses","description":"Network interfaces and relevant metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"Interface netmask","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"broadcast","description":"Broadcast address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"point_to_point","description":"PtP address for the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of address. One of dhcp, manual, auto, other, unknown","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_details","description":"Detailed information and stats of network interfaces.","platforms":["darwin","linux","windows"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mac","description":"MAC of interface (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Interface type (includes virtual)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Network MTU","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Metric based on the speed of the interface","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags (netdevice) for the device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipackets","description":"Input packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"opackets","description":"Output packets","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ibytes","description":"Input bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"obytes","description":"Output bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ierrors","description":"Input errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"oerrors","description":"Output errors","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"idrops","description":"Input drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"odrops","description":"Output drops","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"collisions","description":"Packet Collisions detected","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Time of last device modification (optional)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"link_speed","description":"Interface speed in Mb/s","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"pci_slot","description":"PCI slot number","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"friendly_name","description":"The friendly display name of the interface.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"description","description":"Short description of the object a one-line string.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"manufacturer","description":"Name of the network adapter's manufacturer.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_id","description":"Name of the network connection as it appears in the Network Connections Control Panel program.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"connection_status","description":"State of the network adapter connection to the network.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"enabled","description":"Indicates whether the adapter is enabled or not.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"physical_adapter","description":"Indicates whether the adapter is a physical or a logical adapter.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"speed","description":"Estimate of the current bandwidth in bits per second.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"service","description":"The name of the service the network adapter uses.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_enabled","description":"If TRUE, the dynamic host configuration protocol (DHCP) server automatically assigns an IP address to the computer system when establishing a network connection.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_expires","description":"Expiration date and time for a leased IP address that was assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_lease_obtained","description":"Date and time the lease was obtained for the IP address assigned to the computer by the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dhcp_server","description":"IP address of the dynamic host configuration protocol (DHCP) server.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain","description":"Organization name followed by a period and an extension that indicates the type of organization, such as 'microsoft.com'.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_domain_suffix_search_order","description":"Array of DNS domain suffixes to be appended to the end of host names during name resolution.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_host_name","description":"Host name used to identify the local computer for authentication by some utilities.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"dns_server_search_order","description":"Array of server IP addresses to be used in querying for DNS servers.","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"interface_ipv6","description":"IPv6 configuration and stats of network interfaces.","platforms":["darwin","linux"],"columns":[{"name":"interface","description":"Interface name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hop_limit","description":"Current Hop Limit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"forwarding_enabled","description":"Enable IP forwarding","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"redirect_accept","description":"Accept ICMP redirect messages","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"rtadv_accept","description":"Accept ICMP Router Advertisement","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_devicetree","description":"The IOKit registry matching the DeviceTree plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Device node name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent device registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device_path","description":"Device tree path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service","description":"1 if the device conforms to IOService else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the device is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The device reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Device nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iokit_registry","description":"The full IOKit registry without selecting a plane.","platforms":["darwin"],"columns":[{"name":"name","description":"Default name of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"Best matching device class (most-specific category)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"id","description":"IOKit internal registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Parent registry ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"busy_state","description":"1 if the node is in a busy state else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"retain_count","description":"The node reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"depth","description":"Node nested depth","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"iptables","description":"Linux IP packet filtering and NAT tool.","platforms":["linux"],"columns":[{"name":"filter_name","description":"Packet matching filter table name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"chain","description":"Size of module content.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy","description":"Policy that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"target","description":"Target that applies for this rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Protocol number identification.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"src_port","description":"Protocol source port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_port","description":"Protocol destination port(s).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_ip","description":"Source IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"src_mask","description":"Source IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface","description":"Input interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iniface_mask","description":"Input interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_ip","description":"Destination IP address.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dst_mask","description":"Destination IP address mask.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface","description":"Output interface for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"outiface_mask","description":"Output interface mask for the rule.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"match","description":"Matching rule that applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"packets","description":"Number of matching packets for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes","description":"Number of matching bytes for this rule.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_extensions","description":"macOS's kernel extensions, both loaded and within the load search path.","platforms":["darwin"],"columns":[{"name":"idx","description":"Extension load tag or index","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refs","description":"Reference count","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Bytes of wired memory used by extension","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension label","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"linked_against","description":"Indexes of extensions this extension is linked against","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Optional path to extension bundle","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_info","description":"Basic active kernel information.","platforms":["darwin","linux","windows"],"columns":[{"name":"version","description":"Kernel version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arguments","description":"Kernel arguments","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Kernel path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"Kernel device identifier","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_keys","description":"List of security data, authentication keys and encryption keys.","platforms":["linux"],"columns":[{"name":"serial_number","description":"The serial key of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"A set of flags describing the state of the key.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"usage","description":"the number of threads and open file references that refer to this key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"timeout","description":"The amount of time until the key will expire, expressed in human-readable form. The string perm here means that the key is permanent (no timeout). The string expd means that the key has already expired.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"The key permissions, expressed as four hexadecimal bytes containing, from left to right, the possessor, user, group, and other permissions.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The user ID of the key owner.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The group ID of the key.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The key type.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The key description.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_modules","description":"Linux kernel modules both loaded and within the load search path.","platforms":["linux"],"columns":[{"name":"name","description":"Module name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of module content","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"Module reverse dependencies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Kernel module status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Kernel module address","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kernel_panics","description":"System kernel panic logs.","platforms":["darwin"],"columns":[{"name":"path","description":"Location of log file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Formatted time of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"A space delimited line of register:value pairs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"frame_backtrace","description":"Backtrace of the crashed module","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_backtrace","description":"Modules appearing in the crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dependencies","description":"Module dependencies existing in crashed module's backtrace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Process name corresponding to crashed thread","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os_version","description":"Version of the operating system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"kernel_version","description":"Version of the system kernel","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"system_model","description":"Physical system model, for example 'MacBookPro12,1 (Mac-E43C1C25D4880AD6)'","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"System uptime at kernel panic in nanoseconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_loaded","description":"Last loaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_unloaded","description":"Last unloaded module before panic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_acls","description":"Applications that have ACL entries in the keychain. NOTE: osquery limits frequent access to keychain files. This limit is controlled by keychain_access_interval flag.","platforms":["darwin"],"columns":[{"name":"keychain_path","description":"The path of the keychain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authorizations","description":"A space delimited set of authorization attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path of the authorized application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The description included with the ACL entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"An optional label tag that may be included with the keychain entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"keychain_items","description":"Generic details about keychain items. NOTE: osquery limits frequent access to keychain files. This limit is controlled by keychain_access_interval flag.","platforms":["darwin"],"columns":[{"name":"label","description":"Generic item name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional item description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"comment","description":"Optional keychain comment","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"account","description":"Optional item account","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"created","description":"Date item was created","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified","description":"Date of last modification","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Keychain item type (class)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pk_hash","description":"Hash of associated public key (SHA1 of subjectPublicKey, see RFC 8520 4.2.1.2)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to keychain containing item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"known_hosts","description":"A line-delimited known_hosts table.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"The local user that owns the known_hosts file","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"parsed authorized keys line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_file","description":"Path to known_hosts file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"kva_speculative_info","description":"Display kernel virtual address and speculative execution information for the system.","platforms":["windows"],"columns":[{"name":"kva_shadow_enabled","description":"Kernel Virtual Address shadowing is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_user_global","description":"User pages are marked as global.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_pcid","description":"Kernel VA PCID flushing optimization is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"kva_shadow_inv_pcid","description":"Kernel VA INVPCID is enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_mitigations","description":"Branch Prediction mitigations are enabled.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_system_pol_disabled","description":"Branch Predictions are disabled via system policy.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bp_microcode_disabled","description":"Branch Predictions are disabled due to lack of microcode update.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_spec_ctrl_supported","description":"SPEC_CTRL MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ibrs_support_enabled","description":"Windows uses IBRS.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"stibp_support_enabled","description":"Windows uses STIBP.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_pred_cmd_supported","description":"PRED_CMD MSR supported by CPU Microcode.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"last","description":"System logins and logouts.","platforms":["darwin","linux"],"columns":[{"name":"username","description":"Entry username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Entry terminal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Entry type, according to ut_type types (utmp.h)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Entry type name, according to ut_type types (utmp.h)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Entry hostname","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd","description":"LaunchAgents and LaunchDaemons from default search paths.","platforms":["darwin"],"columns":[{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"File name of plist (used by launchd)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program","description":"Path to target program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_at_load","description":"Should the program run on launch load","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keep_alive","description":"Should the process be restarted if killed","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"on_demand","description":"Deprecated key, replaced by keep_alive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"Skip loading this daemon or agent on boot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Run this daemon or agent as this username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Run this daemon or agent as this group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stdout_path","description":"Pipe stdout to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stderr_path","description":"Pipe stderr to a target path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_interval","description":"Frequency to run in seconds","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"program_arguments","description":"Command line arguments passed to program","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"watch_paths","description":"Key that launches daemon or agent if path is modified","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"queue_directories","description":"Similar to watch_paths but only with non-empty directories","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inetd_compatibility","description":"Run this daemon or agent as it was launched from inetd","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_on_mount","description":"Run daemon or agent every time a filesystem is mounted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root_directory","description":"Key used to specify a directory to chroot to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"working_directory","description":"Key used to specify a directory to chdir to before launch","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_type","description":"Key describes the intended purpose of the job","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"launchd_overrides","description":"Override keys, per user, for LaunchDaemons and Agents.","platforms":["darwin"],"columns":[{"name":"label","description":"Daemon or agent service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Name of the override key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Overridden value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID applied to the override, 0 applies to all","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to daemon or agent plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"listening_ports","description":"Processes with listening (bound) network sockets/ports.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"port","description":"Transport layer port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Specific address for bind","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path for UNIX domain sockets","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"load_average","description":"Displays information about the system wide load averages.","platforms":["darwin","linux"],"columns":[{"name":"period","description":"Period over which the average is calculated.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"average","description":"Load average over the specified period.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"location_services","description":"Reports the status of the Location Services feature of the OS.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 if Location Services are enabled, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logged_in_users","description":"Users with an active shell on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"type","description":"Login type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"User login name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tty","description":"Device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Remote hostname","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time entry was made","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"The user's unique security identifier","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"registry_hive","description":"HKEY_USERS registry hive","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"logical_drives","description":"Details for logical drives on the system. A logical drive generally represents a single partition.","platforms":["windows"],"columns":[{"name":"device_id","description":"The drive id, usually the drive name, e.g., 'C:'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Deprecated (always 'Unknown').","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"The canonical description of the drive, e.g. 'Logical Fixed Disk', 'CD-ROM Disk'.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"free_space","description":"The amount of free space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The total amount of space, in bytes, of the drive (-1 on failure).","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_system","description":"The file system of the drive.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"boot_partition","description":"True if Windows booted from this drive.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"logon_sessions","description":"Windows Logon Session.","platforms":["windows"],"columns":[{"name":"logon_id","description":"A locally unique identifier (LUID) that identifies a logon session.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The account name of the security principal that owns the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_domain","description":"The name of the domain used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authentication_package","description":"The authentication package used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_type","description":"The logon method.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"The Terminal Services session identifier.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_sid","description":"The user's security identifier (SID).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_time","description":"The time the session owner logged on.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_server","description":"The name of the server used to authenticate the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_domain_name","description":"The DNS name for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"upn","description":"The user principal name (UPN) for the owner of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_script","description":"The script used for logging on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_path","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory","description":"The home directory for the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"home_directory_drive","description":"The drive location of the home directory of the logon session.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_certificates","description":"LXD certificates information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fingerprint","description":"SHA256 hash of the certificate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"certificate","description":"Certificate content","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster","description":"LXD cluster information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether clustering enabled (1) or not (0) on this node","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_entity","description":"Type of configuration parameter for this node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_name","description":"Name of configuration parameter","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_key","description":"Config key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_value","description":"Config value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"member_config_description","description":"Config description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_cluster_members","description":"LXD cluster members information.","platforms":["linux"],"columns":[{"name":"server_name","description":"Name of the LXD server node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"url","description":"URL of the node","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"database","description":"Whether the server is a database node (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Status of the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the node (Online/Offline)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_images","description":"LXD images information.","platforms":["linux"],"columns":[{"name":"id","description":"Image ID","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"architecture","description":"Target architecture for the image","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"OS on which image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"release","description":"OS release version on which the image is based","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Image description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"aliases","description":"Comma-separated list of image aliases","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Filename of the image file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of image in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_update","description":"Whether the image auto-updates (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"Whether image is cached (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"public","description":"Whether image is public (1) or not (0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of image creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"expires_at","description":"ISO time of image expiration","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uploaded_at","description":"ISO time of image upload","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_used_at","description":"ISO time for the most recent use of this image in terms of container spawn","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_server","description":"Server for image update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_protocol","description":"Protocol used for image information update and image import from source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_certificate","description":"Certificate for update source server","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_source_alias","description":"Alias of image at update source server","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_config","description":"LXD instance configuration information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"key","description":"Configuration parameter name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Configuration parameter value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instance_devices","description":"LXD instance devices information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"device","description":"Name of the device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_type","description":"Device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Device info param name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Device info param value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_instances","description":"LXD instances information.","platforms":["linux"],"columns":[{"name":"name","description":"Instance name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"status","description":"Instance state (running, stopped, etc.)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"stateful","description":"Whether the instance is stateful(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ephemeral","description":"Whether the instance is ephemeral(1) or not(0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"created_at","description":"ISO time of creation","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"base_image","description":"ID of image used to launch this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"architecture","description":"Instance architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"os","description":"The OS of this instance","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Instance description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Instance's process ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"processes","description":"Number of processes running inside this instance","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_networks","description":"LXD network information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"managed","description":"1 if network created by LXD, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv4_address","description":"IPv4 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipv6_address","description":"IPv6 address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"used_by","description":"URLs for containers using this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_received","description":"Number of bytes received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_sent","description":"Number of bytes sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_received","description":"Number of packets received on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"packets_sent","description":"Number of packets sent on this network","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hwaddr","description":"Hardware address for this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Network status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"MTU size","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"lxd_storage_pools","description":"LXD storage pool information.","platforms":["linux"],"columns":[{"name":"name","description":"Name of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"Storage driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Storage pool source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of the storage pool","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"space_used","description":"Storage space used in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"space_total","description":"Total available storage space in bytes for this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_used","description":"Number of inodes used","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_total","description":"Total number of inodes available in this storage pool","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"magic","description":"Magic number recognition library table.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Absolute path to target file","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"magic_db_files","description":"Colon(:) separated list of files where the magic db file can be found. By default one of the following is used: /usr/share/file/magic/magic, /usr/share/misc/magic or /usr/share/misc/magic.mgc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Magic number data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_type","description":"MIME type data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mime_encoding","description":"MIME encoding data from libmagic","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"managed_policies","description":"The managed configuration policies from AD, MDM, MCX, etc.","platforms":["darwin"],"columns":[{"name":"domain","description":"System or manager-chosen domain key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Optional UUID assigned to policy set","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Policy key name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Policy value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Policy applies only this user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manual","description":"1 if policy was loaded manually, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_devices","description":"Software RAID array settings.","platforms":["linux"],"columns":[{"name":"device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Current state of the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_level","description":"Current raid level of the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"size of the array in blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"chunk_size","description":"chunk size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"raid_disks","description":"Number of configured RAID disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nr_raid_disks","description":"Number of partitions or disk devices to comprise the array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"working_disks","description":"Number of working disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active_disks","description":"Number of active disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"failed_disks","description":"Number of failed disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"spare_disks","description":"Number of idle disks in array","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_state","description":"State of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_version","description":"Version of the superblock","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"superblock_update_time","description":"Unix timestamp of last update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_on_mem","description":"Pages allocated in in-memory bitmap, if enabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_chunk_size","description":"Bitmap chunk size","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bitmap_external_file","description":"External referenced bitmap file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_progress","description":"Progress of the recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_finish","description":"Estimated duration of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"recovery_speed","description":"Speed of recovery activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_progress","description":"Progress of the resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_finish","description":"Estimated duration of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"resync_speed","description":"Speed of resync activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_progress","description":"Progress of the reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_finish","description":"Estimated duration of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"reshape_speed","description":"Speed of reshape activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_progress","description":"Progress of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_finish","description":"Estimated duration of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"check_array_speed","description":"Speed of the check array activity","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unused_devices","description":"Unused devices","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"other","description":"Other information associated with array from /proc/mdstat","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_drives","description":"Drive devices used for Software RAID.","platforms":["linux"],"columns":[{"name":"md_device_name","description":"md device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_name","description":"Drive device name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"Slot position of disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the drive","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"md_personalities","description":"Software RAID setting supported by the kernel.","platforms":["linux"],"columns":[{"name":"name","description":"Name of personality supported by kernel","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mdfind","description":"Run searches against the spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file returned from spotlight","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The query that was run to find the file","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"mdls","description":"Query file metadata in the Spotlight database.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of the file","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"key","description":"Name of the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value stored in the metadata key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"valuetype","description":"CoreFoundation type of data stored in value","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"memory_array_mapped_addresses","description":"Data associated for address mapping of physical memory arrays.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_handle","description":"Handle of the memory array associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_width","description":"Number of memory devices that form a single row of memory for the address partition of this structure","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_arrays","description":"Data associated with collection of memory devices that operate to form a memory address.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Physical location of the memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"Function for which the array is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_correction","description":"Primary hardware error correction or detection method supported","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_capacity","description":"Maximum capacity of array in gigabytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_error_info_handle","description":"Handle, or instance number, associated with any error that was detected for the array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number_memory_devices","description":"Number of memory devices on array","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_device_mapped_addresses","description":"Data associated for address mapping of physical memory devices.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_device_handle","description":"Handle of the memory device structure associated with this structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_mapped_address_handle","description":"Handle of the memory array mapped address to which this device range is mapped to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"starting_address","description":"Physical stating address, in kilobytes, of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ending_address","description":"Physical ending address of last kilobyte of a range of memory mapped to physical memory array","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partition_row_position","description":"Identifies the position of the referenced memory device in a row of the address partition","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_position","description":"The position of the device in a interleave, i.e. 0 indicates non-interleave, 1 indicates 1st interleave, 2 indicates 2nd interleave, etc.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interleave_data_depth","description":"The max number of consecutive rows from memory device that are accessed in a single interleave transfer; 0 indicates device is non-interleave","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_devices","description":"Physical memory device (type 17) information retrieved from SMBIOS.","platforms":["darwin","linux","windows"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure in SMBIOS","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"array_handle","description":"The memory array that the device is attached to","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"form_factor","description":"Implementation form factor for this memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"total_width","description":"Total width, in bits, of this memory device, including any check or error-correction bits","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"data_width","description":"Data width, in bits, of this memory device","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size of memory device in Megabyte","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"set","description":"Identifies if memory device is one of a set of devices. A value of 0 indicates no set affiliation.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"device_locator","description":"String number of the string that identifies the physically-labeled socket or board position where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bank_locator","description":"String number of the string that identifies the physically-labeled bank where the memory device is located","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type","description":"Type of memory used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_type_details","description":"Additional details for memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_speed","description":"Max speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_clock_speed","description":"Configured speed of memory device in megatransfers per second (MT/s)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"Manufacturer ID string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_number","description":"Serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"asset_tag","description":"Manufacturer specific asset tag of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"part_number","description":"Manufacturer specific serial number of memory device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_voltage","description":"Minimum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_voltage","description":"Maximum operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"configured_voltage","description":"Configured operating voltage of device in millivolts","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_error_info","description":"Data associated with errors of a physical memory array.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_type","description":"type of error associated with current error status for array or device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_granularity","description":"Granularity to which the error can be resolved","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_operation","description":"Memory access operation that caused the error","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_syndrome","description":"Vendor specific ECC syndrome or CRC data associated with the erroneous access","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_array_error_address","description":"32 bit physical address of the error based on the addressing of the bus to which the memory array is connected","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_error_address","description":"32 bit physical address of the error relative to the start of the failing memory address, in bytes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"error_resolution","description":"Range, in bytes, within which this error can be determined, when an error address is given","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_info","description":"Main memory information in bytes.","platforms":["linux"],"columns":[{"name":"memory_total","description":"Total amount of physical RAM, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_free","description":"The amount of physical RAM, in bytes, left unused by the system","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"memory_available","description":"The amount of physical RAM, in bytes, available for starting new applications, without swapping","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"buffers","description":"The amount of physical RAM, in bytes, used for file buffers","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cached","description":"The amount of physical RAM, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_cached","description":"The amount of swap, in bytes, used as cache memory","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"The total amount of buffer or page cache memory, in bytes, that is in active use","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"The total amount of buffer or page cache memory, in bytes, that are free and available","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_total","description":"The total amount of swap available, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_free","description":"The total amount of swap free, in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"memory_map","description":"OS memory region map.","platforms":["linux"],"columns":[{"name":"name","description":"Region name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start","description":"Start address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"End address of memory region","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"mounts","description":"System mounted devices and filesystems (not process specific).","platforms":["darwin","linux"],"columns":[{"name":"device","description":"Mounted device","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"device_alias","description":"Mounted device alias","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Mounted device path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Mounted device type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_size","description":"Block size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks","description":"Mounted device used blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_free","description":"Mounted device free blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"blocks_available","description":"Mounted device available blocks","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes","description":"Mounted device used inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inodes_free","description":"Mounted device free inodes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Mounted device flags","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"msr","description":"Various pieces of data stored in the model specific register per processor. NOTE: the msr kernel module must be enabled, and osquery must be run as root.","platforms":["linux"],"columns":[{"name":"processor_number","description":"The processor number as reported in /proc/cpuinfo","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_disabled","description":"Whether the turbo feature is disabled.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"turbo_ratio_limit","description":"The turbo feature ratio limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_info","description":"Platform information.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_ctl","description":"Performance setting for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"perf_status","description":"Performance status for the processor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"feature_control","description":"Bitfield controlling enabled features.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_limit","description":"Run Time Average Power Limiting power limit.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_energy_status","description":"Run Time Average Power Limiting energy status.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"rapl_power_units","description":"Run Time Average Power Limiting power units.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"nfs_shares","description":"NFS shares exported by the host.","platforms":["darwin"],"columns":[{"name":"share","description":"Filesystem path to the share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"options","description":"Options string set on the export share","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"readonly","description":"1 if the share is exported readonly else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"npm_packages","description":"Node packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Package-supplied description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Package-supplied author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"homepage","description":"Package supplied homepage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where node_modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"ntdomains","description":"Display basic NT domain information of a Windows machine.","platforms":["windows"],"columns":[{"name":"name","description":"The label by which the object is known.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"client_site_name","description":"The name of the site where the domain controller is configured.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dc_site_name","description":"The name of the site where the domain controller is located.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dns_forest_name","description":"The name of the root of the DNS tree.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_address","description":"The IP Address of the discovered domain controller..","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_controller_name","description":"The name of the discovered domain controller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"domain_name","description":"The name of the domain.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"The current status of the domain object.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_acl_permissions","description":"Retrieve NTFS ACL permission information for files and directories.","platforms":["windows"],"columns":[{"name":"path","description":"Path to the file or directory.","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"type","description":"Type of access mode for the access control entry.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"principal","description":"User or group to which the ACE applies.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"access","description":"Specific permissions that indicate the rights described by the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inherited_from","description":"The inheritance policy of the ACE.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ntfs_journal_events","description":"Track time/action changes to files specified in configuration data.","platforms":["windows"],"columns":[{"name":"action","description":"Change action (Write, Delete, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category that the event originated from","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"old_path","description":"Old path (renames only)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_timestamp","description":"Journal record timestamp","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"record_usn","description":"The update sequence number that identifies the journal record","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"node_ref_number","description":"The ordinal that associates a journal record with a filename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"parent_ref_number","description":"The ordinal that associates a journal record with a filename's parent directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"drive_letter","description":"The drive letter identifying the source journal","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"file_attributes","description":"File attributes","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"Set to 1 if either path or old_path only contains the file or folder name","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of file event","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"nvram","description":"Apple NVRAM variable listing.","platforms":["darwin"],"columns":[{"name":"name","description":"Variable name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Data type (CFData, CFString, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Raw variable data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"oem_strings","description":"OEM defined strings retrieved from SMBIOS.","platforms":["darwin","linux"],"columns":[{"name":"handle","description":"Handle, or instance number, associated with the Type 11 structure","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"number","description":"The string index of the structure","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"The value of the OEM string","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"office_mru","description":"View recently opened Office documents.","platforms":["windows"],"columns":[{"name":"application","description":"Associated Office application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Office application version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"File path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_opened_time","description":"Most recent opened time file was opened","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"os_version","description":"A single row containing the operating system name and version.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Distribution or product name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Pretty, suitable for presentation, OS version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major","description":"Major release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor","description":"Minor release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"patch","description":"Optional patch release","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build","description":"Optional build-specific or variant string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"OS Platform or ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_like","description":"Closely related platforms","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"codename","description":"OS version codename","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"OS Architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Optional extra release specification","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"install_date","description":"The install date of the OS.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"revision","description":"Update Build Revision, refers to the specific revision number of a Windows update","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"osquery_events","description":"Information about the event publishers and subscribers.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Event publisher or subscriber name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the associated publisher","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either publisher or subscriber","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subscriptions","description":"Number of subscriptions the publisher received or subscriber used","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"events","description":"Number of events emitted or received since osquery started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"refreshes","description":"Publisher only: number of runloop restarts","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 if the publisher or subscriber is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_extensions","description":"List of active osquery extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"uuid","description":"The transient ID assigned for communication","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Extension's name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension's version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk_version","description":"osquery SDK version used to build the extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the extension's Thrift connection or library path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"SDK extension type: core, extension, or module","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_flags","description":"Configurable flags that modify osquery's behavior.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Flag name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Flag type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Flag description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"default_value","description":"Flag default value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Flag value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell_only","description":"Is the flag shell only?","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_info","description":"Top level information about the running version of osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread/handle) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instance_id","description":"Unique, long-lived ID per instance of osquery","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"osquery toolkit version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_hash","description":"Hash of the working configuration state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_valid","description":"1 if the config was loaded and considered valid, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"extensions","description":"osquery extensions status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_platform","description":"osquery toolkit build platform","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_distro","description":"osquery toolkit platform distribution name (os version)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"UNIX time in seconds when the process started","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"watcher","description":"Process (or thread/handle) ID of optional watcher process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"platform_mask","description":"The osquery platform bitmask","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_packs","description":"Information about the current query packs that are loaded in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query pack","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"platform","description":"Platforms this query is supported on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Minimum osquery version that this query will run on","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shard","description":"Shard restriction limit, 1-100, 0 meaning no restriction","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_cache_hits","description":"The number of times that the discovery query used cached values since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"discovery_executions","description":"The number of times that the discovery queries have been executed since the last time the config was reloaded","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Whether this pack is active (the version, platform and discovery queries match) yes=1, no=0.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_registry","description":"List the osquery registry plugins.","platforms":["darwin","linux","windows"],"columns":[{"name":"registry","description":"Name of the osquery registry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the plugin item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uuid","description":"Extension route UUID (0 for core)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internal","description":"1 If the plugin is internal else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"1 If this plugin is active else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"osquery_schedule","description":"Information about the current queries that are scheduled in osquery.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"The given name for this query","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"The exact query to run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"interval","description":"The interval in seconds to run this query, not an exact interval","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"executions","description":"Number of times the query was executed","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_executed","description":"UNIX time stamp in seconds of the last completed execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"denylisted","description":"1 if the query is denylisted else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"output_size","description":"Cumulative total number of bytes generated by the resultant rows of the query","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time","description":"Total wall time in seconds spent executing (deprecated), hidden=True","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wall_time_ms","description":"Total wall time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_wall_time_ms","description":"Wall time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"Total user time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_user_time","description":"User time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"Total system time in milliseconds spent executing","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_system_time","description":"System time in milliseconds of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"average_memory","description":"Average of the bytes of resident memory left allocated after collecting results","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_memory","description":"Resident memory in bytes left allocated after collecting results of the latest execution","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_bom","description":"macOS package bill of materials (BOM) file list.","platforms":["darwin"],"columns":[{"name":"filepath","description":"Package file or directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Expected user of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Expected group of file or directory","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Expected permissions","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Timestamp the file was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of package bom","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"package_install_history","description":"macOS package install history.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Label packageIdentifiers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Label date as UNIX timestamp","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package display version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Install source: usually the installer process name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"content_type","description":"Package content_type (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"package_receipts","description":"macOS package receipt details.","platforms":["darwin"],"columns":[{"name":"package_id","description":"Package domain identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_filename","description":"Filename of original .pkg file","type":"text","notes":"","hidden":true,"required":false,"index":true},{"name":"version","description":"Installed package version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"location","description":"Optional relative install path on volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_time","description":"Timestamp of install time","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"installer_name","description":"Name of installer process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of receipt plist","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"password_policy","description":"Password Policies for macOS.","platforms":["darwin"],"columns":[{"name":"uid","description":"User ID for the policy, -1 for policies that are global","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"policy_identifier","description":"Policy Identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_content","description":"Policy content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"policy_description","description":"Policy description","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"patches","description":"Lists all the patches applied. Note: This does not include patches applied via MSI or downloaded from Windows Update (e.g. Service Packs).","platforms":["windows"],"columns":[{"name":"csname","description":"The name of the host the patch is installed on.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hotfix_id","description":"The KB ID of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Short description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Fuller description of the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fix_comments","description":"Additional comments about the patch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_by","description":"The system context in which the patch as installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the patch was installed. Lack of a value does not indicate that the patch was not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_on","description":"The date when the patch was installed.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pci_devices","description":"PCI devices active on the host system.","platforms":["darwin","linux"],"columns":[{"name":"pci_slot","description":"PCI Device used slot","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class","description":"PCI Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"PCI Device used driver","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"PCI Device vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded PCI Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"PCI Device model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded PCI Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pci_class_id","description":"PCI Device class ID in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass_id","description":"PCI Device subclass in hex format","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"pci_subclass","description":"PCI Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor_id","description":"Vendor ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_vendor","description":"Vendor of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model_id","description":"Model ID of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"subsystem_model","description":"Device description of PCI device subsystem","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"physical_disk_performance","description":"Provides provides raw data from performance counters that monitor hard or fixed disk drives on the system.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the physical disk","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_read","description":"Average number of bytes transferred from the disk during read operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_bytes_per_write","description":"Average number of bytes transferred to the disk during write operations","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_read_queue_length","description":"Average number of read requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_write_queue_length","description":"Average number of write requests that were queued for the selected disk during the sample interval","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_read","description":"Average time, in seconds, of a read operation of data from the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"avg_disk_sec_per_write","description":"Average time, in seconds, of a write operation of data to the disk","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"current_disk_queue_length","description":"Number of requests outstanding on the disk at the time the performance data is collected","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_read_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_write_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_disk_time","description":"Percentage of elapsed time that the selected disk drive is busy servicing read or write requests","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"percent_idle_time","description":"Percentage of time during the sample interval that the disk was idle","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"pipes","description":"Named and Anonymous pipes.","platforms":["windows"],"columns":[{"name":"pid","description":"Process ID of the process to which the pipe belongs","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the pipe","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"instances","description":"Number of instances of the named pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"max_instances","description":"The maximum number of instances creatable for this pipe","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"The flags indicating whether this pipe connection is a server or client end, and if the pipe for sending messages or bytes","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"platform_info","description":"Information about EFI/UEFI/ROM and platform/boot.","platforms":["darwin","linux","windows"],"columns":[{"name":"vendor","description":"Platform code vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Platform code version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Self-reported platform code update date","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"revision","description":"BIOS major and minor revision","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extra","description":"Platform-specific additional information","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"firmware_type","description":"The type of firmware (uefi, bios, iboot, openfirmware, unknown).","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"Relative address of firmware mapping","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"size","description":"Size in bytes of firmware","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]},{"name":"volume_size","description":"(Optional) size of firmware volume","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"plist","description":"Read and parse a plist file.","platforms":["darwin"],"columns":[{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subkey","description":"Intermediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"(required) read preferences from a plist","type":"text","notes":"","hidden":false,"required":true,"index":false}]},{"name":"portage_keywords","description":"A summary about portage configurations like keywords, mask and unmask.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"keyword","description":"The keyword applied to the package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mask","description":"If the package is masked","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"unmask","description":"If the package is unmasked","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_packages","description":"List of currently installed packages.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version which are affected by the use flags, empty means all","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"slot","description":"The slot used by package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"build_time","description":"Unix time when package was built","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"repository","description":"From which repository the ebuild was used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eapi","description":"The eapi for the ebuild","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The size of the package","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"world","description":"If package is in the world file","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"portage_use","description":"List of enabled portage USE values for specific package.","platforms":["linux"],"columns":[{"name":"package","description":"Package name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"The version of the installed package","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"use","description":"USE flag which has been enabled for package","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"power_sensors","description":"Machine power (currents, voltages, wattages, etc) sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"category","description":"The sensor category: currents, voltage, wattage","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of power source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Power in Watts","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"powershell_events","description":"Powershell script blocks reconstructed to their full script content, this table requires script block logging to be enabled.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received by the osquery event publisher","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the Powershell script event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_id","description":"The unique GUID of the powershell script to which this block belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_block_count","description":"The total number of script blocks for this script","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"The text content of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_name","description":"The name of the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_path","description":"The path for the Powershell script","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cosine_similarity","description":"How similar the Powershell script is to a provided 'normal' character frequency","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"preferences","description":"macOS defaults and managed preferences.","platforms":["darwin"],"columns":[{"name":"domain","description":"Application ID usually in com.name.product format","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Preference top-level key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"subkey","description":"Intemediate key path, includes lists/dicts","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"String value of most CF types","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"forced","description":"1 if the value is forced/managed, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"(optional) read preferences for a specific user","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"'current' or 'any' host, where 'current' takes precedence","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prefetch","description":"Prefetch files show metadata related to file execution.","platforms":["windows"],"columns":[{"name":"path","description":"Prefetch file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Executable filename.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash","description":"Prefetch CRC hash.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Most recent time application was run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"other_run_times","description":"Other execution times in prefetch file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"run_count","description":"Number of times the application has been run.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Application file size.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_serial","description":"Volume serial number.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_creation","description":"Volume creation time.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files_count","description":"Number of files accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories_count","description":"Number of directories accessed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_files","description":"Files accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_directories","description":"Directories accessed by application within ten seconds of launch.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_envs","description":"A key/value table of environment variables for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"key","description":"Environment variable name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Environment variable value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_etw_events","description":"Windows process execution events.","platforms":["windows"],"columns":[{"name":"type","description":"Event Type (ProcessStart, ProcessStop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"session_id","description":"Session ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Process Flags","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"exit_code","description":"Exit Code - Present only on ProcessStop events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command Line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"User rights - primary token username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_type","description":"Primary token elevation type - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"token_elevation_status","description":"Primary token elevation status - Present only on ProcessStart events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mandatory_label","description":"Primary token mandatory label sid - Present only on ProcessStart events","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Event timestamp in DATETIME format","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time_windows","description":"Event timestamp in Windows format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Event timestamp in Unix format","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"header_pid","description":"Process ID of the process reporting the event","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"process_sequence_number","description":"Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"parent_process_sequence_number","description":"Parent Process Sequence Number - Present only on ProcessStart events","type":"bigint","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_events","description":"Track time/action process executions.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File mode permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Command line arguments (argv)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline_size","description":"Actual size (bytes) of command line arguments","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env","description":"Environment variables delimited by spaces","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"env_count","description":"Number of environment variables","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"env_size","description":"Actual size (bytes) of environment list","type":"bigint","notes":"","hidden":true,"required":false,"index":false},{"name":"cwd","description":"The process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"File owner user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_gid","description":"File owner group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"File last access in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"File modification in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"File last metadata change in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"btime","description":"File creation in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"overflows","description":"List of structures that overflowed","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"parent","description":"Process parent's PID, or -1 if cannot be determined.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"status","description":"OpenBSM Attribute: Status of the process","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"fsuid","description":"Filesystem user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"suid","description":"Saved user ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"fsgid","description":"Filesystem group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"sgid","description":"Saved group ID at process start","type":"bigint","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]},{"name":"syscall","description":"Syscall name: fork, vfork, clone, execve, execveat","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"process_file_events","description":"A File Integrity Monitor implementation using the audit service.","platforms":["linux"],"columns":[{"name":"operation","description":"Operation type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ppid","description":"Parent process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"executable","description":"The executable path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partial","description":"True if this is a partial event (i.e.: this process existed before we started osquery)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"The current working directory of the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"dest_path","description":"The canonical path associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The uid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"The gid of the process performing the action","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Effective user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Effective group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsuid","description":"Filesystem user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fsgid","description":"Filesystem group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Saved user ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Saved group ID of the process using the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"process_memory_map","description":"Process memory mapped files and pseudo device/regions.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"start","description":"Virtual start address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"end","description":"Virtual end address (hex)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"r=read, w=write, x=execute, p=private (cow)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"offset","description":"Offset into mapped path","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"device","description":"MA:MI Major/minor device ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Mapped path inode, 0 means uninitialized (BSS)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to mapped file or mapped type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pseudo","description":"1 If path is a pseudo path, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_namespaces","description":"Linux namespaces for processes running on the host system.","platforms":["linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"cgroup_namespace","description":"cgroup namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ipc_namespace","description":"ipc namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mnt_namespace","description":"mnt namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"net namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_namespace","description":"pid namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_namespace","description":"user namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uts_namespace","description":"uts namespace inode","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_files","description":"File descriptors for each process.","platforms":["darwin","linux"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"fd","description":"Process-specific file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Filesystem path of descriptor","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_pipes","description":"Pipes and partner processes for each process.","platforms":["linux"],"columns":[{"name":"pid","description":"Process ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"File descriptor","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"Pipe open mode (r/w)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Pipe inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Pipe Type: named vs unnamed/anonymous","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_pid","description":"Process ID of partner process sharing a particular pipe","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_fd","description":"File descriptor of shared pipe at partner's end","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"partner_mode","description":"Mode of shared pipe at partner's end","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"process_open_sockets","description":"Processes which have open network sockets on the system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"Socket file descriptor number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"Socket handle or inode number","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"Network protocol (IPv4, IPv6)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"Transport protocol (TCP/UDP)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"local_address","description":"Socket local address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Socket remote address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Socket local port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Socket remote port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"For UNIX sockets (family=AF_UNIX), the domain path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"TCP socket state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"net_namespace","description":"The inode number of the network namespace","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size (Linux, Windows) or 'footprint' (macOS)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]},{"name":"programs","description":"Represents products as they are installed by Windows Installer. A product generally correlates to one installation package on Windows. Some fields may be blank as Windows installation details are left to the discretion of the product author.","platforms":["windows"],"columns":[{"name":"name","description":"Commonly used product name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Product version information.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_location","description":"The installation location directory of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_source","description":"The installation source of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"language","description":"The language of the product.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Name of the product supplier.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uninstall_string","description":"Path and filename of the uninstaller.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Date that this product was installed on the system. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifying_number","description":"Product identification such as a serial number on software, or a die number on a hardware chip.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"prometheus_metrics","description":"Retrieve metrics from a Prometheus server.","platforms":["darwin","linux"],"columns":[{"name":"target_name","description":"Address of prometheus target","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_name","description":"Name of collected Prometheus metric","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metric_value","description":"Value of collected Prometheus metric","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp_ms","description":"Unix timestamp of collected data in MS","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"python_packages","description":"Python packages installed in a system.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Package display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Package-supplied version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"summary","description":"Package-supplied summary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional package author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"license","description":"License under which package is launched","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path at which this module resides","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"Directory where Python modules are located","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"quicklook_cache","description":"Files and thumbnails within macOS's Quicklook Cache.","platforms":["darwin"],"columns":[{"name":"path","description":"Path of file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rowid","description":"Quicklook file rowid key","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"fs_id","description":"Quicklook file fs_id key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"volume_id","description":"Parsed volume ID from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"inode","description":"Parsed file ID (inode) from fs_id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"Parsed version date field","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Parsed version size field","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"label","description":"Parsed version 'gen' field","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_hit_date","description":"Apple date format for last thumbnail cache hit","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hit_count","description":"Number of cache hits on thumbnail","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icon_mode","description":"Thumbnail icon mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"cache_path","description":"Path to cache data","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"registry","description":"All of the Windows registry hives.","platforms":["windows"],"columns":[{"name":"key","description":"Name of the key to search for","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Full path to the value","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of the registry value entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of the registry value, or 'subkey' if item is a subkey","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data content of registry value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtime","description":"timestamp of the most recent registry write","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"routes","description":"The active route table for the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"destination","description":"Destination IP address","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"netmask","description":"Netmask length","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"gateway","description":"Route gateway","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Route source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"flags","description":"Flags to describe route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"interface","description":"Route local interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mtu","description":"Maximum Transmission Unit for the route","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"metric","description":"Cost of route. Lowest is preferred","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of route","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hopcount","description":"Max hops expected","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","darwin"]}]},{"name":"rpm_package_files","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"package","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"path","description":"File path within the package","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"username","description":"File default username from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"File default groupname from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"File permissions mode from info DB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Expected file size in bytes from RPM info DB","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha256","description":"SHA256 file digest from RPM info DB","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"rpm_packages","description":"RPM packages that are currently installed on the host system.","platforms":["linux"],"columns":[{"name":"name","description":"RPM package name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"version","description":"Package version","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"release","description":"Package release","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"source","description":"Source RPM package name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Package size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sha1","description":"SHA1 hash of the package contents","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Architecture(s) supported","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"epoch","description":"Package epoch value","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"install_time","description":"When the package was installed","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"Package vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"package_group","description":"Package group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"mount_namespace_id","description":"Mount namespace id","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"running_apps","description":"macOS applications currently running on the host system.","platforms":["darwin"],"columns":[{"name":"pid","description":"The pid of the application","type":"integer","notes":"","hidden":false,"required":false,"index":true},{"name":"bundle_identifier","description":"The bundle identifier of the application","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"is_active","description":"(DEPRECATED)","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"safari_extensions","description":"Safari browser extension details for all users. This table requires Full Disk Access (FDA) permission.","platforms":["darwin"],"columns":[{"name":"uid","description":"The local user that owns the extension","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Extension display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension long version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sdk","description":"Bundle SDK used to compile extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_url","description":"Extension-supplied update URI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"author","description":"Optional extension author","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Optional developer identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional extension description text","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to extension XAR bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_version","description":"The version of the build that identifies an iteration of the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"copyright","description":"A human-readable copyright notice for the bundle","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"extension_type","description":"Extension Type: WebOrAppExtension or LegacyExtension","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sandboxes","description":"macOS application sandboxes container details.","platforms":["darwin"],"columns":[{"name":"label","description":"UTI-format bundle or label ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"Sandbox owner","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Application sandboxings enabled on container","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_id","description":"Sandbox-specific identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"Application bundle used by the sandbox","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to sandbox container directory","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"scheduled_tasks","description":"Lists all of the tasks in the Windows task scheduler.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Actions executed by the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to the executable to be run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether or not the scheduled task is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of the scheduled task","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"Whether or not the task is visible in the UI","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_time","description":"Timestamp the task last ran","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"next_run_time","description":"Timestamp the task is scheduled to run next","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_message","description":"Exit status message of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_run_code","description":"Exit status code of the last task run","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"screenlock","description":"macOS screenlock status. Note: only fetches results for osquery's current logged-in user context. The user must also have recently logged in.","platforms":["darwin"],"columns":[{"name":"enabled","description":"1 If a password is required after sleep or the screensaver begins; else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grace_period","description":"The amount of time in seconds the screen must be asleep or the screensaver on before a password is required on-wake. 0 = immediately; -1 = no password is required on-wake","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"seccomp_events","description":"A virtual table that tracks seccomp events.","platforms":["linux"],"columns":[{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit user ID (loginuid) of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"User ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Group ID of the user who started the analyzed process","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ses","description":"Session ID of the session from which the analyzed process was invoked","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID","type":"unsigned_bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"comm","description":"Command-line name of the command that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exe","description":"The path to the executable that was used to invoke the analyzed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sig","description":"Signal value sent to process by seccomp","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"Information about the CPU architecture","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"syscall","description":"Type of the system call","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"compat","description":"Is system call in compatibility mode","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ip","description":"Instruction pointer value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"code","description":"The seccomp action","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"secureboot","description":"Secure Boot UEFI Settings.","platforms":["darwin","linux","windows"],"columns":[{"name":"secure_boot","description":"Whether secure boot is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"secure_mode","description":"(Intel) Secure mode: 0 disabled, 1 full security, 2 medium security","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"description","description":"(Apple Silicon) Human-readable description: 'Full Security', 'Reduced Security', or 'Permissive Security'","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"kernel_extensions","description":"(Apple Silicon) Allow user management of kernel extensions from identified developers (1 if allowed)","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"mdm_operations","description":"(Apple Silicon) Allow remote (MDM) management of kernel extensions and automatic software updates (1 if allowed)","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"setup_mode","description":"Whether setup mode is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux","windows","win32","cygwin"]}]},{"name":"security_profile_info","description":"Information on the security profile of a given system by listing the system Account and Audit Policies. This table mimics the exported securitypolicy output from the secedit tool.","platforms":["windows"],"columns":[{"name":"minimum_password_age","description":"Determines the minimum number of days that a password must be used before the user can change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_password_age","description":"Determines the maximum number of days that a password can be used before the client requires the user to change it","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minimum_password_length","description":"Determines the least number of characters that can make up a password for a user account","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_complexity","description":"Determines whether passwords must meet a series of strong-password guidelines","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"password_history_size","description":"Number of unique new passwords that must be associated with a user account before an old password can be reused","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lockout_bad_count","description":"Number of failed logon attempts after which a user account MUST be locked out","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"logon_to_change_password","description":"Determines if logon session is required to change the password","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"force_logoff_when_expire","description":"Determines whether SMB client sessions with the SMB server will be forcibly disconnected when the client's logon hours expire","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"new_administrator_name","description":"Determines the name of the Administrator account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"new_guest_name","description":"Determines the name of the Guest account on the local computer","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"clear_text_password","description":"Determines whether passwords MUST be stored by using reversible encryption","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"lsa_anonymous_name_lookup","description":"Determines if an anonymous user is allowed to query the local LSA policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_admin_account","description":"Determines whether the Administrator account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enable_guest_account","description":"Determines whether the Guest account on the local computer is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_system_events","description":"Determines whether the operating system MUST audit System Change, System Startup, System Shutdown, Authentication Component Load, and Loss or Excess of Security events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_logon_events","description":"Determines whether the operating system MUST audit each instance of a user attempt to log on or log off this computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_object_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access a non-Active Directory object that has its own SACL specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_privilege_use","description":"Determines whether the operating system MUST audit each instance of user attempts to exercise a user right","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_policy_change","description":"Determines whether the operating system MUST audit each instance of user attempts to change user rights assignment policy, audit policy, account policy, or trust policy","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_manage","description":"Determines whether the operating system MUST audit each event of account management on a computer","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_process_tracking","description":"Determines whether the operating system MUST audit process-related events","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_ds_access","description":"Determines whether the operating system MUST audit each instance of user attempts to access an Active Directory object that has its own system access control list (SACL) specified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"audit_account_logon","description":"Determines whether the operating system MUST audit each time this computer validates the credentials of an account","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"selinux_events","description":"Track SELinux events.","platforms":["linux"],"columns":[{"name":"type","description":"Event type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"selinux_settings","description":"Track active SELinux settings.","platforms":["linux"],"columns":[{"name":"scope","description":"Where the key is located inside the SELinuxFS mount point.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key","description":"Key or class name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Active value.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"services","description":"Lists all installed Windows services and their relevant data.","platforms":["windows"],"columns":[{"name":"name","description":"Service name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_type","description":"Service Type: OWN_PROCESS, SHARE_PROCESS and maybe Interactive (can interact with the desktop)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"display_name","description":"Service Display name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Service Current status: STOPPED, START_PENDING, STOP_PENDING, RUNNING, CONTINUE_PENDING, PAUSE_PENDING, PAUSED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the Process ID of the service","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"start_type","description":"Service start type: BOOT_START, SYSTEM_START, AUTO_START, DEMAND_START, DISABLED","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win32_exit_code","description":"The error code that the service uses to report an error that occurs when it is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_exit_code","description":"The service-specific error code that the service returns when an error occurs while the service is starting or stopping","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to Service Executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module_path","description":"Path to ServiceDll","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Service Description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account","description":"The name of the account that the service process will be logged on as when it runs. This name can be of the form Domain\\UserName. If the account belongs to the built-in domain, the name can be of the form .\\UserName.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shadow","description":"Local system users encrypted passwords and related information. Please note, that you usually need superuser rights to access `/etc/shadow`.","platforms":["linux"],"columns":[{"name":"password_status","description":"Password status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hash_alg","description":"Password hashing algorithm","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_change","description":"Date of last password change (starting from UNIX epoch date)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"min","description":"Minimal number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"max","description":"Maximum number of days between password changes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"warning","description":"Number of days before password expires to warn user about it","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Number of days after password expires until account is blocked","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"expire","description":"Number of days since UNIX epoch date until account is disabled","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"flag","description":"Reserved","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"shared_folders","description":"Folders available to others via SMB or AFP.","platforms":["darwin"],"columns":[{"name":"name","description":"The shared name of the folder as it appears to other users","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Absolute path of shared folder on the local system","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_memory","description":"OS shared memory regions.","platforms":["linux"],"columns":[{"name":"shmid","description":"Shared memory segment ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner_uid","description":"User ID of owning process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_uid","description":"User ID of creator process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID to last use the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"creator_pid","description":"Process ID that created the segment","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"atime","description":"Attached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"dtime","description":"Detached time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"ctime","description":"Changed time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Memory segment permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Size in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"attached","description":"Number of attached processes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Destination/attach status","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"locked","description":"1 if segment is locked else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shared_resources","description":"Displays shared resources on a computer system running Windows. This may be a disk drive, printer, interprocess communication, or other sharable device.","platforms":["windows"],"columns":[{"name":"description","description":"A textual description of the object","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"install_date","description":"Indicates when the object was installed. Lack of a value does not indicate that the object is not installed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"String that indicates the current status of the object.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"allow_maximum","description":"Number of concurrent users for this resource has been limited. If True, the value in the MaximumAllowed property is ignored.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"maximum_allowed","description":"Limit on the maximum number of users allowed to use this resource concurrently. The value is only valid if the AllowMaximum property is set to FALSE.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Alias given to a path set up as a share on a computer system running Windows.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Local path of the Windows share.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of resource being shared. Types include: disk drives, print queues, interprocess communications (IPC), and general devices.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"type_name","description":"Human readable value for the 'type' column","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sharing_preferences","description":"macOS Sharing preferences.","platforms":["darwin"],"columns":[{"name":"screen_sharing","description":"1 If screen sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"file_sharing","description":"1 If file sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"printer_sharing","description":"1 If printer sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_login","description":"1 If remote login is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_management","description":"1 If remote management is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_apple_events","description":"1 If remote apple events are enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"internet_sharing","description":"1 If internet sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bluetooth_sharing","description":"1 If bluetooth sharing is enabled for any user else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disc_sharing","description":"1 If CD or DVD sharing is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"content_caching","description":"1 If content caching is enabled else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shell_history","description":"A line-delimited (command) table of per-user .*_history data.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"Shell history owner","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Entry timestamp. It could be absent, default value is 0.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"command","description":"Unparsed date/line/command history line","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"history_file","description":"Path to the .*_history for this user","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shellbags","description":"Shows directories accessed via Windows Explorer.","platforms":["windows"],"columns":[{"name":"sid","description":"User SID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Shellbags source Registry file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Directory name.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"Directory Modified time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"created_time","description":"Directory Created time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"accessed_time","description":"Directory Accessed time.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_entry","description":"Directory master file table entry.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"mft_sequence","description":"Directory master file table sequence.","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"shimcache","description":"Application Compatibility Cache, contains artifacts of execution.","platforms":["windows"],"columns":[{"name":"entry","description":"Execution order.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"This is the path to the executed file.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"modified_time","description":"File Modified time.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"execution_flag","description":"Boolean Execution flag, 1 for execution, 0 for no execution, -1 for missing (this flag does not exist on Windows 10 and higher).","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"signature","description":"File (executable, bundle, installer, disk) code signing status.","platforms":["darwin"],"columns":[{"name":"path","description":"Must provide a path or directory","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"hash_resources","description":"Set to 1 to also hash resources, or 0 otherwise. Default is 1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"arch","description":"If applicable, the arch of the signed code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signed","description":"1 If the file is signed else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"The signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cdhash","description":"Hash of the application Code Directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team_identifier","description":"The team signing identifier sealed into the signature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"authority","description":"Certificate Common Name","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sip_config","description":"Apple's System Integrity Protection (rootless) status.","platforms":["darwin"],"columns":[{"name":"config_flag","description":"The System Integrity Protection config flag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled_nvram","description":"1 if this configuration is enabled, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smbios_tables","description":"BIOS (DMI) structure common details and content.","platforms":["darwin","linux"],"columns":[{"name":"number","description":"Table entry number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Table entry type","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Table entry description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"handle","description":"Table entry handle","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"header_size","description":"Header size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Table entry size in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"md5","description":"MD5 hash of table entry","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"smc_keys","description":"Apple's system management controller keys.","platforms":["darwin"],"columns":[{"name":"key","description":"4-character key","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"SMC-reported type literal type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"Reported size of data in bytes","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"A type-encoded representation of the key value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hidden","description":"1 if this key is normally hidden, otherwise 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"socket_events","description":"Track network socket opens and closes.","platforms":["darwin","linux"],"columns":[{"name":"action","description":"The socket action (bind, listen, close)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of executed file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fd","description":"The file description for the process socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Either 'succeeded', 'failed', 'in_progress' (connect() on non-blocking socket) or 'no_client' (null accept() on non-blocking socket)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"family","description":"The Internet protocol family ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"The network protocol ID","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"local_address","description":"Local address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_address","description":"Remote address associated with socket","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_port","description":"Local network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_port","description":"Remote network protocol port number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"socket","description":"The local path (UNIX domain socket only)","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"success","description":"Deprecated. Use the 'status' column instead","type":"integer","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ssh_configs","description":"A table of parsed ssh_configs.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local owner of the ssh_config file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"block","description":"The host or match block","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"option","description":"The option and value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_config_file","description":"Path to the ssh_config file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"startup_items","description":"Applications and binaries set as user/login startup items.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Name of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"args","description":"Arguments provided to startup executable","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Startup Item or Login Item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Directory or plist containing startup item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"status","description":"Startup status; either enabled or disabled","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"The user associated with the startup item","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"sudoers","description":"Rules for running commands as other users via sudo.","platforms":["darwin","linux"],"columns":[{"name":"source","description":"Source file containing the given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"header","description":"Symbol for given rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rule_details","description":"Rule definition","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"suid_bin","description":"suid binaries in common locations.","platforms":["darwin","linux"],"columns":[{"name":"path","description":"Binary path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Binary owner username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Binary owner group","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"permissions","description":"Binary permissions","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"syslog_events","description":"","platforms":["linux"],"columns":[{"name":"time","description":"Current unix epoch time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Time known to syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"host","description":"Hostname configured for syslog","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"severity","description":"Syslog severity","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"facility","description":"Syslog facility","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tag","description":"The syslog tag","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"The syslog message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"system_controls","description":"sysctl names, values, and settings information.","platforms":["darwin","linux"],"columns":[{"name":"name","description":"Full sysctl MIB name","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"oid","description":"Control MIB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"Subsystem ID, control type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_value","description":"Value of setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"config_value","description":"The MIB value set in /etc/sysctl.conf","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Data type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"field_name","description":"Specific attribute of opaque type","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]}]},{"name":"system_extensions","description":"macOS (>= 10.15) system extension table.","platforms":["darwin"],"columns":[{"name":"path","description":"Original path of system extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"UUID","description":"Extension unique id","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"System extension state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identifier","description":"Identifier name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"System extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"System extension category","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bundle_path","description":"System extension bundle path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"team","description":"Signing team ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mdm_managed","description":"1 if managed by MDM system extension payload configuration, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"system_info","description":"System information for identification.","platforms":["darwin","linux","windows"],"columns":[{"name":"hostname","description":"Network hostname including domain","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Unique ID provided by the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_type","description":"CPU type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_subtype","description":"CPU subtype","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_brand","description":"CPU brand string, contains vendor and model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_physical_cores","description":"Number of physical CPU cores in to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_logical_cores","description":"Number of logical CPU cores available to the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_sockets","description":"Number of processor sockets in the system","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"cpu_microcode","description":"Microcode version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_memory","description":"Total physical memory in bytes","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_vendor","description":"Hardware vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_model","description":"Hardware model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_version","description":"Hardware version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hardware_serial","description":"Device serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_vendor","description":"Board vendor","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_model","description":"Board model","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_version","description":"Board version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"board_serial","description":"Board serial number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Friendly computer name (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_hostname","description":"Local hostname (optional)","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"systemd_units","description":"Track systemd units.","platforms":["linux"],"columns":[{"name":"id","description":"Unique unit identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Unit description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"load_state","description":"Reflects whether the unit definition was properly loaded","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"active_state","description":"The high-level unit activation state, i.e. generalization of SUB","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sub_state","description":"The low-level unit activation state, values depend on unit type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unit_file_state","description":"Whether the unit file is enabled, e.g. `enabled`, `masked`, `disabled`, etc","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"following","description":"The name of another unit that this unit follows in state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_path","description":"The object path for this unit","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_id","description":"Next queued job id","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"job_type","description":"Job type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"job_path","description":"The object path for the job","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"fragment_path","description":"The unit file path this unit was read from, if there is any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user","description":"The configured user, if any","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source_path","description":"Path to the (possibly generated) unit configuration file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"temperature_sensors","description":"Machine's temperature sensors.","platforms":["darwin"],"columns":[{"name":"key","description":"The SMC key on macOS","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"Name of temperature source","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"celsius","description":"Temperature in Celsius","type":"double","notes":"","hidden":false,"required":false,"index":false},{"name":"fahrenheit","description":"Temperature in Fahrenheit","type":"double","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time","description":"Track current date and time in UTC.","platforms":["darwin","linux","windows"],"columns":[{"name":"weekday","description":"Current weekday in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"year","description":"Current year in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"month","description":"Current month in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"day","description":"Current day in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hour","description":"Current hour in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Current minutes in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Current seconds in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timezone","description":"Timezone for reported time (hardcoded to UTC)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_timezone","description":"Current local timezone in of the system","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"unix_time","description":"Current UNIX time in UTC","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"timestamp","description":"Current timestamp (log format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"Current date and time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"iso_8601","description":"Current time (ISO format) in UTC","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"win_timestamp","description":"Timestamp value in 100 nanosecond units","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]}]},{"name":"time_machine_backups","description":"Backups to drives using TimeMachine. This table requires Full Disk Access (FDA) permission.","platforms":["darwin"],"columns":[{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"backup_date","description":"Backup Date","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"time_machine_destinations","description":"Locations backed up to using Time Machine. This table requires Full Disk Access (FDA) permission.","platforms":["darwin"],"columns":[{"name":"alias","description":"Human readable name of drive","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"destination_id","description":"Time Machine destination ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"consistency_scan_date","description":"Consistency scan date","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"root_volume_uuid","description":"Root UUID of backup volume","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_available","description":"Bytes available on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"bytes_used","description":"Bytes used on volume","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"encryption","description":"Last known encrypted state","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"tpm_info","description":"A table that lists the TPM related information.","platforms":["windows"],"columns":[{"name":"activated","description":"TPM is activated","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"TPM is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owned","description":"TPM is owned","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_version","description":"TPM version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_id","description":"TPM manufacturers ID","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer_name","description":"TPM manufacturers name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"product_name","description":"Product name of the TPM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"physical_presence_version","description":"Version of the Physical Presence Interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"spec_version","description":"Trusted Computing Group specification that the TPM supports","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"ulimit_info","description":"System resource usage limits.","platforms":["darwin","linux"],"columns":[{"name":"type","description":"System resource to be limited","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"soft_limit","description":"Current limit value","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hard_limit","description":"Maximum limit value","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"unified_log","description":"Queries the OSLog framework for entries in the system log. The maximum number of rows returned is limited for performance issues. Use timestamp > or >= constraints to optimize query performance. This table introduces a new idiom for extracting sequential data in batches using multiple queries, ordered by timestamp. To trigger it, the user should include the condition \"timestamp > -1\", and the table will handle pagination. Note that the saved pagination counter is incremented globally across all queries and table invocations within a query. To avoid multiple table invocations within a query, use only AND and = constraints in WHERE clause.","platforms":["darwin"],"columns":[{"name":"timestamp","description":"unix timestamp associated with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"storage","description":"the storage category for the entry","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"composed message","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"activity","description":"the activity ID associate with the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"process","description":"the name of the process that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"the pid of the process that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sender","description":"the name of the binary image that made the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"the tid of the thread that made the entry","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"the category of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subsystem","description":"the subsystem of the os_log_t used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"the severity level of the entry","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"max_rows","description":"the max number of rows returned (defaults to 100)","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"predicate","description":"predicate to search (see `log help predicates`), note that this is merged into the predicate created from the column constraints","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"uptime","description":"Track time passed since last boot. Some systems track this as calendar time, some as runtime.","platforms":["darwin","linux","windows"],"columns":[{"name":"days","description":"Days of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"hours","description":"Hours of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minutes","description":"Minutes of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"seconds","description":"Seconds of uptime","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"total_seconds","description":"Total uptime seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"usb_devices","description":"USB devices that are actively plugged into the host system.","platforms":["darwin","linux"],"columns":[{"name":"usb_address","description":"USB Device used address","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"usb_port","description":"USB Device used port","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor","description":"USB Device vendor string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"vendor_id","description":"Hex encoded USB Device vendor identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"USB Device version number","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"USB Device model string","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model_id","description":"Hex encoded USB Device model identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial","description":"USB Device serial connection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"USB Device class","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"subclass","description":"USB Device subclass","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"USB Device protocol","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"removable","description":"1 If USB device is removable else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_events","description":"Track user events from the audit framework.","platforms":["darwin","linux"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"auid","description":"Audit User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"message","description":"Message from the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The file description for the process socket","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Supplied path from event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"address","description":"The Internet protocol address or family ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"terminal","description":"The network protocol ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of execution in UNIX time","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uptime","description":"Time of execution in system uptime","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"user_groups","description":"Local system user group relationships.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true}]},{"name":"user_interaction_events","description":"Track user interaction events from macOS' event tapping framework.","platforms":["darwin"],"columns":[{"name":"time","description":"Time","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"user_ssh_keys","description":"Returns the private keys in the users ~/.ssh directory and whether or not they are encrypted.","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"The local user that owns the key file","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to key file","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"encrypted","description":"1 if key is encrypted, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"key_type","description":"The type of the private key. One of [rsa, dsa, dh, ec, hmac, cmac], or the empty string.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_group_name","description":"The group of the private key. Supported for a subset of key_types implemented by OpenSSL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"key_length","description":"The cryptographic length of the cryptosystem to which the private key belongs, in bits. Definition of cryptographic length is specific to cryptosystem. -1 if unavailable","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"key_security_bits","description":"The number of security bits of the private key, bits of security as defined in NIST SP800-57. -1 if unavailable","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"userassist","description":"UserAssist Registry Key tracks when a user executes an application from Windows Explorer.","platforms":["windows"],"columns":[{"name":"path","description":"Application file path.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_execution_time","description":"Most recent time application was executed.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of times the application has been executed.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sid","description":"User SID.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"include_remote","description":"1 to include remote (LDAP/AD) accounts (default 0). Warning: without any uid/username filtering it may list whole LDAP directories","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"video_info","description":"Retrieve video card information of the machine.","platforms":["windows"],"columns":[{"name":"color_depth","description":"The amount of bits per pixel to represent color.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"driver","description":"The driver of the device.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_date","description":"The date listed on the installed driver.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"driver_version","description":"The version of the installed driver.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"manufacturer","description":"The manufacturer of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"model","description":"The model of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"series","description":"The series of the gpu.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"video_mode","description":"The current resolution of the display.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"virtual_memory_info","description":"Darwin Virtual Memory statistics.","platforms":["darwin"],"columns":[{"name":"free","description":"Total number of free pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"active","description":"Total number of active pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"inactive","description":"Total number of inactive pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"speculative","description":"Total number of speculative pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"throttled","description":"Total number of throttled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"wired","description":"Total number of wired down pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purgeable","description":"Total number of purgeable pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"faults","description":"Total number of calls to vm_faults.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"copy","description":"Total number of copy-on-write pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"zero_fill","description":"Total number of zero filled pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"reactivated","description":"Total number of reactivated pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"purged","description":"Total number of purged pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"file_backed","description":"Total number of file backed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"anonymous","description":"Total number of anonymous pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uncompressed","description":"Total number of uncompressed pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressor","description":"The number of pages used to store compressed VM pages.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"decompressed","description":"The total number of pages that have been decompressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"compressed","description":"The total number of pages that have been compressed by the VM compressor.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_ins","description":"The total number of requests for pages from a pager.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"page_outs","description":"Total number of pages paged out.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_ins","description":"The total number of compressed pages that have been swapped out to disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"swap_outs","description":"The total number of compressed pages that have been swapped back in from disk.","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"vscode_extensions","description":"Lists all vscode extensions.","platforms":["darwin","linux","windows"],"columns":[{"name":"name","description":"Extension Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"Extension UUID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"Extension version","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Extension path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher","description":"Publisher Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"publisher_id","description":"Publisher ID","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"installed_at","description":"Installed Timestamp","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"prerelease","description":"Pre release version","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"The local user that owns the plugin","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_networks","description":"macOS known/remembered Wi-Fi networks list.","platforms":["darwin"],"columns":[{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"last_connected","description":"Last time this network was connected to as a unix_time","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"passpoint","description":"1 if Passpoint is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"possibly_hidden","description":"1 if network is possibly a hidden network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"roaming","description":"1 if roaming is supported, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"roaming_profile","description":"Describe the roaming profile, usually one of Single, Dual or Multi","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_login","description":"1 if auto login is enabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"temporarily_disabled","description":"1 if this network is temporarily disabled, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"disabled","description":"1 if this network is disabled, 0 otherwise","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"add_reason","description":"Shows why this network was added, via menubar or command line or something else ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"added_at","description":"Time this network was added as a unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_portal","description":"1 if this network has a captive portal, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"captive_login_date","description":"Time this network logged in to a captive portal as unix_time","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"was_captive_network","description":"1 if this network was previously a captive network, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"auto_join","description":"1 if this network set to join automatically, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"personal_hotspot","description":"1 if this network is a personal hotspot, 0 otherwise","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_status","description":"macOS current WiFi status.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"security_type","description":"Type of security on this network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"transmit_rate","description":"The current transmit rate","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mode","description":"The current operating mode for the Wi-Fi interface","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wifi_survey","description":"Scan for nearby WiFi networks.","platforms":["darwin"],"columns":[{"name":"interface","description":"Name of the interface","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssid","description":"SSID octets of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"bssid","description":"The current basic service set identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"network_name","description":"Name of the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"country_code","description":"The country code (ISO/IEC 3166-1:1997) for the network","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"rssi","description":"The current received signal strength indication (dbm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"noise","description":"The current noise measurement (dBm)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel","description":"Channel number","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_width","description":"Channel width","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"channel_band","description":"Channel band","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"winbaseobj","description":"Lists named Windows objects in the default object directories, across all terminal services sessions. Example Windows ojbect types include Mutexes, Events, Jobs and Semaphors.","platforms":["windows"],"columns":[{"name":"session_id","description":"Terminal Services Session Id","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"object_name","description":"Object Name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"object_type","description":"Object Type","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_crashes","description":"Extracted information from Windows crash logs (Minidumps).","platforms":["windows"],"columns":[{"name":"datetime","description":"Timestamp (log format) of the crash","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"module","description":"Path of the crashed module within the process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path of the executable file for the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID of the crashed process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID of the crashed thread","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"version","description":"File version info of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"process_uptime","description":"Uptime of the process in seconds","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"stack_trace","description":"Multiple stack frames from the stack trace","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_code","description":"The Windows exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_message","description":"The NTSTATUS error message associated with the exception code","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"exception_address","description":"Address (in hex) where the exception occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"registers","description":"The values of the system registers","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line","description":"Command-line string passed to the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"current_directory","description":"Current working directory of the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username of the user who ran the crashed process","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"machine_name","description":"Name of the machine where the crash happened","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"major_version","description":"Windows major version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"minor_version","description":"Windows minor version of the machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"build_number","description":"Windows build number of the crashing machine","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Type of crash log","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"crash_path","description":"Path of the log file","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_eventlog","description":"Table for querying all recorded Windows event logs.","platforms":["windows"],"columns":[{"name":"channel","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":true,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"Severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid","description":"Process ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"tid","description":"Thread ID which emitted the event record","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"time_range","description":"System time to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"timestamp","description":"Timestamp to selectively filter the events","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"xpath","description":"The custom query to filter events","type":"text","notes":"","hidden":true,"required":true,"index":false}]},{"name":"windows_events","description":"Windows Event logs.","platforms":["windows"],"columns":[{"name":"time","description":"Timestamp the event was received","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"datetime","description":"System time at which the event occurred","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source or channel of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_name","description":"Provider name of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"provider_guid","description":"Provider guid of the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"computer_name","description":"Hostname of system where event was generated","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eventid","description":"Event ID of the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"task","description":"Task value associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"level","description":"The severity level associated with the event","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"keywords","description":"A bitmask of the keywords defined in the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"data","description":"Data associated with the event","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_firewall_rules","description":"Provides the list of Windows firewall rules.","platforms":["windows"],"columns":[{"name":"name","description":"Friendly name of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"app_name","description":"Friendly name of the application to which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Action for the rule or default setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"1 if the rule is enabled","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"grouping","description":"Group to which an individual rule belongs","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"direction","description":"Direction of traffic for which the rule applies","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"protocol","description":"IP protocol of the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_addresses","description":"Local addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_addresses","description":"Remote addresses for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"local_ports","description":"Local ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remote_ports","description":"Remote ports for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"icmp_types_codes","description":"ICMP types and codes for the rule","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_domain","description":"1 if the rule profile type is domain","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_private","description":"1 if the rule profile type is private","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"profile_public","description":"1 if the rule profile type is public","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"service_name","description":"Service name property of the application","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_optional_features","description":"Lists names and installation states of windows features. Maps to Win32_OptionalFeature WMI class.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"caption","description":"Caption of feature in settings UI","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Installation state value. 1 == Enabled, 2 == Disabled, 3 == Absent","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"statename","description":"Installation state name. 'Enabled','Disabled','Absent'","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_search","description":"Run searches against the Windows system index database using Advanced Query Syntax. See https://learn.microsoft.com/en-us/windows/win32/search/-search-3x-advancedquerysyntax for details.","platforms":["windows"],"columns":[{"name":"name","description":"The name of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"The full path of the item.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"size","description":"The item size in bytes.","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"date_created","description":"The unix timestamp of when the item was created.","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"date_modified","description":"The unix timestamp of when the item was last modified","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"owner","description":"The owner of the item","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"The item type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"properties","description":"Additional property values JSON","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows search query","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"sort","description":"Sort for windows api","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"max_results","description":"Maximum number of results returned by windows api, set to -1 for unlimited","type":"integer","notes":"","hidden":true,"required":false,"index":false},{"name":"additional_properties","description":"Comma separated list of columns to include in properties JSON","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"windows_security_center","description":"The health status of Window Security features. Health values can be \"Good\", \"Poor\". \"Snoozed\", \"Not Monitored\", and \"Error\".","platforms":["windows"],"columns":[{"name":"firewall","description":"The health of the monitored Firewall (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"autoupdate","description":"The health of the Windows Autoupdate feature","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antivirus","description":"The health of the monitored Antivirus solution (see windows_security_products)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"antispyware","description":"Deprecated (always 'Good').","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"internet_settings","description":"The health of the Internet Settings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"windows_security_center_service","description":"The health of the Windows Security Center Service","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_account_control","description":"The health of the User Account Control (UAC) capability in Windows","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_security_products","description":"Enumeration of registered Windows security products. Note: Not compatible with Windows Server.","platforms":["windows"],"columns":[{"name":"type","description":"Type of security product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of product","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"State of protection","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state_timestamp","description":"Timestamp for the product state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"remediation_path","description":"Remediation path","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"signatures_up_to_date","description":"1 if product signatures are up to date, else 0","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"windows_update_history","description":"Provides the history of the windows update events.","platforms":["windows"],"columns":[{"name":"client_app_id","description":"Identifier of the client application that processed an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"date","description":"Date and the time an update was applied","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hresult","description":"HRESULT value that is returned from the operation on an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"operation","description":"Operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"result_code","description":"Result of an operation on an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"server_selection","description":"Value that indicates which server provided an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"service_id","description":"Service identifier of an update service that is not a Windows update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"support_url","description":"Hyperlink to the language-specific support information for an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"title","description":"Title of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_id","description":"Revision-independent identifier of an update","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"update_revision","description":"Revision number of an update","type":"bigint","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_bios_info","description":"Lists important information from the system bios.","platforms":["windows"],"columns":[{"name":"name","description":"Name of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"value","description":"Value of the Bios setting","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_cli_event_consumers","description":"WMI CommandLineEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique name of a consumer.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"command_line_template","description":"Standard string template that specifies the process to be started. This property can be NULL, and the ExecutablePath property is used as the command line.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"executable_path","description":"Module to execute. The string can specify the full path and file name of the module to execute, or it can specify a partial name. If a partial name is specified, the current drive and current directory are assumed.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_event_filters","description":"Lists WMI event filters.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier of an event filter.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query","description":"Windows Management Instrumentation Query Language (WQL) event query that specifies the set of events for consumer notification, and the specific conditions for notification.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"query_language","description":"Query language that the query is written in.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_filter_consumer_binding","description":"Lists the relationship between event consumers and filters.","platforms":["windows"],"columns":[{"name":"consumer","description":"Reference to an instance of __EventConsumer that represents the object path to a logical consumer, the recipient of an event.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filter","description":"Reference to an instance of __EventFilter that represents the object path to an event filter which is a query that specifies the type of event to be received.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"wmi_script_event_consumers","description":"WMI ActiveScriptEventConsumer, which can be used for persistence on Windows. See https://www.blackhat.com/docs/us-15/materials/us-15-Graeber-Abusing-Windows-Management-Instrumentation-WMI-To-Build-A-Persistent%20Asynchronous-And-Fileless-Backdoor-wp.pdf for more details.","platforms":["windows"],"columns":[{"name":"name","description":"Unique identifier for the event consumer. ","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"scripting_engine","description":"Name of the scripting engine to use, for example, 'VBScript'. This property cannot be NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_file_name","description":"Name of the file from which the script text is read, intended as an alternative to specifying the text of the script in the ScriptText property.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"script_text","description":"Text of the script that is expressed in a language known to the scripting engine. This property must be NULL if the ScriptFileName property is not NULL.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"class","description":"The name of the class.","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"relative_path","description":"Relative path to the class or instance.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_entries","description":"Database of the machine's XProtect signatures.","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"launch_type","description":"Launch services content type","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"identity","description":"XProtect identity (SHA1) of content","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filename","description":"Use this file name to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"filetype","description":"Use this file type to match","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"optional","description":"Match any of the identities/patterns for this XProtect name","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"uses_pattern","description":"Uses a match pattern instead of identity","type":"integer","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_meta","description":"Database of the machine's XProtect browser-related signatures.","platforms":["darwin"],"columns":[{"name":"identifier","description":"Browser plugin or extension identifier","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"type","description":"Either plugin or extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"developer_id","description":"Developer identity (SHA1) of extension","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"min_version","description":"The minimum allowed plugin version.","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"xprotect_reports","description":"Database of XProtect matches (if user generated/sent an XProtect report).","platforms":["darwin"],"columns":[{"name":"name","description":"Description of XProtected malware","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"user_action","description":"Action taken by user after prompted","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Quarantine alert time","type":"text","notes":"","hidden":false,"required":false,"index":false}]},{"name":"yara","description":"Triggers one-off YARA query for files at the specified path. Requires one of `sig_group`, `sigfile`, or `sigrule`.","platforms":["darwin","linux","windows"],"columns":[{"name":"path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":true,"index":true},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"sig_group","description":"Signature group used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigfile","description":"Signature file used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigrule","description":"Signature strings used","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"sigurl","description":"Signature url","type":"text","notes":"","hidden":true,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"yara_events","description":"Track YARA matches for files specified in configuration data.","platforms":["darwin","linux","windows"],"columns":[{"name":"target_path","description":"The path scanned","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"category","description":"The category of the file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"action","description":"Change action (UPDATE, REMOVE, etc)","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"transaction_id","description":"ID used during bulk update","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"matches","description":"List of YARA matches","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"count","description":"Number of YARA matches","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"strings","description":"Matching strings","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"tags","description":"Matching tags","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"time","description":"Time of the scan","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"eid","description":"Event ID","type":"text","notes":"","hidden":true,"required":false,"index":false}]},{"name":"ycloud_instance_metadata","description":"Yandex.Cloud instance metadata.","platforms":["darwin","linux","windows"],"columns":[{"name":"instance_id","description":"Unique identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"folder_id","description":"Folder identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cloud_id","description":"Cloud identifier for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"name","description":"Name of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Description of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"hostname","description":"Hostname of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"zone","description":"Availability zone of the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"ssh_public_key","description":"SSH public key. Only available if supplied at instance launch time","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"serial_port_enabled","description":"Indicates if serial port is enabled for the VM","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metadata_endpoint","description":"Endpoint used to fetch VM metadata","type":"text","notes":"","hidden":false,"required":false,"index":true}]},{"name":"yum_sources","description":"Current list of Yum repositories or software channels.","platforms":["linux"],"columns":[{"name":"name","description":"Repository name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"source","description":"Source file","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"baseurl","description":"Repository base URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"mirrorlist","description":"Mirrorlist URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"metalink","description":"Metalink URL","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"enabled","description":"Whether the repository is used","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgcheck","description":"Whether packages are GPG checked","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"gpgkey","description":"URL to GPG key","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_users","description":"Local user accounts (including domain accounts that have logged on locally (Windows)).","platforms":["darwin","linux","windows"],"columns":[{"name":"uid","description":"User ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid","description":"Group ID (unsigned)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"uid_signed","description":"User ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid_signed","description":"Default group ID as int64 signed (Apple)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"username","description":"Username","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"description","description":"Optional user description","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"directory","description":"User's home directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"shell","description":"User's configured default shell","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uuid","description":"User's UUID (Apple) or SID (Windows)","type":"text","notes":"","hidden":false,"required":false,"index":true},{"name":"type","description":"Whether the account is roaming (domain), local, or a system profile","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]},{"name":"include_remote","description":"1 to include remote (LDAP/AD) accounts (default 0). Warning: without any uid/username filtering it may list whole LDAP directories","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_groups","description":"Local system groups.","platforms":["darwin","linux","windows"],"columns":[{"name":"gid","description":"Unsigned int64 group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"gid_signed","description":"A signed int64 version of gid","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"groupname","description":"Canonical local group name","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"group_sid","description":"Unique group ID","type":"text","notes":"","hidden":true,"required":false,"index":true,"platforms":["windows","win32","cygwin"]},{"name":"comment","description":"Remarks or comments associated with the group","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"is_hidden","description":"IsHidden attribute set in OpenDirectory","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"pid_with_namespace","description":"Pids that contain a namespace","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["linux"]}]},{"name":"host_processes","description":"All running processes on the host system.","platforms":["darwin","linux","windows"],"columns":[{"name":"pid","description":"Process (or thread) ID","type":"bigint","notes":"","hidden":false,"required":false,"index":true},{"name":"name","description":"The process path or shorthand argv[0]","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"path","description":"Path to executed binary","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cmdline","description":"Complete argv","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"state","description":"Process state","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"cwd","description":"Process current working directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"root","description":"Process virtual root directory","type":"text","notes":"","hidden":false,"required":false,"index":false},{"name":"uid","description":"Unsigned user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"gid","description":"Unsigned group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"euid","description":"Unsigned effective user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"egid","description":"Unsigned effective group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"suid","description":"Unsigned saved user ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"sgid","description":"Unsigned saved group ID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"on_disk","description":"The process path exists yes=1, no=0, unknown=-1","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"wired_size","description":"Bytes of unpageable memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"resident_size","description":"Bytes of private memory used by process","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"total_size","description":"Total virtual memory size (Linux, Windows) or 'footprint' (macOS)","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"user_time","description":"CPU time in milliseconds spent in user space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"system_time","description":"CPU time in milliseconds spent in kernel space","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_read","description":"Bytes read from disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"disk_bytes_written","description":"Bytes written to disk","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"start_time","description":"Process start time in seconds since Epoch, in case of error -1","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"parent","description":"Process parent's PID","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"pgroup","description":"Process group","type":"bigint","notes":"","hidden":false,"required":false,"index":false},{"name":"threads","description":"Number of threads used by process","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"nice","description":"Process nice level (-20 to 20, default 0)","type":"integer","notes":"","hidden":false,"required":false,"index":false},{"name":"elevated_token","description":"Process uses elevated token yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"secure_process","description":"Process is secure (IUM) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"protection_type","description":"The protection type of the process","type":"text","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"virtual_process","description":"Process is virtual (e.g. System, Registry, vmmem) yes=1, no=0","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"elapsed_time","description":"Elapsed time in seconds this process has been running.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"handle_count","description":"Total number of handles that the process has open. This number is the sum of the handles currently opened by each thread in the process.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"percent_processor_time","description":"Returns elapsed time that all of the threads of this process used the processor to execute instructions in 100 nanoseconds ticks.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["windows","win32","cygwin"]},{"name":"upid","description":"A 64bit pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"uppid","description":"The 64bit parent pid that is never reused. Returns -1 if we couldn't gather them from the system.","type":"bigint","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_type","description":"Indicates the specific processor designed for installation.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cpu_subtype","description":"Indicates the specific processor on which an entry may be used.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"translated","description":"Indicates whether the process is running under the Rosetta Translation Environment, yes=1, no=0, error=-1.","type":"integer","notes":"","hidden":true,"required":false,"index":false,"platforms":["darwin"]},{"name":"cgroup_path","description":"The full hierarchical path of the process's control group","type":"text","notes":"","hidden":false,"required":false,"index":false,"platforms":["linux"]}]}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/editor/osquery_tables.ts b/x-pack/plugins/osquery/public/editor/osquery_tables.ts index 18a74cb6ac9b6..348907b236329 100644 --- a/x-pack/plugins/osquery/public/editor/osquery_tables.ts +++ b/x-pack/plugins/osquery/public/editor/osquery_tables.ts @@ -17,7 +17,7 @@ let osqueryTables: TablesJSON | null = null; export const getOsqueryTables = () => { if (!osqueryTables) { // eslint-disable-next-line @typescript-eslint/no-var-requires - osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.10.2.json')); + osqueryTables = normalizeTables(require('../common/schemas/osquery/v5.13.1.json')); } return osqueryTables; diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx index 5cd3993033378..104246579751f 100644 --- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx @@ -47,8 +47,8 @@ import { convertECSMappingToArray, convertECSMappingToObject, } from '../../../common/utils/converters'; -import ECSSchema from '../../common/schemas/ecs/v8.11.0.json'; -import osquerySchema from '../../common/schemas/osquery/v5.10.2.json'; +import ECSSchema from '../../common/schemas/ecs/v8.12.0.json'; +import osquerySchema from '../../common/schemas/osquery/v5.13.1.json'; import { FieldIcon } from '../../common/lib/kibana'; import { OsqueryIcon } from '../../components/osquery_icon'; diff --git a/x-pack/plugins/osquery/scripts/readme.md b/x-pack/plugins/osquery/scripts/readme.md index 416317ec7dbf2..143e4be551f61 100644 --- a/x-pack/plugins/osquery/scripts/readme.md +++ b/x-pack/plugins/osquery/scripts/readme.md @@ -6,8 +6,10 @@ currently manually curated). This assumes the targeted schema files will be in `public/editor/osquery_schema`. ``` -node ecs.js --schema_version=4.6.0 // (filename without .json extension) +node ecs.js --schema_version=4.6.0 // filename should be called 4.6.0.json > which will generate v4.6.0-formatted.json +``` Possibly it's going to be necessary to transform fields' names into lower case, because CSV exports Fields with Capital Letters. -node osquery.js --schema_version=4.6.0 // (filename without .json extension) +node osquery.js --schema_version=4.6.0 // filename should be called 4.6.0.json > which will generate v4.6.0-formatted.json + ``` diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts index 12ce4bd8446e6..4cf232db8e4a2 100644 --- a/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts +++ b/x-pack/plugins/osquery/scripts/schema_formatter/osquery_formatter.ts @@ -28,7 +28,7 @@ run( formattedSchema.push(...elasticTables); await fs.writeFile( - path.join(schemaPath, `v${flags.schema_version}-formatted`), + path.join(schemaPath, `v${flags.schema_version}-formatted.json`), JSON.stringify(formattedSchema) ); }, From 0c222addbb417e0a1f08091108d5eba24f543764 Mon Sep 17 00:00:00 2001 From: Saarika Bhasi <55930906+saarikabhasi@users.noreply.github.com> Date: Thu, 19 Sep 2024 12:50:19 -0400 Subject: [PATCH 05/74] [Onboarding] Add mappings component to index details page (#193314) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary This PR adds mappings component to index detail page. Screenshot 2024-09-18 at 11 26 55 AM ### Checklist Delete any items that are not applicable to this PR. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --- x-pack/plugins/search_indices/kibana.jsonc | 1 + .../search_indices/public/application.tsx | 5 +- .../components/indices/details_page.tsx | 57 +++++++++++++++---- .../indices/details_page_mappings.tsx | 30 ++++++++++ .../components/indices/indices_router.tsx | 33 ++++++++--- .../plugins/search_indices/public/routes.ts | 5 ++ x-pack/plugins/search_indices/public/types.ts | 2 + .../svl_search_index_detail_page.ts | 16 +++++- .../test_suites/search/search_index_detail.ts | 35 ++++++++---- 9 files changed, 144 insertions(+), 40 deletions(-) create mode 100644 x-pack/plugins/search_indices/public/components/indices/details_page_mappings.tsx diff --git a/x-pack/plugins/search_indices/kibana.jsonc b/x-pack/plugins/search_indices/kibana.jsonc index 303a264d2bafd..63fbf63609dff 100644 --- a/x-pack/plugins/search_indices/kibana.jsonc +++ b/x-pack/plugins/search_indices/kibana.jsonc @@ -12,6 +12,7 @@ ], "requiredPlugins": [ "share", + "indexManagement", ], "optionalPlugins": [ "cloud", diff --git a/x-pack/plugins/search_indices/public/application.tsx b/x-pack/plugins/search_indices/public/application.tsx index 62c4edb42d02c..c196020319589 100644 --- a/x-pack/plugins/search_indices/public/application.tsx +++ b/x-pack/plugins/search_indices/public/application.tsx @@ -13,7 +13,6 @@ import { KibanaContextProvider } from '@kbn/kibana-react-plugin/public'; import { I18nProvider } from '@kbn/i18n-react'; import { QueryClient, QueryClientProvider } from '@tanstack/react-query'; -import { Router } from '@kbn/shared-ux-router'; import { UsageTrackerContextProvider } from './contexts/usage_tracker_context'; import { SearchIndicesServicesContextDeps } from './types'; @@ -30,9 +29,7 @@ export const renderApp = async ( - - - + diff --git a/x-pack/plugins/search_indices/public/components/indices/details_page.tsx b/x-pack/plugins/search_indices/public/components/indices/details_page.tsx index ed498a777d712..bca02f1ef1264 100644 --- a/x-pack/plugins/search_indices/public/components/indices/details_page.tsx +++ b/x-pack/plugins/search_indices/public/components/indices/details_page.tsx @@ -10,7 +10,6 @@ import { EuiButton, EuiPageTemplate, EuiFlexItem, - EuiTabbedContent, EuiFlexGroup, EuiPopover, EuiButtonIcon, @@ -19,8 +18,10 @@ import { EuiText, EuiIcon, EuiButtonEmpty, + EuiTabbedContent, + EuiTabbedContentTab, } from '@elastic/eui'; -import React, { useCallback, useMemo, useState } from 'react'; +import React, { useCallback, useEffect, useMemo, useState } from 'react'; import { useParams } from 'react-router-dom'; import { FormattedMessage } from '@kbn/i18n-react'; import { i18n } from '@kbn/i18n'; @@ -33,11 +34,14 @@ import { useIndexMapping } from '../../hooks/api/use_index_mappings'; import { IndexDocuments } from '../index_documents/index_documents'; import { DeleteIndexModal } from './delete_index_modal'; import { IndexloadingError } from './details_page_loading_error'; +import { SearchIndicesDetailsMappingsTabs } from '../../routes'; +import { SearchIndexDetailsMappings } from './details_page_mappings'; export const SearchIndexDetailsPage = () => { const indexName = decodeURIComponent(useParams<{ indexName: string }>().indexName); - const { console: consolePlugin, docLinks, application } = useKibana().services; + const tabId = decodeURIComponent(useParams<{ tabId: string }>().tabId); + const { console: consolePlugin, docLinks, application, history } = useKibana().services; const { data: index, refetch, isError: isIndexError, isInitialLoading } = useIndex(indexName); const { data: mappings, @@ -45,6 +49,41 @@ export const SearchIndexDetailsPage = () => { isInitialLoading: isMappingsInitialLoading, } = useIndexMapping(indexName); + const SearchIndexDetailsTabs: EuiTabbedContentTab[] = useMemo(() => { + return [ + { + id: SearchIndicesDetailsMappingsTabs.DATA, + name: i18n.translate('xpack.searchIndices.documentsTabLabel', { + defaultMessage: 'Data', + }), + content: , + 'data-test-subj': `${SearchIndicesDetailsMappingsTabs.DATA}Tab`, + }, + { + id: SearchIndicesDetailsMappingsTabs.MAPPINGS, + name: i18n.translate('xpack.searchIndices.mappingsTabLabel', { + defaultMessage: 'Mappings', + }), + content: , + 'data-test-subj': `${SearchIndicesDetailsMappingsTabs.MAPPINGS}Tab`, + }, + ]; + }, [index, indexName]); + + const [selectedTab, setSelectedTab] = useState(SearchIndexDetailsTabs[0]); + + useEffect(() => { + const newTab = SearchIndexDetailsTabs.find((tab) => tab.id === tabId); + if (newTab) setSelectedTab(newTab); + }, [SearchIndexDetailsTabs, tabId]); + + const handleTabClick = useCallback( + (tab) => { + history.push(`index_details/${indexName}/${tab.id}`); + }, + + [history, indexName] + ); const embeddableConsole = useMemo( () => (consolePlugin?.EmbeddableConsole ? : null), [consolePlugin] @@ -176,15 +215,9 @@ export const SearchIndexDetailsPage = () => { , - }, - ]} + tabs={SearchIndexDetailsTabs} + onTabClick={handleTabClick} + selectedTab={selectedTab} /> diff --git a/x-pack/plugins/search_indices/public/components/indices/details_page_mappings.tsx b/x-pack/plugins/search_indices/public/components/indices/details_page_mappings.tsx new file mode 100644 index 0000000000000..c90d5cad94c83 --- /dev/null +++ b/x-pack/plugins/search_indices/public/components/indices/details_page_mappings.tsx @@ -0,0 +1,30 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { EuiSpacer } from '@elastic/eui'; +import { Index } from '@kbn/index-management-shared-types'; +import React from 'react'; +import { useMemo } from 'react'; +import { useKibana } from '../../hooks/use_kibana'; +export interface SearchIndexDetailsMappingsProps { + index?: Index; +} +export const SearchIndexDetailsMappings = ({ index }: SearchIndexDetailsMappingsProps) => { + const { indexManagement, history } = useKibana().services; + + const IndexMappingComponent = useMemo( + () => indexManagement.getIndexMappingComponent({ history }), + [indexManagement, history] + ); + + return ( + <> + + + + ); +}; diff --git a/x-pack/plugins/search_indices/public/components/indices/indices_router.tsx b/x-pack/plugins/search_indices/public/components/indices/indices_router.tsx index fda9a9344f658..73aec33f80b5c 100644 --- a/x-pack/plugins/search_indices/public/components/indices/indices_router.tsx +++ b/x-pack/plugins/search_indices/public/components/indices/indices_router.tsx @@ -5,17 +5,32 @@ * 2.0. */ import React from 'react'; -import { Route, Routes } from '@kbn/shared-ux-router'; -import { SEARCH_INDICES_DETAILS_PATH } from '../../routes'; -import { SearchIndexDetailsPage } from './details_page'; +import { Route, Router, Routes } from '@kbn/shared-ux-router'; +import { Redirect } from 'react-router-dom'; import { useKibana } from '../../hooks/use_kibana'; - +import { + SearchIndicesDetailsMappingsTabs, + SEARCH_INDICES_DETAILS_PATH, + SEARCH_INDICES_DETAILS_TABS_PATH, +} from '../../routes'; +import { SearchIndexDetailsPage } from './details_page'; export const SearchIndicesRouter: React.FC = () => { - const { application } = useKibana().services; + const { application, history } = useKibana().services; return ( - - - application.navigateToApp('elasticsearchStart')} /> - + + + + + + + + + application.navigateToApp('elasticsearchStart')} /> + + ); }; diff --git a/x-pack/plugins/search_indices/public/routes.ts b/x-pack/plugins/search_indices/public/routes.ts index 9687b11ad1692..3e347881d1219 100644 --- a/x-pack/plugins/search_indices/public/routes.ts +++ b/x-pack/plugins/search_indices/public/routes.ts @@ -7,3 +7,8 @@ export const ROOT_PATH = '/'; export const SEARCH_INDICES_DETAILS_PATH = `${ROOT_PATH}index_details/:indexName`; +export const SEARCH_INDICES_DETAILS_TABS_PATH = `${SEARCH_INDICES_DETAILS_PATH}/:tabId`; +export enum SearchIndicesDetailsMappingsTabs { + DATA = 'data', + MAPPINGS = 'mappings', +} diff --git a/x-pack/plugins/search_indices/public/types.ts b/x-pack/plugins/search_indices/public/types.ts index 6e0192e34f87c..0f68863fe72f8 100644 --- a/x-pack/plugins/search_indices/public/types.ts +++ b/x-pack/plugins/search_indices/public/types.ts @@ -12,6 +12,7 @@ import type { NavigationPublicPluginStart } from '@kbn/navigation-plugin/public' import type { SharePluginStart } from '@kbn/share-plugin/public'; import type { UsageCollectionStart } from '@kbn/usage-collection-plugin/public'; import type { MappingPropertyBase } from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; +import { IndexManagementPluginStart } from '@kbn/index-management-shared-types'; export interface SearchIndicesPluginSetup { enabled: boolean; @@ -37,6 +38,7 @@ export interface SearchIndicesServicesContextDeps { export type SearchIndicesServicesContext = CoreStart & SearchIndicesAppPluginStartDependencies & { history: AppMountParameters['history']; + indexManagement: IndexManagementPluginStart; }; export interface AppUsageTracker { diff --git a/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts b/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts index 4c5a53a9a30e5..8ffbfd2bcb8c1 100644 --- a/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts +++ b/x-pack/test_serverless/functional/page_objects/svl_search_index_detail_page.ts @@ -14,9 +14,6 @@ export function SvlSearchIndexDetailPageProvider({ getService }: FtrProviderCont const retry = getService('retry'); return { - async expectToBeIndexDetailPage() { - expect(await browser.getCurrentUrl()).contain('/index_details'); - }, async expectIndexDetailPageHeader() { await testSubjects.existOrFail('searchIndexDetailsHeader', { timeout: 2000 }); }, @@ -111,5 +108,18 @@ export function SvlSearchIndexDetailPageProvider({ getService }: FtrProviderCont await testSubjects.click('reloadButton', 2000); }); }, + async expectWithDataTabsExists() { + await testSubjects.existOrFail('mappingsTab', { timeout: 2000 }); + await testSubjects.existOrFail('dataTab', { timeout: 2000 }); + }, + async expectShouldDefaultToDataTab() { + expect(await browser.getCurrentUrl()).contain('/data'); + }, + async withDataChangeTabs(tab: 'dataTab' | 'mappingsTab') { + await testSubjects.click(tab); + }, + async expectUrlShouldChangeTo(tab: 'data' | 'mappings') { + expect(await browser.getCurrentUrl()).contain(`/${tab}`); + }, }; } diff --git a/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts b/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts index da707ca55ac8b..7f40ec9127c6c 100644 --- a/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts +++ b/x-pack/test_serverless/functional/test_suites/search/search_index_detail.ts @@ -68,23 +68,34 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { await pageObjects.svlSearchIndexDetailPage.expectAddDocumentCodeExamples(); }); - it('should have index documents', async () => { - await es.index({ - index: indexName, - body: { - my_field: [1, 0, 1], - }, - }); - - await svlSearchNavigation.navigateToIndexDetailPage(indexName); - await pageObjects.svlSearchIndexDetailPage.expectHasIndexDocuments(); - }); - it('back to indices button should redirect to list page', async () => { await pageObjects.svlSearchIndexDetailPage.expectBackToIndicesButtonExists(); await pageObjects.svlSearchIndexDetailPage.clickBackToIndicesButton(); await pageObjects.svlSearchIndexDetailPage.expectBackToIndicesButtonRedirectsToListPage(); }); + describe('With data', () => { + before(async () => { + await svlSearchNavigation.navigateToIndexDetailPage(indexName); + await es.index({ + index: indexName, + body: { + my_field: [1, 0, 1], + }, + }); + }); + it('should have index documents', async () => { + await svlSearchNavigation.navigateToIndexDetailPage(indexName); + await pageObjects.svlSearchIndexDetailPage.expectHasIndexDocuments(); + }); + it('should have with data tabs', async () => { + await pageObjects.svlSearchIndexDetailPage.expectWithDataTabsExists(); + await pageObjects.svlSearchIndexDetailPage.expectShouldDefaultToDataTab(); + }); + it('should be able to change tabs', async () => { + await pageObjects.svlSearchIndexDetailPage.withDataChangeTabs('mappingsTab'); + await pageObjects.svlSearchIndexDetailPage.expectUrlShouldChangeTo('mappings'); + }); + }); describe('page loading error', () => { before(async () => { From 18afcae609c9dd142ef158f6f19dd392bc9d6327 Mon Sep 17 00:00:00 2001 From: Zacqary Adam Xeper Date: Thu, 19 Sep 2024 11:52:17 -0500 Subject: [PATCH 06/74] [ResponseOps][Rules] Add OAS schema for handled 4xx errors on rule apis (#192616) ## Summary Closes #188514 Adds OAS schemas for the `403 Forbidden` errors that public rule apis can return if a license is invalid, `400 Bad Request` for unregistered rule types, and `404 Not Found` for missing saved objects. ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials ### Testing 1. Start ES 2. Add `server.oas.enabled: true` to `kibana.dev.yml` 3. Start Kibana `yarn start --no-base-path` 4. `curl -s -uelastic:changeme http://localhost:5601/api/oas\?pathStartsWith\=/api/alerting/rule/ | jq` (If you have `jq` installed, otherwise pipe to `pbcopy` and paste the result into a JSON prettifier) 5. Search the output for the word `Forbidden` to ensure this schema has been added to `create`, `update`, `enable`, `disable`, `mute`, `unmute`, and `update_rule_api_key` --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Elastic Machine --- oas_docs/bundle.json | 93 +++++++++++++++++++ oas_docs/bundle.serverless.json | 93 +++++++++++++++++++ .../bulk_disable/bulk_disable_rules_route.ts | 4 +- .../apis/bulk_edit/bulk_edit_rules_route.ts | 6 +- .../rule/apis/create/create_rule_route.ts | 25 +++-- .../rule/apis/delete/delete_rule_route.ts | 9 ++ .../rule/apis/disable/disable_rule_route.ts | 17 +++- .../rule/apis/enable/enable_rule_route.ts | 12 ++- .../routes/rule/apis/find/find_rules_route.ts | 6 ++ .../routes/rule/apis/get/get_rule_route.ts | 9 ++ .../routes/rule/apis/mute_alert/mute_alert.ts | 9 ++ .../apis/unmute_alert/unmute_alert_route.ts | 17 +++- .../rule/apis/update/update_rule_route.ts | 20 +++- .../update_rule_api_key_route.ts | 14 ++- 14 files changed, 306 insertions(+), 28 deletions(-) diff --git a/oas_docs/bundle.json b/oas_docs/bundle.json index a523935afdbae..5fd690a2f6ceb 100644 --- a/oas_docs/bundle.json +++ b/oas_docs/bundle.json @@ -1493,6 +1493,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Delete a rule", @@ -2399,6 +2408,15 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Get rule details", @@ -3586,6 +3604,15 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "409": { + "description": "Indicates that the rule id is already in use." } }, "summary": "Create a rule", @@ -4756,6 +4783,18 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." } }, "summary": "Update a rule", @@ -4821,6 +4860,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Disable a rule", @@ -4868,6 +4916,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Enable a rule", @@ -5009,6 +5066,18 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." } }, "summary": "Update the API key for a rule", @@ -5065,6 +5134,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." } }, "summary": "Mute an alert", @@ -5121,6 +5199,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." } }, "summary": "Unmute an alert", @@ -6162,6 +6249,12 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." } }, "summary": "Get information about rules", diff --git a/oas_docs/bundle.serverless.json b/oas_docs/bundle.serverless.json index a523935afdbae..5fd690a2f6ceb 100644 --- a/oas_docs/bundle.serverless.json +++ b/oas_docs/bundle.serverless.json @@ -1493,6 +1493,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Delete a rule", @@ -2399,6 +2408,15 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Get rule details", @@ -3586,6 +3604,15 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "409": { + "description": "Indicates that the rule id is already in use." } }, "summary": "Create a rule", @@ -4756,6 +4783,18 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." } }, "summary": "Update a rule", @@ -4821,6 +4860,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Disable a rule", @@ -4868,6 +4916,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." } }, "summary": "Enable a rule", @@ -5009,6 +5066,18 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule with the given ID does not exist." + }, + "409": { + "description": "Indicates that the rule has already been updated by another user." } }, "summary": "Update the API key for a rule", @@ -5065,6 +5134,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." } }, "summary": "Mute an alert", @@ -5121,6 +5199,15 @@ "responses": { "204": { "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." + }, + "404": { + "description": "Indicates a rule or alert with the given ID does not exist." } }, "summary": "Unmute an alert", @@ -6162,6 +6249,12 @@ } }, "description": "Indicates a successful call." + }, + "400": { + "description": "Indicates an invalid schema or parameters." + }, + "403": { + "description": "Indicates that this call is forbidden." } }, "summary": "Get information about rules", diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts index 39b81ee74fe91..07ea4f54cf82c 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_disable/bulk_disable_rules_route.ts @@ -6,9 +6,9 @@ */ import { IRouter } from '@kbn/core/server'; -import { verifyAccessAndContext, handleDisabledApiKeysError } from '../../../lib'; import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; +import { handleDisabledApiKeysError, verifyAccessAndContext } from '../../../lib'; import { bulkDisableRulesRequestBodySchemaV1, @@ -16,8 +16,8 @@ import { BulkDisableRulesResponseV1, } from '../../../../../common/routes/rule/apis/bulk_disable'; import type { RuleParamsV1 } from '../../../../../common/routes/rule/response'; -import { transformRuleToRuleResponseV1 } from '../../transforms'; import { Rule } from '../../../../application/rule/types'; +import { transformRuleToRuleResponseV1 } from '../../transforms'; export const bulkDisableRulesRoute = ({ router, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts index c863d2aba33c1..b81675ee85d3c 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/bulk_edit/bulk_edit_rules_route.ts @@ -8,20 +8,20 @@ import { IRouter } from '@kbn/core/server'; import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; -import { verifyAccessAndContext, handleDisabledApiKeysError } from '../../../lib'; import { AlertingRequestHandlerContext, INTERNAL_BASE_ALERTING_API_PATH } from '../../../../types'; +import { handleDisabledApiKeysError, verifyAccessAndContext } from '../../../lib'; import { bulkEditRulesRequestBodySchemaV1, BulkEditRulesRequestBodyV1, BulkEditRulesResponseV1, } from '../../../../../common/routes/rule/apis/bulk_edit'; -import { Rule } from '../../../../application/rule/types'; import type { RuleParamsV1 } from '../../../../../common/routes/rule/response'; +import { Rule } from '../../../../application/rule/types'; import { transformRuleToRuleResponseV1 } from '../../transforms'; -import { transformOperationsV1 } from './transforms'; import { validateRequiredGroupInDefaultActionsV1 } from '../../validation'; +import { transformOperationsV1 } from './transforms'; interface BuildBulkEditRulesRouteParams { licenseState: ILicenseState; diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts index 0edf062069e4b..4e778cdf97a8f 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/create/create_rule_route.ts @@ -5,13 +5,6 @@ * 2.0. */ -import { RuleTypeDisabledError } from '../../../../lib'; -import { - handleDisabledApiKeysError, - verifyAccessAndContext, - countUsageOfPredefinedIds, -} from '../../../lib'; -import { BASE_ALERTING_API_PATH } from '../../../../types'; import { RouteOptions } from '../../..'; import type { CreateRuleRequestBodyV1, @@ -24,9 +17,16 @@ import { } from '../../../../../common/routes/rule/apis/create'; import { RuleParamsV1, ruleResponseSchemaV1 } from '../../../../../common/routes/rule/response'; import { Rule } from '../../../../application/rule/types'; -import { transformCreateBodyV1 } from './transforms'; +import { RuleTypeDisabledError } from '../../../../lib'; +import { BASE_ALERTING_API_PATH } from '../../../../types'; +import { + countUsageOfPredefinedIds, + handleDisabledApiKeysError, + verifyAccessAndContext, +} from '../../../lib'; import { transformRuleToRuleResponseV1 } from '../../transforms'; import { validateRequiredGroupInDefaultActionsV1 } from '../../validation'; +import { transformCreateBodyV1 } from './transforms'; export const createRuleRoute = ({ router, licenseState, usageCounter }: RouteOptions) => { router.post( @@ -47,6 +47,15 @@ export const createRuleRoute = ({ router, licenseState, usageCounter }: RouteOpt body: () => ruleResponseSchemaV1, description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 409: { + description: 'Indicates that the rule id is already in use.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts index 5015cac458587..0452de7f7becd 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/delete/delete_rule_route.ts @@ -34,6 +34,15 @@ export const deleteRuleRoute = ( 204: { description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule with the given ID does not exist.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts index 7b8695a588289..cae82e80be869 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/disable/disable_rule_route.ts @@ -7,14 +7,14 @@ import { IRouter } from '@kbn/core/server'; import { - disableRuleRequestParamsSchemaV1, - disableRuleRequestBodySchemaV1, - DisableRuleRequestParamsV1, DisableRuleRequestBodyV1, + DisableRuleRequestParamsV1, + disableRuleRequestBodySchemaV1, + disableRuleRequestParamsSchemaV1, } from '../../../../../common/routes/rule/apis/disable'; import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; -import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; +import { verifyAccessAndContext } from '../../../lib'; export const disableRuleRoute = ( router: IRouter, @@ -37,6 +37,15 @@ export const disableRuleRoute = ( 204: { description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule with the given ID does not exist.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts index 2891b627e2de1..4843ed932374d 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/enable/enable_rule_route.ts @@ -7,14 +7,13 @@ import { IRouter } from '@kbn/core/server'; import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; -import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; +import { verifyAccessAndContext } from '../../../lib'; import { EnableRuleRequestParamsV1, enableRuleRequestParamsSchemaV1, } from '../../../../../common/routes/rule/apis/enable'; - export const enableRuleRoute = ( router: IRouter, licenseState: ILicenseState @@ -35,6 +34,15 @@ export const enableRuleRoute = ( 204: { description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule with the given ID does not exist.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts index 3541e8e31475e..fbfaf65a8024b 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/find/find_rules_route.ts @@ -55,6 +55,12 @@ const buildFindRulesRoute = ({ body: () => ruleResponseSchemaV1, description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts index d6796250ea8a8..fa68d00eb3c8c 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/get/get_rule_route.ts @@ -50,6 +50,15 @@ const buildGetRuleRoute = ({ body: () => ruleResponseSchemaV1, description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule with the given ID does not exist.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts b/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts index 41c7a9368273e..5ce924b445ca7 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/mute_alert/mute_alert.ts @@ -34,6 +34,15 @@ export const muteAlertRoute = ( 204: { description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule or alert with the given ID does not exist.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts index 3158778f72eba..63560e354dc1b 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/unmute_alert/unmute_alert_route.ts @@ -6,13 +6,13 @@ */ import { IRouter } from '@kbn/core/server'; -import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; -import { verifyAccessAndContext } from '../../../lib'; -import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; import { - unmuteAlertParamsSchemaV1, UnmuteAlertRequestParamsV1, + unmuteAlertParamsSchemaV1, } from '../../../../../common/routes/rule/apis/unmute_alert'; +import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; +import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; +import { verifyAccessAndContext } from '../../../lib'; import { transformRequestParamsToApplicationV1 } from './transforms'; export const unmuteAlertRoute = ( @@ -35,6 +35,15 @@ export const unmuteAlertRoute = ( 204: { description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule or alert with the given ID does not exist.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts index 0fe2d9dae41c9..507f748351ed9 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/update/update_rule_route.ts @@ -6,8 +6,6 @@ */ import { IRouter } from '@kbn/core/server'; -import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; -import { verifyAccessAndContext, handleDisabledApiKeysError } from '../../../lib'; import type { UpdateRuleRequestBodyV1, UpdateRuleRequestParamsV1, @@ -18,11 +16,13 @@ import { updateParamsSchemaV1, } from '../../../../../common/routes/rule/apis/update'; import { RuleParamsV1, ruleResponseSchemaV1 } from '../../../../../common/routes/rule/response'; -import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; import { Rule } from '../../../../application/rule/types'; -import { transformUpdateBodyV1 } from './transforms'; +import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; +import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; +import { handleDisabledApiKeysError, verifyAccessAndContext } from '../../../lib'; import { transformRuleToRuleResponseV1 } from '../../transforms'; import { validateRequiredGroupInDefaultActionsV1 } from '../../validation'; +import { transformUpdateBodyV1 } from './transforms'; export const updateRuleRoute = ( router: IRouter, @@ -46,6 +46,18 @@ export const updateRuleRoute = ( body: () => ruleResponseSchemaV1, description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule with the given ID does not exist.', + }, + 409: { + description: 'Indicates that the rule has already been updated by another user.', + }, }, }, }, diff --git a/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts b/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts index ab5c923321343..7ba8589412357 100644 --- a/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts +++ b/x-pack/plugins/alerting/server/routes/rule/apis/update_api_key/update_rule_api_key_route.ts @@ -11,8 +11,8 @@ import { updateApiKeyParamsSchemaV1, } from '../../../../../common/routes/rule/apis/update_api_key'; import { ILicenseState, RuleTypeDisabledError } from '../../../../lib'; -import { verifyAccessAndContext } from '../../../lib'; import { AlertingRequestHandlerContext, BASE_ALERTING_API_PATH } from '../../../../types'; +import { verifyAccessAndContext } from '../../../lib'; export const updateRuleApiKeyRoute = ( router: IRouter, @@ -34,6 +34,18 @@ export const updateRuleApiKeyRoute = ( 204: { description: 'Indicates a successful call.', }, + 400: { + description: 'Indicates an invalid schema or parameters.', + }, + 403: { + description: 'Indicates that this call is forbidden.', + }, + 404: { + description: 'Indicates a rule with the given ID does not exist.', + }, + 409: { + description: 'Indicates that the rule has already been updated by another user.', + }, }, }, }, From c509747a7b59da5eec63d95792404b1ad3559131 Mon Sep 17 00:00:00 2001 From: Kevin Delemme Date: Thu, 19 Sep 2024 13:19:23 -0400 Subject: [PATCH 07/74] Use groupBy when groupings is not populated correctly (#189672) --- .../src/rest_specs/routes/get_instances.ts | 3 +- .../src/rest_specs/routes/get_preview_data.ts | 4 +- .../slo/public/hooks/use_get_preview_data.ts | 2 +- .../components/events_chart_panel.tsx | 1 + .../ingest_templates/slo_pipeline_template.ts | 60 ++++++------------- .../__snapshots__/create_slo.test.ts.snap | 53 ++++------------ .../__snapshots__/reset_slo.test.ts.snap | 53 ++++------------ .../slo/server/services/get_preview_data.ts | 13 ++-- 8 files changed, 58 insertions(+), 131 deletions(-) diff --git a/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_instances.ts b/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_instances.ts index 135c2f7d6d66f..da8f59903eebf 100644 --- a/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_instances.ts +++ b/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_instances.ts @@ -5,13 +5,14 @@ * 2.0. */ import * as t from 'io-ts'; +import { allOrAnyStringOrArray } from '../../schema'; const getSLOInstancesParamsSchema = t.type({ path: t.type({ id: t.string }), }); const getSLOInstancesResponseSchema = t.type({ - groupBy: t.union([t.string, t.array(t.string)]), + groupBy: allOrAnyStringOrArray, instances: t.array(t.string), }); diff --git a/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_preview_data.ts b/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_preview_data.ts index aa46600cb3442..1b7a0065271ac 100644 --- a/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_preview_data.ts +++ b/x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_preview_data.ts @@ -6,7 +6,7 @@ */ import * as t from 'io-ts'; import { indicatorSchema, objectiveSchema } from '../../schema'; -import { dateType } from '../../schema/common'; +import { allOrAnyStringOrArray, dateType } from '../../schema/common'; const getPreviewDataParamsSchema = t.type({ body: t.intersection([ @@ -20,7 +20,7 @@ const getPreviewDataParamsSchema = t.type({ t.partial({ objective: objectiveSchema, instanceId: t.string, - groupBy: t.string, + groupBy: allOrAnyStringOrArray, remoteName: t.string, groupings: t.record(t.string, t.unknown), }), diff --git a/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts b/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts index 316c5300b9f9a..f8e65fea9edff 100644 --- a/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts +++ b/x-pack/plugins/observability_solution/slo/public/hooks/use_get_preview_data.ts @@ -29,7 +29,7 @@ export function useGetPreviewData({ remoteName, }: { isValid: boolean; - groupBy?: string; + groupBy?: string | string[]; instanceId?: string; remoteName?: string; groupings?: Record; diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx index cd0251fd5ab64..78944df1eb4f5 100644 --- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx +++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx @@ -42,6 +42,7 @@ export function EventsChartPanel({ slo, range, selectedTabId, onBrushed }: Props const { isLoading, data } = useGetPreviewData({ range, isValid: true, + groupBy: slo.groupBy, indicator: slo.indicator, groupings: slo.groupings, instanceId: slo.instanceId, diff --git a/x-pack/plugins/observability_solution/slo/server/assets/ingest_templates/slo_pipeline_template.ts b/x-pack/plugins/observability_solution/slo/server/assets/ingest_templates/slo_pipeline_template.ts index 03c03a8c6447c..e5aaa260e2f1d 100644 --- a/x-pack/plugins/observability_solution/slo/server/assets/ingest_templates/slo_pipeline_template.ts +++ b/x-pack/plugins/observability_solution/slo/server/assets/ingest_templates/slo_pipeline_template.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { ALL_VALUE } from '@kbn/slo-schema'; import { getSLOPipelineId, SLO_INGEST_PIPELINE_INDEX_NAME_PREFIX, @@ -43,47 +44,24 @@ export const getSLOPipelineTemplate = (slo: SLODefinition) => ({ }, }, { - script: { - description: 'Generated the instanceId field for SLO rollup data', - source: ` - // This function will recursively collect all the values of a HashMap of HashMaps - Collection collectValues(HashMap subject) { - Collection values = new ArrayList(); - // Iterate through the values - for(Object value: subject.values()) { - // If the value is a HashMap, recurse - if (value instanceof HashMap) { - values.addAll(collectValues((HashMap) value)); - } else { - values.add(String.valueOf(value)); - } - } - return values; - } - - // Create the string builder - StringBuilder instanceId = new StringBuilder(); - - if (ctx["slo"]["groupings"] == null) { - ctx["slo"]["instanceId"] = "*"; - } else { - // Get the values as a collection - Collection values = collectValues(ctx["slo"]["groupings"]); - - // Convert to a list and sort - List sortedValues = new ArrayList(values); - Collections.sort(sortedValues); - - // Create comma delimited string - for(String instanceValue: sortedValues) { - instanceId.append(instanceValue); - instanceId.append(","); - } - - // Assign the slo.instanceId - ctx["slo"]["instanceId"] = instanceId.length() > 0 ? instanceId.substring(0, instanceId.length() - 1) : "*"; - } - `, + dot_expander: { + path: 'slo.groupings', + field: '*', + ignore_failure: true, + if: 'ctx.slo.groupings != null', + }, + }, + { + set: { + description: 'Generated the instanceId field based on the groupings field', + field: 'slo.instanceId', + value: + [slo.groupBy].flat().includes(ALL_VALUE) || [slo.groupBy].flat().length === 0 + ? ALL_VALUE + : [slo.groupBy] + .flat() + .map((field) => `{{{slo.groupings.${field}}}}`) + .join(','), }, }, ], diff --git a/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/create_slo.test.ts.snap b/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/create_slo.test.ts.snap index d516bafa84393..ef8c79410fb39 100644 --- a/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/create_slo.test.ts.snap +++ b/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/create_slo.test.ts.snap @@ -43,47 +43,18 @@ Array [ }, }, Object { - "script": Object { - "description": "Generated the instanceId field for SLO rollup data", - "source": " - // This function will recursively collect all the values of a HashMap of HashMaps - Collection collectValues(HashMap subject) { - Collection values = new ArrayList(); - // Iterate through the values - for(Object value: subject.values()) { - // If the value is a HashMap, recurse - if (value instanceof HashMap) { - values.addAll(collectValues((HashMap) value)); - } else { - values.add(String.valueOf(value)); - } - } - return values; - } - - // Create the string builder - StringBuilder instanceId = new StringBuilder(); - - if (ctx[\\"slo\\"][\\"groupings\\"] == null) { - ctx[\\"slo\\"][\\"instanceId\\"] = \\"*\\"; - } else { - // Get the values as a collection - Collection values = collectValues(ctx[\\"slo\\"][\\"groupings\\"]); - - // Convert to a list and sort - List sortedValues = new ArrayList(values); - Collections.sort(sortedValues); - - // Create comma delimited string - for(String instanceValue: sortedValues) { - instanceId.append(instanceValue); - instanceId.append(\\",\\"); - } - - // Assign the slo.instanceId - ctx[\\"slo\\"][\\"instanceId\\"] = instanceId.length() > 0 ? instanceId.substring(0, instanceId.length() - 1) : \\"*\\"; - } - ", + "dot_expander": Object { + "field": "*", + "if": "ctx.slo.groupings != null", + "ignore_failure": true, + "path": "slo.groupings", + }, + }, + Object { + "set": Object { + "description": "Generated the instanceId field based on the groupings field", + "field": "slo.instanceId", + "value": "*", }, }, ], diff --git a/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap b/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap index 8c20bec0d6424..95f767988708c 100644 --- a/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap +++ b/x-pack/plugins/observability_solution/slo/server/services/__snapshots__/reset_slo.test.ts.snap @@ -239,47 +239,18 @@ exports[`ResetSLO resets all associated resources 8`] = ` }, }, Object { - "script": Object { - "description": "Generated the instanceId field for SLO rollup data", - "source": " - // This function will recursively collect all the values of a HashMap of HashMaps - Collection collectValues(HashMap subject) { - Collection values = new ArrayList(); - // Iterate through the values - for(Object value: subject.values()) { - // If the value is a HashMap, recurse - if (value instanceof HashMap) { - values.addAll(collectValues((HashMap) value)); - } else { - values.add(String.valueOf(value)); - } - } - return values; - } - - // Create the string builder - StringBuilder instanceId = new StringBuilder(); - - if (ctx[\\"slo\\"][\\"groupings\\"] == null) { - ctx[\\"slo\\"][\\"instanceId\\"] = \\"*\\"; - } else { - // Get the values as a collection - Collection values = collectValues(ctx[\\"slo\\"][\\"groupings\\"]); - - // Convert to a list and sort - List sortedValues = new ArrayList(values); - Collections.sort(sortedValues); - - // Create comma delimited string - for(String instanceValue: sortedValues) { - instanceId.append(instanceValue); - instanceId.append(\\",\\"); - } - - // Assign the slo.instanceId - ctx[\\"slo\\"][\\"instanceId\\"] = instanceId.length() > 0 ? instanceId.substring(0, instanceId.length() - 1) : \\"*\\"; - } - ", + "dot_expander": Object { + "field": "*", + "if": "ctx.slo.groupings != null", + "ignore_failure": true, + "path": "slo.groupings", + }, + }, + Object { + "set": Object { + "description": "Generated the instanceId field based on the groupings field", + "field": "slo.instanceId", + "value": "*", }, }, ], diff --git a/x-pack/plugins/observability_solution/slo/server/services/get_preview_data.ts b/x-pack/plugins/observability_solution/slo/server/services/get_preview_data.ts index a18c4d035a096..db95680ecd655 100644 --- a/x-pack/plugins/observability_solution/slo/server/services/get_preview_data.ts +++ b/x-pack/plugins/observability_solution/slo/server/services/get_preview_data.ts @@ -43,7 +43,7 @@ interface Options { interval: string; instanceId?: string; remoteName?: string; - groupBy?: string; + groupBy?: string | string[]; groupings?: Record; } export class GetPreviewData { @@ -516,15 +516,20 @@ export class GetPreviewData { private getGroupingsFilter(options: Options, filter: estypes.QueryDslQueryContainer[]) { const groupingsKeys = Object.keys(options.groupings || []); + if (groupingsKeys.length) { groupingsKeys.forEach((key) => { filter.push({ term: { [key]: options.groupings?.[key] }, }); }); - } else if (options.instanceId !== ALL_VALUE && options.groupBy) { - filter.push({ - term: { [options.groupBy]: options.instanceId }, + } else if (options.instanceId && options.instanceId !== ALL_VALUE && options.groupBy) { + const instanceIdPart = options.instanceId.split(','); + const groupByPart = Array.isArray(options.groupBy) ? options.groupBy : [options.groupBy]; + groupByPart.forEach((groupBy, index) => { + filter.push({ + term: { [groupBy]: instanceIdPart[index] }, + }); }); } } From 92b2c0324779711b6c95b1f90027cef210401ce9 Mon Sep 17 00:00:00 2001 From: Kevin Delemme Date: Thu, 19 Sep 2024 13:23:55 -0400 Subject: [PATCH 08/74] fix(slo): use correct uisettings (#193362) --- .../good_bad_events_chart.tsx | 10 +-- .../components/events_chart_panel.tsx | 13 ++-- .../components/common/data_preview_chart.tsx | 2 +- .../slo/public/utils/slo/get_discover_link.ts | 78 ++++++++++++++----- 4 files changed, 71 insertions(+), 32 deletions(-) rename x-pack/plugins/observability_solution/slo/public/{pages/slos/components/common => components/good_bad_events_chart}/good_bad_events_chart.tsx (94%) diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/good_bad_events_chart.tsx b/x-pack/plugins/observability_solution/slo/public/components/good_bad_events_chart/good_bad_events_chart.tsx similarity index 94% rename from x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/good_bad_events_chart.tsx rename to x-pack/plugins/observability_solution/slo/public/components/good_bad_events_chart/good_bad_events_chart.tsx index 601ac64372595..ba3a201402e4f 100644 --- a/x-pack/plugins/observability_solution/slo/public/pages/slos/components/common/good_bad_events_chart.tsx +++ b/x-pack/plugins/observability_solution/slo/public/components/good_bad_events_chart/good_bad_events_chart.tsx @@ -22,10 +22,10 @@ import { GetPreviewDataResponse, SLOWithSummaryResponse } from '@kbn/slo-schema' import moment from 'moment'; import React, { useRef } from 'react'; import { useAnnotations } from '@kbn/observability-plugin/public'; -import { TimeBounds } from '../../../slo_details/types'; -import { getBrushTimeBounds } from '../../../../utils/slo/duration'; -import { useKibana } from '../../../../utils/kibana_react'; -import { openInDiscover } from '../../../../utils/slo/get_discover_link'; +import { TimeBounds } from '../../pages/slo_details/types'; +import { getBrushTimeBounds } from '../../utils/slo/duration'; +import { useKibana } from '../../utils/kibana_react'; +import { openInDiscover } from '../../utils/slo/get_discover_link'; export interface Props { data: GetPreviewDataResponse; @@ -89,7 +89,7 @@ export function GoodBadEventsChart({ to: moment(datum.x).add(intervalInMilliseconds, 'ms').toISOString(), mode: 'absolute' as const, }; - openInDiscover(slo, isBad, !isBad, timeRange, discover); + openInDiscover({ slo, showBad: isBad, showGood: !isBad, timeRange, discover, uiSettings }); } }; diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx index 78944df1eb4f5..4b393e307deb3 100644 --- a/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx +++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_details/components/events_chart_panel.tsx @@ -26,7 +26,7 @@ import { TimeBounds } from '../types'; import { SloTabId } from './slo_details'; import { useGetPreviewData } from '../../../hooks/use_get_preview_data'; import { useKibana } from '../../../utils/kibana_react'; -import { GoodBadEventsChart } from '../../slos/components/common/good_bad_events_chart'; +import { GoodBadEventsChart } from '../../../components/good_bad_events_chart/good_bad_events_chart'; import { getDiscoverLink } from '../../../utils/slo/get_discover_link'; export interface Props { @@ -37,7 +37,7 @@ export interface Props { } export function EventsChartPanel({ slo, range, selectedTabId, onBrushed }: Props) { - const { discover } = useKibana().services; + const { discover, uiSettings } = useKibana().services; const { isLoading, data } = useGetPreviewData({ range, @@ -105,15 +105,16 @@ export function EventsChartPanel({ slo, range, selectedTabId, onBrushed }: Props diff --git a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx index cb9730497e216..5241e6c78aebe 100644 --- a/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx +++ b/x-pack/plugins/observability_solution/slo/public/pages/slo_edit/components/common/data_preview_chart.tsx @@ -38,7 +38,7 @@ import moment from 'moment'; import React, { useState } from 'react'; import { useFormContext } from 'react-hook-form'; import { useKibana } from '../../../../utils/kibana_react'; -import { GoodBadEventsChart } from '../../../slos/components/common/good_bad_events_chart'; +import { GoodBadEventsChart } from '../../../../components/good_bad_events_chart/good_bad_events_chart'; import { useDebouncedGetPreviewData } from '../../hooks/use_preview'; import { useSectionFormValidation } from '../../hooks/use_section_form_validation'; import { CreateSLOForm } from '../../types'; diff --git a/x-pack/plugins/observability_solution/slo/public/utils/slo/get_discover_link.ts b/x-pack/plugins/observability_solution/slo/public/utils/slo/get_discover_link.ts index 80ef9c12ee99e..e8878b0a16530 100644 --- a/x-pack/plugins/observability_solution/slo/public/utils/slo/get_discover_link.ts +++ b/x-pack/plugins/observability_solution/slo/public/utils/slo/get_discover_link.ts @@ -11,13 +11,22 @@ import { i18n } from '@kbn/i18n'; import { buildEsQuery } from '@kbn/observability-plugin/public'; import { v4 } from 'uuid'; import { isEmpty } from 'lodash'; +import { getEsQueryConfig } from '@kbn/data-plugin/public'; +import { IUiSettingsClient } from '@kbn/core/public'; -function createDiscoverLocator( - slo: SLOWithSummaryResponse, +function createDiscoverLocator({ + slo, showBad = false, showGood = false, - timeRange?: TimeRange -) { + timeRange, + uiSettings, +}: { + slo: SLOWithSummaryResponse; + showBad: boolean; + showGood: boolean; + timeRange: TimeRange; + uiSettings?: IUiSettingsClient; +}) { const indexId = v4(); const filters: Filter[] = []; @@ -42,8 +51,17 @@ function createDiscoverLocator( const totalFilters = kqlWithFiltersSchema.is(slo.indicator.params.total) ? slo.indicator.params.total.filters : []; - const customGoodFilter = buildEsQuery({ kuery: goodKuery, filters: goodFilters }); - const customTotalFilter = buildEsQuery({ kuery: totalKuery, filters: totalFilters }); + + const customGoodFilter = buildEsQuery({ + kuery: goodKuery, + filters: goodFilters, + ...(uiSettings && { config: getEsQueryConfig(uiSettings) }), + }); + const customTotalFilter = buildEsQuery({ + kuery: totalKuery, + filters: totalFilters, + ...(uiSettings && { config: getEsQueryConfig(uiSettings) }), + }); const customBadFilter = { bool: { filter: customTotalFilter, must_not: customGoodFilter } }; filters.push({ @@ -144,22 +162,42 @@ function createDiscoverLocator( }; } -export function getDiscoverLink( - slo: SLOWithSummaryResponse, - timeRange: TimeRange, - discover?: DiscoverStart -) { - const config = createDiscoverLocator(slo, false, false, timeRange); - return discover?.locator?.getRedirectUrl(config); +export function getDiscoverLink({ + slo, + timeRange, + discover, + uiSettings, +}: { + slo: SLOWithSummaryResponse; + timeRange: TimeRange; + discover?: DiscoverStart; + uiSettings?: IUiSettingsClient; +}) { + const locatorConfig = createDiscoverLocator({ + slo, + showBad: false, + showGood: false, + timeRange, + uiSettings, + }); + return discover?.locator?.getRedirectUrl(locatorConfig); } -export function openInDiscover( - slo: SLOWithSummaryResponse, +export function openInDiscover({ + slo, showBad = false, showGood = false, - timeRange?: TimeRange, - discover?: DiscoverStart -) { - const config = createDiscoverLocator(slo, showBad, showGood, timeRange); - discover?.locator?.navigate(config); + timeRange, + discover, + uiSettings, +}: { + slo: SLOWithSummaryResponse; + showBad: boolean; + showGood: boolean; + timeRange: TimeRange; + discover?: DiscoverStart; + uiSettings?: IUiSettingsClient; +}) { + const locatorConfig = createDiscoverLocator({ slo, showBad, showGood, timeRange, uiSettings }); + discover?.locator?.navigate(locatorConfig); } From 603023124681429ee900ff3a73793ce31a9cad58 Mon Sep 17 00:00:00 2001 From: Rachel Shen Date: Thu, 19 Sep 2024 11:38:21 -0600 Subject: [PATCH 09/74] [Dashboard] Sharing via link to an expanded panel (#190086) ## Summary Closes https://github.com/elastic/kibana/issues/145454 This PR allows users with a dashboard with an expanded (maximized) panel to be shared to other users via url or the share modal link. To implement this, the expanded panel Id is added to the url: `/app/dashboard/{dashboardID}/{expandedPanelID}_g()_a()` ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios Co-authored-by: Hannah Mudge --- .../dashboard_app/dashboard_app.test.tsx | 98 +++++++++++++++++++ .../public/dashboard_app/dashboard_app.tsx | 19 +++- .../public/dashboard_app/dashboard_router.tsx | 11 ++- .../public/dashboard_app/url/url_utils.ts | 27 ++++- .../functional/page_objects/dashboard_page.ts | 12 ++- 5 files changed, 160 insertions(+), 7 deletions(-) create mode 100644 src/plugins/dashboard/public/dashboard_app/dashboard_app.test.tsx diff --git a/src/plugins/dashboard/public/dashboard_app/dashboard_app.test.tsx b/src/plugins/dashboard/public/dashboard_app/dashboard_app.test.tsx new file mode 100644 index 0000000000000..f04528e7bde2c --- /dev/null +++ b/src/plugins/dashboard/public/dashboard_app/dashboard_app.test.tsx @@ -0,0 +1,98 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { render, waitFor } from '@testing-library/react'; +import { MemoryHistory, createMemoryHistory } from 'history'; +import React, { useEffect } from 'react'; +import type { DashboardRendererProps } from '../dashboard_container/external_api/dashboard_renderer'; +import { buildMockDashboard } from '../mocks'; +import { DashboardApp } from './dashboard_app'; + +import * as dashboardRendererStuff from '../dashboard_container/external_api/lazy_dashboard_renderer'; +import { DashboardApi } from '..'; + +/* These tests circumvent the need to test the router and legacy code +/* the dashboard app will be passed the expanded panel id from the DashboardRouter through mountApp() +/* @link https://github.com/elastic/kibana/pull/190086/ +*/ + +describe('Dashboard App', () => { + const mockDashboard = buildMockDashboard(); + let mockHistory: MemoryHistory; + // this is in url_utils dashboardApi expandedPanel subscription + let historySpy: jest.SpyInstance; + // this is in the dashboard app for the renderer when provided an expanded panel id + const expandPanelSpy = jest.spyOn(mockDashboard, 'expandPanel'); + + beforeAll(() => { + mockHistory = createMemoryHistory(); + historySpy = jest.spyOn(mockHistory, 'replace'); + + /** + * Mock the LazyDashboardRenderer component to avoid rendering the actual dashboard + * and hitting errors that aren't relevant + */ + jest + .spyOn(dashboardRendererStuff, 'LazyDashboardRenderer') + // we need overwrite the onApiAvailable prop to get the dashboard Api in the dashboard app + .mockImplementation(({ onApiAvailable }: DashboardRendererProps) => { + useEffect(() => { + onApiAvailable?.(mockDashboard as DashboardApi); + }, [onApiAvailable]); + + return
Test renderer
; + }); + }); + + beforeEach(() => { + // reset the spies before each test + expandPanelSpy.mockClear(); + historySpy.mockClear(); + }); + + it('test the default behavior without an expandedPanel id passed as a prop to the DashboardApp', async () => { + render(); + + await waitFor(() => { + expect(expandPanelSpy).not.toHaveBeenCalled(); + // this value should be undefined by default + expect(mockDashboard.expandedPanelId.getValue()).toBe(undefined); + // history should not be called + expect(historySpy).toHaveBeenCalledTimes(0); + expect(mockHistory.location.pathname).toBe('/'); + }); + + // simulate expanding a panel + mockDashboard.expandPanel('123'); + + await waitFor(() => { + expect(mockDashboard.expandedPanelId.getValue()).toBe('123'); + expect(historySpy).toHaveBeenCalledTimes(1); + expect(mockHistory.location.pathname).toBe('/create/123'); + }); + }); + + it('test that the expanded panel behavior subject and history is called when passed as a prop to the DashboardApp', async () => { + render(); + + await waitFor(() => { + expect(expandPanelSpy).toHaveBeenCalledTimes(1); + expect(historySpy).toHaveBeenCalledTimes(0); + }); + + // simulate minimizing a panel + mockDashboard.expandedPanelId.next(undefined); + + await waitFor(() => { + expect(mockDashboard.expandedPanelId.getValue()).toBe(undefined); + expect(historySpy).toHaveBeenCalledTimes(1); + expect(mockHistory.location.pathname).toBe('/create'); + }); + }); +}); diff --git a/src/plugins/dashboard/public/dashboard_app/dashboard_app.tsx b/src/plugins/dashboard/public/dashboard_app/dashboard_app.tsx index fa1b505879090..759d817432c6a 100644 --- a/src/plugins/dashboard/public/dashboard_app/dashboard_app.tsx +++ b/src/plugins/dashboard/public/dashboard_app/dashboard_app.tsx @@ -23,7 +23,7 @@ import { DashboardAppNoDataPage, isDashboardAppInNoDataState, } from './no_data/dashboard_app_no_data'; -import { loadAndRemoveDashboardState } from './url/url_utils'; +import { loadAndRemoveDashboardState, startSyncingExpandedPanelState } from './url/url_utils'; import { getSessionURLObservable, getSearchSessionIdFromURL, @@ -53,6 +53,7 @@ export interface DashboardAppProps { savedDashboardId?: string; redirectTo: DashboardRedirect; embedSettings?: DashboardEmbedSettings; + expandedPanelId?: string; } export function DashboardApp({ @@ -60,6 +61,7 @@ export function DashboardApp({ embedSettings, redirectTo, history, + expandedPanelId, }: DashboardAppProps) { const [showNoDataPage, setShowNoDataPage] = useState(false); const [regenerateId, setRegenerateId] = useState(uuidv4()); @@ -183,6 +185,12 @@ export function DashboardApp({ getScreenshotContext, ]); + useEffect(() => { + if (!dashboardApi) return; + const { stopWatchingExpandedPanel } = startSyncingExpandedPanelState({ dashboardApi, history }); + return () => stopWatchingExpandedPanel(); + }, [dashboardApi, history]); + /** * When the dashboard container is created, or re-created, start syncing dashboard state with the URL */ @@ -221,7 +229,14 @@ export function DashboardApp({ { + if (dashboard && !dashboardApi) { + setDashboardApi(dashboard); + if (expandedPanelId) { + dashboard?.expandPanel(expandedPanelId); + } + } + }} dashboardRedirect={redirectTo} savedObjectId={savedDashboardId} showPlainSpinner={showPlainSpinner} diff --git a/src/plugins/dashboard/public/dashboard_app/dashboard_router.tsx b/src/plugins/dashboard/public/dashboard_app/dashboard_router.tsx index 2c4651c3b2901..8449ed9de1080 100644 --- a/src/plugins/dashboard/public/dashboard_app/dashboard_router.tsx +++ b/src/plugins/dashboard/public/dashboard_app/dashboard_router.tsx @@ -101,7 +101,9 @@ export async function mountApp({ }; }; - const renderDashboard = (routeProps: RouteComponentProps<{ id?: string }>) => { + const renderDashboard = ( + routeProps: RouteComponentProps<{ id?: string; expandedPanelId?: string }> + ) => { const routeParams = parse(routeProps.history.location.search); if (routeParams.embed === 'true' && !globalEmbedSettings) { globalEmbedSettings = getDashboardEmbedSettings(routeParams); @@ -112,6 +114,7 @@ export async function mountApp({ embedSettings={globalEmbedSettings} savedDashboardId={routeProps.match.params.id} redirectTo={redirect} + expandedPanelId={routeProps.match.params.expandedPanelId} /> ); }; @@ -154,7 +157,11 @@ export async function mountApp({ diff --git a/src/plugins/dashboard/public/dashboard_app/url/url_utils.ts b/src/plugins/dashboard/public/dashboard_app/url/url_utils.ts index 7fc7d17c55053..09e15abe5eea1 100644 --- a/src/plugins/dashboard/public/dashboard_app/url/url_utils.ts +++ b/src/plugins/dashboard/public/dashboard_app/url/url_utils.ts @@ -8,7 +8,9 @@ */ import _ from 'lodash'; +import { skip } from 'rxjs'; import semverSatisfies from 'semver/functions/satisfies'; +import { History } from 'history'; import { IKbnUrlStateStorage } from '@kbn/kibana-utils-plugin/public'; import { replaceUrlHashQuery } from '@kbn/kibana-utils-plugin/common'; @@ -21,9 +23,10 @@ import { } from '../../../common'; import { pluginServices } from '../../services/plugin_services'; import { getPanelTooOldErrorString } from '../_dashboard_app_strings'; -import { DASHBOARD_STATE_STORAGE_KEY } from '../../dashboard_constants'; +import { DASHBOARD_STATE_STORAGE_KEY, createDashboardEditUrl } from '../../dashboard_constants'; import { SavedDashboardPanel } from '../../../common/content_management'; import { migrateLegacyQuery } from '../../services/dashboard_content_management/lib/load_dashboard_state'; +import { DashboardApi } from '../../dashboard_api/types'; /** * We no longer support loading panels from a version older than 7.3 in the URL. @@ -84,3 +87,25 @@ export const loadAndRemoveDashboardState = ( return partialState; }; + +export const startSyncingExpandedPanelState = ({ + dashboardApi, + history, +}: { + dashboardApi: DashboardApi; + history: History; +}) => { + const expandedPanelSubscription = dashboardApi?.expandedPanelId + // skip the first value because we don't want to trigger a history.replace on initial load + .pipe(skip(1)) + .subscribe((expandedPanelId) => { + history.replace({ + ...history.location, + pathname: `${createDashboardEditUrl(dashboardApi.savedObjectId.value)}${ + Boolean(expandedPanelId) ? `/${expandedPanelId}` : '' + }`, + }); + }); + const stopWatchingExpandedPanel = () => expandedPanelSubscription.unsubscribe(); + return { stopWatchingExpandedPanel }; +}; diff --git a/test/functional/page_objects/dashboard_page.ts b/test/functional/page_objects/dashboard_page.ts index c610b417c4323..f6a3aec2eacd5 100644 --- a/test/functional/page_objects/dashboard_page.ts +++ b/test/functional/page_objects/dashboard_page.ts @@ -154,8 +154,16 @@ export class DashboardPageObject extends FtrService { public getDashboardIdFromUrl(url: string) { const urlSubstring = '#/view/'; const startOfIdIndex = url.indexOf(urlSubstring) + urlSubstring.length; - const endIndex = url.indexOf('?'); - const id = url.substring(startOfIdIndex, endIndex < 0 ? url.length : endIndex); + const endIndexOfFilters = url.indexOf('?'); + const endIndexOfMax = url.substring(startOfIdIndex).indexOf('/'); + if (endIndexOfMax === -1) { + return url.substring(startOfIdIndex, endIndexOfFilters); + } + const endIndex = + endIndexOfFilters + startOfIdIndex > endIndexOfMax + ? endIndexOfFilters + startOfIdIndex + : endIndexOfMax + startOfIdIndex; + const id = url.substring(startOfIdIndex, endIndex < 0 ? url.length : endIndex + startOfIdIndex); return id; } From 2650cd085b1b9a9c60265777d82402d7406ad38a Mon Sep 17 00:00:00 2001 From: christineweng <18648970+christineweng@users.noreply.github.com> Date: Thu, 19 Sep 2024 12:41:00 -0500 Subject: [PATCH 10/74] [Security Solution]Analyzer in flyout Part 1 - add split mode in analyzer and enable visualization tab (#192531) ## Summary This PR is part 1 of moving analyzer to alerts flyout. To support rendering the analyzer graph and details panel separately, this PR introduced a `split` mode in analyzer: - In split mode an additional `show panel` button is added in graph control. ![image](https://github.com/user-attachments/assets/5af3d387-69ac-4668-95d4-aedd53e897fb) - default mode shows the panel as part of the graph (alert table scenario) ![image](https://github.com/user-attachments/assets/93a9f0ad-163b-45a3-9e7f-41d83e1cd85b) ## Update to analyzer state in redux To support analyzer in alerts table and in flyout, the redux store for alert/event table uses `scopeId` (`alerts-page` in screenshot), the flyout analyzer uses `flyoutUrl-scopeId` (i.e. `SecuritySolution-alerts-page`) ![image](https://github.com/user-attachments/assets/c7f50866-642a-4e5d-9d80-a303f24934cb) ### Feature flag This feature is currently behind a feature flag `visualizationInFlyoutEnabled` Note: this also enables session view in visualization section ### Video demo https://github.com/user-attachments/assets/6a95497e-1e94-42fe-a227-bbb9a7f0c303 ### Checklist - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --- .../common/experimental_features.ts | 5 + .../public/common/mock/global_state.ts | 2 +- .../analyzer_panels/index.tsx | 39 ++++ .../left/components/analyze_graph.test.tsx | 43 ++++- .../left/components/analyze_graph.tsx | 38 +++- .../flyout/document_details/left/index.tsx | 9 +- .../left/tabs/visualize_tab.tsx | 24 ++- .../analyzer_preview_container.test.tsx | 147 +++++++++++---- .../components/analyzer_preview_container.tsx | 58 +++++- .../visualizations_section.test.tsx | 5 + .../shared/constants/panel_keys.ts | 1 + .../security_solution/public/flyout/index.tsx | 9 + .../test_utilities/simulator/index.tsx | 6 + .../simulator/mock_resolver.tsx | 2 + .../public/resolver/types.ts | 10 + .../resolver/view/controls/index.test.tsx | 62 ++++++ .../public/resolver/view/controls/index.tsx | 14 ++ .../resolver/view/controls/show_panel.tsx | 38 ++++ .../resolver/view/details_panel.test.tsx | 177 ++++++++++++++++++ .../public/resolver/view/details_panel.tsx | 77 ++++++++ .../view/resolver_without_providers.tsx | 16 +- .../translations/translations/fr-FR.json | 1 - .../translations/translations/ja-JP.json | 1 - .../translations/translations/zh-CN.json | 1 - 24 files changed, 725 insertions(+), 60 deletions(-) create mode 100644 x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx create mode 100644 x-pack/plugins/security_solution/public/resolver/view/controls/show_panel.tsx create mode 100644 x-pack/plugins/security_solution/public/resolver/view/details_panel.test.tsx create mode 100644 x-pack/plugins/security_solution/public/resolver/view/details_panel.tsx diff --git a/x-pack/plugins/security_solution/common/experimental_features.ts b/x-pack/plugins/security_solution/common/experimental_features.ts index 030e00768349d..58eb49a2a5d9b 100644 --- a/x-pack/plugins/security_solution/common/experimental_features.ts +++ b/x-pack/plugins/security_solution/common/experimental_features.ts @@ -198,6 +198,11 @@ export const allowedExperimentalValues = Object.freeze({ */ analyzerDatePickersAndSourcererDisabled: false, + /** + * Enables visualization: session viewer and analyzer in expandable flyout + */ + visualizationInFlyoutEnabled: false, + /** * Enables an ability to customize Elastic prebuilt rules. * diff --git a/x-pack/plugins/security_solution/public/common/mock/global_state.ts b/x-pack/plugins/security_solution/public/common/mock/global_state.ts index 9201d57b998b8..e3f9f19192a6b 100644 --- a/x-pack/plugins/security_solution/public/common/mock/global_state.ts +++ b/x-pack/plugins/security_solution/public/common/mock/global_state.ts @@ -445,7 +445,7 @@ export const mockGlobalState: State = { [TableId.test]: EMPTY_RESOLVER, [TimelineId.test]: EMPTY_RESOLVER, [TimelineId.active]: EMPTY_RESOLVER, - flyout: EMPTY_RESOLVER, + [`securitySolution-${TableId.test}`]: EMPTY_RESOLVER, }, sourcerer: { ...mockSourcererState, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx new file mode 100644 index 0000000000000..cc4be9df60209 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/analyzer_panels/index.tsx @@ -0,0 +1,39 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import type { FlyoutPanelProps } from '@kbn/expandable-flyout'; +import { FlyoutBody } from '@kbn/security-solution-common'; +import type { DocumentDetailsAnalyzerPanelKey } from '../shared/constants/panel_keys'; +import { DetailsPanel } from '../../../resolver/view/details_panel'; + +interface AnalyzerPanelProps extends Record { + /** + * id to identify the scope of analyzer in redux + */ + resolverComponentInstanceID: string; +} + +export interface AnalyzerPanelExpandableFlyoutProps extends FlyoutPanelProps { + key: typeof DocumentDetailsAnalyzerPanelKey; + params: AnalyzerPanelProps; +} + +/** + * Displays node details panel for analyzer + */ +export const AnalyzerPanel: React.FC = ({ resolverComponentInstanceID }) => { + return ( + +
+ +
+ + ); +}; + +AnalyzerPanel.displayName = 'AnalyzerPanel'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx index aff568e29bea8..fc3cb1aba8d36 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.test.tsx @@ -8,17 +8,25 @@ import React from 'react'; import { render } from '@testing-library/react'; import '@testing-library/jest-dom'; +import { TableId } from '@kbn/securitysolution-data-table'; +import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { DocumentDetailsContext } from '../../shared/context'; import { TestProviders } from '../../../../common/mock'; -import { AnalyzeGraph } from './analyze_graph'; +import { AnalyzeGraph, ANALYZER_PREVIEW_BANNER } from './analyze_graph'; import { ANALYZER_GRAPH_TEST_ID } from './test_ids'; +import { useWhichFlyout } from '../../shared/hooks/use_which_flyout'; +import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context'; +import { DocumentDetailsAnalyzerPanelKey } from '../../shared/constants/panel_keys'; jest.mock('react-router-dom', () => { const actual = jest.requireActual('react-router-dom'); return { ...actual, useLocation: jest.fn().mockReturnValue({ pathname: '' }) }; }); - +jest.mock('@kbn/expandable-flyout'); jest.mock('../../../../resolver/view/use_resolver_query_params_cleaner'); +jest.mock('../../shared/hooks/use_which_flyout'); +const mockUseWhichFlyout = useWhichFlyout as jest.Mock; +const FLYOUT_KEY = 'securitySolution'; const mockDispatch = jest.fn(); jest.mock('react-redux', () => { @@ -31,9 +39,15 @@ jest.mock('react-redux', () => { }); describe('', () => { + beforeEach(() => { + mockUseWhichFlyout.mockReturnValue(FLYOUT_KEY); + jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi); + }); + it('renders analyzer graph correctly', () => { const contextValue = { eventId: 'eventId', + scopeId: TableId.test, } as unknown as DocumentDetailsContext; const wrapper = render( @@ -45,4 +59,29 @@ describe('', () => { ); expect(wrapper.getByTestId(ANALYZER_GRAPH_TEST_ID)).toBeInTheDocument(); }); + + it('clicking view button should open details panel in preview', () => { + const contextValue = { + eventId: 'eventId', + scopeId: TableId.test, + } as unknown as DocumentDetailsContext; + + const wrapper = render( + + + + + + ); + + expect(wrapper.getByTestId('resolver:graph-controls:show-panel-button')).toBeInTheDocument(); + wrapper.getByTestId('resolver:graph-controls:show-panel-button').click(); + expect(mockFlyoutApi.openPreviewPanel).toBeCalledWith({ + id: DocumentDetailsAnalyzerPanelKey, + params: { + resolverComponentInstanceID: `${FLYOUT_KEY}-${TableId.test}`, + banner: ANALYZER_PREVIEW_BANNER, + }, + }); + }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx index faefd92e9b689..253e51786ff14 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/components/analyze_graph.tsx @@ -6,38 +6,62 @@ */ import type { FC } from 'react'; -import React, { useMemo } from 'react'; - +import React, { useMemo, useCallback } from 'react'; +import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; +import { i18n } from '@kbn/i18n'; +import { useWhichFlyout } from '../../shared/hooks/use_which_flyout'; import { useDocumentDetailsContext } from '../../shared/context'; import { ANALYZER_GRAPH_TEST_ID } from './test_ids'; import { Resolver } from '../../../../resolver/view'; import { useTimelineDataFilters } from '../../../../timelines/containers/use_timeline_data_filters'; import { isActiveTimeline } from '../../../../helpers'; +import { DocumentDetailsAnalyzerPanelKey } from '../../shared/constants/panel_keys'; export const ANALYZE_GRAPH_ID = 'analyze_graph'; +export const ANALYZER_PREVIEW_BANNER = { + title: i18n.translate( + 'xpack.securitySolution.flyout.left.visualizations.analyzer.panelPreviewTitle', + { + defaultMessage: 'Preview analyzer panels', + } + ), + backgroundColor: 'warning', + textColor: 'warning', +}; + /** * Analyzer graph view displayed in the document details expandable flyout left section under the Visualize tab */ export const AnalyzeGraph: FC = () => { - const { eventId } = useDocumentDetailsContext(); - const scopeId = 'flyout'; // Different scope Id to distinguish flyout and data table analyzers + const { eventId, scopeId } = useDocumentDetailsContext(); + const key = useWhichFlyout() ?? 'memory'; const { from, to, shouldUpdate, selectedPatterns } = useTimelineDataFilters( isActiveTimeline(scopeId) ); const filters = useMemo(() => ({ from, to }), [from, to]); + const { openPreviewPanel } = useExpandableFlyoutApi(); - // TODO as part of https://github.com/elastic/security-team/issues/7032 - // bring back no data message if needed + const onClick = useCallback(() => { + openPreviewPanel({ + id: DocumentDetailsAnalyzerPanelKey, + params: { + resolverComponentInstanceID: `${key}-${scopeId}`, + banner: ANALYZER_PREVIEW_BANNER, + }, + }); + }, [openPreviewPanel, key, scopeId]); return (
); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx index f4a89cbc2b7bc..838209490f7d8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/index.tsx @@ -38,6 +38,10 @@ export const LeftPanel: FC> = memo(({ path }) => { 'securitySolutionNotesEnabled' ); + const visualizationInFlyoutEnabled = useIsExperimentalFeatureEnabled( + 'visualizationInFlyoutEnabled' + ); + const tabsDisplayed = useMemo(() => { const tabList = eventKind === EventKind.signal @@ -46,8 +50,11 @@ export const LeftPanel: FC> = memo(({ path }) => { if (securitySolutionNotesEnabled && !isPreview) { tabList.push(tabs.notesTab); } + if (visualizationInFlyoutEnabled && !isPreview) { + return [tabs.visualizeTab, ...tabList]; + } return tabList; - }, [eventKind, isPreview, securitySolutionNotesEnabled]); + }, [eventKind, isPreview, securitySolutionNotesEnabled, visualizationInFlyoutEnabled]); const selectedTabId = useMemo(() => { const defaultTab = tabsDisplayed[0].id; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx index 32f64aecd1cb8..031273c3e0892 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/left/tabs/visualize_tab.tsx @@ -12,14 +12,22 @@ import { useExpandableFlyoutApi, useExpandableFlyoutState } from '@kbn/expandabl import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; import { useDocumentDetailsContext } from '../../shared/context'; -import { DocumentDetailsLeftPanelKey } from '../../shared/constants/panel_keys'; +import { useWhichFlyout } from '../../shared/hooks/use_which_flyout'; +import { + DocumentDetailsLeftPanelKey, + DocumentDetailsAnalyzerPanelKey, +} from '../../shared/constants/panel_keys'; import { LeftPanelVisualizeTab } from '..'; import { VISUALIZE_TAB_BUTTON_GROUP_TEST_ID, VISUALIZE_TAB_GRAPH_ANALYZER_BUTTON_TEST_ID, VISUALIZE_TAB_SESSION_VIEW_BUTTON_TEST_ID, } from './test_ids'; -import { ANALYZE_GRAPH_ID, AnalyzeGraph } from '../components/analyze_graph'; +import { + ANALYZE_GRAPH_ID, + AnalyzeGraph, + ANALYZER_PREVIEW_BANNER, +} from '../components/analyze_graph'; import { SESSION_VIEW_ID, SessionView } from '../components/session_view'; import { ALERTS_ACTIONS } from '../../../../common/lib/apm/user_actions'; import { useStartTransaction } from '../../../../common/lib/apm/use_start_transaction'; @@ -52,11 +60,12 @@ const visualizeButtons: EuiButtonGroupOptionProps[] = [ */ export const VisualizeTab = memo(() => { const { eventId, indexName, scopeId } = useDocumentDetailsContext(); - const { openLeftPanel } = useExpandableFlyoutApi(); + const { openLeftPanel, openPreviewPanel } = useExpandableFlyoutApi(); const panels = useExpandableFlyoutState(); const [activeVisualizationId, setActiveVisualizationId] = useState( panels.left?.path?.subTab ?? SESSION_VIEW_ID ); + const key = useWhichFlyout() ?? 'memory'; const { startTransaction } = useStartTransaction(); const onChangeCompressed = useCallback( (optionId: string) => { @@ -76,8 +85,15 @@ export const VisualizeTab = memo(() => { scopeId, }, }); + openPreviewPanel({ + id: DocumentDetailsAnalyzerPanelKey, + params: { + resolverComponentInstanceID: `${key}-${scopeId}`, + banner: ANALYZER_PREVIEW_BANNER, + }, + }); }, - [startTransaction, eventId, indexName, scopeId, openLeftPanel] + [startTransaction, eventId, indexName, scopeId, openLeftPanel, openPreviewPanel, key] ); useEffect(() => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx index 550bda40e5e68..3908aef1eb6b9 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.test.tsx @@ -8,6 +8,7 @@ import { render, screen } from '@testing-library/react'; import { TestProviders } from '../../../../common/mock'; import React from 'react'; +import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; import { DocumentDetailsContext } from '../../shared/context'; import { mockContextValue } from '../../shared/mocks/mock_context'; import { AnalyzerPreviewContainer } from './analyzer_preview_container'; @@ -22,9 +23,18 @@ import { EXPANDABLE_PANEL_HEADER_TITLE_TEXT_TEST_ID, EXPANDABLE_PANEL_TOGGLE_ICON_TEST_ID, } from '@kbn/security-solution-common'; +import { mockFlyoutApi } from '../../shared/mocks/mock_flyout_context'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { useInvestigateInTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline'; +import { useWhichFlyout } from '../../shared/hooks/use_which_flyout'; +import { + DocumentDetailsLeftPanelKey, + DocumentDetailsAnalyzerPanelKey, +} from '../../shared/constants/panel_keys'; +import { ANALYZE_GRAPH_ID, ANALYZER_PREVIEW_BANNER } from '../../left/components/analyze_graph'; +jest.mock('@kbn/expandable-flyout'); jest.mock( '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver' ); @@ -32,6 +42,10 @@ jest.mock('../../shared/hooks/use_alert_prevalence_from_process_tree'); jest.mock( '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline' ); +jest.mock('../../shared/hooks/use_which_flyout'); +const mockUseWhichFlyout = useWhichFlyout as jest.Mock; +const FLYOUT_KEY = 'securitySolution'; + jest.mock('react-router-dom', () => { const actual = jest.requireActual('react-router-dom'); return { ...actual, useLocation: jest.fn().mockReturnValue({ pathname: '' }) }; @@ -45,6 +59,9 @@ jest.mock('react-redux', () => { }; }); +jest.mock('../../../../common/hooks/use_experimental_features'); +const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock; + const NO_ANALYZER_MESSAGE = 'You can only visualize events triggered by hosts configured with the Elastic Defend integration or any sysmon data from winlogbeat. Refer to Visual event analyzerExternal link(opens in a new tab or window) for more information.'; @@ -63,8 +80,11 @@ const renderAnalyzerPreview = (context = panelContextValue) => ); describe('AnalyzerPreviewContainer', () => { - afterEach(() => { + beforeEach(() => { jest.clearAllMocks(); + mockUseWhichFlyout.mockReturnValue(FLYOUT_KEY); + jest.mocked(useExpandableFlyoutApi).mockReturnValue(mockFlyoutApi); + mockUseIsExperimentalFeatureEnabled.mockReturnValue(false); }); it('should render component and link in header', () => { @@ -117,43 +137,104 @@ describe('AnalyzerPreviewContainer', () => { ).toHaveTextContent(NO_ANALYZER_MESSAGE); }); - it('should navigate to analyzer in timeline when clicking on title', () => { - (useIsInvestigateInResolverActionEnabled as jest.Mock).mockReturnValue(true); - (useAlertPrevalenceFromProcessTree as jest.Mock).mockReturnValue({ - loading: false, - error: false, - alertIds: ['alertid'], - statsNodes: mock.mockStatsNodes, + describe('when visualizationInFlyoutEnabled is disabled', () => { + it('should navigate to analyzer in timeline when clicking on title', () => { + (useIsInvestigateInResolverActionEnabled as jest.Mock).mockReturnValue(true); + (useAlertPrevalenceFromProcessTree as jest.Mock).mockReturnValue({ + loading: false, + error: false, + alertIds: ['alertid'], + statsNodes: mock.mockStatsNodes, + }); + (useInvestigateInTimeline as jest.Mock).mockReturnValue({ + investigateInTimelineAlertClick: jest.fn(), + }); + + const { getByTestId } = renderAnalyzerPreview(); + + const { investigateInTimelineAlertClick } = useInvestigateInTimeline({}); + + getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(ANALYZER_PREVIEW_TEST_ID)).click(); + expect(investigateInTimelineAlertClick).toHaveBeenCalled(); }); - (useInvestigateInTimeline as jest.Mock).mockReturnValue({ - investigateInTimelineAlertClick: jest.fn(), - }); - - const { getByTestId } = renderAnalyzerPreview(); - const { investigateInTimelineAlertClick } = useInvestigateInTimeline({}); - - getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(ANALYZER_PREVIEW_TEST_ID)).click(); - expect(investigateInTimelineAlertClick).toHaveBeenCalled(); + it('should not navigate to analyzer when in preview and clicking on title', () => { + (useIsInvestigateInResolverActionEnabled as jest.Mock).mockReturnValue(true); + (useAlertPrevalenceFromProcessTree as jest.Mock).mockReturnValue({ + loading: false, + error: false, + alertIds: ['alertid'], + statsNodes: mock.mockStatsNodes, + }); + (useInvestigateInTimeline as jest.Mock).mockReturnValue({ + investigateInTimelineAlertClick: jest.fn(), + }); + + const { queryByTestId } = renderAnalyzerPreview({ ...panelContextValue, isPreview: true }); + expect( + queryByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(ANALYZER_PREVIEW_TEST_ID)) + ).not.toBeInTheDocument(); + const { investigateInTimelineAlertClick } = useInvestigateInTimeline({}); + expect(investigateInTimelineAlertClick).not.toHaveBeenCalled(); + }); }); - it('should not navigate to analyzer when in preview and clicking on title', () => { - (useIsInvestigateInResolverActionEnabled as jest.Mock).mockReturnValue(true); - (useAlertPrevalenceFromProcessTree as jest.Mock).mockReturnValue({ - loading: false, - error: false, - alertIds: ['alertid'], - statsNodes: mock.mockStatsNodes, - }); - (useInvestigateInTimeline as jest.Mock).mockReturnValue({ - investigateInTimelineAlertClick: jest.fn(), + describe('when visualizationInFlyoutEnabled is enabled', () => { + it('should open left flyout visualization tab when clicking on title', () => { + mockUseIsExperimentalFeatureEnabled.mockReturnValue(true); + + (useIsInvestigateInResolverActionEnabled as jest.Mock).mockReturnValue(true); + (useAlertPrevalenceFromProcessTree as jest.Mock).mockReturnValue({ + loading: false, + error: false, + alertIds: ['alertid'], + statsNodes: mock.mockStatsNodes, + }); + (useInvestigateInTimeline as jest.Mock).mockReturnValue({ + investigateInTimelineAlertClick: jest.fn(), + }); + + const { getByTestId } = renderAnalyzerPreview(); + + getByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(ANALYZER_PREVIEW_TEST_ID)).click(); + expect(mockFlyoutApi.openLeftPanel).toHaveBeenCalledWith({ + id: DocumentDetailsLeftPanelKey, + path: { + tab: 'visualize', + subTab: ANALYZE_GRAPH_ID, + }, + params: { + id: mockContextValue.eventId, + indexName: mockContextValue.indexName, + scopeId: mockContextValue.scopeId, + }, + }); + expect(mockFlyoutApi.openPreviewPanel).toHaveBeenCalledWith({ + id: DocumentDetailsAnalyzerPanelKey, + params: { + resolverComponentInstanceID: `${FLYOUT_KEY}-${mockContextValue.scopeId}`, + banner: ANALYZER_PREVIEW_BANNER, + }, + }); }); - const { queryByTestId } = renderAnalyzerPreview({ ...panelContextValue, isPreview: true }); - expect( - queryByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(ANALYZER_PREVIEW_TEST_ID)) - ).not.toBeInTheDocument(); - const { investigateInTimelineAlertClick } = useInvestigateInTimeline({}); - expect(investigateInTimelineAlertClick).not.toHaveBeenCalled(); + it('should not disable link when in rule preview', () => { + mockUseIsExperimentalFeatureEnabled.mockReturnValue(true); + (useIsInvestigateInResolverActionEnabled as jest.Mock).mockReturnValue(true); + (useAlertPrevalenceFromProcessTree as jest.Mock).mockReturnValue({ + loading: false, + error: false, + alertIds: ['alertid'], + statsNodes: mock.mockStatsNodes, + }); + (useInvestigateInTimeline as jest.Mock).mockReturnValue({ + investigateInTimelineAlertClick: jest.fn(), + }); + + const { queryByTestId } = renderAnalyzerPreview({ ...panelContextValue, isPreview: true }); + expect( + queryByTestId(EXPANDABLE_PANEL_HEADER_TITLE_LINK_TEST_ID(ANALYZER_PREVIEW_TEST_ID)) + ).not.toBeInTheDocument(); + }); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx index f3d99d9144ad2..ab8b7d8cec668 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/analyzer_preview_container.tsx @@ -11,6 +11,14 @@ import { TimelineTabs } from '@kbn/securitysolution-data-table'; import { EuiLink, EuiMark } from '@elastic/eui'; import { FormattedMessage } from '@kbn/i18n-react'; import { ExpandablePanel } from '@kbn/security-solution-common'; +import { useExpandableFlyoutApi } from '@kbn/expandable-flyout'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; +import { useWhichFlyout } from '../../shared/hooks/use_which_flyout'; +import { + DocumentDetailsLeftPanelKey, + DocumentDetailsAnalyzerPanelKey, +} from '../../shared/constants/panel_keys'; +import { useKibana } from '../../../../common/lib/kibana'; import { useStartTransaction } from '../../../../common/lib/apm/use_start_transaction'; import { useInvestigateInTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline'; import { ALERTS_ACTIONS } from '../../../../common/lib/apm/user_actions'; @@ -20,6 +28,7 @@ import { useDocumentDetailsContext } from '../../shared/context'; import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver'; import { AnalyzerPreview } from './analyzer_preview'; import { ANALYZER_PREVIEW_TEST_ID } from './test_ids'; +import { ANALYZE_GRAPH_ID, ANALYZER_PREVIEW_BANNER } from '../../left/components/analyze_graph'; const timelineId = 'timeline-1'; @@ -27,8 +36,15 @@ const timelineId = 'timeline-1'; * Analyzer preview under Overview, Visualizations. It shows a tree representation of analyzer. */ export const AnalyzerPreviewContainer: React.FC = () => { - const { dataAsNestedObject, isPreview } = useDocumentDetailsContext(); + const { telemetry } = useKibana().services; + const { dataAsNestedObject, isPreview, eventId, indexName, scopeId } = + useDocumentDetailsContext(); + const { openLeftPanel, openPreviewPanel } = useExpandableFlyoutApi(); + const key = useWhichFlyout() ?? 'memory'; + const visualizationInFlyoutEnabled = useIsExperimentalFeatureEnabled( + 'visualizationInFlyoutEnabled' + ); // decide whether to show the analyzer preview or not const isEnabled = useIsInvestigateInResolverActionEnabled(dataAsNestedObject); @@ -54,6 +70,33 @@ export const AnalyzerPreviewContainer: React.FC = () => { dispatch(setActiveTabTimeline({ id: timelineId, activeTab: TimelineTabs.graph })); }, [dataAsNestedObject, dispatch, investigateInTimelineAlertClick, startTransaction]); + const gotoVisualizationTab = useCallback(() => { + openLeftPanel({ + id: DocumentDetailsLeftPanelKey, + path: { + tab: 'visualize', + subTab: ANALYZE_GRAPH_ID, + }, + params: { + id: eventId, + indexName, + scopeId, + }, + }); + openPreviewPanel({ + id: DocumentDetailsAnalyzerPanelKey, + params: { + resolverComponentInstanceID: `${key}-${scopeId}`, + banner: ANALYZER_PREVIEW_BANNER, + }, + }); + telemetry.reportDetailsFlyoutTabClicked({ + location: scopeId, + panel: 'left', + tabId: 'visualize', + }); + }, [eventId, indexName, openLeftPanel, openPreviewPanel, key, scopeId, telemetry]); + return ( { defaultMessage="Analyzer preview" /> ), - iconType: 'timeline', + iconType: visualizationInFlyoutEnabled ? 'arrowStart' : 'timeline', ...(isEnabled && !isPreview && { link: { - callback: goToAnalyzerTab, - tooltip: ( + callback: visualizationInFlyoutEnabled ? gotoVisualizationTab : goToAnalyzerTab, + tooltip: visualizationInFlyoutEnabled ? ( + + ) : ( ), diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx index f204c18f9036a..c62824a529e1a 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/visualizations_section.test.tsx @@ -24,6 +24,7 @@ import { TestProvider } from '@kbn/expandable-flyout/src/test/provider'; import { useExpandSection } from '../hooks/use_expand_section'; import { useInvestigateInTimeline } from '../../../../detections/components/alerts_table/timeline_actions/use_investigate_in_timeline'; import { useIsInvestigateInResolverActionEnabled } from '../../../../detections/components/alerts_table/timeline_actions/investigate_in_resolver'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; jest.mock('../hooks/use_expand_section'); jest.mock('../../shared/hooks/use_alert_prevalence_from_process_tree', () => ({ @@ -31,6 +32,9 @@ jest.mock('../../shared/hooks/use_alert_prevalence_from_process_tree', () => ({ })); const mockUseAlertPrevalenceFromProcessTree = useAlertPrevalenceFromProcessTree as jest.Mock; +jest.mock('../../../../common/hooks/use_experimental_features'); +const mockUseIsExperimentalFeatureEnabled = useIsExperimentalFeatureEnabled as jest.Mock; + jest.mock('../../../../timelines/containers/use_timeline_data_filters', () => ({ useTimelineDataFilters: jest.fn(), })); @@ -68,6 +72,7 @@ const renderVisualizationsSection = (contextValue = panelContextValue) => describe('', () => { beforeEach(() => { + mockUseIsExperimentalFeatureEnabled.mockReturnValue(false); mockUseTimelineDataFilters.mockReturnValue({ selectedPatterns: ['index'] }); mockUseAlertPrevalenceFromProcessTree.mockReturnValue({ loading: false, diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts b/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts index b3f6cd3343ef1..fa40f1e0e6674 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/shared/constants/panel_keys.ts @@ -11,3 +11,4 @@ export const DocumentDetailsPreviewPanelKey = 'document-details-preview' as cons export const DocumentDetailsIsolateHostPanelKey = 'document-details-isolate-host' as const; export const DocumentDetailsAlertReasonPanelKey = 'document-details-alert-reason' as const; +export const DocumentDetailsAnalyzerPanelKey = 'document-details-analyzer-details' as const; diff --git a/x-pack/plugins/security_solution/public/flyout/index.tsx b/x-pack/plugins/security_solution/public/flyout/index.tsx index 82c82583a4512..ab5c874898ef0 100644 --- a/x-pack/plugins/security_solution/public/flyout/index.tsx +++ b/x-pack/plugins/security_solution/public/flyout/index.tsx @@ -16,6 +16,7 @@ import { DocumentDetailsRightPanelKey, DocumentDetailsPreviewPanelKey, DocumentDetailsAlertReasonPanelKey, + DocumentDetailsAnalyzerPanelKey, } from './document_details/shared/constants/panel_keys'; import type { IsolateHostPanelProps } from './document_details/isolate_host'; import { IsolateHostPanel } from './document_details/isolate_host'; @@ -39,6 +40,8 @@ import { HostPanel, HostPanelKey, HostPreviewPanelKey } from './entity_details/h import type { HostDetailsExpandableFlyoutProps } from './entity_details/host_details_left'; import { HostDetailsPanel, HostDetailsPanelKey } from './entity_details/host_details_left'; import { NetworkPanel, NetworkPanelKey } from './network_details'; +import type { AnalyzerPanelExpandableFlyoutProps } from './document_details/analyzer_panels'; +import { AnalyzerPanel } from './document_details/analyzer_panels'; /** * List of all panels that will be used within the document details expandable flyout. @@ -95,6 +98,12 @@ const expandableFlyoutDocumentsPanels: ExpandableFlyoutProps['registeredPanels'] ), }, + { + key: DocumentDetailsAnalyzerPanelKey, + component: (props) => ( + + ), + }, { key: UserPanelKey, component: (props) => , diff --git a/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/index.tsx b/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/index.tsx index 7037be2f6189a..3f7f149e8d4f9 100644 --- a/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/index.tsx +++ b/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/index.tsx @@ -81,6 +81,8 @@ export class Simulator { history, filters, shouldUpdate, + isSplitPanel, + showPanelOnClick, }: { /** * A (mock) data access layer that will be used to create the Resolver store. @@ -101,6 +103,8 @@ export class Simulator { history?: HistoryPackageHistoryInterface; filters: TimeFilters; shouldUpdate: boolean; + isSplitPanel?: boolean; + showPanelOnClick?: () => void; }) { // create the spy middleware (for debugging tests) this.spyMiddleware = spyMiddlewareFactory(); @@ -152,6 +156,8 @@ export class Simulator { indices={indices} filters={filters} shouldUpdate={shouldUpdate} + isSplitPanel={isSplitPanel} + showPanelOnClick={showPanelOnClick} /> ); } diff --git a/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/mock_resolver.tsx b/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/mock_resolver.tsx index a37f2185c441b..edefdde302c25 100644 --- a/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/mock_resolver.tsx +++ b/x-pack/plugins/security_solution/public/resolver/test_utilities/simulator/mock_resolver.tsx @@ -107,6 +107,8 @@ export const MockResolver = React.memo((props: MockResolverProps) => { indices={props.indices} shouldUpdate={props.shouldUpdate} filters={props.filters} + isSplitPanel={props.isSplitPanel} + showPanelOnClick={props.showPanelOnClick} /> diff --git a/x-pack/plugins/security_solution/public/resolver/types.ts b/x-pack/plugins/security_solution/public/resolver/types.ts index 60ad9cec4c843..1f18ce35b72ca 100644 --- a/x-pack/plugins/security_solution/public/resolver/types.ts +++ b/x-pack/plugins/security_solution/public/resolver/types.ts @@ -846,6 +846,16 @@ export interface ResolverProps { * A flag to update data from an external source */ shouldUpdate: boolean; + + /** + * If true, the details panel is not shown in the graph and a view button is shown to manage the panel visibility. + */ + isSplitPanel?: boolean; + + /** + * Optional callback for showing details panels separately from the graph. + */ + showPanelOnClick?: () => void; } /** diff --git a/x-pack/plugins/security_solution/public/resolver/view/controls/index.test.tsx b/x-pack/plugins/security_solution/public/resolver/view/controls/index.test.tsx index fcc6ca2734f85..716a5074c02ad 100644 --- a/x-pack/plugins/security_solution/public/resolver/view/controls/index.test.tsx +++ b/x-pack/plugins/security_solution/public/resolver/view/controls/index.test.tsx @@ -102,6 +102,68 @@ describe('graph controls: when relsover is loaded with an origin node', () => { await expect(originNodeStyle()).toYieldObjectEqualTo(originalPositionStyle); }); + it('should not display the view button by default', async () => { + await expect( + simulator.map(() => ({ + showPanelButton: simulator.testSubject('resolver:graph-controls:show-panel-button').length, + })) + ).toYieldEqualTo({ showPanelButton: 0 }); + }); + + describe('when split mode is enabled', () => { + it('should display the view button when callback is available', async () => { + const { + metadata: { databaseDocumentID }, + dataAccessLayer, + } = noAncestorsTwoChildren(); + + const showPanelOnClick = jest.fn(); + simulator = new Simulator({ + dataAccessLayer, + databaseDocumentID, + resolverComponentInstanceID, + indices: [], + shouldUpdate: false, + filters: {}, + isSplitPanel: true, + showPanelOnClick, + }); + + await expect( + simulator.map(() => ({ + showPanelButton: simulator.testSubject('resolver:graph-controls:show-panel-button') + .length, + })) + ).toYieldEqualTo({ showPanelButton: 1 }); + (await simulator.resolve('resolver:graph-controls:show-panel-button'))?.simulate('click'); + expect(showPanelOnClick).toHaveBeenCalled(); + }); + + it('should not display the view button when callback is not available', async () => { + const { + metadata: { databaseDocumentID }, + dataAccessLayer, + } = noAncestorsTwoChildren(); + + simulator = new Simulator({ + dataAccessLayer, + databaseDocumentID, + resolverComponentInstanceID, + indices: [], + shouldUpdate: false, + filters: {}, + isSplitPanel: true, + }); + + await expect( + simulator.map(() => ({ + showPanelButton: simulator.testSubject('resolver:graph-controls:show-panel-button') + .length, + })) + ).toYieldEqualTo({ showPanelButton: 0 }); + }); + }); + describe('when the user clicks the west panning button', () => { beforeEach(async () => { (await simulator.resolve('resolver:graph-controls:west-button'))?.simulate('click'); diff --git a/x-pack/plugins/security_solution/public/resolver/view/controls/index.tsx b/x-pack/plugins/security_solution/public/resolver/view/controls/index.tsx index 5ab8982a82049..58146c2c8ce1c 100644 --- a/x-pack/plugins/security_solution/public/resolver/view/controls/index.tsx +++ b/x-pack/plugins/security_solution/public/resolver/view/controls/index.tsx @@ -28,6 +28,7 @@ import { DateSelectionButton } from './date_picker'; import { StyledGraphControls, StyledGraphControlsColumn, StyledEuiRange } from './styles'; import { NodeLegend } from './legend'; import { SchemaInformation } from './schema'; +import { ShowPanelButton } from './show_panel'; type PopoverType = null | 'schemaInfo' | 'nodeLegend' | 'sourcererSelection' | 'datePicker'; @@ -35,6 +36,8 @@ export const GraphControls = React.memo( ({ id, className, + isSplitPanel, + showPanelOnClick, }: { /** * Id that identify the scope of analyzer @@ -44,6 +47,14 @@ export const GraphControls = React.memo( * A className string provided by `styled` */ className?: string; + /** + * Indicate if the panel is displayed separately + */ + isSplitPanel?: boolean; + /** + * Callback for showing the panel when isSplitPanel is true + */ + showPanelOnClick?: () => void; }) => { const dispatch = useDispatch(); const scalingFactor = useSelector((state: State) => @@ -148,6 +159,9 @@ export const GraphControls = React.memo( /> ) : null} + {isSplitPanel && showPanelOnClick && ( + + )} diff --git a/x-pack/plugins/security_solution/public/resolver/view/controls/show_panel.tsx b/x-pack/plugins/security_solution/public/resolver/view/controls/show_panel.tsx new file mode 100644 index 0000000000000..72fa6c925f680 --- /dev/null +++ b/x-pack/plugins/security_solution/public/resolver/view/controls/show_panel.tsx @@ -0,0 +1,38 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo } from 'react'; +import { i18n } from '@kbn/i18n'; +import { StyledEuiButtonIcon } from './styles'; +import { useColors } from '../use_colors'; + +const showPanelButtonTitle = i18n.translate( + 'xpack.securitySolution.resolver.graphControls.showPanelButtonTitle', + { + defaultMessage: 'Show details panel', + } +); + +export const ShowPanelButton = memo(({ showPanelOnClick }: { showPanelOnClick: () => void }) => { + const colorMap = useColors(); + + return ( + + ); +}); + +ShowPanelButton.displayName = 'ShowPanelButton'; diff --git a/x-pack/plugins/security_solution/public/resolver/view/details_panel.test.tsx b/x-pack/plugins/security_solution/public/resolver/view/details_panel.test.tsx new file mode 100644 index 0000000000000..b0058bb5701ff --- /dev/null +++ b/x-pack/plugins/security_solution/public/resolver/view/details_panel.test.tsx @@ -0,0 +1,177 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { Provider } from 'react-redux'; +import { render } from '@testing-library/react'; +import { Router } from '@kbn/shared-ux-router'; +import { I18nProvider } from '@kbn/i18n-react'; +import { TestProviders, createMockStore, mockGlobalState } from '../../common/mock'; +import type { ResolverState } from '../types'; +import { createMemoryHistory } from 'history'; +import { coreMock } from '@kbn/core/public/mocks'; +import { DetailsPanel } from './details_panel'; +import { EMPTY_RESOLVER } from '../store/helpers'; +import { uiSetting } from '../mocks/ui_setting'; +import '../test_utilities/extend_jest'; + +const defaultInstanceID = 'details-panel-test'; +const parameters = { databaseDocumentID: 'id', indices: [], agentId: '', filters: {} }; +const schema = { id: 'id', parent: 'parent' }; +const dataSource = 'data source'; + +const renderDetailsPanel = ({ + resolverComponentInstanceID = defaultInstanceID, + reduxState = EMPTY_RESOLVER, +}: { + resolverComponentInstanceID?: string; + reduxState?: ResolverState; +}) => { + // Create a redux store with top level global redux state + const store = createMockStore( + { + ...mockGlobalState, + sourcerer: { + ...mockGlobalState.sourcerer, + sourcererScopes: { + ...mockGlobalState.sourcerer.sourcererScopes, + analyzer: { + ...mockGlobalState.sourcerer.sourcererScopes.default, + selectedPatterns: [], + }, + }, + }, + analyzer: { + 'details-panel-test': reduxState, + }, + }, + undefined, + undefined, + undefined + ); + + // If needed, create a fake 'history' instance. + // Resolver will use to read and write query string values. + const history = createMemoryHistory(); + + // Used for `KibanaContextProvider` + const coreStart = coreMock.createStart(); + coreStart.settings.client.get.mockImplementation(uiSetting); + + return render( + + + + + + + + + + ); +}; + +describe('', () => { + describe('When resolver is not initialized', () => { + it('should display a loading state', () => { + const { getByTestId } = renderDetailsPanel({ + resolverComponentInstanceID: 'test', // not in store + }); + expect(getByTestId('resolver:panel:loading')).toBeInTheDocument(); + }); + }); + + describe('When resolver is initialized', () => { + it('should display a loading state when resolver data is loading', () => { + const reduxState: ResolverState = { + ...EMPTY_RESOLVER, + data: { + ...EMPTY_RESOLVER.data, + tree: { + pendingRequestParameters: parameters, + }, + }, + }; + + const { getByTestId } = renderDetailsPanel({ reduxState }); + expect(getByTestId('resolver:panel:loading')).toBeInTheDocument(); + }); + + it("should display error message when entities request doesn't return any data", () => { + const reduxState: ResolverState = { + ...EMPTY_RESOLVER, + data: { + ...EMPTY_RESOLVER.data, + tree: { + ...EMPTY_RESOLVER.data.tree, + lastResponse: { + parameters, + successful: false, + }, + }, + }, + }; + + const { getByTestId, getByText } = renderDetailsPanel({ reduxState }); + expect(getByTestId('resolver:panel:error')).toBeInTheDocument(); + expect(getByText('Error loading data.')).toBeInTheDocument(); + }); + + it("should display a no data message when resolver tree request doesn't return any data", () => { + const reduxState: ResolverState = { + ...EMPTY_RESOLVER, + data: { + ...EMPTY_RESOLVER.data, + tree: { + ...EMPTY_RESOLVER.data.tree, + lastResponse: { + parameters, + schema, + dataSource, + successful: true, + result: { originID: '', nodes: [] }, + }, + }, + }, + }; + + const { getByTestId } = renderDetailsPanel({ reduxState }); + expect(getByTestId('resolver:no-process-events')).toBeInTheDocument(); + }); + + it('should display the node panel when both queries resolve successfaully', () => { + const reduxState: ResolverState = { + ...EMPTY_RESOLVER, + data: { + ...EMPTY_RESOLVER.data, + tree: { + ...EMPTY_RESOLVER.data.tree, + lastResponse: { + parameters, + schema, + dataSource, + successful: true, + result: { + originID: 'id', + nodes: [ + { + id: 'node', + data: { 'host.name': 'test' }, + stats: { total: 1, byCategory: {} }, + }, + ], + }, + }, + }, + }, + }; + + const { getByTestId } = renderDetailsPanel({ reduxState }); + expect(getByTestId('resolver:node-list')).toBeInTheDocument(); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/resolver/view/details_panel.tsx b/x-pack/plugins/security_solution/public/resolver/view/details_panel.tsx new file mode 100644 index 0000000000000..b4158c85c1772 --- /dev/null +++ b/x-pack/plugins/security_solution/public/resolver/view/details_panel.tsx @@ -0,0 +1,77 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { useSelector } from 'react-redux'; +import { EuiLoadingSpinner } from '@elastic/eui'; +import { FormattedMessage } from '@kbn/i18n-react'; +import * as selectors from '../store/selectors'; +import { PanelRouter } from './panels'; +import { ResolverNoProcessEvents } from './resolver_no_process_events'; +import type { State } from '../../common/store/types'; + +interface DetailsPanelProps { + /** + * Id that identify the scope of analyzer + */ + resolverComponentInstanceID: string; +} + +/** + * Details panel component + */ +const DetailsPanelComponent = React.memo(({ resolverComponentInstanceID }: DetailsPanelProps) => { + const isLoading = useSelector((state: State) => + selectors.isTreeLoading(state.analyzer[resolverComponentInstanceID]) + ); + const hasError = useSelector((state: State) => + selectors.hadErrorLoadingTree(state.analyzer[resolverComponentInstanceID]) + ); + const resolverTreeHasNodes = useSelector((state: State) => + selectors.resolverTreeHasNodes(state.analyzer[resolverComponentInstanceID]) + ); + + return isLoading ? ( +
+ +
+ ) : hasError ? ( +
+
+ {' '} + +
+
+ ) : resolverTreeHasNodes ? ( + + ) : ( + + ); +}); +DetailsPanelComponent.displayName = 'DetailsPanelComponent'; + +/** + * Stand alone details panel to be used when in split panel mode + */ +export const DetailsPanel = React.memo(({ resolverComponentInstanceID }: DetailsPanelProps) => { + const isAnalyzerInitialized = useSelector((state: State) => + Boolean(state.analyzer[resolverComponentInstanceID]) + ); + + return isAnalyzerInitialized ? ( + + ) : ( +
+ +
+ ); +}); + +DetailsPanel.displayName = 'DetailsPanel'; diff --git a/x-pack/plugins/security_solution/public/resolver/view/resolver_without_providers.tsx b/x-pack/plugins/security_solution/public/resolver/view/resolver_without_providers.tsx index f9dafcf717ad3..e9090dd7fa9df 100644 --- a/x-pack/plugins/security_solution/public/resolver/view/resolver_without_providers.tsx +++ b/x-pack/plugins/security_solution/public/resolver/view/resolver_without_providers.tsx @@ -42,6 +42,8 @@ export const ResolverWithoutProviders = React.memo( indices, shouldUpdate, filters, + isSplitPanel = false, + showPanelOnClick, }: ResolverProps, refToForward ) { @@ -162,14 +164,20 @@ export const ResolverWithoutProviders = React.memo( ); })} - - - + {!isSplitPanel && ( + + + + )} ) : ( )} - + ); diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index 8960e3cb69dad..f291729bd6fad 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -39079,7 +39079,6 @@ "xpack.securitySolution.flyout.right.title.otherEventTitle": "Détails de {eventKind}", "xpack.securitySolution.flyout.right.user.userPreviewTitle": "Prévisualiser l'utilisateur", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.analyzerPreviewTitle": "Aperçu de l'analyseur", - "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.analyzerPreviewTooltip": "Investiguer dans la chronologie", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.errorDescription": "Une erreur empêche l'analyse de cette alerte.", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.loadingAriaLabel": "aperçu de l'analyseur", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.noDataDescription": "Vous pouvez uniquement visualiser les événements déclenchés par les hôtes configurés avec l'intégration Elastic Defend ou les données {sysmon} provenant de {winlogbeat}. Pour en savoir plus, consultez {link}.", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index e82ea9455271f..786967f137bfe 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -39061,7 +39061,6 @@ "xpack.securitySolution.flyout.right.title.otherEventTitle": "{eventKind}詳細", "xpack.securitySolution.flyout.right.user.userPreviewTitle": "ユーザーをプレビュー", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.analyzerPreviewTitle": "アナライザープレビュー", - "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.analyzerPreviewTooltip": "タイムラインで調査", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.errorDescription": "エラーが発生したため、このアラートを分析できません。", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.loadingAriaLabel": "アナライザープレビュー", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.noDataDescription": "Elastic Defend統合で構成されたホストまたは{winlogbeat}の{sysmon}データによってトリガーされたイベントのみを可視化できます。詳細については、{link}を参照してください。", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 6933773e814d3..22146249393c6 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -39104,7 +39104,6 @@ "xpack.securitySolution.flyout.right.title.otherEventTitle": "{eventKind} 详情", "xpack.securitySolution.flyout.right.user.userPreviewTitle": "预览用户", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.analyzerPreviewTitle": "分析器预览", - "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.analyzerPreviewTooltip": "在时间线中调查", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.errorDescription": "出现错误,无法分析此告警。", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.loadingAriaLabel": "分析器预览", "xpack.securitySolution.flyout.right.visualizations.analyzerPreview.noDataDescription": "您只能可视化由使用 Elastic Defend 集成或来自 {winlogbeat} 的任何 {sysmon} 数据配置的主机触发的事件。请参阅 {link} 了解更多信息。", From 444f95ed0b4a2d251851f40d62b126544a6c17c0 Mon Sep 17 00:00:00 2001 From: Yngrid Coello Date: Thu, 19 Sep 2024 20:47:45 +0200 Subject: [PATCH 11/74] [Dataset quality] remove usage of dataStreamStats API in serverless (#192839) Closes https://github.com/elastic/kibana/issues/192166. This PR aims to remove the usage of `DataStreamStats` API in serverless. Aditionally we now make use of the new verbose mode for `DataStream` API which allow us to still show the `lastActivity` for serverless projects. The change was implemented for both flavours. Visually it won't represent any changes at the moment, but here are the two flavours still working as before https://github.com/user-attachments/assets/18cc9b14-24f1-438a-ac07-565c3e728991 --- .../common/insufficient_privileges.tsx | 4 +- .../summary_panel/datasets_activity.tsx | 5 +- .../dataset_quality/table/columns.tsx | 71 ++++++++----------- .../get_data_stream_details/index.ts | 27 ++++--- .../get_data_streams/get_data_streams.test.ts | 24 +++++-- .../data_streams/get_data_streams/index.ts | 26 ++++--- .../get_data_streams_stats/index.ts | 39 ++++------ .../server/routes/data_streams/routes.ts | 32 +++++---- .../server/services/data_stream.ts | 2 + .../dataset_quality_privileges.ts | 27 ++----- .../dataset_quality_privileges.ts | 21 ------ 11 files changed, 121 insertions(+), 157 deletions(-) diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/common/insufficient_privileges.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/common/insufficient_privileges.tsx index de9c99a7eda9c..596a220a5b13d 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/public/components/common/insufficient_privileges.tsx +++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/common/insufficient_privileges.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import React, { useCallback } from 'react'; +import React from 'react'; import useToggle from 'react-use/lib/useToggle'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; @@ -54,7 +54,7 @@ export const PrivilegesWarningIconWrapper = ({ }) => { const [isPopoverOpen, togglePopover] = useToggle(false); - const handleButtonClick = useCallback(() => togglePopover(true), [togglePopover]); + const handleButtonClick = togglePopover; if (hasPrivileges) { return <>{children}; diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_activity.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_activity.tsx index 0596e7b05c74e..02cd22481bef1 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_activity.tsx +++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/summary_panel/datasets_activity.tsx @@ -16,8 +16,7 @@ import { import { DataPlaceholder } from './data_placeholder'; export function DatasetsActivity() { - const { datasetsActivity, isDatasetsActivityLoading, isUserAuthorizedForDataset } = - useSummaryPanelContext(); + const { datasetsActivity, isDatasetsActivityLoading } = useSummaryPanelContext(); const text = `${datasetsActivity.active} ${tableSummaryOfText} ${datasetsActivity.total}`; return ( @@ -26,7 +25,7 @@ export function DatasetsActivity() { tooltip={summaryPanelDatasetsActivityTooltipText} value={text} isLoading={isDatasetsActivityLoading} - isUserAuthorizedForDataset={isUserAuthorizedForDataset} + isUserAuthorizedForDataset={true} /> ); } diff --git a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx index 98c535bd09214..da6bbf1628d10 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx +++ b/x-pack/plugins/observability_solution/dataset_quality/public/components/dataset_quality/table/columns.tsx @@ -300,46 +300,37 @@ export const getDatasetQualityTableColumns = ({ ), width: '140px', }, - ...(canUserMonitorDataset && canUserMonitorAnyDataStream - ? [ - { - name: ( - - {lastActivityColumnName} - - ), - field: 'lastActivity', - render: (timestamp: number, { userPrivileges, title }: DataStreamStat) => ( - - - {!isActiveDataset(timestamp) ? ( - - {inactiveDatasetActivityColumnDescription} - - - - - ) : ( - fieldFormats - .getDefaultInstance(KBN_FIELD_TYPES.DATE, [ES_FIELD_TYPES.DATE]) - .convert(timestamp) - )} - - - ), - width: '300px', - sortable: true, - }, - ] - : []), + { + name: ( + + {lastActivityColumnName} + + ), + field: 'lastActivity', + render: (timestamp: number) => ( + + {!isActiveDataset(timestamp) ? ( + + {inactiveDatasetActivityColumnDescription} + + + + + ) : ( + fieldFormats + .getDefaultInstance(KBN_FIELD_TYPES.DATE, [ES_FIELD_TYPES.DATE]) + .convert(timestamp) + )} + + ), + width: '300px', + sortable: true, + }, { name: actionsColumnName, render: (dataStreamStat: DataStreamStat) => ( diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts index e2067dedd26d2..4aeeb1087ba89 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts +++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_stream_details/index.ts @@ -19,7 +19,7 @@ import { _IGNORED } from '../../../../common/es_fields'; import { DataStreamDetails, DataStreamSettings } from '../../../../common/api_types'; import { createDatasetQualityESClient } from '../../../utils'; import { dataStreamService, datasetQualityPrivileges } from '../../../services'; -import { getDataStreamsStats } from '../get_data_streams_stats'; +import { getDataStreams } from '../get_data_streams'; export async function getDataStreamSettings({ esClient, @@ -49,13 +49,13 @@ export async function getDataStreamDetails({ dataStream, start, end, - sizeStatsAvailable = true, + isServerless, }: { esClient: ElasticsearchClient; dataStream: string; start: number; end: number; - sizeStatsAvailable?: boolean; // Only Needed to determine whether `_stats` endpoint is available https://github.com/elastic/kibana/issues/178954 + isServerless: boolean; }): Promise { throwIfInvalidDataStreamParams(dataStream); @@ -63,14 +63,13 @@ export async function getDataStreamDetails({ await datasetQualityPrivileges.getHasIndexPrivileges(esClient, [dataStream], ['monitor']) )[dataStream]; - const lastActivity = hasAccessToDataStream + const esDataStream = hasAccessToDataStream ? ( - await getDataStreamsStats({ + await getDataStreams({ esClient, - dataStreams: [dataStream], - sizeStatsAvailable, + datasetQuery: dataStream, }) - ).items[0]?.lastActivity + ).dataStreams[0] : undefined; try { @@ -82,17 +81,17 @@ export async function getDataStreamDetails({ ); const whenSizeStatsNotAvailable = NaN; // This will indicate size cannot be calculated - const avgDocSizeInBytes = sizeStatsAvailable - ? hasAccessToDataStream && dataStreamSummaryStats.docsCount > 0 - ? await getAvgDocSizeInBytes(esClient, dataStream) - : 0 - : whenSizeStatsNotAvailable; + const avgDocSizeInBytes = isServerless + ? whenSizeStatsNotAvailable + : hasAccessToDataStream && dataStreamSummaryStats.docsCount > 0 + ? await getAvgDocSizeInBytes(esClient, dataStream) + : 0; const sizeBytes = Math.ceil(avgDocSizeInBytes * dataStreamSummaryStats.docsCount); return { ...dataStreamSummaryStats, sizeBytes, - lastActivity, + lastActivity: esDataStream?.lastActivity, userPrivileges: { canMonitor: hasAccessToDataStream, }, diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/get_data_streams.test.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/get_data_streams.test.ts index 907c0c0fdc05c..4f1c4ea845703 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/get_data_streams.test.ts +++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/get_data_streams.test.ts @@ -40,8 +40,22 @@ describe('getDataStreams', () => { const esClientMock = elasticsearchServiceMock.createElasticsearchClient(); const result = await getDataStreams({ esClient: esClientMock, - types: ['logs'], - datasetQuery: 'nginx-*', + types: ['logs', 'metrics'], + uncategorisedOnly: true, + }); + expect(dataStreamService.getMatchingDataStreams).toHaveBeenCalledWith( + expect.anything(), + 'logs-*-*,metrics-*-*' + ); + + expect(result.datasetUserPrivileges.canMonitor).toBe(true); + }); + + it('Passes datasetQuery parameter to the DataStreamService', async () => { + const esClientMock = elasticsearchServiceMock.createElasticsearchClient(); + const result = await getDataStreams({ + esClient: esClientMock, + datasetQuery: 'logs-nginx-*', uncategorisedOnly: true, }); expect(dataStreamService.getMatchingDataStreams).toHaveBeenCalledWith( @@ -58,20 +72,18 @@ describe('getDataStreams', () => { const results = await getDataStreams({ esClient: esClientMock, types: ['logs'], - datasetQuery: 'nginx-*', uncategorisedOnly: true, }); - expect(results.items.length).toBe(1); + expect(results.dataStreams.length).toBe(1); }); it('Returns the correct number of results when false', async () => { const esClientMock = elasticsearchServiceMock.createElasticsearchClient(); const results = await getDataStreams({ esClient: esClientMock, types: ['logs'], - datasetQuery: 'nginx-*', uncategorisedOnly: false, }); - expect(results.items.length).toBe(5); + expect(results.dataStreams.length).toBe(5); }); }); }); diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts index 853a0cf208b42..f2a4f458560e6 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts +++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams/index.ts @@ -12,18 +12,20 @@ import { dataStreamService, datasetQualityPrivileges } from '../../../services'; export async function getDataStreams(options: { esClient: ElasticsearchClient; - types: DataStreamType[]; + types?: DataStreamType[]; datasetQuery?: string; - uncategorisedOnly: boolean; + uncategorisedOnly?: boolean; }) { - const { esClient, types, datasetQuery, uncategorisedOnly } = options; + const { esClient, types = [], datasetQuery, uncategorisedOnly } = options; - const datasetNames = types.map((type) => - streamPartsToIndexPattern({ - typePattern: type, - datasetPattern: datasetQuery ? `${datasetQuery}` : '*-*', - }) - ); + const datasetNames = datasetQuery + ? [datasetQuery] + : types.map((type) => + streamPartsToIndexPattern({ + typePattern: type, + datasetPattern: '*-*', + }) + ); const datasetUserPrivileges = await datasetQualityPrivileges.getDatasetPrivileges( esClient, @@ -32,7 +34,7 @@ export async function getDataStreams(options: { if (!datasetUserPrivileges.canMonitor) { return { - items: [], + dataStreams: [], datasetUserPrivileges, }; } @@ -59,13 +61,15 @@ export async function getDataStreams(options: { const mappedDataStreams = filteredDataStreams.map((dataStream) => ({ name: dataStream.name, integration: dataStream._meta?.package?.name, + // @ts-expect-error + lastActivity: dataStream.maximum_timestamp, userPrivileges: { canMonitor: dataStreamsPrivileges[dataStream.name], }, })); return { - items: mappedDataStreams, + dataStreams: mappedDataStreams, datasetUserPrivileges, }; } diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams_stats/index.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams_stats/index.ts index 8c7878f244862..e99c5866c2f93 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams_stats/index.ts +++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/get_data_streams_stats/index.ts @@ -12,42 +12,31 @@ import { indexStatsService } from '../../../services'; export async function getDataStreamsStats({ esClient, dataStreams, - sizeStatsAvailable = true, }: { esClient: ElasticsearchClient; dataStreams: string[]; - sizeStatsAvailable?: boolean; // Only Needed to determine whether `_stats` endpoint is available https://github.com/elastic/kibana/issues/178954 -}) { +}): Promise> { if (!dataStreams.length) { - return { - items: [], - }; + return {}; } const matchingDataStreamsStats = dataStreamService.getStreamsStats(esClient, dataStreams); - - const indicesDocsCount = sizeStatsAvailable - ? indexStatsService.getIndicesDocCounts(esClient, dataStreams) - : Promise.resolve(null); + const indicesDocsCount = indexStatsService.getIndicesDocCounts(esClient, dataStreams); const [indicesDocsCountStats, dataStreamsStats] = await Promise.all([ indicesDocsCount, matchingDataStreamsStats, ]); - const mappedDataStreams = dataStreamsStats.map((dataStream) => { - return { - name: dataStream.data_stream, - size: dataStream.store_size?.toString(), - sizeBytes: dataStream.store_size_bytes, - lastActivity: dataStream.maximum_timestamp, - totalDocs: sizeStatsAvailable - ? indicesDocsCountStats!.docsCountPerDataStream[dataStream.data_stream] || 0 - : null, - }; - }); - - return { - items: mappedDataStreams, - }; + return dataStreamsStats.reduce( + (acc, dataStream) => ({ + ...acc, + [dataStream.data_stream]: { + size: dataStream.store_size!.toString(), + sizeBytes: dataStream.store_size_bytes, + totalDocs: indicesDocsCountStats!.docsCountPerDataStream[dataStream.data_stream], + }, + }), + {} + ); } diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/routes.ts b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/routes.ts index dd0e278acb948..c23b917a18e82 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/routes.ts +++ b/x-pack/plugins/observability_solution/dataset_quality/server/routes/data_streams/routes.ts @@ -6,7 +6,6 @@ */ import * as t from 'io-ts'; -import { keyBy, merge, values } from 'lodash'; import { DataStreamDetails, DataStreamSettings, @@ -47,30 +46,37 @@ const statsRoute = createDatasetQualityServerRoute({ }> { const { context, params, getEsCapabilities } = resources; const coreContext = await context.core; - const sizeStatsAvailable = !(await getEsCapabilities()).serverless; + const isServerless = (await getEsCapabilities()).serverless; // Query datastreams as the current user as the Kibana internal user may not have all the required permissions const esClient = coreContext.elasticsearch.client.asCurrentUser; - const { items, datasetUserPrivileges } = await getDataStreams({ + const { dataStreams, datasetUserPrivileges } = await getDataStreams({ esClient, ...params.query, uncategorisedOnly: false, }); - const privilegedDataStreams = items.filter((stream) => { - return stream.userPrivileges.canMonitor; + const privilegedDataStreams = dataStreams.filter((dataStream) => { + return dataStream.userPrivileges.canMonitor; }); - const dataStreamsStats = await getDataStreamsStats({ - esClient, - dataStreams: privilegedDataStreams.map((stream) => stream.name), - sizeStatsAvailable, - }); + const dataStreamsStats = isServerless + ? {} + : await getDataStreamsStats({ + esClient, + dataStreams: privilegedDataStreams.map((stream) => stream.name), + }); return { datasetUserPrivileges, - dataStreamsStats: values(merge(keyBy(items, 'name'), keyBy(dataStreamsStats.items, 'name'))), + dataStreamsStats: dataStreams.map((dataStream: DataStreamStat) => { + dataStream.size = dataStreamsStats[dataStream.name]?.size; + dataStream.sizeBytes = dataStreamsStats[dataStream.name]?.sizeBytes; + dataStream.totalDocs = dataStreamsStats[dataStream.name]?.totalDocs; + + return dataStream; + }), }; }, }); @@ -268,13 +274,13 @@ const dataStreamDetailsRoute = createDatasetQualityServerRoute({ // Query datastreams as the current user as the Kibana internal user may not have all the required permissions const esClient = coreContext.elasticsearch.client.asCurrentUser; - const sizeStatsAvailable = !(await getEsCapabilities()).serverless; + const isServerless = (await getEsCapabilities()).serverless; const dataStreamDetails = await getDataStreamDetails({ esClient, dataStream, start, end, - sizeStatsAvailable, + isServerless, }); return dataStreamDetails; diff --git a/x-pack/plugins/observability_solution/dataset_quality/server/services/data_stream.ts b/x-pack/plugins/observability_solution/dataset_quality/server/services/data_stream.ts index 0446e27953af1..16b283d583fd3 100644 --- a/x-pack/plugins/observability_solution/dataset_quality/server/services/data_stream.ts +++ b/x-pack/plugins/observability_solution/dataset_quality/server/services/data_stream.ts @@ -19,6 +19,8 @@ class DataStreamService { try { const { data_streams: dataStreamsInfo } = await esClient.indices.getDataStream({ name: datasetName, + // @ts-expect-error + verbose: true, }); return dataStreamsInfo; diff --git a/x-pack/test/functional/apps/dataset_quality/dataset_quality_privileges.ts b/x-pack/test/functional/apps/dataset_quality/dataset_quality_privileges.ts index c94a083946066..949d42dbd31c4 100644 --- a/x-pack/test/functional/apps/dataset_quality/dataset_quality_privileges.ts +++ b/x-pack/test/functional/apps/dataset_quality/dataset_quality_privileges.ts @@ -20,7 +20,6 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid const security = getService('security'); const synthtrace = getService('logSynthtraceEsClient'); const testSubjects = getService('testSubjects'); - const find = getService('find'); const to = new Date(new Date().setDate(new Date().getDate() - 1)).toISOString(); const apacheAccessDatasetName = 'apache.access'; @@ -111,26 +110,16 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid await synthtrace.clean(); }); - it('Active and Estimated data are not available due to underprivileged user', async () => { - await testSubjects.existOrFail( - `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityInsufficientPrivileges}-${PageObjects.datasetQuality.texts.activeDatasets}` - ); + it('Estimated data are not available due to underprivileged user', async () => { await testSubjects.existOrFail( `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityInsufficientPrivileges}-${PageObjects.datasetQuality.texts.estimatedData}` ); }); - it('"Show inactive datasets" is hidden when lastActivity is not available', async () => { - await find.waitForDeletedByCssSelector( - PageObjects.datasetQuality.selectors.showInactiveDatasetsNamesSwitch - ); - }); - - it('does not show size and last activity columns for underprivileged data stream', async () => { + it('does not show size column for underprivileged data stream', async () => { const cols = await PageObjects.datasetQuality.getDatasetTableHeaderTexts(); expect(cols).to.not.contain('Size'); - expect(cols).to.not.contain('Last Activity'); }); }); @@ -149,27 +138,21 @@ export default function ({ getService, getPageObjects }: DatasetQualityFtrProvid await synthtrace.clean(); }); - it('shows underprivileged warning when size and last activity cannot be accessed for some data streams', async () => { + it('shows underprivileged warning when size cannot be accessed for some data streams', async () => { await PageObjects.datasetQuality.refreshTable(); const datasetWithMonitorPrivilege = apacheAccessDatasetHumanName; const datasetWithoutMonitorPrivilege = 'synth.1'; - // "Size" and "Last Activity" should be available for `apacheAccessDatasetName` + // "Size" should be available for `apacheAccessDatasetName` await testSubjects.missingOrFail( `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityInsufficientPrivileges}-sizeBytes-${datasetWithMonitorPrivilege}` ); - await testSubjects.missingOrFail( - `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityInsufficientPrivileges}-lastActivity-${datasetWithMonitorPrivilege}` - ); - // "Size" and "Last Activity" should not be available for `datasetWithoutMonitorPrivilege` + // "Size" should not be available for `datasetWithoutMonitorPrivilege` await testSubjects.existOrFail( `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityInsufficientPrivileges}-sizeBytes-${datasetWithoutMonitorPrivilege}` ); - await testSubjects.existOrFail( - `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityInsufficientPrivileges}-lastActivity-${datasetWithoutMonitorPrivilege}` - ); }); it('Details page shows insufficient privileges warning for underprivileged data stream', async () => { diff --git a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_privileges.ts b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_privileges.ts index 907e24ff8fa0a..37115f558f656 100644 --- a/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_privileges.ts +++ b/x-pack/test_serverless/functional/test_suites/observability/dataset_quality/dataset_quality_privileges.ts @@ -18,9 +18,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { 'svlCommonNavigation', 'svlCommonPage', ]); - const testSubjects = getService('testSubjects'); const synthtrace = getService('svlLogsSynthtraceClient'); - const find = getService('find'); const to = '2024-01-01T12:00:00.000Z'; describe('Dataset quality user privileges', function () { @@ -37,29 +35,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { await synthtrace.clean(); }); - it('Active Datasets stat is not available due to underprivileged user', async () => { - await testSubjects.existOrFail( - `${PageObjects.datasetQuality.testSubjectSelectors.datasetQualityInsufficientPrivileges}-${PageObjects.datasetQuality.texts.activeDatasets}` - ); - }); - - it('"Show inactive datasets" is hidden when lastActivity is not available', async () => { - await find.waitForDeletedByCssSelector( - PageObjects.datasetQuality.selectors.showInactiveDatasetsNamesSwitch - ); - }); - - it('does not show last activity column for underprivileged data stream', async () => { - const cols = await PageObjects.datasetQuality.getDatasetTableHeaderTexts(); - - expect(cols).to.not.contain('Last Activity'); - }); - it('does not show size and last activity columns for underprivileged data stream', async () => { const cols = await PageObjects.datasetQuality.getDatasetTableHeaderTexts(); expect(cols).to.not.contain('Size'); - expect(cols).to.not.contain('Last Activity'); }); }); } From c08aace12f182fce6620ca1544355805eee371c8 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 20 Sep 2024 05:02:30 +1000 Subject: [PATCH 12/74] skip failing test suite (#193433) --- .../reporting_and_security/screenshot/network_policy.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/screenshot/network_policy.ts b/x-pack/test/reporting_api_integration/reporting_and_security/screenshot/network_policy.ts index ac61ef5ca9cb3..f608c8b7f250a 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/screenshot/network_policy.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/screenshot/network_policy.ts @@ -17,7 +17,8 @@ export default function ({ getService }: FtrProviderContext) { /* * The tests server config implements a network policy that is designed to disallow the following Canvas worksheet */ - describe('Network Policy', () => { + // Failing: See https://github.com/elastic/kibana/issues/193433 + describe.skip('Network Policy', () => { before(async () => { await reportingAPI.initLogs(); // includes a canvas worksheet with an offending image URL }); From 8bd90857ed667cbbcbe46041a4518366baa57883 Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Thu, 19 Sep 2024 15:39:46 -0400 Subject: [PATCH 13/74] [Fleet] Improve policy_secrets test suite performance (#193359) --- .../apis/policy_secrets.ts | 131 +++++++++++------- 1 file changed, 81 insertions(+), 50 deletions(-) diff --git a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts index 0abeb46accd5a..ce08126bf29d3 100644 --- a/x-pack/test/fleet_api_integration/apis/policy_secrets.ts +++ b/x-pack/test/fleet_api_integration/apis/policy_secrets.ts @@ -108,8 +108,8 @@ export default function (providerContext: FtrProviderContext) { .expect(200); } - try { - await es.deleteByQuery({ + await Promise.all([ + es.deleteByQuery({ index: ENROLLMENT_API_KEYS_INDEX, refresh: true, body: { @@ -117,13 +117,8 @@ export default function (providerContext: FtrProviderContext) { match_all: {}, }, }, - }); - } catch (err) { - // index doesn't exist - } - - try { - await es.deleteByQuery({ + }), + es.deleteByQuery({ index: AGENT_POLICY_INDEX, refresh: true, body: { @@ -131,10 +126,10 @@ export default function (providerContext: FtrProviderContext) { match_all: {}, }, }, - }); - } catch (err) { + }), + ]).catch((err) => { // index doesn't exist - } + }); }; const cleanupAgents = async () => { @@ -157,6 +152,7 @@ export default function (providerContext: FtrProviderContext) { try { await es.deleteByQuery({ index: SECRETS_INDEX_NAME, + refresh: true, body: { query: { match_all: {}, @@ -379,6 +375,7 @@ export default function (providerContext: FtrProviderContext) { skipIfNoDockerRegistry(providerContext); before(async () => { + await kibanaServer.savedObjects.cleanStandardList(); await fleetAndAgents.setup(); await getService('esArchiver').load( 'x-pack/test/functional/es_archives/fleet/empty_fleet_server' @@ -389,12 +386,7 @@ export default function (providerContext: FtrProviderContext) { await getService('esArchiver').unload( 'x-pack/test/functional/es_archives/fleet/empty_fleet_server' ); - }); - - afterEach(async () => { - await cleanupAgents(); - await cleanupPolicies(); - await cleanupSecrets(); + await kibanaServer.savedObjects.cleanStandardList(); }); describe('create package policy with secrets', () => { @@ -402,7 +394,7 @@ export default function (providerContext: FtrProviderContext) { let fleetServerAgentPolicy: any; let packagePolicyWithSecrets: any; - beforeEach(async () => { + before(async () => { // Policy secrets require at least one Fleet server on v8.10+ const createFleetServerAgentPolicyRes = await createFleetServerAgentPolicy(); fleetServerAgentPolicy = createFleetServerAgentPolicyRes.fleetServerAgentPolicy; @@ -416,6 +408,11 @@ export default function (providerContext: FtrProviderContext) { packagePolicyWithSecrets = await createPackagePolicyWithSecrets(testAgentPolicy.id); }); + after(async () => { + await Promise.all([cleanupAgents(), cleanupSecrets()]); + await cleanupPolicies(); + }); + it('should correctly create the policy with secrets', async () => { const packageVarId = packagePolicyWithSecrets.vars.package_var_secret.value.id; @@ -598,7 +595,7 @@ export default function (providerContext: FtrProviderContext) { let packagePolicyWithSecrets: any; let updatedPackagePolicy: any; - beforeEach(async () => { + before(async () => { // Policy secrets require at least one Fleet server on v8.10+ const createFleetServerAgentPolicyRes = await createFleetServerAgentPolicy(); fleetServerAgentPolicy = createFleetServerAgentPolicyRes.fleetServerAgentPolicy; @@ -623,6 +620,12 @@ export default function (providerContext: FtrProviderContext) { updatedPackagePolicy = updateRes.body.item; }); + after(async () => { + await cleanupAgents(); + await cleanupPolicies(); + await cleanupSecrets(); + }); + it('should allow secret values to be updated (single policy update API)', async () => { const updatedPackageVarId = updatedPackagePolicy.vars.package_var_secret.value.id; expect(updatedPackageVarId).to.be.a('string'); @@ -698,7 +701,7 @@ export default function (providerContext: FtrProviderContext) { let duplicatedAgentPolicy: any; let duplicatedPackagePolicy: any; - beforeEach(async () => { + before(async () => { // Policy secrets require at least one Fleet server on v8.10+ const createFleetServerAgentPolicyRes = await createFleetServerAgentPolicy(); fleetServerAgentPolicy = createFleetServerAgentPolicyRes.fleetServerAgentPolicy; @@ -727,6 +730,12 @@ export default function (providerContext: FtrProviderContext) { duplicatedPackagePolicy = duplicatedAgentPolicy.package_policies[0]; }); + after(async () => { + await cleanupAgents(); + await cleanupPolicies(); + await cleanupSecrets(); + }); + it('should not duplicate secrets after duplicating agent policy', async () => { const packageVarId = duplicatedPackagePolicy.vars.package_var_secret.value.id; const inputVarId = duplicatedPackagePolicy.inputs[0].vars.input_var_secret.value.id; @@ -813,7 +822,7 @@ export default function (providerContext: FtrProviderContext) { let fleetServerAgentPolicy: any; let packagePolicyWithSecrets: any; - beforeEach(async () => { + before(async () => { // Policy secrets require at least one Fleet server on v8.10+ const createFleetServerAgentPolicyRes = await createFleetServerAgentPolicy(); fleetServerAgentPolicy = createFleetServerAgentPolicyRes.fleetServerAgentPolicy; @@ -827,6 +836,12 @@ export default function (providerContext: FtrProviderContext) { packagePolicyWithSecrets = await createPackagePolicyWithSecrets(testAgentPolicy.id); }); + after(async () => { + await cleanupAgents(); + await cleanupPolicies(); + await cleanupSecrets(); + }); + it('should delete all secrets on package policy delete', async () => { await deletePackagePolicy(packagePolicyWithSecrets.id); @@ -844,6 +859,11 @@ export default function (providerContext: FtrProviderContext) { }); describe('fleet server version requirements', () => { + afterEach(async () => { + await cleanupAgents(); + await cleanupPolicies(); + await cleanupSecrets(); + }); it('should not store secrets if fleet server does not meet minimum version', async () => { const { fleetServerAgentPolicy } = await createFleetServerAgentPolicy(); await createFleetServerAgent(fleetServerAgentPolicy.id, 'server_1', '7.0.0'); @@ -1117,41 +1137,52 @@ export default function (providerContext: FtrProviderContext) { }); }); - // TODO: Output secrets should be moved to another test suite - it('should return output secrets if policy uses output with secrets', async () => { - // Output secrets require at least one Fleet server on 8.12.0 or higher (and none under 8.12.0). - const { fleetServerAgentPolicy } = await createFleetServerAgentPolicy(); - await createFleetServerAgent(fleetServerAgentPolicy.id, 'server_1', '8.12.0'); - await callFleetSetup(); + describe('output secrets', () => { + afterEach(async () => { + await cleanupAgents(); + await cleanupPolicies(); + await cleanupSecrets(); + }); - const outputWithSecret = await createOutputWithSecret(); + // TODO: Output secrets should be moved to another test suite + it('should return output secrets if policy uses output with secrets', async () => { + // ensure output is created + await callFleetSetup(); - const { body: agentPolicyResponse } = await supertest - .post(`/api/fleet/agent_policies`) - .set('kbn-xsrf', 'xxxx') - .send({ - name: `Test policy ${uuidv4()}`, - namespace: 'default', - data_output_id: outputWithSecret.id, - monitoring_output_id: outputWithSecret.id, - }) - .expect(200); + // Output secrets require at least one Fleet server on 8.12.0 or higher (and none under 8.12.0). + const { fleetServerAgentPolicy } = await createFleetServerAgentPolicy(); + await createFleetServerAgent(fleetServerAgentPolicy.id, 'server_1', '8.12.0'); + await callFleetSetup(); - const fullAgentPolicy = await getFullAgentPolicyById(agentPolicyResponse.item.id); + const outputWithSecret = await createOutputWithSecret(); - const passwordSecretId = outputWithSecret!.secrets?.password?.id; + const { body: agentPolicyResponse } = await supertest + .post(`/api/fleet/agent_policies`) + .set('kbn-xsrf', 'xxxx') + .send({ + name: `Test policy ${uuidv4()}`, + namespace: 'default', + data_output_id: outputWithSecret.id, + monitoring_output_id: outputWithSecret.id, + }) + .expect(200); - expect(fullAgentPolicy.secret_references).to.eql([{ id: passwordSecretId }]); + const fullAgentPolicy = await getFullAgentPolicyById(agentPolicyResponse.item.id); - const output = Object.entries(fullAgentPolicy.outputs)[0][1]; - // @ts-expect-error - expect(output.secrets.password.id).to.eql(passwordSecretId); + const passwordSecretId = outputWithSecret!.secrets?.password?.id; - // delete output with secret - await supertest - .delete(`/api/fleet/outputs/${outputWithSecret.id}`) - .set('kbn-xsrf', 'xxxx') - .expect(200); + expect(fullAgentPolicy.secret_references).to.eql([{ id: passwordSecretId }]); + + const output = Object.entries(fullAgentPolicy.outputs)[0][1]; + // @ts-expect-error + expect(output.secrets.password.id).to.eql(passwordSecretId); + + // delete output with secret + await supertest + .delete(`/api/fleet/outputs/${outputWithSecret.id}`) + .set('kbn-xsrf', 'xxxx') + .expect(200); + }); }); }); } From f8ad0f1ec920600de6ede16e54c2e2aafbe5ce57 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alejandro=20Fern=C3=A1ndez=20Haro?= Date: Thu, 19 Sep 2024 22:04:14 +0200 Subject: [PATCH 14/74] chore(tsconfig): uncomment option `moduleDetection` (#191834) --- packages/kbn-optimizer/src/worker/entry_point_creator.ts | 3 --- .../event_annotation/server/fetch_event_annotations/index.ts | 4 ---- tsconfig.base.json | 5 +---- x-pack/plugins/cases/server/common/index.ts | 4 ---- .../__jest__/client_integration/mocks/breadcrumbs.mock.ts | 4 ---- .../client_integration/mocks/track_ui_metric.mock.ts | 4 ---- .../dashboard_drilldown_config.test.tsx | 4 ---- .../components/tables/__mocks__/engines_logic.mock.ts | 4 ---- .../agent_enrollment_flyout.test.mocks.tsx | 3 --- .../__jest__/client_integration/helpers/mocks.ts | 4 ---- x-pack/plugins/lists/common/index.ts | 4 ---- x-pack/plugins/osquery/cypress/plugins/index.ts | 4 ---- .../public/test/client_integration/helpers/jest.mocks.tsx | 4 ---- x-pack/plugins/security_solution/common/index.ts | 3 --- .../public/common/mock/formatted_relative.ts | 4 ---- 15 files changed, 1 insertion(+), 57 deletions(-) diff --git a/packages/kbn-optimizer/src/worker/entry_point_creator.ts b/packages/kbn-optimizer/src/worker/entry_point_creator.ts index 2d4f8ffce6f3d..46fb14d1f6592 100644 --- a/packages/kbn-optimizer/src/worker/entry_point_creator.ts +++ b/packages/kbn-optimizer/src/worker/entry_point_creator.ts @@ -7,9 +7,6 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -// TODO: we should be able to remove this ts-ignore while using isolatedModules -// this is a skip for the errors created when typechecking with isolatedModules -// @ts-ignore module.exports = function ({ entries, }: { diff --git a/src/plugins/event_annotation/server/fetch_event_annotations/index.ts b/src/plugins/event_annotation/server/fetch_event_annotations/index.ts index 8e91f5cee36cf..fd63bd1307032 100644 --- a/src/plugins/event_annotation/server/fetch_event_annotations/index.ts +++ b/src/plugins/event_annotation/server/fetch_event_annotations/index.ts @@ -9,10 +9,6 @@ // TODO: implement this on the server -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - // import { StartServicesAccessor } from '@kbn/core/server'; // import { EventAnnotationStartDependencies } from '../plugin'; diff --git a/tsconfig.base.json b/tsconfig.base.json index 1dd8335471582..fb6fea769fc64 100644 --- a/tsconfig.base.json +++ b/tsconfig.base.json @@ -1996,11 +1996,8 @@ "useUnknownInCatchVariables": false, // enabled to point out not supported features when emitting in an isolated module environment "isolatedModules": true, - // TODO(jbudz): should be uncommented when upgrading to TS@4.8 - // // ensures every non-declaration file is treated as a module - // "moduleDetection": "force", - // + "moduleDetection": "force", // disabled for better IDE support, enabled when running the type_check script "composite": false, // enabled for improved performance diff --git a/x-pack/plugins/cases/server/common/index.ts b/x-pack/plugins/cases/server/common/index.ts index 25a567a32d908..18bedd3ebeca8 100644 --- a/x-pack/plugins/cases/server/common/index.ts +++ b/x-pack/plugins/cases/server/common/index.ts @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - // Careful of exporting anything from this file as any file(s) you export here will cause your functions to be exposed as public. // If you're using functions/types/etc... internally or within integration tests it's best to import directly from their paths // than expose the functions/types/etc... here. You should _only_ expose functions/types/etc... that need to be shared with other plugins here. diff --git a/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/breadcrumbs.mock.ts b/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/breadcrumbs.mock.ts index 09eb2dedfd6d8..00ae0680bf480 100644 --- a/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/breadcrumbs.mock.ts +++ b/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/breadcrumbs.mock.ts @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - jest.mock('../../../app/services/breadcrumbs', () => { const original = jest.requireActual('../../../app/services/breadcrumbs'); diff --git a/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/track_ui_metric.mock.ts b/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/track_ui_metric.mock.ts index 040b5b8078817..76354e035e0f7 100644 --- a/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/track_ui_metric.mock.ts +++ b/x-pack/plugins/cross_cluster_replication/public/__jest__/client_integration/mocks/track_ui_metric.mock.ts @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - jest.mock('../../../app/services/track_ui_metric', () => { const original = jest.requireActual('../../../app/services/track_ui_metric'); diff --git a/x-pack/plugins/dashboard_enhanced/public/services/drilldowns/abstract_dashboard_drilldown/components/dashboard_drilldown_config/dashboard_drilldown_config.test.tsx b/x-pack/plugins/dashboard_enhanced/public/services/drilldowns/abstract_dashboard_drilldown/components/dashboard_drilldown_config/dashboard_drilldown_config.test.tsx index ecad5f5c5ab36..8556bab76046a 100644 --- a/x-pack/plugins/dashboard_enhanced/public/services/drilldowns/abstract_dashboard_drilldown/components/dashboard_drilldown_config/dashboard_drilldown_config.test.tsx +++ b/x-pack/plugins/dashboard_enhanced/public/services/drilldowns/abstract_dashboard_drilldown/components/dashboard_drilldown_config/dashboard_drilldown_config.test.tsx @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - // Need to wait for https://github.com/elastic/eui/pull/3173/ // to unit test this component // basic interaction is covered in end-to-end tests diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/engines/components/tables/__mocks__/engines_logic.mock.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/engines/components/tables/__mocks__/engines_logic.mock.ts index c502b37bf8ecb..bc954790debba 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/engines/components/tables/__mocks__/engines_logic.mock.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/engines/components/tables/__mocks__/engines_logic.mock.ts @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - jest.mock('../../..', () => ({ EnginesLogic: { actions: { deleteEngine: jest.fn() } }, })); diff --git a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.tsx b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.tsx index 6658eb5a8e0be..d4244a6bbf5af 100644 --- a/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.tsx +++ b/x-pack/plugins/fleet/public/components/agent_enrollment_flyout/agent_enrollment_flyout.test.mocks.tsx @@ -6,9 +6,6 @@ */ import React from 'react'; -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; jest.mock('../../hooks', () => { return { diff --git a/x-pack/plugins/index_management/__jest__/client_integration/helpers/mocks.ts b/x-pack/plugins/index_management/__jest__/client_integration/helpers/mocks.ts index 7b67e364b634d..c0c2c179607bf 100644 --- a/x-pack/plugins/index_management/__jest__/client_integration/helpers/mocks.ts +++ b/x-pack/plugins/index_management/__jest__/client_integration/helpers/mocks.ts @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - (window as any).Worker = class Worker { onmessage() {} postMessage() {} diff --git a/x-pack/plugins/lists/common/index.ts b/x-pack/plugins/lists/common/index.ts index 148d6a6a5c007..a9aa96c2d9c60 100644 --- a/x-pack/plugins/lists/common/index.ts +++ b/x-pack/plugins/lists/common/index.ts @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - // Careful of exporting anything from this file as any file(s) you export here will cause your page bundle size to increase. // If you're using functions/types/etc... internally it's best to import directly from their paths than expose the functions/types/etc... here. // You should _only_ expose functions/types/etc... that need to be shared with other plugins here. diff --git a/x-pack/plugins/osquery/cypress/plugins/index.ts b/x-pack/plugins/osquery/cypress/plugins/index.ts index ee375ff757c98..2653d7f55419b 100644 --- a/x-pack/plugins/osquery/cypress/plugins/index.ts +++ b/x-pack/plugins/osquery/cypress/plugins/index.ts @@ -21,10 +21,6 @@ /** * @type {Cypress.PluginConfig} */ -// TODO: we should be able to remove this ts-ignore while using isolatedModules -// this is a skip for the errors created when typechecking with isolatedModules -// eslint-disable-next-line @typescript-eslint/ban-ts-comment -// @ts-ignore // eslint-disable-next-line @typescript-eslint/no-explicit-any module.exports = (on: any, config: any) => { // eslint-disable-next-line @typescript-eslint/no-var-requires diff --git a/x-pack/plugins/rollup/public/test/client_integration/helpers/jest.mocks.tsx b/x-pack/plugins/rollup/public/test/client_integration/helpers/jest.mocks.tsx index 94f1f5dc78391..6b763fec07a66 100644 --- a/x-pack/plugins/rollup/public/test/client_integration/helpers/jest.mocks.tsx +++ b/x-pack/plugins/rollup/public/test/client_integration/helpers/jest.mocks.tsx @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - jest.mock('lodash', () => ({ ...jest.requireActual('lodash'), debounce: (fn: () => unknown) => fn, diff --git a/x-pack/plugins/security_solution/common/index.ts b/x-pack/plugins/security_solution/common/index.ts index fb5caa2268f3b..7c240b39554a6 100644 --- a/x-pack/plugins/security_solution/common/index.ts +++ b/x-pack/plugins/security_solution/common/index.ts @@ -5,9 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; export { APP_UI_ID, APP_ID, diff --git a/x-pack/plugins/security_solution/public/common/mock/formatted_relative.ts b/x-pack/plugins/security_solution/public/common/mock/formatted_relative.ts index 8e33021aede0b..0aebd25a1c172 100644 --- a/x-pack/plugins/security_solution/public/common/mock/formatted_relative.ts +++ b/x-pack/plugins/security_solution/public/common/mock/formatted_relative.ts @@ -5,10 +5,6 @@ * 2.0. */ -// TODO(jbudz): should be removed when upgrading to TS@4.8 -// this is a skip for the errors created when typechecking with isolatedModules -export {}; - jest.mock('@kbn/i18n-react', () => { const { i18n } = jest.requireActual('@kbn/i18n'); i18n.init({ locale: 'en' }); From 6f86d45147bb68eb661ee1771efcf5c81646c654 Mon Sep 17 00:00:00 2001 From: Nicole Albee <2642763+a03nikki@users.noreply.github.com> Date: Thu, 19 Sep 2024 15:12:09 -0500 Subject: [PATCH 15/74] Add suggestions to Console for keyword normalizers. (#175054) --- src/plugins/console/server/lib/spec_definitions/js/mappings.ts | 1 + src/plugins/console/server/lib/spec_definitions/js/settings.ts | 1 + 2 files changed, 2 insertions(+) diff --git a/src/plugins/console/server/lib/spec_definitions/js/mappings.ts b/src/plugins/console/server/lib/spec_definitions/js/mappings.ts index 9f89d20f5ecd4..22e7287aa6374 100644 --- a/src/plugins/console/server/lib/spec_definitions/js/mappings.ts +++ b/src/plugins/console/server/lib/spec_definitions/js/mappings.ts @@ -93,6 +93,7 @@ export const mappings = (specService: SpecDefinitionsService) => { __one_of: [false, true], }, ignore_above: 10, + normalizer: '', position_increment_gap: 0, // numeric diff --git a/src/plugins/console/server/lib/spec_definitions/js/settings.ts b/src/plugins/console/server/lib/spec_definitions/js/settings.ts index dd5e18357c18e..f75b492d797f5 100644 --- a/src/plugins/console/server/lib/spec_definitions/js/settings.ts +++ b/src/plugins/console/server/lib/spec_definitions/js/settings.ts @@ -52,6 +52,7 @@ export const settings = (specService: SpecDefinitionsService) => { tokenizer: {}, filter: {}, char_filter: {}, + normalizer: {}, }, 'cache.query.enable': BOOLEAN, shadow_replicas: BOOLEAN, From a9402939f378bfd9ba6136b9bba687430c64ca32 Mon Sep 17 00:00:00 2001 From: Pierre Gayvallet Date: Thu, 19 Sep 2024 22:22:44 +0200 Subject: [PATCH 16/74] [inference] improve simulated function calling instructions (#193414) ## Summary (and do it also for o11y) --- .../inference/scripts/util/kibana_client.ts | 2 ++ .../get_system_instructions.ts | 17 +++++++++++--- .../parse_inline_function_calls.ts | 2 +- .../nl_to_esql/esql_docs/esql-bucket.txt | 19 +++++++++++---- .../nl_to_esql/esql_docs/esql-date_trunc.txt | 8 +++++++ .../nl_to_esql/esql_docs/esql-syntax.txt | 21 ++++++++++++----- .../get_system_message_instructions.ts | 23 ++++++++++++++----- .../parse_inline_function_calls.ts | 2 +- .../scripts/evaluation/kibana_client.ts | 2 +- 9 files changed, 73 insertions(+), 23 deletions(-) diff --git a/x-pack/plugins/inference/scripts/util/kibana_client.ts b/x-pack/plugins/inference/scripts/util/kibana_client.ts index f8e96cfcf4ae3..ca26ef76b2c72 100644 --- a/x-pack/plugins/inference/scripts/util/kibana_client.ts +++ b/x-pack/plugins/inference/scripts/util/kibana_client.ts @@ -179,6 +179,7 @@ export class KibanaClient { system, toolChoice, tools, + functionCalling, }) => { const body: ChatCompleteRequestBody = { connectorId: chatCompleteConnectorId, @@ -186,6 +187,7 @@ export class KibanaClient { messages, toolChoice, tools, + functionCalling, }; return stream( diff --git a/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/get_system_instructions.ts b/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/get_system_instructions.ts index 872e842e03f86..848b8d1f44f07 100644 --- a/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/get_system_instructions.ts +++ b/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/get_system_instructions.ts @@ -29,9 +29,18 @@ export function getSystemMessageInstructions({ It is EXTREMELY important that you generate valid JSON between the \`\`\`json and \`\`\` delimiters. - You may call them like this. + IMPORTANT: make sure you start and end a tool call with the ${TOOL_USE_START} and ${TOOL_USE_END} markers, it MUST + be included in the tool call. - Given the following tool: + You may call tools like this: + + ${TOOL_USE_START} + \`\`\`json + ${JSON.stringify({ name: '[name of the tool]', input: { myProperty: 'myValue' } })} + \`\`\`\ + ${TOOL_USE_END} + + For example, given the following tool: ${JSON.stringify({ name: 'my_tool', @@ -54,13 +63,15 @@ export function getSystemMessageInstructions({ \`\`\`\ ${TOOL_USE_END} - Given the following tool: + Another example: given the following tool: + ${JSON.stringify({ name: 'my_tool_without_parameters', description: 'A tool to call without parameters', })} Use it the following way: + ${TOOL_USE_START} \`\`\`json ${JSON.stringify({ name: 'my_tool_without_parameters', input: {} })} diff --git a/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/parse_inline_function_calls.ts b/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/parse_inline_function_calls.ts index 2fa9dd899e986..3436d7a7edac5 100644 --- a/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/parse_inline_function_calls.ts +++ b/x-pack/plugins/inference/server/chat_complete/simulated_function_calling/parse_inline_function_calls.ts @@ -45,7 +45,7 @@ export function parseInlineFunctionCalls({ logger }: { logger: Logger }) { logger.debug('Parsing function call:\n' + buffer); const match = buffer.match( - /<\|tool_use_start\|>\s*```json\n?(.*?)(\n```\s*).*<\|tool_use_end\|>/s + /<\|tool_use_start\|>\s*```json\n?(.*?)(\n?```\s*).*<\|tool_use_end\|>/s ); const functionCallBody = match?.[1]; diff --git a/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-bucket.txt b/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-bucket.txt index 585a0321ef818..617952666542a 100644 --- a/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-bucket.txt +++ b/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-bucket.txt @@ -4,7 +4,7 @@ The BUCKET function allows you to create groups of values, known as buckets, fro ## Syntax -`BUCKET(field, buckets, from, to)` +`BUCKET(field, buckets [, from, to])` ### Parameters @@ -18,15 +18,24 @@ The target number of buckets, or the desired bucket size if `from` and `to` para #### from -The start of the range. This can be a number, a date, or a date expressed as a string. +(optional) The start of the range. This can be a number, a date, or a date expressed as a string. #### to -The end of the range. This can be a number, a date, or a date expressed as a string. +(optional) The end of the range. This can be a number, a date, or a date expressed as a string. -## Examples +## Important notes: + +BUCKET can operate in two modes: +- one where the bucket size is computed based on a bucket count recommendation and a range, +- and another where the bucket size is provided directly. -BUCKET can operate in two modes: one where the bucket size is computed based on a bucket count recommendation and a range, and another where the bucket size is provided directly. +When the bucket size is provided directly for time interval, +it is expressed as a *timespan literal*, e.g. +- GOOD: `BUCKET(@timestamp, 1 month)` +- BAD: `BUCKET(@timestamp, "month")` + +## Examples For instance, asking for at most 20 buckets over a year results in monthly buckets: diff --git a/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-date_trunc.txt b/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-date_trunc.txt index bd1d4b68043b1..7df5249933821 100644 --- a/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-date_trunc.txt +++ b/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-date_trunc.txt @@ -16,6 +16,14 @@ This is the interval to which the date will be rounded down. It is expressed usi This is the date expression that will be rounded down. +## Important notes + +The *interval* parameter of DATE_TRUNC is a timespan literal, NOT a string. + - GOOD: `DATE_TRUNC(1 year, date)` + - BAD: `DATE_TRUNC("year", date)` + +When grouping data by time interval, it is recommended to use BUCKET instead of DATE_TRUNC. + ## Examples The following example rounds down the hire_date to the nearest year: diff --git a/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-syntax.txt b/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-syntax.txt index 8259b8d8d5546..85df775422801 100644 --- a/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-syntax.txt +++ b/x-pack/plugins/inference/server/tasks/nl_to_esql/esql_docs/esql-syntax.txt @@ -43,7 +43,7 @@ FROM index ## Literals -ES|QL currently supports numeric and string literals. +ES|QL currently supports numeric, string and timespan literals. ### String Literals @@ -93,11 +93,11 @@ These qualifiers are supported: - `quarter`/`quarters`/`q` - `year`/`years`/`yr`/`y` -Timespan literals are not whitespace sensitive. These expressions are all valid: - -- 1day -- 1 day -- 1 day +Timespan literals are not whitespace sensitive, and should not be wrapped with quotes: +- GOOD: 1day +- GOOD: 1 day +- BAD: "day" +- BAD: "2 days" ## Example Queries with Timespan Literals @@ -137,6 +137,15 @@ FROM sales | SORT week ``` +4. The same example with BUCKET instead of DATE_TRUNC: + +```esql +FROM sales +| WHERE @timestamp > NOW() - 1 quarter +| STATS weekly_sales = SUM(sales_amount) BY week = BUCKET(@timestamp, 1 week) +| SORT week +``` + 5. Retrieve error logs from the last 15 minutes and group by error type: ```esql diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/get_system_message_instructions.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/get_system_message_instructions.ts index a409a80716320..c80ac022ca6c0 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/get_system_message_instructions.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/get_system_message_instructions.ts @@ -29,10 +29,19 @@ export function getSystemMessageInstructions({ If a tool does not have properties, leave them out. It is EXTREMELY important that you generate valid JSON between the \`\`\`json and \`\`\` delimiters. - - You may call them like this. - Given the following tool: + IMPORTANT: make sure you start and end a tool call with the ${TOOL_USE_START} and ${TOOL_USE_END} markers, it MUST + be included in the tool call. + + You may call tools like this: + + ${TOOL_USE_START} + \`\`\`json + ${JSON.stringify({ name: '[name of the tool]', input: { myProperty: 'myValue' } })} + \`\`\`\ + ${TOOL_USE_END} + + For example, given the following tool: ${JSON.stringify({ name: 'my_tool', @@ -55,13 +64,15 @@ export function getSystemMessageInstructions({ \`\`\`\ ${TOOL_USE_END} - Given the following tool: + Another example: given the following tool: + ${JSON.stringify({ name: 'my_tool_without_parameters', description: 'A tool to call without parameters', })} - Use it the following way: + Use it the following way: + ${TOOL_USE_START} \`\`\`json ${JSON.stringify({ name: 'my_tool_without_parameters', input: {} })} @@ -77,7 +88,7 @@ export function getSystemMessageInstructions({ ...(fn.parameters ? { parameters: fn.parameters } : {}), })) )} - + `; } diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/parse_inline_function_calls.ts b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/parse_inline_function_calls.ts index 82a613ef0b4f8..4ae3c5bf746e3 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/parse_inline_function_calls.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant/server/service/client/adapters/simulate_function_calling/parse_inline_function_calls.ts @@ -44,7 +44,7 @@ export function parseInlineFunctionCalls({ logger }: { logger: Logger }) { logger.debug('Parsing function call:\n' + buffer); const match = buffer.match( - /<\|tool_use_start\|>\s*```json\n?(.*?)(\n```\s*).*<\|tool_use_end\|>/s + /<\|tool_use_start\|>\s*```json\n?(.*?)(\n?```\s*).*<\|tool_use_end\|>/s ); const functionCallBody = match?.[1]; diff --git a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts index 8246a9ceae71f..ddfa4c98765f7 100644 --- a/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts +++ b/x-pack/plugins/observability_solution/observability_ai_assistant_app/scripts/evaluation/kibana_client.ts @@ -110,7 +110,7 @@ export class KibanaClient { const url = format({ ...parsed, pathname: `/${[ - baseUrl, + ...(baseUrl ? [baseUrl] : []), ...(props.ignoreSpaceId || !this.spaceId ? [] : ['s', this.spaceId]), props.pathname.startsWith('/') ? props.pathname.substring(1) : props.pathname, ].join('/')}`, From 052187ce180f0cbcb062486f36a562495f840bef Mon Sep 17 00:00:00 2001 From: Melissa Alvarez Date: Thu, 19 Sep 2024 14:40:44 -0600 Subject: [PATCH 17/74] [ML][Fleet] Adds link to anomaly detection configurations from Integration > Assets tab (#193105) ## Summary Related issue: https://github.com/elastic/kibana/issues/182199?reload=1 This PR adds a link to `ML > Anomaly Detection > Supplied Configurations` from `Integration > Assets tab` for 'ML Modules' assets. The naming of the asset is also updated in Fleet to be consistent with the ML UI. Screenshot 2024-09-19 at 13 46 47 Screenshot 2024-09-19 at 13 47 52 ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) --------- Co-authored-by: Elastic Machine --- .../integrations/sections/epm/constants.tsx | 4 +- .../services/epm/packages/get_bulk_assets.ts | 1 - .../supplied_configurations.tsx | 71 +++++++++++++++---- .../application/util/string_utils.test.ts | 16 +++++ .../public/application/util/string_utils.ts | 14 ++-- .../ml/server/saved_objects/saved_objects.ts | 25 ++++++- .../transform_search_bar_filters.tsx | 14 ++-- .../epm/__snapshots__/bulk_get_assets.snap | 2 +- 8 files changed, 120 insertions(+), 27 deletions(-) diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/constants.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/constants.tsx index 1a1fba813bd8c..03f0b0b5cee81 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/constants.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/constants.tsx @@ -66,10 +66,10 @@ export const AssetTitleMap: Record< } ), 'ml-module': i18n.translate('xpack.fleet.epm.assetTitles.mlModules', { - defaultMessage: 'ML modules', + defaultMessage: 'Anomaly detection configurations', }), ml_module: i18n.translate('xpack.fleet.epm.assetTitles.mlModules', { - defaultMessage: 'ML modules', + defaultMessage: 'Anomaly detection configurations', }), tag: i18n.translate('xpack.fleet.epm.assetTitles.tag', { defaultMessage: 'Tags', diff --git a/x-pack/plugins/fleet/server/services/epm/packages/get_bulk_assets.ts b/x-pack/plugins/fleet/server/services/epm/packages/get_bulk_assets.ts index 082691fb0812b..ab6868dfaf65c 100644 --- a/x-pack/plugins/fleet/server/services/epm/packages/get_bulk_assets.ts +++ b/x-pack/plugins/fleet/server/services/epm/packages/get_bulk_assets.ts @@ -71,7 +71,6 @@ export async function getBulkAssets( } // TODO: Ask for Kibana SOs to have `getInAppUrl()` registered so that the above works safely: - // ml-module // security-rule // csp-rule-template // osquery-pack-asset diff --git a/x-pack/plugins/ml/public/application/supplied_configurations/supplied_configurations.tsx b/x-pack/plugins/ml/public/application/supplied_configurations/supplied_configurations.tsx index d8aaf678e372d..f98502c1c5f89 100644 --- a/x-pack/plugins/ml/public/application/supplied_configurations/supplied_configurations.tsx +++ b/x-pack/plugins/ml/public/application/supplied_configurations/supplied_configurations.tsx @@ -6,22 +6,45 @@ */ import React, { useCallback, useMemo, useState } from 'react'; -import type { SearchFilterConfig, FieldValueOptionType } from '@elastic/eui'; -import { EuiCard, EuiIcon, EuiFlexGrid, EuiFlexItem, EuiSearchBar, EuiSpacer } from '@elastic/eui'; +import type { SearchFilterConfig, FieldValueOptionType, EuiSearchBarProps } from '@elastic/eui'; +import { + EuiCard, + EuiIcon, + EuiFlexGrid, + EuiFlexItem, + EuiFormRow, + EuiSearchBar, + EuiSpacer, +} from '@elastic/eui'; import { i18n } from '@kbn/i18n'; +import { usePageUrlState, type PageUrlState } from '@kbn/ml-url-state'; import useMountedState from 'react-use/lib/useMountedState'; import useMount from 'react-use/lib/useMount'; import { isPopulatedObject } from '@kbn/ml-is-populated-object'; import { useMlKibana } from '../contexts/kibana'; import type { Module } from '../../../common/types/modules'; +import { ML_PAGES } from '../../../common/constants/locator'; import { LoadingIndicator } from '../components/loading_indicator'; import { filterModules } from './utils'; import { SuppliedConfigurationsFlyout } from './supplied_configurations_flyout'; +interface SuppliedConfigurationsPageUrlState { + queryText: string; +} + export function isLogoObject(arg: unknown): arg is { icon: string } { return isPopulatedObject(arg) && Object.hasOwn(arg, 'icon'); } +const SCHEMA = { + strict: true, + fields: { + tags: { + type: 'string', + }, + }, +}; + export const SuppliedConfigurations = () => { const { services: { @@ -31,9 +54,14 @@ export const SuppliedConfigurations = () => { }, } = useMlKibana(); + const [suppliedConfigurationsPageState, setSuppliedConfigurationsPageState] = + usePageUrlState(ML_PAGES.SUPPLIED_CONFIGURATIONS, { + queryText: '', + }); + const [modules, setModules] = useState([]); const [isLoading, setIsLoading] = useState(false); - const [query, setQuery] = useState(EuiSearchBar.Query.MATCH_ALL); + const [searchError, setSearchError] = useState(); const [isFlyoutVisible, setIsFlyoutVisible] = useState(false); const [selectedModuleId, setSelectedModuleId] = useState(); @@ -82,13 +110,27 @@ export const SuppliedConfigurations = () => { ]; }, [modules]); - const schema = { - strict: true, - fields: { - tags: { - type: 'string', - }, + const setSearchQueryText = useCallback( + (value: string) => { + setSuppliedConfigurationsPageState({ queryText: value }); }, + [setSuppliedConfigurationsPageState] + ); + + const query = useMemo(() => { + const searchQueryText = (suppliedConfigurationsPageState as SuppliedConfigurationsPageUrlState) + .queryText; + return searchQueryText !== '' ? EuiSearchBar.Query.parse(searchQueryText) : undefined; + }, [suppliedConfigurationsPageState]); + + const onChange: EuiSearchBarProps['onChange'] = (search) => { + if (search.error !== null) { + setSearchError(search.error.message); + return; + } + + setSearchError(undefined); + setSearchQueryText(search.queryText); }; const filteredModules = useMemo(() => { @@ -96,8 +138,6 @@ export const SuppliedConfigurations = () => { return clauses.length > 0 ? filterModules(modules, clauses) : modules; }, [query, modules]); - const onChange = useCallback(({ query: onChangeQuery }) => setQuery(onChangeQuery), [setQuery]); - if (isLoading === true) return ; return ( @@ -112,11 +152,18 @@ export const SuppliedConfigurations = () => { } ), incremental: true, - schema, + schema: SCHEMA, }} filters={filters} onChange={onChange} /> + + <> + {filteredModules.map(({ description, id, logo, title }) => { diff --git a/x-pack/plugins/ml/public/application/util/string_utils.test.ts b/x-pack/plugins/ml/public/application/util/string_utils.test.ts index a149eddec45b7..7bdf320557d38 100644 --- a/x-pack/plugins/ml/public/application/util/string_utils.test.ts +++ b/x-pack/plugins/ml/public/application/util/string_utils.test.ts @@ -15,6 +15,7 @@ import { mlEscape, escapeForElasticsearchQuery, escapeKueryForEmbeddableFieldValuePair, + stringMatch, } from './string_utils'; describe('ML - string utils', () => { @@ -170,4 +171,19 @@ describe('ML - string utils', () => { ); }); }); + + describe('stringMatch', () => { + test('should return true for partial match', () => { + expect(stringMatch('foobar', 'Foo')).toBe(true); + }); + test('should return true for exact match', () => { + expect(stringMatch('foobar', 'foobar')).toBe(true); + }); + test('should return false for no match', () => { + expect(stringMatch('foobar', 'nomatch')).toBe(false); + }); + test('should catch error for invalid regex substring and return false', () => { + expect(stringMatch('foobar', '?')).toBe(false); + }); + }); }); diff --git a/x-pack/plugins/ml/public/application/util/string_utils.ts b/x-pack/plugins/ml/public/application/util/string_utils.ts index 72e12febbe5a0..36ddd4edbe380 100644 --- a/x-pack/plugins/ml/public/application/util/string_utils.ts +++ b/x-pack/plugins/ml/public/application/util/string_utils.ts @@ -187,9 +187,13 @@ export function calculateTextWidth(txt: string | number, isNumber: boolean) { } export function stringMatch(str: string | undefined, substr: any) { - return ( - typeof str === 'string' && - typeof substr === 'string' && - (str.toLowerCase().match(substr.toLowerCase()) === null) === false - ); + try { + return ( + typeof str === 'string' && + typeof substr === 'string' && + (str.toLowerCase().match(substr.toLowerCase()) === null) === false + ); + } catch (error) { + return false; + } } diff --git a/x-pack/plugins/ml/server/saved_objects/saved_objects.ts b/x-pack/plugins/ml/server/saved_objects/saved_objects.ts index 36f9c29d35e07..98da0bcf8ebea 100644 --- a/x-pack/plugins/ml/server/saved_objects/saved_objects.ts +++ b/x-pack/plugins/ml/server/saved_objects/saved_objects.ts @@ -6,6 +6,7 @@ */ import type { SavedObjectsServiceSetup } from '@kbn/core/server'; +import rison from '@kbn/rison'; import { mlJob, mlTrainedModel, mlModule } from './mappings'; import { migrations } from './migrations'; @@ -15,6 +16,17 @@ import { ML_TRAINED_MODEL_SAVED_OBJECT_TYPE, } from '../../common/types/saved_objects'; +interface MlModuleAttributes { + id: string; + title: string; + description?: string; + type: string; + logo?: object; + query?: string; + jobs: object[]; + datafeeds: object[]; +} + export function setupSavedObjects(savedObjects: SavedObjectsServiceSetup) { savedObjects.registerType({ name: ML_JOB_SAVED_OBJECT_TYPE, @@ -30,12 +42,23 @@ export function setupSavedObjects(savedObjects: SavedObjectsServiceSetup) { migrations, mappings: mlTrainedModel, }); - savedObjects.registerType({ + savedObjects.registerType({ name: ML_MODULE_SAVED_OBJECT_TYPE, hidden: false, management: { importableAndExportable: true, visibleInManagement: false, + getTitle(obj) { + return obj.attributes.title; + }, + getInAppUrl(obj) { + return { + path: `/app/ml/supplied_configurations/?_a=${encodeURIComponent( + rison.encode({ supplied_configurations: { queryText: obj.attributes.title } }) + )}`, + uiCapabilitiesPath: 'ml.canGetJobs', + }; + }, }, namespaceType: 'agnostic', migrations, diff --git a/x-pack/plugins/transform/public/app/sections/transform_management/components/transform_list/transform_search_bar_filters.tsx b/x-pack/plugins/transform/public/app/sections/transform_management/components/transform_list/transform_search_bar_filters.tsx index 67ba6cffa997a..5596f3b5306ec 100644 --- a/x-pack/plugins/transform/public/app/sections/transform_management/components/transform_list/transform_search_bar_filters.tsx +++ b/x-pack/plugins/transform/public/app/sections/transform_management/components/transform_list/transform_search_bar_filters.tsx @@ -62,11 +62,15 @@ export const transformFilters: SearchFilterConfig[] = [ ]; function stringMatch(str: string | undefined, substr: any) { - return ( - typeof str === 'string' && - typeof substr === 'string' && - (str.toLowerCase().match(substr.toLowerCase()) === null) === false - ); + try { + return ( + typeof str === 'string' && + typeof substr === 'string' && + (str.toLowerCase().match(substr.toLowerCase()) === null) === false + ); + } catch (error) { + return false; + } } export const filterTransforms = (transforms: TransformListRow[], clauses: Clause[]) => { diff --git a/x-pack/test/fleet_api_integration/apis/epm/__snapshots__/bulk_get_assets.snap b/x-pack/test/fleet_api_integration/apis/epm/__snapshots__/bulk_get_assets.snap index 761ecfa66af7b..5fd219958c319 100644 --- a/x-pack/test/fleet_api_integration/apis/epm/__snapshots__/bulk_get_assets.snap +++ b/x-pack/test/fleet_api_integration/apis/epm/__snapshots__/bulk_get_assets.snap @@ -140,7 +140,7 @@ Array [ "type": "index-pattern", }, Object { - "appLink": "", + "appLink": "/app/ml/supplied_configurations/?_a=(supplied_configurations%3A(queryText%3A'Nginx%20access%20logs'))", "attributes": Object { "description": "Find unusual activity in HTTP access logs from filebeat (ECS).", "title": "Nginx access logs", From 885dfe30173fe15120f957cf6cbd836404c355f9 Mon Sep 17 00:00:00 2001 From: Nathan Reese Date: Thu, 19 Sep 2024 15:05:27 -0600 Subject: [PATCH 18/74] [dashboard] remove DashboardExternallyAccessibleApi and DashboardPluginInternalFunctions types (#193440) Consolidate to only exposing `DashboardApi` by removing `DashboardExternallyAccessibleApi` and `DashboardPluginInternalFunctions` types. --------- Co-authored-by: Elastic Machine --- .../page_api.ts | 4 -- .../presentation_container_example/types.ts | 5 +-- .../copy_to_dashboard_action.tsx | 6 ++- .../filters_notification_action.test.tsx | 4 -- .../filters_notification_action.tsx | 4 +- .../filters_notification_popover.test.tsx | 9 ----- .../filters_notification_popover.tsx | 10 +++-- .../dashboard/public/dashboard_api/types.ts | 3 +- .../embeddable/dashboard_container.tsx | 14 +------ .../external_api/dashboard_api.ts | 40 ------------------- 10 files changed, 17 insertions(+), 82 deletions(-) delete mode 100644 src/plugins/dashboard/public/dashboard_container/external_api/dashboard_api.ts diff --git a/examples/embeddable_examples/public/app/presentation_container_example/page_api.ts b/examples/embeddable_examples/public/app/presentation_container_example/page_api.ts index a2e4114bf59a8..517f0534993ef 100644 --- a/examples/embeddable_examples/public/app/presentation_container_example/page_api.ts +++ b/examples/embeddable_examples/public/app/presentation_container_example/page_api.ts @@ -198,10 +198,6 @@ export function getPageApi() { executionContext: { type: 'presentationContainerEmbeddableExample', }, - getAllDataViews: () => { - // TODO remove once dashboard converted to API and use `PublishesDataViews` interface - return []; - }, getPanelCount: () => { return panels$.value.length; }, diff --git a/examples/embeddable_examples/public/app/presentation_container_example/types.ts b/examples/embeddable_examples/public/app/presentation_container_example/types.ts index 66ac415ffebbe..c3530ba71dbcf 100644 --- a/examples/embeddable_examples/public/app/presentation_container_example/types.ts +++ b/examples/embeddable_examples/public/app/presentation_container_example/types.ts @@ -7,7 +7,6 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import type { DataView } from '@kbn/data-views-plugin/public'; import { TimeRange } from '@kbn/es-query'; import { CanAddNewPanel, @@ -36,9 +35,7 @@ export type PageApi = PresentationContainer & PublishesViewMode & PublishesReload & PublishesTimeRange & - PublishesUnsavedChanges & { - getAllDataViews: () => DataView[]; - }; + PublishesUnsavedChanges; export interface LastSavedState { timeRange: TimeRange; diff --git a/src/plugins/dashboard/public/dashboard_actions/copy_to_dashboard_action.tsx b/src/plugins/dashboard/public/dashboard_actions/copy_to_dashboard_action.tsx index 735cf767a1a54..83762f407f423 100644 --- a/src/plugins/dashboard/public/dashboard_actions/copy_to_dashboard_action.tsx +++ b/src/plugins/dashboard/public/dashboard_actions/copy_to_dashboard_action.tsx @@ -25,7 +25,7 @@ import { toMountPoint } from '@kbn/react-kibana-mount'; import { Action, IncompatibleActionError } from '@kbn/ui-actions-plugin/public'; import { DASHBOARD_CONTAINER_TYPE } from '../dashboard_container'; -import { DashboardPluginInternalFunctions } from '../dashboard_container/external_api/dashboard_api'; +import { DashboardApi } from '../dashboard_api/types'; import { pluginServices } from '../services/plugin_services'; import { CopyToDashboardModal } from './copy_to_dashboard_modal'; import { dashboardCopyToDashboardActionStrings } from './_dashboard_actions_strings'; @@ -41,7 +41,7 @@ export type CopyToDashboardAPI = HasType & HasUniqueId & HasParentApi< { type: typeof DASHBOARD_CONTAINER_TYPE } & PublishesSavedObjectId & - DashboardPluginInternalFunctions + Pick >; const apiIsCompatible = (api: unknown): api is CopyToDashboardAPI => { @@ -49,6 +49,8 @@ const apiIsCompatible = (api: unknown): api is CopyToDashboardAPI => { apiHasUniqueId(api) && apiHasParentApi(api) && apiIsOfType(api.parentApi, DASHBOARD_CONTAINER_TYPE) && + (api?.parentApi as unknown as Pick) + ?.getDashboardPanelFromId !== undefined && apiPublishesSavedObjectId(api.parentApi) ); }; diff --git a/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.test.tsx b/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.test.tsx index 884980c74b8ac..29b0353979073 100644 --- a/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.test.tsx +++ b/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.test.tsx @@ -58,10 +58,6 @@ describe('filters notification action', () => { embeddable: { uuid: 'testId', viewMode: viewModeSubject, - parentApi: { - getAllDataViews: jest.fn(), - getDashboardPanelFromId: jest.fn(), - }, filters$: filtersSubject, query$: querySubject, }, diff --git a/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.tsx b/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.tsx index 0240c83930a38..ef179c006666f 100644 --- a/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.tsx +++ b/src/plugins/dashboard/public/dashboard_actions/filters_notification_action.tsx @@ -24,9 +24,9 @@ import { HasParentApi, PublishesUnifiedSearch, HasUniqueId, + PublishesDataViews, } from '@kbn/presentation-publishing'; import { merge } from 'rxjs'; -import { DashboardPluginInternalFunctions } from '../dashboard_container/external_api/dashboard_api'; import { pluginServices } from '../services/plugin_services'; import { FiltersNotificationPopover } from './filters_notification_popover'; import { dashboardFilterNotificationActionStrings } from './_dashboard_actions_strings'; @@ -36,7 +36,7 @@ export const BADGE_FILTERS_NOTIFICATION = 'ACTION_FILTERS_NOTIFICATION'; export type FiltersNotificationActionApi = HasUniqueId & CanAccessViewMode & Partial & - HasParentApi; + Partial>>; const isApiCompatible = (api: unknown | null): api is FiltersNotificationActionApi => Boolean( diff --git a/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.test.tsx b/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.test.tsx index 3fffb80ccea09..b02443f01aaa8 100644 --- a/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.test.tsx +++ b/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.test.tsx @@ -60,10 +60,6 @@ describe('filters notification popover', () => { api = { uuid: 'testId', viewMode: new BehaviorSubject('edit'), - parentApi: { - getAllDataViews: jest.fn(), - getDashboardPanelFromId: jest.fn(), - }, filters$: filtersSubject, query$: querySubject, }; @@ -79,11 +75,6 @@ describe('filters notification popover', () => { await waitForEuiPopoverOpen(); }; - it('calls get all dataviews from the parent', async () => { - render(); - expect(api.parentApi?.getAllDataViews).toHaveBeenCalled(); - }); - it('renders the filter section when given filters', async () => { updateFilters([getMockPhraseFilter('ay', 'oh')]); await renderAndOpenPopover(); diff --git a/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.tsx b/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.tsx index 05c76132fbcd9..bafd06297fe7e 100644 --- a/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.tsx +++ b/src/plugins/dashboard/public/dashboard_actions/filters_notification_popover.tsx @@ -26,8 +26,10 @@ import { css } from '@emotion/react'; import { AggregateQuery, getAggregateQueryMode, isOfQueryType } from '@kbn/es-query'; import { getEditPanelAction } from '@kbn/presentation-panel-plugin/public'; import { FilterItems } from '@kbn/unified-search-plugin/public'; -import { FiltersNotificationActionApi } from './filters_notification_action'; +import { useStateFromPublishingSubject } from '@kbn/presentation-publishing'; +import { BehaviorSubject } from 'rxjs'; import { dashboardFilterNotificationActionStrings } from './_dashboard_actions_strings'; +import { FiltersNotificationActionApi } from './filters_notification_action'; export function FiltersNotificationPopover({ api }: { api: FiltersNotificationActionApi }) { const [isPopoverOpen, setIsPopoverOpen] = useState(false); @@ -57,7 +59,9 @@ export function FiltersNotificationPopover({ api }: { api: FiltersNotificationAc } }, [api, setDisableEditButton]); - const dataViews = useMemo(() => api.parentApi?.getAllDataViews(), [api]); + const dataViews = useStateFromPublishingSubject( + api.parentApi?.dataViews ? api.parentApi.dataViews : new BehaviorSubject(undefined) + ); return ( - + )} diff --git a/src/plugins/dashboard/public/dashboard_api/types.ts b/src/plugins/dashboard/public/dashboard_api/types.ts index 216081efbd8c8..4760d2fd95301 100644 --- a/src/plugins/dashboard/public/dashboard_api/types.ts +++ b/src/plugins/dashboard/public/dashboard_api/types.ts @@ -25,7 +25,7 @@ import { } from '@kbn/presentation-publishing'; import { ControlGroupApi } from '@kbn/controls-plugin/public'; import { Filter, Query, TimeRange } from '@kbn/es-query'; -import { DashboardPanelMap } from '../../common'; +import { DashboardPanelMap, DashboardPanelState } from '../../common'; import { SaveDashboardReturn } from '../services/dashboard_content_management/types'; export type DashboardApi = CanExpandPanels & @@ -44,6 +44,7 @@ export type DashboardApi = CanExpandPanels & fullScreenMode$: PublishingSubject; focusedPanelId$: PublishingSubject; forceRefresh: () => void; + getDashboardPanelFromId: (id: string) => Promise; getPanelsState: () => DashboardPanelMap; hasOverlays$: PublishingSubject; hasRunMigrations$: PublishingSubject; diff --git a/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx b/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx index b836b3a53a726..32262c64d1d06 100644 --- a/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx +++ b/src/plugins/dashboard/public/dashboard_container/embeddable/dashboard_container.tsx @@ -78,7 +78,6 @@ import { pluginServices } from '../../services/plugin_services'; import { placePanel } from '../panel_placement'; import { runPanelPlacementStrategy } from '../panel_placement/place_new_panel_strategies'; import { DashboardViewport } from '../component/viewport/dashboard_viewport'; -import { DashboardExternallyAccessibleApi } from '../external_api/dashboard_api'; import { getDashboardPanelPlacementSetting } from '../panel_placement/panel_placement_registry'; import { dashboardContainerReducers } from '../state/dashboard_container_reducers'; import { getDiffingMiddleware } from '../state/diffing/dashboard_diffing_integration'; @@ -137,7 +136,6 @@ export const useDashboardContainer = (): DashboardContainer => { export class DashboardContainer extends Container implements - DashboardExternallyAccessibleApi, TrackContentfulRender, TracksQueryPerformance, HasSaveNotification, @@ -174,7 +172,6 @@ export class DashboardContainer private domNode?: HTMLElement; private overlayRef?: OverlayRef; - private allDataViews: DataView[] = []; // performance monitoring public lastLoadStartTime?: number; @@ -393,7 +390,7 @@ export class DashboardContainer }) ); - this.dataViews = new BehaviorSubject(this.getAllDataViews()); + this.dataViews = new BehaviorSubject([]); const query$ = new BehaviorSubject(this.getInput().query); this.query$ = query$; @@ -799,20 +796,11 @@ export class DashboardContainer dashboardContainerReady$.next(this); }; - /** - * Gets all the dataviews that are actively being used in the dashboard - * @returns An array of dataviews - */ - public getAllDataViews = () => { - return this.allDataViews; - }; - /** * Use this to set the dataviews that are used in the dashboard when they change/update * @param newDataViews The new array of dataviews that will overwrite the old dataviews array */ public setAllDataViews = (newDataViews: DataView[]) => { - this.allDataViews = newDataViews; (this.dataViews as BehaviorSubject).next(newDataViews); }; diff --git a/src/plugins/dashboard/public/dashboard_container/external_api/dashboard_api.ts b/src/plugins/dashboard/public/dashboard_container/external_api/dashboard_api.ts deleted file mode 100644 index 16f4347351fa7..0000000000000 --- a/src/plugins/dashboard/public/dashboard_container/external_api/dashboard_api.ts +++ /dev/null @@ -1,40 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the "Elastic License - * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side - * Public License v 1"; you may not use this file except in compliance with, at - * your election, the "Elastic License 2.0", the "GNU Affero General Public - * License v3.0 only", or the "Server Side Public License, v 1". - */ - -import type { DataView } from '@kbn/data-views-plugin/public'; -import { CanDuplicatePanels, CanExpandPanels, TracksOverlays } from '@kbn/presentation-containers'; -import { HasTypeDisplayName, PublishesSavedObjectId } from '@kbn/presentation-publishing'; -import { DashboardPanelState } from '../../../common'; -import { DashboardContainer } from '../embeddable/dashboard_container'; - -export const buildApiFromDashboardContainer = (container?: DashboardContainer) => container ?? null; - -export type DashboardExternallyAccessibleApi = HasTypeDisplayName & - CanDuplicatePanels & - TracksOverlays & - PublishesSavedObjectId & - DashboardPluginInternalFunctions & - CanExpandPanels; - -/** - * An interface that holds types for the methods that Dashboard publishes which should not be used - * outside of the Dashboard plugin. This is necessary for some actions which reside in the Dashboard plugin. - */ -export interface DashboardPluginInternalFunctions { - /** - * A temporary backdoor to allow some actions access to the Dashboard panels. This should eventually be replaced with a generic version - * on the PresentationContainer interface. - */ - getDashboardPanelFromId: (id: string) => Promise; - - /** - * A temporary backdoor to allow the filters notification popover to get the data views directly from the dashboard container - */ - getAllDataViews: () => DataView[]; -} From fd149a5ab2c935d9f8f2dfe17c7f35c8a1c1f353 Mon Sep 17 00:00:00 2001 From: Samiul Monir <150824886+Samiul-TheSoccerFan@users.noreply.github.com> Date: Thu, 19 Sep 2024 17:33:28 -0400 Subject: [PATCH 19/74] Refactoring Inference Management UI (#193380) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ## Summary This PR includes: - Adding header links and text - Restructure of columns - Increased pagination limit ![Screenshot 2024-09-18 at 11 51 25 PM](https://github.com/user-attachments/assets/a4fc1324-4365-4f1c-a33e-3d247227bcfa) ### Checklist Delete any items that are not applicable to this PR. - [X] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [X] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Elastic Machine --- .../common/translations.ts | 16 +- .../all_inference_endpoints/constants.ts | 2 +- .../actions/delete/delete_action.tsx | 4 +- .../deployment_status.test.tsx | 33 -- .../deployment_status.tsx | 62 ---- .../render_deployment_status/translations.ts | 36 -- .../render_endpoint/endpoint_info.test.tsx | 311 +----------------- .../render_endpoint/endpoint_info.tsx | 183 +---------- .../render_endpoint/model_badge.tsx | 21 -- .../service_provider.test.tsx | 273 ++++++++++++++- .../service_provider.tsx | 121 ++++++- .../translations.ts | 12 - .../tabular_page.test.tsx | 45 +-- .../all_inference_endpoints/tabular_page.tsx | 32 +- .../all_inference_endpoints/types.ts | 9 +- .../components/inference_endpoints_header.tsx | 23 +- .../public/hooks/use_table_data.test.tsx | 19 +- .../public/hooks/use_table_data.tsx | 37 +-- .../translations/translations/fr-FR.json | 4 - .../translations/translations/ja-JP.json | 4 - .../translations/translations/zh-CN.json | 4 - 21 files changed, 435 insertions(+), 816 deletions(-) delete mode 100644 x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/deployment_status.test.tsx delete mode 100644 x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/deployment_status.tsx delete mode 100644 x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/translations.ts delete mode 100644 x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/model_badge.tsx rename x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/{render_endpoint => render_service_provider}/translations.ts (50%) diff --git a/x-pack/plugins/search_inference_endpoints/common/translations.ts b/x-pack/plugins/search_inference_endpoints/common/translations.ts index a61d185c406c0..0f1aa4a8abcfc 100644 --- a/x-pack/plugins/search_inference_endpoints/common/translations.ts +++ b/x-pack/plugins/search_inference_endpoints/common/translations.ts @@ -10,7 +10,7 @@ import { i18n } from '@kbn/i18n'; export const INFERENCE_ENDPOINT_LABEL = i18n.translate( 'xpack.searchInferenceEndpoints.inferenceEndpointsLabel', { - defaultMessage: 'Inference Endpoints', + defaultMessage: 'Inference endpoints', } ); @@ -21,7 +21,8 @@ export const CANCEL = i18n.translate('xpack.searchInferenceEndpoints.cancel', { export const MANAGE_INFERENCE_ENDPOINTS_LABEL = i18n.translate( 'xpack.searchInferenceEndpoints.allInferenceEndpoints.description', { - defaultMessage: 'View and manage your deployed inference endpoints.', + defaultMessage: + 'Inference endpoints streamline the deployment and management of machine\nlearning models in Elasticsearch. Set up and manage NLP tasks using unique\nendpoints, to build AI-powered search.', } ); @@ -69,9 +70,16 @@ export const SEMANTIC_SEARCH_WITH_E5_LINK = i18n.translate( ); export const VIEW_YOUR_MODELS_LINK = i18n.translate( - 'xpack.searchInferenceEndpoints.addEmptyPrompt.viewYourModels', + 'xpack.searchInferenceEndpoints.viewYourModels', + { + defaultMessage: 'ML Trained Models', + } +); + +export const API_DOCUMENTATION_LINK = i18n.translate( + 'xpack.searchInferenceEndpoints.apiDocumentationLink', { - defaultMessage: 'View your models', + defaultMessage: 'API Documentation', } ); diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/constants.ts b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/constants.ts index b3fd13dc5383a..3e60bc33b049c 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/constants.ts +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/constants.ts @@ -14,7 +14,7 @@ import { } from './types'; export const DEFAULT_TABLE_ACTIVE_PAGE = 1; -export const DEFAULT_TABLE_LIMIT = 10; +export const DEFAULT_TABLE_LIMIT = 25; export const DEFAULT_QUERY_PARAMS: QueryParams = { page: DEFAULT_TABLE_ACTIVE_PAGE, diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_actions/actions/delete/delete_action.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_actions/actions/delete/delete_action.tsx index 7bc428f49affa..caedf4e913387 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_actions/actions/delete/delete_action.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_actions/actions/delete/delete_action.tsx @@ -28,7 +28,7 @@ export const DeleteAction: React.FC = ({ selectedEndpoint }) deleteEndpoint({ type: selectedEndpoint.type, - id: selectedEndpoint.endpoint.inference_id, + id: selectedEndpoint.endpoint, }); }; @@ -37,7 +37,7 @@ export const DeleteAction: React.FC = ({ selectedEndpoint }) { - it('starting renders with warning status', () => { - render(); - const healthComponent = screen.getByTestId(`table-column-deployment-starting`); - expect(healthComponent).toBeInTheDocument(); - expect(healthComponent).toHaveAttribute('color', 'warning'); - }); - it('stopping renders with danger status', () => { - render(); - const healthComponent = screen.getByTestId(`table-column-deployment-stopping`); - expect(healthComponent).toBeInTheDocument(); - expect(healthComponent).toHaveAttribute('color', 'danger'); - }); - - it('started renders with success status', () => { - render(); - const healthComponent = screen.getByTestId(`table-column-deployment-started`); - expect(healthComponent).toBeInTheDocument(); - expect(healthComponent).toHaveAttribute('color', 'success'); - }); -}); diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/deployment_status.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/deployment_status.tsx deleted file mode 100644 index 61bee26333a88..0000000000000 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/deployment_status.tsx +++ /dev/null @@ -1,62 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiIcon, EuiToolTip } from '@elastic/eui'; -import { DeploymentState } from '@kbn/ml-trained-models-utils'; -import * as i18n from './translations'; - -interface DeploymentStatusProps { - status: DeploymentState | undefined; -} - -function getStatus(status: DeploymentState | undefined) { - switch (status) { - case 'started': - return { - statusColor: 'success', - type: 'dot', - tooltip: i18n.MODEL_DEPLOYED, - }; - - case 'starting': - return { - statusColor: 'warning', - type: 'warning', - tooltip: i18n.MODEL_STARTING, - }; - - case 'stopping': - return { - statusColor: 'danger', - type: 'dot', - tooltip: i18n.MODEL_STOPPING, - }; - - case undefined: - return { - statusColor: 'danger', - type: 'dot', - tooltip: i18n.MODEL_NOT_DEPLOYED, - }; - } -} - -export const DeploymentStatus: React.FC = ({ status }) => { - const { statusColor, type, tooltip } = getStatus(status); - - return ( - - - - ); -}; diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/translations.ts b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/translations.ts deleted file mode 100644 index 5d811c0db45c0..0000000000000 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_deployment_status/translations.ts +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import { i18n } from '@kbn/i18n'; - -export const MODEL_DEPLOYED = i18n.translate( - 'xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelDeployed', - { - defaultMessage: 'Model is deployed', - } -); - -export const MODEL_STARTING = i18n.translate( - 'xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelNotDeployed', - { - defaultMessage: 'Model starting', - } -); - -export const MODEL_NOT_DEPLOYED = i18n.translate( - 'xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelNotDeployed', - { - defaultMessage: 'Model is not deployed', - } -); - -export const MODEL_STOPPING = i18n.translate( - 'xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelStopped', - { - defaultMessage: 'Model stopping', - } -); diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.test.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.test.tsx index afb320dbf5ce9..1c91dcfd1aec3 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.test.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.test.tsx @@ -9,315 +9,10 @@ import { render, screen } from '@testing-library/react'; import React from 'react'; import { EndpointInfo } from './endpoint_info'; -jest.mock('@kbn/ml-trained-models-utils', () => ({ - ...jest.requireActual('@kbn/ml-trained-models-utils'), - ELASTIC_MODEL_DEFINITIONS: { - 'model-with-mit-license': { - license: 'MIT', - licenseUrl: 'https://abc.com', - }, - }, -})); - describe('RenderEndpoint component tests', () => { - describe('with cohere service', () => { - const mockEndpoint = { - inference_id: 'cohere-2', - service: 'cohere', - service_settings: { - similarity: 'cosine', - dimensions: 384, - model_id: 'embed-english-light-v3.0', - rate_limit: { - requests_per_minute: 10000, - }, - embedding_type: 'byte', - }, - task_settings: {}, - } as any; - - it('renders the component with endpoint details for Cohere service', () => { - render(); - - expect(screen.getByText('cohere-2')).toBeInTheDocument(); - expect(screen.getByText('byte')).toBeInTheDocument(); - expect(screen.getByText('embed-english-light-v3.0')).toBeInTheDocument(); - }); - - it('does not render model_id badge if serviceSettings.model_id is not provided for Cohere service', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: { ...mockEndpoint.service_settings, model_id: undefined }, - }; - render(); - - expect(screen.queryByText('embed-english-light-v3.0')).not.toBeInTheDocument(); - }); - - it('renders only model_id if other settings are not provided for Cohere service', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: { model_id: 'embed-english-light-v3.0' }, - }; - render(); - - expect(screen.getByText('embed-english-light-v3.0')).toBeInTheDocument(); - expect(screen.queryByText(',')).not.toBeInTheDocument(); - }); - }); - - describe('with elasticsearch service', () => { - const mockEndpoint = { - inference_id: 'model-123', - service: 'elasticsearch', - service_settings: { - num_allocations: 5, - num_threads: 10, - model_id: 'settings-model-123', - }, - } as any; - - it('renders the component with endpoint model_id and model settings', () => { - render(); - - expect(screen.getByText('model-123')).toBeInTheDocument(); - expect(screen.getByText('settings-model-123')).toBeInTheDocument(); - expect(screen.getByText('Threads: 10 | Allocations: 5')).toBeInTheDocument(); - }); - - it('renders the component with only model_id if num_threads and num_allocations are not provided', () => { - const modifiedSettings = { - ...mockEndpoint.service_settings, - num_threads: undefined, - num_allocations: undefined, - }; - const modifiedEndpoint = { ...mockEndpoint, service_settings: modifiedSettings }; - render(); - - expect(screen.getByText('model-123')).toBeInTheDocument(); - expect(screen.getByText('settings-model-123')).toBeInTheDocument(); - expect(screen.queryByText('Threads: 10 | Allocations: 5')).not.toBeInTheDocument(); - }); - }); - - describe('with azureaistudio service', () => { - const mockEndpoint = { - inference_id: 'azure-ai-1', - service: 'azureaistudio', - service_settings: { - target: 'westus', - provider: 'microsoft_phi', - endpoint_type: 'realtime', - }, - } as any; - - it('renders the component with endpoint details', () => { - render(); - - expect(screen.getByText('azure-ai-1')).toBeInTheDocument(); - expect(screen.getByText('microsoft_phi, realtime, westus')).toBeInTheDocument(); - }); - - it('renders correctly when some service settings are missing', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: { target: 'westus', provider: 'microsoft_phi' }, - }; - render(); - - expect(screen.getByText('microsoft_phi, westus')).toBeInTheDocument(); - }); - - it('does not render a comma when only one service setting is provided', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: { target: 'westus' }, - }; - render(); - - expect(screen.getByText('westus')).toBeInTheDocument(); - expect(screen.queryByText(',')).not.toBeInTheDocument(); - }); - - it('renders nothing related to service settings when all are missing', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: {}, - }; - render(); - - expect(screen.getByText('azure-ai-1')).toBeInTheDocument(); - expect(screen.queryByText('westus')).not.toBeInTheDocument(); - expect(screen.queryByText('microsoft_phi')).not.toBeInTheDocument(); - expect(screen.queryByText('realtime')).not.toBeInTheDocument(); - }); - }); - - describe('with azureopenai service', () => { - const mockEndpoint = { - inference_id: 'azure-openai-1', - service: 'azureopenai', - service_settings: { - resource_name: 'resource-xyz', - deployment_id: 'deployment-123', - api_version: 'v1', - }, - } as any; - - it('renders the component with all required endpoint details', () => { - render(); - - expect(screen.getByText('azure-openai-1')).toBeInTheDocument(); - expect(screen.getByText('resource-xyz, deployment-123, v1')).toBeInTheDocument(); - }); - }); - - describe('with mistral service', () => { - const mockEndpoint = { - inference_id: 'mistral-ai-1', - service: 'mistral', - service_settings: { - model: 'model-xyz', - max_input_tokens: 512, - rate_limit: { - requests_per_minute: 1000, - }, - }, - } as any; - - it('renders the component with endpoint details', () => { - render(); - - expect(screen.getByText('mistral-ai-1')).toBeInTheDocument(); - expect(screen.getByText('model-xyz')).toBeInTheDocument(); - expect(screen.getByText('max_input_tokens: 512, rate_limit: 1000')).toBeInTheDocument(); - }); - - it('renders correctly when some service settings are missing', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: { - model: 'model-xyz', - max_input_tokens: 512, - }, - }; - render(); - - expect(screen.getByText('max_input_tokens: 512')).toBeInTheDocument(); - }); - - it('does not render a comma when only one service setting is provided', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: { model: 'model-xyz' }, - }; - render(); - - expect(screen.getByText('model-xyz')).toBeInTheDocument(); - expect(screen.queryByText(',')).not.toBeInTheDocument(); - }); - - it('renders nothing related to service settings when all are missing', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: {}, - }; - render(); - - expect(screen.getByText('mistral-ai-1')).toBeInTheDocument(); - expect(screen.queryByText('model-xyz')).not.toBeInTheDocument(); - expect(screen.queryByText('max_input_tokens: 512')).not.toBeInTheDocument(); - expect(screen.queryByText('rate_limit: 1000')).not.toBeInTheDocument(); - }); - }); - - describe('with googleaistudio service', () => { - const mockEndpoint = { - inference_id: 'google-ai-1', - service: 'googleaistudio', - service_settings: { - model_id: 'model-abc', - rate_limit: { - requests_per_minute: 500, - }, - }, - } as any; - - it('renders the component with endpoint details', () => { - render(); - - expect(screen.getByText('model-abc')).toBeInTheDocument(); - expect(screen.getByText('rate_limit: 500')).toBeInTheDocument(); - }); - - it('renders correctly when rate limit is missing', () => { - const modifiedEndpoint = { - ...mockEndpoint, - service_settings: { - model_id: 'model-abc', - }, - }; - - render(); - - expect(screen.getByText('model-abc')).toBeInTheDocument(); - expect(screen.queryByText('Rate limit:')).not.toBeInTheDocument(); - }); - }); - - describe('with amazonbedrock service', () => { - const mockEndpoint = { - inference_id: 'amazon-bedrock-1', - service: 'amazonbedrock', - service_settings: { - region: 'us-west-1', - provider: 'AMAZONTITAN', - model: 'model-bedrock-xyz', - }, - } as any; - - it('renders the component with endpoint details', () => { - render(); - - expect(screen.getByText('amazon-bedrock-1')).toBeInTheDocument(); - expect(screen.getByText('model-bedrock-xyz')).toBeInTheDocument(); - expect(screen.getByText('region: us-west-1, provider: amazontitan')).toBeInTheDocument(); - }); - }); - - describe('for MIT licensed models', () => { - const mockEndpointWithMitLicensedModel = { - inference_id: 'model-123', - service: 'elasticsearch', - service_settings: { - num_allocations: 5, - num_threads: 10, - model_id: 'model-with-mit-license', - }, - } as any; - - it('renders the MIT license badge if the model is eligible', () => { - render(); - - const mitBadge = screen.getByTestId('mit-license-badge'); - expect(mitBadge).toBeInTheDocument(); - expect(mitBadge).toHaveAttribute('href', 'https://abc.com'); - }); - - it('does not render the MIT license badge if the model is not eligible', () => { - const mockEndpointWithNonMitLicensedModel = { - inference_id: 'model-123', - service: 'elasticsearch', - service_settings: { - num_allocations: 5, - num_threads: 10, - model_id: 'model-without-mit-license', - }, - } as any; - - render(); + it('renders the component with inference id', () => { + render(); - expect(screen.queryByTestId('mit-license-badge')).not.toBeInTheDocument(); - }); + expect(screen.getByText('cohere-2')).toBeInTheDocument(); }); }); diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.tsx index b09b260e8cf15..3d810a24a9ffc 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/endpoint_info.tsx @@ -6,184 +6,13 @@ */ import React from 'react'; -import { - InferenceAPIConfigResponse, - ELASTIC_MODEL_DEFINITIONS, -} from '@kbn/ml-trained-models-utils'; -import { EuiFlexGroup, EuiFlexItem, EuiText, EuiBadge } from '@elastic/eui'; -import { ServiceProviderKeys } from '../../types'; -import { ModelBadge } from './model_badge'; -import * as i18n from './translations'; export interface EndpointInfoProps { - endpoint: InferenceAPIConfigResponse; + inferenceId: string; } -export const EndpointInfo: React.FC = ({ endpoint }) => { - return ( - - - {endpoint.inference_id} - - - - - - ); -}; - -const EndpointModelInfo: React.FC = ({ endpoint }) => { - const serviceSettings = endpoint.service_settings; - const modelId = - 'model_id' in serviceSettings - ? serviceSettings.model_id - : 'model' in serviceSettings - ? serviceSettings.model - : undefined; - - const isEligibleForMITBadge = modelId && ELASTIC_MODEL_DEFINITIONS[modelId]?.license === 'MIT'; - - return ( - <> - - {modelId && } - {isEligibleForMITBadge ? ( - - {i18n.MIT_LICENSE} - - ) : null}{' '} - {endpointModelAtrributes(endpoint)} - - - ); -}; - -function endpointModelAtrributes(endpoint: InferenceAPIConfigResponse) { - switch (endpoint.service) { - case ServiceProviderKeys.elser: - case ServiceProviderKeys.elasticsearch: - return elasticsearchAttributes(endpoint); - case ServiceProviderKeys.cohere: - return cohereAttributes(endpoint); - case ServiceProviderKeys.hugging_face: - return huggingFaceAttributes(endpoint); - case ServiceProviderKeys.openai: - return openAIAttributes(endpoint); - case ServiceProviderKeys.azureaistudio: - return azureOpenAIStudioAttributes(endpoint); - case ServiceProviderKeys.azureopenai: - return azureOpenAIAttributes(endpoint); - case ServiceProviderKeys.mistral: - return mistralAttributes(endpoint); - case ServiceProviderKeys.googleaistudio: - return googleAIStudioAttributes(endpoint); - case ServiceProviderKeys.amazonbedrock: - return amazonBedrockAttributes(endpoint); - default: - return null; - } -} - -function elasticsearchAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - - const numAllocations = - 'num_allocations' in serviceSettings ? serviceSettings.num_allocations : undefined; - const numThreads = 'num_threads' in serviceSettings ? serviceSettings.num_threads : undefined; - - return `${numThreads ? i18n.THREADS(numThreads) : ''}${ - numThreads && numAllocations ? ' | ' : '' - }${numAllocations ? i18n.ALLOCATIONS(numAllocations) : ''}`; -} - -function cohereAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - const embeddingType = - 'embedding_type' in serviceSettings ? serviceSettings.embedding_type : undefined; - - const taskSettings = endpoint.task_settings; - const inputType = 'input_type' in taskSettings ? taskSettings.input_type : undefined; - const truncate = 'truncate' in taskSettings ? taskSettings.truncate : undefined; - - return [embeddingType, inputType, truncate && `truncate: ${truncate}`].filter(Boolean).join(', '); -} - -function huggingFaceAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - const url = 'url' in serviceSettings ? serviceSettings.url : null; - - return url; -} - -function openAIAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - const url = 'url' in serviceSettings ? serviceSettings.url : null; - - return url; -} - -function azureOpenAIStudioAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - const provider = 'provider' in serviceSettings ? serviceSettings?.provider : undefined; - const endpointType = - 'endpoint_type' in serviceSettings ? serviceSettings.endpoint_type : undefined; - const target = 'target' in serviceSettings ? serviceSettings.target : undefined; - - return [provider, endpointType, target].filter(Boolean).join(', '); -} - -function azureOpenAIAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - - const resourceName = - 'resource_name' in serviceSettings ? serviceSettings.resource_name : undefined; - const deploymentId = - 'deployment_id' in serviceSettings ? serviceSettings.deployment_id : undefined; - const apiVersion = 'api_version' in serviceSettings ? serviceSettings.api_version : undefined; - - return [resourceName, deploymentId, apiVersion].filter(Boolean).join(', '); -} - -function mistralAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - - const maxInputTokens = - 'max_input_tokens' in serviceSettings ? serviceSettings.max_input_tokens : undefined; - const rateLimit = - 'rate_limit' in serviceSettings ? serviceSettings.rate_limit.requests_per_minute : undefined; - - return [ - maxInputTokens && `max_input_tokens: ${maxInputTokens}`, - rateLimit && `rate_limit: ${rateLimit}`, - ] - .filter(Boolean) - .join(', '); -} - -function amazonBedrockAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - - const region = 'region' in serviceSettings ? serviceSettings.region : undefined; - const provider = - 'provider' in serviceSettings ? serviceSettings.provider.toLocaleLowerCase() : undefined; - - return [region && `region: ${region}`, provider && `provider: ${provider}`] - .filter(Boolean) - .join(', '); -} - -function googleAIStudioAttributes(endpoint: InferenceAPIConfigResponse) { - const serviceSettings = endpoint.service_settings; - - const rateLimit = - 'rate_limit' in serviceSettings ? serviceSettings.rate_limit.requests_per_minute : undefined; - - return rateLimit && `rate_limit: ${rateLimit}`; -} +export const EndpointInfo: React.FC = ({ inferenceId }) => ( + + {inferenceId} + +); diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/model_badge.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/model_badge.tsx deleted file mode 100644 index e4b241abd8199..0000000000000 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/model_badge.tsx +++ /dev/null @@ -1,21 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -import React from 'react'; -import { EuiBadge, useEuiTheme } from '@elastic/eui'; - -interface ModelBadgeProps { - model?: string; -} - -export const ModelBadge: React.FC = ({ model }) => { - const { euiTheme } = useEuiTheme(); - - if (!model) return null; - - return {model}; -}; diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.test.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.test.tsx index a592569abb0aa..bcb6599632177 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.test.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.test.tsx @@ -8,25 +8,264 @@ import { render, screen } from '@testing-library/react'; import React from 'react'; import { ServiceProvider } from './service_provider'; -import { ServiceProviderKeys } from '../../types'; -jest.mock('../../../../assets/images/providers/elastic.svg', () => 'elasticIcon.svg'); -jest.mock('../../../../assets/images/providers/hugging_face.svg', () => 'huggingFaceIcon.svg'); -jest.mock('../../../../assets/images/providers/cohere.svg', () => 'cohereIcon.svg'); -jest.mock('../../../../assets/images/providers/open_ai.svg', () => 'openAIIcon.svg'); +jest.mock('@kbn/ml-trained-models-utils', () => ({ + ...jest.requireActual('@kbn/ml-trained-models-utils'), + ELASTIC_MODEL_DEFINITIONS: { + 'model-with-mit-license': { + license: 'MIT', + licenseUrl: 'https://abc.com', + }, + }, +})); describe('ServiceProvider component', () => { - it('renders Hugging Face icon and name when providerKey is hugging_face', () => { - render(); - expect(screen.getByText('Hugging Face')).toBeInTheDocument(); - const icon = screen.getByTestId('table-column-service-provider-hugging_face'); - expect(icon).toBeInTheDocument(); - }); - - it('renders Open AI icon and name when providerKey is openai', () => { - render(); - expect(screen.getByText('OpenAI')).toBeInTheDocument(); - const icon = screen.getByTestId('table-column-service-provider-openai'); - expect(icon).toBeInTheDocument(); + describe('with HuggingFace service', () => { + const mockEndpoint = { + inference_id: 'my-hugging-face', + service: 'hugging_face', + service_settings: { + api_key: 'aaaa', + url: 'https://dummy.huggingface.com', + }, + task_settings: {}, + } as any; + it('renders the component with service and model details', () => { + render(); + + expect(screen.getByText('Hugging Face')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-hugging_face'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('https://dummy.huggingface.com')).toBeInTheDocument(); + }); + }); + + describe('with openai service', () => { + const mockEndpoint = { + inference_id: 'my-openai-endpoint', + service: 'openai', + service_settings: { + api_key: 'aaaa', + model_id: 'text-embedding-3-small', + }, + task_settings: {}, + } as any; + it('renders the component with service and model details', () => { + render(); + + expect(screen.getByText('OpenAI')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-openai'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('text-embedding-3-small')).toBeInTheDocument(); + }); + }); + + describe('with cohere service', () => { + const mockEndpoint = { + inference_id: 'cohere-2', + service: 'cohere', + service_settings: { + similarity: 'cosine', + dimensions: 384, + model_id: 'embed-english-light-v3.0', + rate_limit: { + requests_per_minute: 10000, + }, + embedding_type: 'byte', + }, + task_settings: {}, + } as any; + + it('renders the component with service and model details', () => { + render(); + + expect(screen.getByText('Cohere')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-cohere'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('embed-english-light-v3.0')).toBeInTheDocument(); + }); + + it('does not render model_id badge if serviceSettings.model_id is not provided', () => { + const modifiedEndpoint = { + ...mockEndpoint, + service_settings: { ...mockEndpoint.service_settings, model_id: undefined }, + }; + render(); + + expect(screen.queryByText('embed-english-light-v3.0')).not.toBeInTheDocument(); + }); + }); + + describe('with azureaistudio service', () => { + const mockEndpoint = { + inference_id: 'azure-ai-1', + service: 'azureaistudio', + service_settings: { + target: 'westus', + provider: 'microsoft_phi', + endpoint_type: 'realtime', + }, + } as any; + + it('renders the component with endpoint details', () => { + render(); + + expect(screen.getByText('Azure AI Studio')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-azureaistudio'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('microsoft_phi')).toBeInTheDocument(); + }); + + it('renders nothing related to service settings when all are missing', () => { + const modifiedEndpoint = { + ...mockEndpoint, + service_settings: {}, + }; + render(); + + expect(screen.getByText('Azure AI Studio')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-azureaistudio'); + expect(icon).toBeInTheDocument(); + expect(screen.queryByText('microsoft_phi')).not.toBeInTheDocument(); + }); + }); + + describe('with azureopenai service', () => { + const mockEndpoint = { + inference_id: 'azure-openai-1', + service: 'azureopenai', + service_settings: { + resource_name: 'resource-xyz', + deployment_id: 'deployment-123', + api_version: 'v1', + }, + } as any; + + it('renders the component with all required endpoint details', () => { + render(); + + expect(screen.getByText('Azure OpenAI')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-azureopenai'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('resource-xyz')).toBeInTheDocument(); + }); + }); + + describe('with mistral service', () => { + const mockEndpoint = { + inference_id: 'mistral-ai-1', + service: 'mistral', + service_settings: { + model: 'model-xyz', + max_input_tokens: 512, + rate_limit: { + requests_per_minute: 1000, + }, + }, + } as any; + + it('renders the component with endpoint details', () => { + render(); + + expect(screen.getByText('Mistral')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-mistral'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('model-xyz')).toBeInTheDocument(); + }); + + it('does not render model id if not provided', () => { + const modifiedEndpoint = { + ...mockEndpoint, + service_settings: {}, + }; + render(); + + const icon = screen.getByTestId('table-column-service-provider-mistral'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('Mistral')).toBeInTheDocument(); + expect(screen.queryByText('model-xyz')).not.toBeInTheDocument(); + }); + }); + + describe('with elasticsearch service', () => { + const mockEndpoint = { + inference_id: 'model-123', + service: 'elasticsearch', + service_settings: { + num_allocations: 5, + num_threads: 10, + model_id: 'settings-model-123', + }, + } as any; + + it('renders the component with endpoint model_id', () => { + render(); + + expect(screen.getByText('Elasticsearch')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-elasticsearch'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('settings-model-123')).toBeInTheDocument(); + }); + + it('renders the MIT license badge if the model is eligible', () => { + const modifiedEndpoint = { + ...mockEndpoint, + service_settings: { ...mockEndpoint.service_settings, model_id: 'model-with-mit-license' }, + }; + render(); + + const mitBadge = screen.getByTestId('mit-license-badge'); + expect(mitBadge).toBeInTheDocument(); + expect(mitBadge).toHaveAttribute('href', 'https://abc.com'); + }); + + it('does not render the MIT license badge if the model is not eligible', () => { + render(); + + expect(screen.queryByTestId('mit-license-badge')).not.toBeInTheDocument(); + }); + }); + + describe('with googleaistudio service', () => { + const mockEndpoint = { + inference_id: 'google-ai-1', + service: 'googleaistudio', + service_settings: { + model_id: 'model-abc', + rate_limit: { + requests_per_minute: 500, + }, + }, + } as any; + + it('renders the component with service and model details', () => { + render(); + + expect(screen.getByText('Google AI Studio')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-googleaistudio'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('model-abc')).toBeInTheDocument(); + }); + }); + + describe('with amazonbedrock service', () => { + const mockEndpoint = { + inference_id: 'amazon-bedrock-1', + service: 'amazonbedrock', + service_settings: { + region: 'us-west-1', + provider: 'AMAZONTITAN', + model: 'model-bedrock-xyz', + }, + } as any; + + it('renders the component with model and service details', () => { + render(); + + expect(screen.getByText('Amazon Bedrock')).toBeInTheDocument(); + const icon = screen.getByTestId('table-column-service-provider-amazonbedrock'); + expect(icon).toBeInTheDocument(); + expect(screen.getByText('model-bedrock-xyz')).toBeInTheDocument(); + }); }); }); diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.tsx index f4c3511c26ff3..b926f590335fb 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/service_provider.tsx @@ -5,8 +5,12 @@ * 2.0. */ -import { EuiIcon } from '@elastic/eui'; +import { EuiBadge, EuiFlexGroup, EuiFlexItem, EuiIcon, EuiText } from '@elastic/eui'; import React from 'react'; +import { + ELASTIC_MODEL_DEFINITIONS, + InferenceAPIConfigResponse, +} from '@kbn/ml-trained-models-utils'; import elasticIcon from '../../../../assets/images/providers/elastic.svg'; import huggingFaceIcon from '../../../../assets/images/providers/hugging_face.svg'; import cohereIcon from '../../../../assets/images/providers/cohere.svg'; @@ -17,9 +21,10 @@ import googleAIStudioIcon from '../../../../assets/images/providers/google_ai_st import mistralIcon from '../../../../assets/images/providers/mistral.svg'; import amazonBedrockIcon from '../../../../assets/images/providers/amazon_bedrock.svg'; import { ServiceProviderKeys } from '../../types'; +import * as i18n from './translations'; interface ServiceProviderProps { - providerKey: ServiceProviderKeys; + providerEndpoint: InferenceAPIConfigResponse; } interface ServiceProviderRecord { @@ -50,7 +55,7 @@ export const SERVICE_PROVIDERS: Record = ({ providerKey }) => { - const provider = SERVICE_PROVIDERS[providerKey]; +export const ServiceProvider: React.FC = ({ providerEndpoint }) => { + const { service } = providerEndpoint; + const provider = SERVICE_PROVIDERS[service]; return provider ? ( - <> - - {provider.name} - + + + + + + + + + {provider.name} + + + + + + + + ) : ( - {providerKey} + {service} + ); +}; + +const EndpointModelInfo: React.FC = ({ providerEndpoint }) => { + const serviceSettings = providerEndpoint.service_settings; + const modelId = + 'model_id' in serviceSettings + ? serviceSettings.model_id + : 'model' in serviceSettings + ? serviceSettings.model + : undefined; + + const isEligibleForMITBadge = modelId && ELASTIC_MODEL_DEFINITIONS[modelId]?.license === 'MIT'; + + return ( + + + + + {modelId && ( + + {modelId} + + )} + + + {isEligibleForMITBadge ? ( + + {i18n.MIT_LICENSE} + + ) : null}{' '} + + + + {endpointModelAtrributes(providerEndpoint)} + ); }; + +function endpointModelAtrributes(endpoint: InferenceAPIConfigResponse) { + switch (endpoint.service) { + case ServiceProviderKeys.hugging_face: + return huggingFaceAttributes(endpoint); + case ServiceProviderKeys.azureaistudio: + return azureOpenAIStudioAttributes(endpoint); + case ServiceProviderKeys.azureopenai: + return azureOpenAIAttributes(endpoint); + default: + return null; + } +} + +function huggingFaceAttributes(endpoint: InferenceAPIConfigResponse) { + const serviceSettings = endpoint.service_settings; + const url = 'url' in serviceSettings ? serviceSettings.url : null; + + return url; +} + +function azureOpenAIStudioAttributes(endpoint: InferenceAPIConfigResponse) { + const serviceSettings = endpoint.service_settings; + return 'provider' in serviceSettings ? serviceSettings?.provider : undefined; +} + +function azureOpenAIAttributes(endpoint: InferenceAPIConfigResponse) { + const serviceSettings = endpoint.service_settings; + + return 'resource_name' in serviceSettings ? serviceSettings.resource_name : undefined; +} diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/translations.ts b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/translations.ts similarity index 50% rename from x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/translations.ts rename to x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/translations.ts index d3e002505e64a..4ccb08108d6a3 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_endpoint/translations.ts +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/render_table_columns/render_service_provider/translations.ts @@ -7,18 +7,6 @@ import { i18n } from '@kbn/i18n'; -export const THREADS = (numThreads: number) => - i18n.translate('xpack.searchInferenceEndpoints.elasticsearch.threads', { - defaultMessage: 'Threads: {numThreads}', - values: { numThreads }, - }); - -export const ALLOCATIONS = (numAllocations: number) => - i18n.translate('xpack.searchInferenceEndpoints.elasticsearch.allocations', { - defaultMessage: 'Allocations: {numAllocations}', - values: { numAllocations }, - }); - export const MIT_LICENSE = i18n.translate( 'xpack.searchInferenceEndpoints.elasticsearch.mitLicense', { diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.test.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.test.tsx index 68041996b8808..cb23ba650e5fa 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.test.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.test.tsx @@ -10,8 +10,6 @@ import { screen } from '@testing-library/react'; import { render } from '@testing-library/react'; import { TabularPage } from './tabular_page'; import { InferenceAPIConfigResponse } from '@kbn/ml-trained-models-utils'; -import { TRAINED_MODEL_STATS_QUERY_KEY } from '../../../common/constants'; -import { QueryClient, QueryClientProvider } from '@tanstack/react-query'; const inferenceEndpoints = [ { @@ -56,39 +54,26 @@ jest.mock('../../hooks/use_delete_endpoint', () => ({ })); describe('When the tabular page is loaded', () => { - beforeEach(() => { - const queryClient = new QueryClient(); - queryClient.setQueryData([TRAINED_MODEL_STATS_QUERY_KEY], { - trained_model_stats: [ - { - model_id: '.elser_model_2', - deployment_stats: { deployment_id: 'my-elser-model-05', state: 'started' }, - }, - { - model_id: '.own_model', - deployment_stats: { deployment_id: 'local-model', state: 'started' }, - }, - ], - }); - const wrapper = ({ children }: { children: React.ReactNode }) => { - return {children}; - }; - render(wrapper({ children: })); - }); + it('should display all inference ids in the table', () => { + render(); - it('should display all model_ids in the table', () => { const rows = screen.getAllByRole('row'); expect(rows[1]).toHaveTextContent('local-model'); expect(rows[2]).toHaveTextContent('my-elser-model-05'); expect(rows[3]).toHaveTextContent('third-party-model'); }); - it('should render deployment status for inference endpoints with local trained models', () => { - const deploymentStatusStarted = screen.getAllByTestId('table-column-deployment-started'); - expect(deploymentStatusStarted).toHaveLength(2); - }); - it('should not render deployment status for third-party endpoints', () => { - expect(screen.queryByTestId('table-column-deployment-undefined')).not.toBeInTheDocument(); - expect(screen.queryByTestId('table-column-deployment-starting')).not.toBeInTheDocument(); - expect(screen.queryByTestId('table-column-deployment-stopping')).not.toBeInTheDocument(); + + it('should display all service and model ids in the table', () => { + render(); + + const rows = screen.getAllByRole('row'); + expect(rows[1]).toHaveTextContent('Elasticsearch'); + expect(rows[1]).toHaveTextContent('.own_model'); + + expect(rows[2]).toHaveTextContent('Elasticsearch'); + expect(rows[2]).toHaveTextContent('.elser_model_2'); + + expect(rows[3]).toHaveTextContent('OpenAI'); + expect(rows[3]).toHaveTextContent('.own_model'); }); }); diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.tsx b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.tsx index 391eae63c1a29..373cfb676c36e 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/tabular_page.tsx @@ -7,26 +7,18 @@ import React, { useCallback } from 'react'; -import { - EuiBasicTable, - EuiBasicTableColumn, - EuiFlexGroup, - EuiFlexItem, - HorizontalAlignment, -} from '@elastic/eui'; +import { EuiBasicTable, EuiBasicTableColumn, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; import { InferenceAPIConfigResponse } from '@kbn/ml-trained-models-utils'; -import { isLocalModel } from '@kbn/ml-trained-models-utils/src/constants/trained_models'; import { TaskTypes } from '../../../common/types'; import * as i18n from '../../../common/translations'; import { useTableData } from '../../hooks/use_table_data'; -import { FilterOptions, InferenceEndpointUI, ServiceProviderKeys } from './types'; +import { FilterOptions, InferenceEndpointUI } from './types'; import { useAllInferenceEndpointsState } from '../../hooks/use_all_inference_endpoints_state'; import { ServiceProviderFilter } from './filter/service_provider_filter'; import { TaskTypeFilter } from './filter/task_type_filter'; import { TableSearch } from './search/table_search'; -import { DeploymentStatus } from './render_table_columns/render_deployment_status/deployment_status'; import { EndpointInfo } from './render_table_columns/render_endpoint/endpoint_info'; import { ServiceProvider } from './render_table_columns/render_service_provider/service_provider'; import { TaskType } from './render_table_columns/render_task_type/task_type'; @@ -57,38 +49,32 @@ export const TabularPage: React.FC = ({ inferenceEndpoints }) ); const tableColumns: Array> = [ - { - name: '', - render: ({ endpoint, deployment }: InferenceEndpointUI) => - isLocalModel(endpoint) ? : null, - align: 'center' as HorizontalAlignment, - width: '64px', - }, { field: 'endpoint', name: i18n.ENDPOINT, - render: (endpoint: InferenceAPIConfigResponse) => { + render: (endpoint: string) => { if (endpoint) { - return ; + return ; } return null; }, sortable: true, truncateText: true, + width: '400px', }, { field: 'provider', name: i18n.SERVICE_PROVIDER, - render: (provider: ServiceProviderKeys) => { + render: (provider: InferenceAPIConfigResponse) => { if (provider) { - return ; + return ; } return null; }, sortable: false, - width: '185px', + width: '592px', }, { field: 'type', @@ -107,7 +93,7 @@ export const TabularPage: React.FC = ({ inferenceEndpoints }) actions: [ { render: (inferenceEndpoint: InferenceEndpointUI) => ( - + ), }, { diff --git a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/types.ts b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/types.ts index d7b1ca58424dd..0a5da7288607d 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/types.ts +++ b/x-pack/plugins/search_inference_endpoints/public/components/all_inference_endpoints/types.ts @@ -5,9 +5,9 @@ * 2.0. */ -import { DeploymentState, InferenceAPIConfigResponse } from '@kbn/ml-trained-models-utils'; +import { InferenceAPIConfigResponse } from '@kbn/ml-trained-models-utils'; import { TaskTypes } from '../../types'; -export const INFERENCE_ENDPOINTS_TABLE_PER_PAGE_VALUES = [10, 25, 50, 100]; +export const INFERENCE_ENDPOINTS_TABLE_PER_PAGE_VALUES = [25, 50, 100]; export enum ServiceProviderKeys { amazonbedrock = 'amazonbedrock', @@ -56,8 +56,7 @@ export interface EuiBasicTableSortTypes { } export interface InferenceEndpointUI { - deployment: DeploymentState | undefined; - endpoint: InferenceAPIConfigResponse; - provider: string; + endpoint: string; + provider: InferenceAPIConfigResponse; type: string; } diff --git a/x-pack/plugins/search_inference_endpoints/public/components/inference_endpoints_header.tsx b/x-pack/plugins/search_inference_endpoints/public/components/inference_endpoints_header.tsx index 014a596ec9e79..f12ef3e9fe8cd 100644 --- a/x-pack/plugins/search_inference_endpoints/public/components/inference_endpoints_header.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/components/inference_endpoints_header.tsx @@ -5,7 +5,7 @@ * 2.0. */ -import { EuiPageTemplate, EuiLink, EuiText, EuiSpacer } from '@elastic/eui'; +import { EuiPageTemplate, EuiLink } from '@elastic/eui'; import React from 'react'; import * as i18n from '../../common/translations'; import { docLinks } from '../../common/doc_links'; @@ -18,21 +18,16 @@ export const InferenceEndpointsHeader: React.FC = () => { - {i18n.MANAGE_INFERENCE_ENDPOINTS_LABEL} - - - {i18n.LEARN_HOW_TO_CREATE_INFERENCE_ENDPOINTS_LINK} - - - } + description={i18n.MANAGE_INFERENCE_ENDPOINTS_LABEL} bottomBorder={true} rightSideItems={[ + + {i18n.API_DOCUMENTATION_LINK} + , {i18n.VIEW_YOUR_MODELS_LINK} , diff --git a/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.test.tsx b/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.test.tsx index b3b23b4e88f58..b16fb5f7675cb 100644 --- a/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.test.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.test.tsx @@ -118,9 +118,7 @@ describe('useTableData', () => { b.inference_id.localeCompare(a.inference_id) ); - const sortedEndpoints = result.current.sortedTableData.map( - (item) => item.endpoint.inference_id - ); + const sortedEndpoints = result.current.sortedTableData.map((item) => item.endpoint); const expectedModelIds = expectedSortedData.map((item) => item.inference_id); expect(sortedEndpoints).toEqual(expectedModelIds); @@ -153,19 +151,6 @@ describe('useTableData', () => { { wrapper } ); const filteredData = result.current.sortedTableData; - expect( - filteredData.every((item) => item.endpoint.inference_id.includes(searchKey)) - ).toBeTruthy(); - }); - - it('should update deployment status based on deploymentStatus object', () => { - const { result } = renderHook( - () => useTableData(inferenceEndpoints, queryParams, filterOptions, searchKey), - { wrapper } - ); - - const updatedData = result.current.sortedTableData; - - expect(updatedData[2].deployment).toEqual('started'); + expect(filteredData.every((item) => item.endpoint.includes(searchKey))).toBeTruthy(); }); }); diff --git a/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.tsx b/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.tsx index 811a84e7e46f8..775bea270559d 100644 --- a/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.tsx +++ b/x-pack/plugins/search_inference_endpoints/public/hooks/use_table_data.tsx @@ -7,7 +7,7 @@ import type { EuiTableSortingType } from '@elastic/eui'; import { Pagination } from '@elastic/eui'; -import { DeploymentState, InferenceAPIConfigResponse } from '@kbn/ml-trained-models-utils'; +import { InferenceAPIConfigResponse } from '@kbn/ml-trained-models-utils'; import { useMemo } from 'react'; import { TaskTypes } from '../../common/types'; import { DEFAULT_TABLE_LIMIT } from '../components/all_inference_endpoints/constants'; @@ -19,7 +19,6 @@ import { SortOrder, ServiceProviderKeys, } from '../components/all_inference_endpoints/types'; -import { useTrainedModelStats } from './use_trained_model_stats'; interface UseTableDataReturn { tableData: InferenceEndpointUI[]; @@ -35,15 +34,6 @@ export const useTableData = ( filterOptions: FilterOptions, searchKey: string ): UseTableDataReturn => { - const { data: trainedModelStats } = useTrainedModelStats(); - - const deploymentStatus = trainedModelStats?.trained_model_stats.reduce((acc, modelStat) => { - if (modelStat.deployment_stats?.deployment_id) { - acc[modelStat.deployment_stats.deployment_id] = modelStat?.deployment_stats?.state; - } - return acc; - }, {} as Record); - const tableData: InferenceEndpointUI[] = useMemo(() => { let filteredEndpoints = inferenceEndpoints; @@ -61,21 +51,12 @@ export const useTableData = ( return filteredEndpoints .filter((endpoint) => endpoint.inference_id.includes(searchKey)) - .map((endpoint) => { - const isElasticService = - endpoint.service === ServiceProviderKeys.elasticsearch || - endpoint.service === ServiceProviderKeys.elser; - const deploymentId = isElasticService ? endpoint.inference_id : undefined; - const deployment = (deploymentId && deploymentStatus?.[deploymentId]) || undefined; - - return { - deployment, - endpoint, - provider: endpoint.service, - type: endpoint.task_type, - }; - }); - }, [inferenceEndpoints, searchKey, filterOptions, deploymentStatus]); + .map((endpoint) => ({ + endpoint: endpoint.inference_id, + provider: endpoint, + type: endpoint.task_type, + })); + }, [inferenceEndpoints, searchKey, filterOptions]); const sortedTableData: InferenceEndpointUI[] = useMemo(() => { return [...tableData].sort((a, b) => { @@ -83,9 +64,9 @@ export const useTableData = ( const bValue = b[queryParams.sortField]; if (queryParams.sortOrder === SortOrder.asc) { - return aValue.inference_id.localeCompare(bValue.inference_id); + return aValue.localeCompare(bValue); } else { - return bValue.inference_id.localeCompare(aValue.inference_id); + return bValue.localeCompare(aValue); } }); }, [tableData, queryParams]); diff --git a/x-pack/plugins/translations/translations/fr-FR.json b/x-pack/plugins/translations/translations/fr-FR.json index f291729bd6fad..14a0e5ee4deb9 100644 --- a/x-pack/plugins/translations/translations/fr-FR.json +++ b/x-pack/plugins/translations/translations/fr-FR.json @@ -34242,10 +34242,6 @@ "xpack.searchInferenceEndpoints.confirmDeleteEndpoint.title": "Supprimer le point de terminaison d'inférence", "xpack.searchInferenceEndpoints.deleteEndpoint.deleteSuccess": "Le point de terminaison d’inférence a été supprimé avec succès.", "xpack.searchInferenceEndpoints.deleteEndpoint.endpointDeletionFailed": "Échec de la suppression du point de terminaison", - "xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelDeployed": "Le modèle est déployé", - "xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelNotDeployed": "Le modèle n’est pas déployé", - "xpack.searchInferenceEndpoints.elasticsearch.allocations": "Allocations : {numAllocations}", - "xpack.searchInferenceEndpoints.elasticsearch.threads": "Threads : {numThreads}", "xpack.searchInferenceEndpoints.endpoint": "Point de terminaison", "xpack.searchInferenceEndpoints.filter.emptyMessage": "Aucune option", "xpack.searchInferenceEndpoints.filter.options": "{totalCount, plural, one {# option} other {# options}}", diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 786967f137bfe..70b8182fa399f 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -34226,10 +34226,6 @@ "xpack.searchInferenceEndpoints.confirmDeleteEndpoint.title": "推論エンドポイントを削除", "xpack.searchInferenceEndpoints.deleteEndpoint.deleteSuccess": "推論エンドポイントは正常に削除されました。", "xpack.searchInferenceEndpoints.deleteEndpoint.endpointDeletionFailed": "エンドポイントの削除が失敗しました", - "xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelDeployed": "モデルはデプロイされます", - "xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelNotDeployed": "モデルはデプロイされません", - "xpack.searchInferenceEndpoints.elasticsearch.allocations": "割り当て:{numAllocations}", - "xpack.searchInferenceEndpoints.elasticsearch.threads": "スレッド:{numThreads}", "xpack.searchInferenceEndpoints.endpoint": "エンドポイント", "xpack.searchInferenceEndpoints.filter.emptyMessage": "オプションなし", "xpack.searchInferenceEndpoints.filter.options": "{totalCount, plural, other {# オプション}}", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 22146249393c6..685bcc814a11d 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -34267,10 +34267,6 @@ "xpack.searchInferenceEndpoints.confirmDeleteEndpoint.title": "删除推理终端", "xpack.searchInferenceEndpoints.deleteEndpoint.deleteSuccess": "推理终端已成功删除。", "xpack.searchInferenceEndpoints.deleteEndpoint.endpointDeletionFailed": "终端删除失败", - "xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelDeployed": "已部署模型", - "xpack.searchInferenceEndpoints.deploymentStatus.tooltip.modelNotDeployed": "未部署模型", - "xpack.searchInferenceEndpoints.elasticsearch.allocations": "分配:{numAllocations}", - "xpack.searchInferenceEndpoints.elasticsearch.threads": "线程:{numThreads}", "xpack.searchInferenceEndpoints.endpoint": "终端", "xpack.searchInferenceEndpoints.filter.emptyMessage": "无选项", "xpack.searchInferenceEndpoints.filter.options": "{totalCount, plural, other {# 个选项}}", From 4a53ce9e5c4f81a4d94b06938582720a0f0f0d6a Mon Sep 17 00:00:00 2001 From: Brad White Date: Thu, 19 Sep 2024 16:07:18 -0600 Subject: [PATCH 20/74] Fix dev container repo path, add limitations docs (#193488) ## Summary - Fixes an issue where the container would not be setup or start properly if the repo wasn't name `kibana` - Adds limitations section to docs --- .devcontainer/Dockerfile | 2 +- .devcontainer/devcontainer.json | 5 ++++- dev_docs/getting_started/setting_up_a_development_env.mdx | 8 +++++++- 3 files changed, 12 insertions(+), 3 deletions(-) diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index 142e5ce933777..5f925468ac716 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -4,7 +4,6 @@ ENV LANG=en_US.UTF-8 LANGUAGE=en_US:en LC_ALL=en_US.UTF-8 ENV HOME=/home/vscode ENV NVM_DIR=${HOME}/nvm ENV NVM_VERSION=v0.39.1 -ENV KBN_DIR=/workspaces/kibana ENV OPENSSL_PATH=${HOME}/openssl # Only specific versions are FIPS certified. ENV OPENSSL_VERSION='3.0.8' @@ -50,6 +49,7 @@ WORKDIR ${KBN_DIR} # Node and NVM setup COPY .node-version /tmp/ +# Mac will have permissions issues if Node and NVM are installed as root USER vscode RUN mkdir -p $NVM_DIR && \ diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index f5fea9e37c5d3..932c16ddb293d 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -23,8 +23,11 @@ 9230, 9231 ], - "postStartCommand": "/workspaces/kibana/.devcontainer/scripts/post_start.sh", + "postStartCommand": "${containerWorkspaceFolder}/.devcontainer/scripts/post_start.sh", "remoteUser": "vscode", + "containerEnv": { + "KBN_DIR": "${containerWorkspaceFolder}" + }, "features": { "ghcr.io/devcontainers/features/docker-in-docker:2": { "version": "latest", diff --git a/dev_docs/getting_started/setting_up_a_development_env.mdx b/dev_docs/getting_started/setting_up_a_development_env.mdx index b69987a09da50..8a7980e9f45e0 100644 --- a/dev_docs/getting_started/setting_up_a_development_env.mdx +++ b/dev_docs/getting_started/setting_up_a_development_env.mdx @@ -109,6 +109,7 @@ Kibana also supports using a [dev container](https://containers.dev/) which can 1. You should see the Kibana repo and your terminal will be inside the container. You can develop as normal now, including running `yarn es` from inside the container. ### Customizing the Dev Container + Installing any extra extensions or making adjustments to the OS environment inside the container will not have an effect on your local OS or VS Code installation. Editing the `devcontainer.json` or `.devcontainer/Dockerfile` should be reserved for changes to all dev environments. ### FIPS Mode @@ -116,4 +117,9 @@ Installing any extra extensions or making adjustments to the OS environment insi The dev container is pre-configured to run Kibana in FIPS mode if needed. Simply change the `.env` file to `FIPS=1` and reopen your terminal. There should be a log message in your terminal which indicates `FIPS mode enabled`. ### Troubleshooting -- Sometimes when rebuilding the container, there will be an error message that it failed. Usually hitting retry will fix this, and is only related to VS Code trying to reconnect to the container too quickly. \ No newline at end of file + +- Sometimes when rebuilding the container, there will be an error message that it failed. Usually hitting retry will fix this, and is only related to VS Code trying to reconnect to the container too quickly. + +### Limitations + +- Git worktrees are not supported when using the repo from the Local Filesystem. [VSCode issue](https://github.com/microsoft/vscode/issues/68038) for tracking, and a possible workaround though it is untested. \ No newline at end of file From a84a045e353c8bb2b3780065adbccc2b66b15d46 Mon Sep 17 00:00:00 2001 From: Andrew Macri Date: Thu, 19 Sep 2024 18:37:50 -0400 Subject: [PATCH 21/74] [Security Solution] [Attack discovery] Fixes a display issue when an entity is repeated (#193428) ## [Security Solution] [Attack discovery] Fixes a display issue when an entity is repeated ### Summary This PR fixes a display issue in Attack discovery where entities repeated in a description were displayed with a UUID instead of the value, as illustrated by the _Before_ and _After_ screenshots below: **Before** ![before](https://github.com/user-attachments/assets/9197c9b0-27d2-4f46-a967-35bb8ca254d0) **After** ![after](https://github.com/user-attachments/assets/2d7c16bd-972c-45cc-a22f-abe7c8c6c019) --- .../tabs/attack_discovery_tab/index.test.tsx | 37 +++++++++++++++++++ .../tabs/attack_discovery_tab/index.tsx | 18 +++++---- 2 files changed, 47 insertions(+), 8 deletions(-) diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx index 3c05a10a6eb06..74751d4efaf30 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.test.tsx @@ -18,6 +18,8 @@ describe('AttackDiscoveryTab', () => { const mockReplacements: Replacements = { '5e454c38-439c-4096-8478-0a55511c76e3': 'foo.hostname', '3bdc7952-a334-4d95-8092-cd176546e18a': 'bar.username', + 'c5ba13c4-2391-4045-962e-ec965fc1eb06': 'SRVWIN07', + '2da30969-4127-4ddb-ba0c-2d8ac44d15d7': 'Administrator', }; describe('when showAnonymized is false', () => { @@ -136,4 +138,39 @@ describe('AttackDiscoveryTab', () => { expect(investigateInTimelineButton).toBeInTheDocument(); }); }); + + describe('when multiple substitutions for the same replacement are required', () => { + it('replaces all occurrences', () => { + const detailsMarkdownRequiresMultipleSubstitutions = + '## Microsoft Office spawned PowerShell obfuscation on host {{ host.name c5ba13c4-2391-4045-962e-ec965fc1eb06 }} by user {{ user.name 2da30969-4127-4ddb-ba0c-2d8ac44d15d7 }}\n* **Tactic:** Initial Access, Execution\n* **Technique:** Phishing, Command and Scripting Interpreter\n* **Subtechnique:** Spearphishing Attachment, PowerShell\n\nThe user {{ user.name 2da30969-4127-4ddb-ba0c-2d8ac44d15d7 }} opened a malicious Microsoft Word document ({{ process.parent.executable C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE }}) that dropped and executed a VBScript file ({{ process.parent.args wscript C:\\ProgramData\\WindowsAppPool\\AppPool.vbs }}). This VBScript file then created a scheduled task ({{ process.command_line \\"C:\\Windows\\System32\\cmd.exe\\" /C schtasks /create /F /sc minute /mo 1 /tn \\"\\WindowsAppPool\\AppPool\\" /tr \\"wscript /b \\"C:\\ProgramData\\WindowsAppPool\\AppPool.vbs\\"\\" }}) to execute the VBScript every minute. The VBScript then spawned an obfuscated PowerShell process ({{ process.command_line \\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\\" -exec bypass -file C:\\ProgramData\\WindowsAppPool\\AppPool.ps1 }}). This sequence of events suggests an attempt to gain initial access to the host and establish persistence through scheduled tasks and obfuscated PowerShell scripts.'; + + const expected = `Microsoft Office spawned PowerShell obfuscation on host SRVWIN07 by user Administrator + +Tactic: Initial Access, Execution +Technique: Phishing, Command and Scripting Interpreter +Subtechnique: Spearphishing Attachment, PowerShell + +The user Administrator opened a malicious Microsoft Word document (C:\\Program Files\\Microsoft Office\\root\\Office16\\WINWORD.EXE) that dropped and executed a VBScript file (wscript C:\\ProgramData\\WindowsAppPool\\AppPool.vbs). This VBScript file then created a scheduled task (\\"C:\\Windows\\System32\\cmd.exe\\" /C schtasks /create /F /sc minute /mo 1 /tn \\"\\WindowsAppPool\\AppPool\\" /tr \\"wscript /b \\"C:\\ProgramData\\WindowsAppPool\\AppPool.vbs\\"\\") to execute the VBScript every minute. The VBScript then spawned an obfuscated PowerShell process (\\"C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe\\" -exec bypass -file C:\\ProgramData\\WindowsAppPool\\AppPool.ps1 ). This sequence of events suggests an attempt to gain initial access to the host and establish persistence through scheduled tasks and obfuscated PowerShell scripts.`; + + const mockAttackDiscoveryWithMultipleSubstitutions = { + ...mockAttackDiscovery, + detailsMarkdown: detailsMarkdownRequiresMultipleSubstitutions, + }; + + render( + + + + ); + + const markdownFormatters = screen.getAllByTestId('attackDiscoveryMarkdownFormatter'); + const detailsMarkdown = markdownFormatters[1]; + + expect(detailsMarkdown.textContent).toEqual(expected); + }); + }); }); diff --git a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx index a850ed1a5d41b..5958e4a3c4446 100644 --- a/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx +++ b/x-pack/plugins/security_solution/public/attack_discovery/attack_discovery_panel/tabs/attack_discovery_tab/index.tsx @@ -34,19 +34,21 @@ const AttackDiscoveryTabComponent: React.FC = ({ const summaryMarkdownWithReplacements = useMemo( () => - Object.entries(replacements ?? {}).reduce( - (acc, [key, value]) => acc.replace(key, value), - summaryMarkdown - ), + Object.entries(replacements ?? {}).reduce((acc, [key, value]) => { + const regex = new RegExp(key, 'g'); + + return acc.replace(regex, value); + }, summaryMarkdown), [replacements, summaryMarkdown] ); const detailsMarkdownWithReplacements = useMemo( () => - Object.entries(replacements ?? {}).reduce( - (acc, [key, value]) => acc.replace(key, value), - detailsMarkdown - ), + Object.entries(replacements ?? {}).reduce((acc, [key, value]) => { + const regex = new RegExp(key, 'g'); + + return acc.replace(regex, value); + }, detailsMarkdown), [detailsMarkdown, replacements] ); From d9148f1d83e31f9f6a226c0c867e39d4aeb8d48f Mon Sep 17 00:00:00 2001 From: Dzmitry Lemechko Date: Fri, 20 Sep 2024 01:10:18 +0200 Subject: [PATCH 22/74] [FTR] allow to call roleScopedSupertest service with Cookie header (#192727) ## Summary During the sync with kibana-security team we agreed on how Kibana APIs should be tested: ### API Authentication in Kibana: Public vs. Internal APIs Kibana provides both public and internal APIs, each requiring authentication with the correct privileges. However, the method of testing these APIs varies, depending on how they are untilized by end users. - **Public APIs**: When testing HTTP requests to public APIs, **API key-based authentication** should be used. It reflect how end user call these APIs. Due to existing restrictions, we utilize `Admin` user credentials to generate API keys for various roles. While the API key permissions are correctly scoped according to the assigned role, the user will internally be recognized as `Admin` during authentication. - **Internal APIs**: Direct HTTP requests to internal APIs are generally not expected. However, for testing purposes, authentication should be performed **using the Cookie header**. This approach simulates client-side behavior during browser interactions, mirroring how internal APIs are indirectly invoked. To simplify the process of creating/updating the tests, this PR makes few changes to `roleScopedSupertest` service 1) testing public APIs (nothing changed) ```ts const supertestAdminWithApiKey = await roleScopedSupertest.getSupertestWithRoleScope('admin', { withCustomHeaders: { 'accept-encoding': 'gzip' }, }); const response = await supertestAdminWithApiKey.get('/app/kibana'); ``` 2) testing internal APIs ```ts const supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( 'admin', { useCookieHeader: true, // will use Cookie header instead of API key withInternalHeaders: true, } ); await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${TEST_SETTING}`) .send({ value: 100 }) .expect(200); ``` I updated some of the existing tests according to the new approach. Docs for serverless and deployment-agnostic api integration tests were updated accordingly --- .../index.ts | 6 +- .../services/saml_auth/index.ts | 2 +- .../services/saml_auth/saml_auth_provider.ts | 19 +++- .../apis/cloud_security_posture/helper.ts | 7 +- .../deployment_agnostic/README.md | 14 +++ .../services/role_scoped_supertest.ts | 50 ++++++--- x-pack/test_serverless/README.md | 54 ++++++++-- .../test_suites/common/core/ui_settings.ts | 76 +++++-------- .../create_enrich_policies.ts | 34 +++--- .../common/index_management/indices.ts | 36 +++---- .../common/kql_telemetry/kql_telemetry.ts | 87 ++++----------- .../management/multiple_spaces_enabled.ts | 56 ++++++---- .../test_suites/common/management/spaces.ts | 93 +++++++--------- .../common/platform_security/anonymous.ts | 37 +++---- .../common/platform_security/api_keys.ts | 78 ++++++-------- .../common/platform_security/authorization.ts | 87 ++++++--------- .../common/platform_security/feature_check.ts | 26 ++--- .../common/platform_security/misc.ts | 51 +++++---- .../platform_security/response_headers.ts | 26 ++--- .../common/platform_security/role_mappings.ts | 47 ++++---- .../roles_routes_feature_flag.ts | 45 ++++---- .../common/platform_security/sessions.ts | 50 +++++---- .../common/platform_security/user_profiles.ts | 32 +++--- .../common/platform_security/users.ts | 99 ++++++++--------- .../common/platform_security/views.ts | 102 +++++++----------- .../common/scripts_tests/languages.ts | 33 +++--- .../test_suites/common/search_oss/bsearch.ts | 86 ++++++--------- .../test_suites/common/search_oss/search.ts | 75 ++++--------- .../common/telemetry/telemetry_config.ts | 65 +++++------ .../platform_security/authorization.ts | 2 +- .../synthetics/synthetics_enablement.ts | 4 +- .../search/platform_security/authorization.ts | 2 +- .../search/search_indices/indices.ts | 41 ++++--- .../search/search_indices/status.ts | 39 +++---- .../search/serverless_search/api_key.ts | 45 ++++---- .../search/serverless_search/connectors.ts | 24 ++--- .../search/serverless_search/indices.ts | 32 +++--- .../cloud_security_posture/telemetry.ts | 77 ++++++------- .../platform_security/authorization.ts | 2 +- 39 files changed, 802 insertions(+), 939 deletions(-) diff --git a/packages/kbn-ftr-common-functional-services/index.ts b/packages/kbn-ftr-common-functional-services/index.ts index 506566216c721..769c1ecb66e07 100644 --- a/packages/kbn-ftr-common-functional-services/index.ts +++ b/packages/kbn-ftr-common-functional-services/index.ts @@ -26,7 +26,11 @@ export type Es = ProvidedType; import { SupertestWithoutAuthProvider } from './services/supertest_without_auth'; export type SupertestWithoutAuthProviderType = ProvidedType; -export type { InternalRequestHeader, RoleCredentials } from './services/saml_auth'; +export type { + InternalRequestHeader, + RoleCredentials, + CookieCredentials, +} from './services/saml_auth'; import { SamlAuthProvider } from './services/saml_auth/saml_auth_provider'; export type SamlAuthProviderType = ProvidedType; diff --git a/packages/kbn-ftr-common-functional-services/services/saml_auth/index.ts b/packages/kbn-ftr-common-functional-services/services/saml_auth/index.ts index d8227b797e249..f379a3dc761ed 100644 --- a/packages/kbn-ftr-common-functional-services/services/saml_auth/index.ts +++ b/packages/kbn-ftr-common-functional-services/services/saml_auth/index.ts @@ -8,5 +8,5 @@ */ export { SamlAuthProvider } from './saml_auth_provider'; -export type { RoleCredentials } from './saml_auth_provider'; +export type { RoleCredentials, CookieCredentials } from './saml_auth_provider'; export type { InternalRequestHeader } from './default_request_headers'; diff --git a/packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts b/packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts index 9a8db82609233..67d77583af713 100644 --- a/packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts +++ b/packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts @@ -18,7 +18,13 @@ import { InternalRequestHeader } from './default_request_headers'; export interface RoleCredentials { apiKey: { id: string; name: string }; apiKeyHeader: { Authorization: string }; - cookieHeader: { Cookie: string }; +} + +export interface CookieCredentials { + Cookie: string; + // supertest.set() expects an object that matches IncomingHttpHeaders type, that needs to accept arbitrary key-value pairs as headers + // We extend the interface with an index signature to resolve this. + [header: string]: string; } export function SamlAuthProvider({ getService }: FtrProviderContext) { @@ -60,7 +66,7 @@ export function SamlAuthProvider({ getService }: FtrProviderContext) { async getInteractiveUserSessionCookieWithRoleScope(role: string) { return sessionManager.getInteractiveUserSessionCookieWithRoleScope(role); }, - async getM2MApiCredentialsWithRoleScope(role: string) { + async getM2MApiCookieCredentialsWithRoleScope(role: string): Promise { return sessionManager.getApiCredentialsForRole(role); }, async getEmail(role: string) { @@ -76,7 +82,7 @@ export function SamlAuthProvider({ getService }: FtrProviderContext) { }, async createM2mApiKeyWithRoleScope(role: string): Promise { // Get admin credentials in order to create the API key - const adminCookieHeader = await this.getM2MApiCredentialsWithRoleScope('admin'); + const adminCookieHeader = await this.getM2MApiCookieCredentialsWithRoleScope('admin'); // Get the role descrtiptor for the role let roleDescriptors = {}; @@ -110,9 +116,12 @@ export function SamlAuthProvider({ getService }: FtrProviderContext) { const apiKeyHeader = { Authorization: 'ApiKey ' + apiKey.encoded }; log.debug(`Created api key for role: [${role}]`); - return { apiKey, apiKeyHeader, cookieHeader: adminCookieHeader }; + return { apiKey, apiKeyHeader }; }, async invalidateM2mApiKeyWithRoleScope(roleCredentials: RoleCredentials) { + // Get admin credentials in order to invalidate the API key + const adminCookieHeader = await this.getM2MApiCookieCredentialsWithRoleScope('admin'); + const requestBody = { apiKeys: [ { @@ -126,7 +135,7 @@ export function SamlAuthProvider({ getService }: FtrProviderContext) { const { status } = await supertestWithoutAuth .post('/internal/security/api_key/invalidate') .set(INTERNAL_REQUEST_HEADERS) - .set(roleCredentials.cookieHeader) + .set(adminCookieHeader) .send(requestBody); expect(status).to.be(200); diff --git a/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts b/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts index 7c21e6df09f8c..9ab91cf0d60c0 100644 --- a/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts +++ b/x-pack/test/api_integration/apis/cloud_security_posture/helper.ts @@ -12,12 +12,7 @@ import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import type { IndexDetails } from '@kbn/cloud-security-posture-common'; import { CLOUD_SECURITY_PLUGIN_VERSION } from '@kbn/cloud-security-posture-plugin/common/constants'; import { SecurityService } from '@kbn/ftr-common-functional-ui-services'; - -export interface RoleCredentials { - apiKey: { id: string; name: string }; - apiKeyHeader: { Authorization: string }; - cookieHeader: { Cookie: string }; -} +import { RoleCredentials } from '@kbn/ftr-common-functional-services'; export const deleteIndex = async (es: Client, indexToBeDeleted: string[]) => { return Promise.all([ diff --git a/x-pack/test/api_integration/deployment_agnostic/README.md b/x-pack/test/api_integration/deployment_agnostic/README.md index 101aee4d2f2d3..b029d0d167002 100644 --- a/x-pack/test/api_integration/deployment_agnostic/README.md +++ b/x-pack/test/api_integration/deployment_agnostic/README.md @@ -97,6 +97,20 @@ export type DeploymentAgnosticFtrProviderContext = GenericFtrProviderContext)` authenticate requests with API key by default +- pass `withCookieHeader: true` to use Cookie header for requests authentication +- don't forget to invalidate API key using `destroy()` on supertest scoped instance in `after` hook + Add test files to `x-pack/test//deployment_agnostic/apis/`: test example diff --git a/x-pack/test/api_integration/deployment_agnostic/services/role_scoped_supertest.ts b/x-pack/test/api_integration/deployment_agnostic/services/role_scoped_supertest.ts index 2661fc7682ad3..41853cadbe86c 100644 --- a/x-pack/test/api_integration/deployment_agnostic/services/role_scoped_supertest.ts +++ b/x-pack/test/api_integration/deployment_agnostic/services/role_scoped_supertest.ts @@ -7,6 +7,7 @@ import { RoleCredentials, + CookieCredentials, SupertestWithoutAuthProviderType, SamlAuthProviderType, } from '@kbn/ftr-common-functional-services'; @@ -14,44 +15,58 @@ import { Test } from 'supertest'; import { DeploymentAgnosticFtrProviderContext } from '../ftr_provider_context'; export interface RequestHeadersOptions { + useCookieHeader?: boolean; withInternalHeaders?: boolean; withCommonHeaders?: boolean; withCustomHeaders?: Record; } export class SupertestWithRoleScope { - private roleAuthc: RoleCredentials | null; + private authValue: RoleCredentials | CookieCredentials | null; private readonly supertestWithoutAuth: SupertestWithoutAuthProviderType; private samlAuth: SamlAuthProviderType; private readonly options: RequestHeadersOptions; constructor( - roleAuthc: RoleCredentials, + authValue: RoleCredentials | CookieCredentials | null, supertestWithoutAuth: SupertestWithoutAuthProviderType, samlAuth: SamlAuthProviderType, options: RequestHeadersOptions ) { - this.roleAuthc = roleAuthc; + this.authValue = authValue; this.supertestWithoutAuth = supertestWithoutAuth; this.samlAuth = samlAuth; this.options = options; } + private isRoleCredentials(value: any): value is RoleCredentials { + return value && typeof value === 'object' && 'apiKey' in value && 'apiKeyHeader' in value; + } + async destroy() { - if (this.roleAuthc) { - await this.samlAuth.invalidateM2mApiKeyWithRoleScope(this.roleAuthc); - this.roleAuthc = null; + if (this.isRoleCredentials(this.authValue)) { + await this.samlAuth.invalidateM2mApiKeyWithRoleScope(this.authValue); + this.authValue = null; } } private addHeaders(agent: Test): Test { - const { withInternalHeaders, withCommonHeaders, withCustomHeaders } = this.options; + const { useCookieHeader, withInternalHeaders, withCommonHeaders, withCustomHeaders } = + this.options; - if (!this.roleAuthc) { - throw new Error('The instance has already been destroyed.'); + if (useCookieHeader) { + if (!this.authValue || !('Cookie' in this.authValue)) { + throw new Error('The instance has already been destroyed or cookieHeader is missing.'); + } + // set cookie header + void agent.set(this.authValue); + } else { + if (!this.authValue || !this.isRoleCredentials(this.authValue)) { + throw new Error('The instance has already been destroyed or roleAuthc is missing.'); + } + // set API key header + void agent.set(this.authValue.apiKeyHeader); } - // set role-based API key by default - void agent.set(this.roleAuthc.apiKeyHeader); if (withInternalHeaders) { void agent.set(this.samlAuth.getInternalRequestHeader()); @@ -69,7 +84,7 @@ export class SupertestWithRoleScope { } private request(method: 'post' | 'get' | 'put' | 'delete', url: string): Test { - if (!this.roleAuthc) { + if (!this.authValue) { throw new Error('Instance has been destroyed and cannot be used for making requests.'); } const agent = this.supertestWithoutAuth[method](url); @@ -101,6 +116,9 @@ export class SupertestWithRoleScope { * * Use this service to easily test API endpoints with role-specific authorization and * custom headers, both in serverless and stateful environments. + * + * Pass '{ useCookieHeader: true }' to use Cookie header for authentication instead of API key. + * It is the correct way to perform HTTP requests for internal end-points. */ export function RoleScopedSupertestProvider({ getService }: DeploymentAgnosticFtrProviderContext) { const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -110,10 +128,18 @@ export function RoleScopedSupertestProvider({ getService }: DeploymentAgnosticFt async getSupertestWithRoleScope( role: string, options: RequestHeadersOptions = { + useCookieHeader: false, withCommonHeaders: false, withInternalHeaders: false, } ) { + // if 'useCookieHeader' set to 'true', HTTP requests will be called with cookie Header (like in browser) + if (options.useCookieHeader) { + const cookieHeader = await samlAuth.getM2MApiCookieCredentialsWithRoleScope(role); + return new SupertestWithRoleScope(cookieHeader, supertestWithoutAuth, samlAuth, options); + } + + // HTTP requests will be called with API key in header by default const roleAuthc = await samlAuth.createM2mApiKeyWithRoleScope(role); return new SupertestWithRoleScope(roleAuthc, supertestWithoutAuth, samlAuth, options); }, diff --git a/x-pack/test_serverless/README.md b/x-pack/test_serverless/README.md index d7bb3d62d552a..661633e9678e1 100644 --- a/x-pack/test_serverless/README.md +++ b/x-pack/test_serverless/README.md @@ -143,28 +143,60 @@ describe("my test suite", async function() { #### API integration test example +API Authentication in Kibana: Public vs. Internal APIs + +Kibana provides both public and internal APIs, each requiring authentication with the correct privileges. However, the method of testing these APIs varies, depending on how they are untilized by end users. + +- Public APIs: When testing HTTP requests to public APIs, API key-based authentication should be used. It reflects how an end user calls these APIs. Due to existing restrictions, we utilize `Admin` user credentials to generate API keys for various roles. While the API key permissions are correctly scoped according to the assigned role, the user will internally be recognized as `Admin` during authentication. + +- Internal APIs: Direct HTTP requests to internal APIs are generally not expected. However, for testing purposes, authentication should be performed using the Cookie header. This approach simulates client-side behavior during browser interactions, mirroring how internal APIs are indirectly invoked. + Recommendations: -- in each test file top level `describe` suite should start with `createM2mApiKeyWithRoleScope` call in `before` hook -- don't forget to invalidate api key using `invalidateApiKeyWithRoleScope` in `after` hook -- make api calls using `supertestWithoutAuth` with generated api key header +- use `roleScopedSupertest` service to create a supertest instance scoped to a specific role and predefined request headers +- `roleScopedSupertest.getSupertestWithRoleScope()` authenticates requests with an API key by default +- pass `withCookieHeader: true` to use Cookie header for request authentication +- don't forget to invalidate API keys by using `destroy()` on the supertest scoped instance in the `after` hook ``` -describe("my test suite", async function() { +describe("my public APIs test suite", async function() { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('viewer'); - commonRequestHeader = svlCommonApi.getCommonRequestHeader(); - internalRequestHeader = svlCommonApi.getInternalRequestHeader(); + supertestViewerWithApiKey = + await roleScopedSupertest.getSupertestWithRoleScope('viewer', { + withInternalHeaders: true, + }); }); after(async () => { - await svlUserManager.invalidateApiKeyWithRoleScope(roleAuthc); + await supertestViewerWithApiKey.destroy(); }); it(''test step', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestViewerWithApiKey .delete('/api/spaces/space/default') - .set(commonRequestHeader) - .set(roleAuthc.apiKeyHeader); + ... + }); +}); +``` + +``` +describe("my internal APIs test suite", async function() { + before(async () => { + supertestViewerWithCookieCredentials = + await roleScopedSupertest.getSupertestWithRoleScope('admin', { + withCookieHeader: true, // to avoid generating API key and use Cookie header instead + withInternalHeaders: true, + }); + }); + + after(async () => { + // no need to call '.destroy' since we didn't create API key and Cookie persist for the role within FTR run + }); + + it(''test step', async () => { + await supertestAdminWithCookieCredentials + .post(`/internal/kibana/settings`) + .send({ changes: { [TEST_SETTING]: 500 } }) + .expect(200); ... }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/core/ui_settings.ts b/x-pack/test_serverless/api_integration/test_suites/common/core/ui_settings.ts index e6c2274f83b1d..228ba1f3ad28f 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/core/ui_settings.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/core/ui_settings.ts @@ -6,8 +6,8 @@ */ import expect from '@kbn/expect'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; // To test setting validations we are using the existing 'defaultColumns' setting that is available in all serverless projects // (See list of common serverless settings in /packages/serverless/settings/common/index.ts) @@ -18,34 +18,32 @@ const DEFAULT_COLUMNS_SETTING = 'defaultColumns'; const TEST_SETTING = 'testSetting'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - let roleAuthc: RoleCredentials; - const supertestWithoutAuth = getService('supertestWithoutAuth'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('ui settings service', () => { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); + // Creating a test setting - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${TEST_SETTING}`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ value: 100 }) .expect(200); }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); - }); // We don't test the public routes as they are not available in serverless describe('internal routes', () => { describe('get', () => { it('returns list of settings', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .get('/internal/kibana/settings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); // The returned list of settings should contain the created test setting @@ -56,10 +54,8 @@ export default function ({ getService }: FtrProviderContext) { describe('set', () => { it('validates value', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${DEFAULT_COLUMNS_SETTING}`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ value: 100 }) .expect(400); @@ -72,18 +68,14 @@ export default function ({ getService }: FtrProviderContext) { }); it('sets value of a setting', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${TEST_SETTING}`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ value: 999 }) .expect(200); // Verify that the setting has a new value - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .get('/internal/kibana/settings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); // The returned list of settings should contain the created test setting @@ -93,10 +85,8 @@ export default function ({ getService }: FtrProviderContext) { describe('set many', () => { it('validates value', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post('/internal/kibana/settings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ changes: { [TEST_SETTING]: 100, [DEFAULT_COLUMNS_SETTING]: 100 } }) .expect(400); @@ -109,18 +99,14 @@ export default function ({ getService }: FtrProviderContext) { }); it('sets values of settings', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ changes: { [TEST_SETTING]: 500 } }) .expect(200); // Verify that the setting has a new value - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .get('/internal/kibana/settings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); // The returned list of settings should contain the created test setting @@ -130,10 +116,8 @@ export default function ({ getService }: FtrProviderContext) { describe('validate', () => { it('returns correct validation error message for invalid value', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${DEFAULT_COLUMNS_SETTING}/validate`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ value: 100 }) .expect(200); @@ -144,10 +128,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('returns no validation error message for valid value', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${DEFAULT_COLUMNS_SETTING}/validate`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ value: ['test'] }) .expect(200); @@ -157,10 +139,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('returns a 404 for non-existing key', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/nonExisting/validate`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ value: ['test'] }) .expect(404); @@ -172,10 +152,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('returns a 400 for a null value', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`/internal/kibana/settings/${DEFAULT_COLUMNS_SETTING}/validate`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ value: null }) .expect(400); @@ -189,17 +167,13 @@ export default function ({ getService }: FtrProviderContext) { describe('delete', () => { it('deletes setting', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .delete(`/internal/kibana/settings/${TEST_SETTING}`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); // Verify that the setting is not returned in the Get response anymore - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .get('/internal/kibana/settings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); // The returned list of settings should contain the created test setting diff --git a/x-pack/test_serverless/api_integration/test_suites/common/index_management/create_enrich_policies.ts b/x-pack/test_serverless/api_integration/test_suites/common/index_management/create_enrich_policies.ts index aa44e364e1e37..6f8d921ff9934 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/index_management/create_enrich_policies.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/index_management/create_enrich_policies.ts @@ -6,29 +6,32 @@ */ import expect from 'expect'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; const INTERNAL_API_BASE_PATH = '/internal/index_management'; export default function ({ getService }: FtrProviderContext) { + const svlCommonApi = getService('svlCommonApi'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; const es = getService('es'); const log = getService('log'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; - let internalReqHeader: InternalRequestHeader; - describe('Create enrich policy', function () { const INDEX_A_NAME = `index-${Math.random()}`; const INDEX_B_NAME = `index-${Math.random()}`; const POLICY_NAME = `policy-${Math.random()}`; before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); + try { await es.indices.create({ index: INDEX_A_NAME, @@ -74,14 +77,11 @@ export default function ({ getService }: FtrProviderContext) { log.debug('[Cleanup error] Error deleting test index'); throw err; } - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); }); it('Allows to create an enrich policy', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`${INTERNAL_API_BASE_PATH}/enrich_policies`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ policy: { name: POLICY_NAME, @@ -97,10 +97,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('Can retrieve fields from indices', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`${INTERNAL_API_BASE_PATH}/enrich_policies/get_fields_from_indices`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ indices: [INDEX_A_NAME, INDEX_B_NAME] }) .expect(200); @@ -126,10 +124,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('Can retrieve matching indices', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithCookieCredentials .post(`${INTERNAL_API_BASE_PATH}/enrich_policies/get_matching_indices`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ pattern: 'index-' }); svlCommonApi.assertResponseStatusCode(200, status, body); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/index_management/indices.ts b/x-pack/test_serverless/api_integration/test_suites/common/index_management/indices.ts index 72b3a4a2e1435..3e2a7630fef12 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/index_management/indices.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/index_management/indices.ts @@ -6,7 +6,8 @@ */ import expect from '@kbn/expect'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; +import { RoleCredentials } from '../../../../shared/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; const INTERNAL_API_BASE_PATH = '/internal/index_management'; @@ -18,17 +19,22 @@ export default function ({ getService }: FtrProviderContext) { const svlUserManager = getService('svlUserManager'); const svlIndicesApi = getService('svlIndicesApi'); const svlIndicesHelpers = getService('svlIndicesHelpers'); - - const supertestWithoutAuth = getService('supertestWithoutAuth'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; let roleAuthc: RoleCredentials; - let internalReqHeader: InternalRequestHeader; describe('Indices', function () { let indexName: string; before(async () => { + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); log.debug(`Creating index: '${indexName}'`); try { indexName = await svlIndicesHelpers.createIndex(); @@ -76,10 +82,8 @@ export default function ({ getService }: FtrProviderContext) { describe('get index', () => { it('returns index details for the specified index name', async () => { - const { body: index } = await supertestWithoutAuth + const { body: index } = await supertestAdminWithCookieCredentials .get(`${INTERNAL_API_BASE_PATH}/indices/${indexName}`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(index).to.be.ok(); @@ -95,10 +99,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('throws 404 for a non-existent index', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .get(`${INTERNAL_API_BASE_PATH}/indices/non_existent`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .expect(404); }); }); @@ -118,19 +120,15 @@ export default function ({ getService }: FtrProviderContext) { }); it('can create a new index', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .put(`${INTERNAL_API_BASE_PATH}/indices/create`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ indexName: createIndexName, }) .expect(200); - const { body: index } = await supertestWithoutAuth + const { body: index } = await supertestAdminWithCookieCredentials .get(`${INTERNAL_API_BASE_PATH}/indices/${createIndexName}`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(index).to.be.ok(); @@ -146,10 +144,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('fails to re-create the same index', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .put(`${INTERNAL_API_BASE_PATH}/indices/create`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ indexName: createIndexName, }) diff --git a/x-pack/test_serverless/api_integration/test_suites/common/kql_telemetry/kql_telemetry.ts b/x-pack/test_serverless/api_integration/test_suites/common/kql_telemetry/kql_telemetry.ts index a45addf4a32ad..abb5f8c0d25f3 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/kql_telemetry/kql_telemetry.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/kql_telemetry/kql_telemetry.ts @@ -9,21 +9,29 @@ import expect from '@kbn/expect'; import { get } from 'lodash'; import { ANALYTICS_SAVED_OBJECT_INDEX } from '@kbn/core-saved-objects-server'; import { KQL_TELEMETRY_ROUTE_LATEST_VERSION } from '@kbn/data-plugin/common'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import type { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const kibanaServer = getService('kibanaServer'); const es = getService('es'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('telemetry API', () => { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + withCustomHeaders: { + [ELASTIC_HTTP_VERSION_HEADER]: KQL_TELEMETRY_ROUTE_LATEST_VERSION, + 'content-type': 'application/json', + }, + } + ); // TODO: Clean `kql-telemetry` before running the tests await kibanaServer.savedObjects.clean({ types: ['kql-telemetry'] }); await kibanaServer.importExport.load( @@ -34,18 +42,12 @@ export default function ({ getService }: FtrProviderContext) { await kibanaServer.importExport.unload( 'test/api_integration/fixtures/kbn_archiver/saved_objects/basic.json' ); - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); }); it('should increment the opt *in* counter in the .kibana_analytics/kql-telemetry document', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) .send({ opt_in: true }) - .set(roleAuthc.apiKeyHeader) .expect(200); return es @@ -60,14 +62,9 @@ export default function ({ getService }: FtrProviderContext) { }); it('should increment the opt *out* counter in the .kibana_analytics/kql-telemetry document', async () => { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) .send({ opt_in: false }) - .set(roleAuthc.apiKeyHeader) .expect(200); return es @@ -82,80 +79,42 @@ export default function ({ getService }: FtrProviderContext) { }); it('should report success when opt *in* is incremented successfully', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) .send({ opt_in: true }) .expect('Content-Type', /json/) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(body.success).to.be(true); }); it('should report success when opt *out* is incremented successfully', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) .send({ opt_in: false }) .expect('Content-Type', /json/) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(body.success).to.be(true); }); it('should only accept literal boolean values for the opt_in POST body param', function () { return Promise.all([ - supertestWithoutAuth + supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ opt_in: 'notabool' }) .expect(400), - supertestWithoutAuth + supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ opt_in: 0 }) .expect(400), - supertestWithoutAuth + supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ opt_in: null }) .expect(400), - supertestWithoutAuth + supertestAdminWithCookieCredentials .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ opt_in: undefined }) .expect(400), - supertestWithoutAuth - .post('/internal/kql_opt_in_stats') - .set('content-type', 'application/json') - .set(ELASTIC_HTTP_VERSION_HEADER, KQL_TELEMETRY_ROUTE_LATEST_VERSION) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) - .send({}) - .expect(400), + supertestAdminWithCookieCredentials.post('/internal/kql_opt_in_stats').send({}).expect(400), ]); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts b/x-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts index 5466829f30bf0..e5c4053b97e73 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/management/multiple_spaces_enabled.ts @@ -26,10 +26,12 @@ import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); const roleScopedSupertest = getService('roleScopedSupertest'); - let supertestWithAdminScope: SupertestWithRoleScopeType; + // CRUD operations to become public APIs: https://github.com/elastic/kibana/issues/192153 + let supertestAdminWithApiKey: SupertestWithRoleScopeType; + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; async function createSpace(id: string) { - await supertestWithAdminScope + await supertestAdminWithApiKey .post('/api/spaces/space') .send({ id, @@ -40,30 +42,38 @@ export default function ({ getService }: FtrProviderContext) { } async function deleteSpace(id: string) { - await supertestWithAdminScope.delete(`/api/spaces/space/${id}`).expect(204); + await supertestAdminWithApiKey.delete(`/api/spaces/space/${id}`).expect(204); } describe('spaces', function () { before(async () => { - supertestWithAdminScope = await roleScopedSupertest.getSupertestWithRoleScope('admin', { + supertestAdminWithApiKey = await roleScopedSupertest.getSupertestWithRoleScope('admin', { withInternalHeaders: true, - withCustomHeaders: { 'kbn-xsrf': 'true' }, }); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); after(async () => { // delete any lingering spaces - const { body } = await supertestWithAdminScope.get('/api/spaces/space').send().expect(200); + const { body } = await supertestAdminWithApiKey.get('/api/spaces/space').send().expect(200); const toDelete = (body as Array<{ id: string }>).filter((f) => f.id !== 'default'); await asyncForEach(toDelete, async (space) => { await deleteSpace(space.id); }); + + await supertestAdminWithApiKey.destroy(); }); describe('Create (POST /api/spaces/space)', () => { it('should allow us to create a space', async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .post('/api/spaces/space') .send({ id: 'custom_space_1', @@ -74,7 +84,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('should not allow us to create a space with disabled features', async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .post('/api/spaces/space') .send({ id: 'custom_space_2', @@ -99,7 +109,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('should allow us to get a space', async () => { - await supertestWithAdminScope.get('/api/spaces/space/space_to_get_1').send().expect(200, { + await supertestAdminWithApiKey.get('/api/spaces/space/space_to_get_1').send().expect(200, { id: 'space_to_get_1', name: 'space_to_get_1', disabledFeatures: [], @@ -107,7 +117,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('should allow us to get all spaces', async () => { - const { body } = await supertestWithAdminScope.get('/api/spaces/space').send().expect(200); + const { body } = await supertestAdminWithApiKey.get('/api/spaces/space').send().expect(200); expect(body).toEqual( expect.arrayContaining([ @@ -137,7 +147,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('should allow us to update a space', async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/spaces/space/space_to_update') .send({ id: 'space_to_update', @@ -147,7 +157,7 @@ export default function ({ getService }: FtrProviderContext) { }) .expect(200); - await supertestWithAdminScope.get('/api/spaces/space/space_to_update').send().expect(200, { + await supertestAdminWithApiKey.get('/api/spaces/space/space_to_update').send().expect(200, { id: 'space_to_update', name: 'some new name', initials: 'SN', @@ -156,7 +166,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('should not allow us to update a space with disabled features', async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/spaces/space/space_to_update') .send({ id: 'space_to_update', @@ -172,7 +182,7 @@ export default function ({ getService }: FtrProviderContext) { it('should allow us to delete a space', async () => { await createSpace('space_to_delete'); - await supertestWithAdminScope.delete(`/api/spaces/space/space_to_delete`).expect(204); + await supertestAdminWithApiKey.delete(`/api/spaces/space/space_to_delete`).expect(204); }); }); @@ -186,7 +196,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('returns the default space', async () => { - const response = await supertestWithAdminScope + const response = await supertestAdminWithCookieCredentials .get('/internal/spaces/_active_space') .expect(200); @@ -199,7 +209,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('returns the default space when explicitly referenced', async () => { - const response = await supertestWithAdminScope + const response = await supertestAdminWithCookieCredentials .get('/s/default/internal/spaces/_active_space') .expect(200); @@ -212,7 +222,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('returns the foo space', async () => { - await supertestWithAdminScope + await supertestAdminWithCookieCredentials .get('/s/foo-space/internal/spaces/_active_space') .expect(200, { id: 'foo-space', @@ -222,7 +232,7 @@ export default function ({ getService }: FtrProviderContext) { }); it('returns 404 when the space is not found', async () => { - await supertestWithAdminScope + await supertestAdminWithCookieCredentials .get('/s/not-found-space/internal/spaces/_active_space') .expect(404, { statusCode: 404, @@ -237,25 +247,25 @@ export default function ({ getService }: FtrProviderContext) { // are enabled in production. describe(`Access`, () => { it('#copyToSpace', async () => { - const { body, status } = await supertestWithAdminScope.post( + const { body, status } = await supertestAdminWithApiKey.post( '/api/spaces/_copy_saved_objects' ); svlCommonApi.assertResponseStatusCode(400, status, body); }); it('#resolveCopyToSpaceErrors', async () => { - const { body, status } = await supertestWithAdminScope.post( + const { body, status } = await supertestAdminWithApiKey.post( '/api/spaces/_resolve_copy_saved_objects_errors' ); svlCommonApi.assertResponseStatusCode(400, status, body); }); it('#updateObjectsSpaces', async () => { - const { body, status } = await supertestWithAdminScope.post( + const { body, status } = await supertestAdminWithApiKey.post( '/api/spaces/_update_objects_spaces' ); svlCommonApi.assertResponseStatusCode(400, status, body); }); it('#getShareableReferences', async () => { - const { body, status } = await supertestWithAdminScope + const { body, status } = await supertestAdminWithApiKey .post('/api/spaces/_get_shareable_references') .send({ objects: [{ type: 'a', id: 'a' }], @@ -263,7 +273,7 @@ export default function ({ getService }: FtrProviderContext) { svlCommonApi.assertResponseStatusCode(200, status, body); }); it('#disableLegacyUrlAliases', async () => { - const { body, status } = await supertestWithAdminScope.post( + const { body, status } = await supertestAdminWithApiKey.post( '/api/spaces/_disable_legacy_url_aliases' ); // without a request body we would normally a 400 bad request if the endpoint was registered diff --git a/x-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts b/x-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts index 5c1e22811bdc3..7014dcd6100df 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/management/spaces.ts @@ -6,35 +6,37 @@ */ import expect from 'expect'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let commonRequestHeader: Record; - let internalRequestHeader: Record; - let roleAuthc: RoleCredentials; + const samlAuth = getService('samlAuth'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithApiKey: SupertestWithRoleScopeType; + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('spaces', function () { before(async () => { // admin is the only predefined role that will work for all 3 solutions - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - commonRequestHeader = svlCommonApi.getCommonRequestHeader(); - internalRequestHeader = svlCommonApi.getInternalRequestHeader(); + supertestAdminWithApiKey = await roleScopedSupertest.getSupertestWithRoleScope('admin'); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + } + ); }); after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + await supertestAdminWithApiKey.destroy(); }); describe('route access', () => { it('#delete', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .delete('/api/spaces/space/default') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader); + .set(samlAuth.getInternalRequestHeader()); svlCommonApi.assertResponseStatusCode(400, status, body); }); @@ -42,10 +44,9 @@ export default function ({ getService }: FtrProviderContext) { // Skipped due to change in QA environment for role management and spaces // TODO: revisit once the change is rolled out to all environments it.skip('#create', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .post('/api/spaces/space') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) + .set(samlAuth.getInternalRequestHeader()) .send({ id: 'custom', name: 'Custom', @@ -56,10 +57,9 @@ export default function ({ getService }: FtrProviderContext) { }); it('#update requires internal header', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .put('/api/spaces/space/default') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) + .set(samlAuth.getInternalRequestHeader()) .send({ id: 'default', name: 'UPDATED!', @@ -70,37 +70,33 @@ export default function ({ getService }: FtrProviderContext) { }); it('#copyToSpace', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .post('/api/spaces/_copy_saved_objects') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader); + .set(samlAuth.getInternalRequestHeader()); svlCommonApi.assertResponseStatusCode(400, status, body); }); it('#resolveCopyToSpaceErrors', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .post('/api/spaces/_resolve_copy_saved_objects_errors') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader); + .set(samlAuth.getInternalRequestHeader()); svlCommonApi.assertResponseStatusCode(400, status, body); }); it('#updateObjectsSpaces', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .post('/api/spaces/_update_objects_spaces') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader); + .set(samlAuth.getInternalRequestHeader()); svlCommonApi.assertResponseStatusCode(400, status, body); }); it('#getShareableReferences', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .post('/api/spaces/_get_shareable_references') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) + .set(samlAuth.getInternalRequestHeader()) .send({ objects: [{ type: 'a', id: 'a' }], }); @@ -109,10 +105,9 @@ export default function ({ getService }: FtrProviderContext) { }); it('#disableLegacyUrlAliases', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithApiKey .post('/api/spaces/_disable_legacy_url_aliases') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader); + .set(samlAuth.getInternalRequestHeader()); // without a request body we would normally a 400 bad request if the endpoint was registered svlCommonApi.assertApiNotFound(body, status); @@ -123,10 +118,9 @@ export default function ({ getService }: FtrProviderContext) { let body: any; let status: number; - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithApiKey .get('/api/spaces/space/default') - .set(commonRequestHeader) - .set(roleAuthc.apiKeyHeader)); + .set(samlAuth.getCommonRequestHeader())); // expect a rejection because we're not using the internal header expect(body).toEqual({ statusCode: 400, @@ -137,10 +131,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithApiKey .get('/api/spaces/space/default') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader)); + .set(samlAuth.getInternalRequestHeader())); // expect success because we're using the internal header expect(body).toEqual( expect.objectContaining({ @@ -154,10 +147,9 @@ export default function ({ getService }: FtrProviderContext) { let body: any; let status: number; - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithApiKey .get('/api/spaces/space') - .set(commonRequestHeader) - .set(roleAuthc.apiKeyHeader)); + .set(samlAuth.getCommonRequestHeader())); // expect a rejection because we're not using the internal header expect(body).toEqual({ statusCode: 400, @@ -168,10 +160,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithApiKey .get('/api/spaces/space') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader)); + .set(samlAuth.getInternalRequestHeader())); // expect success because we're using the internal header expect(body).toEqual( expect.arrayContaining([ @@ -187,10 +178,9 @@ export default function ({ getService }: FtrProviderContext) { let body: any; let status: number; - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .get('/internal/spaces/_active_space') - .set(commonRequestHeader) - .set(roleAuthc.apiKeyHeader)); + .set(samlAuth.getCommonRequestHeader())); // expect a rejection because we're not using the internal header expect(body).toEqual({ statusCode: 400, @@ -201,10 +191,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .get('/internal/spaces/_active_space') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader)); + .set(samlAuth.getInternalRequestHeader())); // expect success because we're using the internal header expect(body).toEqual( expect.objectContaining({ diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts index 765c2a8c30c5f..dc4cddd0d9846 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/anonymous.ts @@ -5,39 +5,40 @@ * 2.0. */ +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; - let internalReqHeader: InternalRequestHeader; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('security/anonymous', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + describe('route access', () => { describe('disabled', () => { it('get access capabilities', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/anonymous_access/capabilities') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/anonymous_access/capabilities' + ); + svlCommonApi.assertApiNotFound(body, status); }); it('get access state', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/anonymous_access/state') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/anonymous_access/state' + ); + svlCommonApi.assertApiNotFound(body, status); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts index 694428bc57d97..6646e34ae8495 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/api_keys.ts @@ -6,30 +6,32 @@ */ import expect from 'expect'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { let roleMapping: { id: string; name: string; api_key: string; encoded: string }; - const supertest = getService('supertest'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); + const samlAuth = getService('samlAuth'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; + describe('security/api_keys', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + } + ); }); + describe('route access', () => { describe('internal', () => { before(async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithCookieCredentials .post('/internal/security/api_key') - .set(roleAuthc.cookieHeader) - .set(svlCommonApi.getInternalRequestHeader()) + .set(samlAuth.getInternalRequestHeader()) .send({ name: 'test', metadata: {}, @@ -40,16 +42,14 @@ export default function ({ getService }: FtrProviderContext) { }); after(async function invalidateAll() { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithCookieCredentials .get('/internal/security/api_key?isAdmin=true') - .set(roleAuthc.cookieHeader) - .set(svlCommonApi.getInternalRequestHeader()); + .set(samlAuth.getInternalRequestHeader()); if (status === 200) { - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .post('/internal/security/api_key/invalidate') - .set(roleAuthc.cookieHeader) - .set(svlCommonApi.getInternalRequestHeader()) + .set(samlAuth.getInternalRequestHeader()) .send({ apiKeys: body?.apiKeys, isAdmin: true, @@ -68,7 +68,7 @@ export default function ({ getService }: FtrProviderContext) { ({ body, status } = await supertestWithoutAuth .post('/internal/security/api_key') - .set(svlCommonApi.getCommonRequestHeader()) + .set(samlAuth.getCommonRequestHeader()) .send(requestBody)); // expect a rejection because we're not using the internal header expect(body).toEqual({ @@ -78,10 +78,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(401); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .post('/internal/security/api_key') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.cookieHeader) + .set(samlAuth.getInternalRequestHeader()) .send(requestBody)); // expect success because we're using the internal header expect(body).toEqual(expect.objectContaining({ name: 'create_test' })); @@ -97,10 +96,9 @@ export default function ({ getService }: FtrProviderContext) { role_descriptors: {}, }; - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .put('/internal/security/api_key') - .set(svlCommonApi.getCommonRequestHeader()) - .set(roleAuthc.cookieHeader) + .set(samlAuth.getCommonRequestHeader()) .send(requestBody)); // expect a rejection because we're not using the internal header expect(body).toEqual({ @@ -112,10 +110,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .put('/internal/security/api_key') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.cookieHeader) + .set(samlAuth.getInternalRequestHeader()) .send(requestBody)); // expect success because we're using the internal header expect(body).toEqual(expect.objectContaining({ updated: true })); @@ -126,10 +123,9 @@ export default function ({ getService }: FtrProviderContext) { let body: unknown; let status: number; - ({ body, status } = await supertest + ({ body, status } = await supertestAdminWithCookieCredentials .get('/internal/security/api_key/_enabled') - .set(svlCommonApi.getCommonRequestHeader()) - .set(roleAuthc.cookieHeader)); + .set(samlAuth.getCommonRequestHeader())); // expect a rejection because we're not using the internal header expect(body).toEqual({ statusCode: 400, @@ -140,10 +136,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .get('/internal/security/api_key/_enabled') - .set(roleAuthc.cookieHeader) - .set(svlCommonApi.getInternalRequestHeader())); + .set(samlAuth.getInternalRequestHeader())); // expect success because we're using the internal header expect(body).toEqual({ apiKeysEnabled: true }); expect(status).toBe(200); @@ -162,10 +157,9 @@ export default function ({ getService }: FtrProviderContext) { isAdmin: true, }; - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .post('/internal/security/api_key/invalidate') - .set(svlCommonApi.getCommonRequestHeader()) - .set(roleAuthc.cookieHeader) + .set(samlAuth.getCommonRequestHeader()) .send(requestBody)); // expect a rejection because we're not using the internal header expect(body).toEqual({ @@ -177,10 +171,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestAdminWithCookieCredentials .post('/internal/security/api_key/invalidate') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.cookieHeader) + .set(samlAuth.getInternalRequestHeader()) .send(requestBody)); // expect success because we're using the internal header expect(body).toEqual({ @@ -205,10 +198,9 @@ export default function ({ getService }: FtrProviderContext) { size: 1, }; - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post('/internal/security/api_key/_query') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.cookieHeader) + .set(samlAuth.getInternalRequestHeader()) .send(requestBody) .expect(200); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts index c4245985a245e..4c77607d7d844 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/authorization.ts @@ -7,8 +7,8 @@ import expect from 'expect'; import { KibanaFeatureConfig, SubFeaturePrivilegeConfig } from '@kbn/features-plugin/common'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; function collectSubFeaturesPrivileges(feature: KibanaFeatureConfig) { return new Map( @@ -25,21 +25,27 @@ function collectSubFeaturesPrivileges(feature: KibanaFeatureConfig) { export default function ({ getService }: FtrProviderContext) { const log = getService('log'); const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - const supertest = getService('supertest'); - let roleAuthc: RoleCredentials; - let internalReqHeader: InternalRequestHeader; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; + let supertestAdminWithApiKey: SupertestWithRoleScopeType; describe('security/authorization', function () { // see details: https://github.com/elastic/kibana/issues/192282 this.tags(['failsOnMKI']); before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); + supertestAdminWithApiKey = await roleScopedSupertest.getSupertestWithRoleScope('admin', { + withInternalHeaders: true, + }); }); after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + await supertestAdminWithApiKey.destroy(); }); describe('route access', () => { describe('internal', () => { @@ -47,60 +53,47 @@ export default function ({ getService }: FtrProviderContext) { // Skipped due to change in QA environment for role management and spaces // TODO: revisit once the change is rolled out to all environments it.skip('get all privileges', async () => { - const { body, status } = await supertestWithoutAuth - .get('/api/security/privileges') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithApiKey.get('/api/security/privileges'); svlCommonApi.assertApiNotFound(body, status); }); // Skipped due to change in QA environment for role management and spaces // TODO: revisit once the change is rolled out to all environments it.skip('get built-in elasticsearch privileges', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/esPrivileges/builtin') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/esPrivileges/builtin' + ); svlCommonApi.assertApiNotFound(body, status); }); it('create/update roleAuthc', async () => { - const { body, status } = await supertestWithoutAuth - .put('/api/security/role/test') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithApiKey.put('/api/security/role/test'); svlCommonApi.assertApiNotFound(body, status); }); it('get roleAuthc', async () => { - const { body, status } = await supertestWithoutAuth - .get('/api/security/role/superuser') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithApiKey.get( + '/api/security/role/superuser' + ); svlCommonApi.assertApiNotFound(body, status); }); it('get all roles', async () => { - const { body, status } = await supertestWithoutAuth - .get('/api/security/role') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithApiKey.get('/api/security/role'); svlCommonApi.assertApiNotFound(body, status); }); it('delete roleAuthc', async () => { - const { body, status } = await supertestWithoutAuth - .delete('/api/security/role/superuser') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithApiKey.delete( + '/api/security/role/superuser' + ); svlCommonApi.assertApiNotFound(body, status); }); it('get shared saved object permissions', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/_share_saved_object_permissions') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/_share_saved_object_permissions' + ); svlCommonApi.assertApiNotFound(body, status); }); }); @@ -108,29 +101,17 @@ export default function ({ getService }: FtrProviderContext) { describe('public', () => { it('reset session page', async () => { - const { status } = await supertestWithoutAuth - .get('/internal/security/reset_session_page.js') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/reset_session_page.js' + ); expect(status).toBe(200); }); }); }); describe('available features', () => { - let adminCredentials: { Cookie: string }; - - before(async () => { - // get auth header for Viewer roleAuthc - adminCredentials = await svlUserManager.getM2MApiCredentialsWithRoleScope('admin'); - }); - it('all Dashboard and Discover sub-feature privileges are disabled', async () => { - const { body } = await supertest - .get('/api/features') - .set(svlCommonApi.getInternalRequestHeader()) - .set(adminCredentials) - .expect(200); + const { body } = await supertestAdminWithCookieCredentials.get('/api/features').expect(200); // We should make sure that neither Discover nor Dashboard displays any sub-feature privileges in Serverless. // If any of these features adds a new sub-feature privilege we should make an explicit decision whether it diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts index cb925947473f3..97922157dab33 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/feature_check.ts @@ -5,27 +5,29 @@ * 2.0. */ +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('security/features', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + it('route access disabled', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/_check_security_features') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/_check_security_features' + ); svlCommonApi.assertApiNotFound(body, status); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts index c289720f93d29..46615e3c7a0d6 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/misc.ts @@ -6,64 +6,61 @@ */ import expect from 'expect'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('security/misc', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + describe('route access', () => { describe('disabled', () => { it('get index fields', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestAdminWithCookieCredentials .get('/internal/security/fields/test') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ params: 'params' }); svlCommonApi.assertApiNotFound(body, status); }); it('fix deprecated roles', async () => { - const { body, status } = await supertestWithoutAuth - .post('/internal/security/deprecations/kibana_user_role/_fix_users') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.post( + '/internal/security/deprecations/kibana_user_role/_fix_users' + ); svlCommonApi.assertApiNotFound(body, status); }); it('fix deprecated roleAuthc mappings', async () => { - const { body, status } = await supertestWithoutAuth - .post('/internal/security/deprecations/kibana_user_role/_fix_role_mappings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.post( + '/internal/security/deprecations/kibana_user_role/_fix_role_mappings' + ); svlCommonApi.assertApiNotFound(body, status); }); it('get security checkup state', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/security_checkup/state') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/security_checkup/state' + ); svlCommonApi.assertApiNotFound(body, status); }); }); describe('internal', () => { it('get record auth type', async () => { - const { status } = await supertestWithoutAuth - .post('/internal/security/analytics/_record_auth_type') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.post( + '/internal/security/analytics/_record_auth_type' + ); expect(status).toBe(200); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts index 562e98d33866a..ea37efd75d6dd 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/response_headers.ts @@ -7,14 +7,14 @@ import expect from 'expect'; import cspParser from 'content-security-policy-parser'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); + const samlAuth = getService('samlAuth'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestViewerWithCookieCredentials: SupertestWithRoleScopeType; describe('security/response_headers', function () { const baseCSP = `script-src 'report-sample' 'self'; worker-src 'report-sample' 'self' blob:; style-src 'report-sample' 'self' 'unsafe-inline'; frame-ancestors 'self'`; @@ -27,16 +27,18 @@ export default function ({ getService }: FtrProviderContext) { const defaultXFrameOptions = 'SAMEORIGIN'; before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('viewer'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestViewerWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'viewer', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + it('API endpoint response contains default security headers', async () => { - const { header } = await supertestWithoutAuth + const { header } = await supertestViewerWithCookieCredentials .get(`/internal/security/me`) - .set(roleAuthc.apiKeyHeader) - .set(svlCommonApi.getInternalRequestHeader()) .expect(200); expect(header).toBeDefined(); @@ -52,7 +54,7 @@ export default function ({ getService }: FtrProviderContext) { it('redirect endpoint response contains default security headers', async () => { const { header } = await supertestWithoutAuth .get(`/logout`) - .set(svlCommonApi.getInternalRequestHeader()) + .set(samlAuth.getInternalRequestHeader()) .expect(200); expect(header).toBeDefined(); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts index 3fdabba673ff1..b5b51dcef5693 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/role_mappings.ts @@ -5,54 +5,53 @@ * 2.0. */ +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('security/role_mappings', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + describe('route access', () => { describe('disabled', () => { it('create/update roleAuthc mapping', async () => { - const { body, status } = await supertestWithoutAuth - .post('/internal/security/role_mapping/test') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.post( + '/internal/security/role_mapping/test' + ); svlCommonApi.assertApiNotFound(body, status); }); it('get roleAuthc mapping', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/role_mapping/test') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/role_mapping/test' + ); svlCommonApi.assertApiNotFound(body, status); }); it('get all roleAuthc mappings', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/role_mapping') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/role_mapping' + ); svlCommonApi.assertApiNotFound(body, status); }); it('delete roleAuthc mapping', async () => { // this test works because the message for a missing endpoint is different from a missing roleAuthc mapping - const { body, status } = await supertestWithoutAuth - .delete('/internal/security/role_mapping/test') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.delete( + '/internal/security/role_mapping/test' + ); svlCommonApi.assertApiNotFound(body, status); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts index 6d5a6f93b1187..da03ad14047b1 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/roles_routes_feature_flag.ts @@ -26,15 +26,22 @@ import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const platformSecurityUtils = getService('platformSecurityUtils'); const roleScopedSupertest = getService('roleScopedSupertest'); - let supertestWithAdminScope: SupertestWithRoleScopeType; + let supertestAdminWithApiKey: SupertestWithRoleScopeType; + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; const es = getService('es'); describe('security', function () { describe('Roles', () => { before(async () => { - supertestWithAdminScope = await roleScopedSupertest.getSupertestWithRoleScope('admin', { + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); + supertestAdminWithApiKey = await roleScopedSupertest.getSupertestWithRoleScope('admin', { withInternalHeaders: true, - withCustomHeaders: { 'kbn-xsrf': 'true' }, }); }); after(async () => { @@ -43,11 +50,11 @@ export default function ({ getService }: FtrProviderContext) { describe('Create Role', () => { it('should allow us to create an empty role', async () => { - await supertestWithAdminScope.put('/api/security/role/empty_role').send({}).expect(204); + await supertestAdminWithApiKey.put('/api/security/role/empty_role').send({}).expect(204); }); it('should create a role with kibana and elasticsearch privileges', async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_with_privileges') .send({ metadata: { @@ -113,7 +120,7 @@ export default function ({ getService }: FtrProviderContext) { }); it(`should create a role with kibana and FLS/DLS elasticsearch privileges`, async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_with_privileges_dls_fls') .send({ metadata: { @@ -139,7 +146,7 @@ export default function ({ getService }: FtrProviderContext) { // serverless only (stateful will allow) it(`should not create a role with 'run as' privileges`, async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_with_privileges') .send({ metadata: { @@ -174,7 +181,7 @@ export default function ({ getService }: FtrProviderContext) { // serverless only (stateful will allow) it(`should not create a role with remote cluster privileges`, async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_with_privileges') .send({ metadata: { @@ -214,7 +221,7 @@ export default function ({ getService }: FtrProviderContext) { // serverless only (stateful will allow) it(`should not create a role with remote index privileges`, async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_with_privileges') .send({ metadata: { @@ -268,14 +275,14 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/test_role?createOnly=true') .send({}) .expect(409); }); it('should succeed when role does not exist', async () => { - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/new_role?createOnly=true') .send({}) .expect(204); @@ -321,7 +328,7 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope.get('/api/security/role/role_to_get').expect(200, { + await supertestAdminWithApiKey.get('/api/security/role/role_to_get').expect(200, { name: 'role_to_get', metadata: { foo: 'test-metadata', @@ -413,7 +420,7 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope + await supertestAdminWithCookieCredentials .get('/internal/security/roles/engineering') .expect(200) .expect((res: { body: Role[] }) => { @@ -469,7 +476,7 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_to_update') .send({ metadata: { @@ -553,7 +560,7 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_to_update_with_dls_fls') .send({ elasticsearch: { @@ -612,7 +619,7 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_to_update') .send({ metadata: { @@ -708,7 +715,7 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_to_update') .send({ metadata: { @@ -809,7 +816,7 @@ export default function ({ getService }: FtrProviderContext) { }, }); - await supertestWithAdminScope + await supertestAdminWithApiKey .put('/api/security/role/role_to_update') .send({ metadata: { @@ -911,7 +918,7 @@ export default function ({ getService }: FtrProviderContext) { }, }, }); - await supertestWithAdminScope.delete('/api/security/role/role_to_delete').expect(204); + await supertestAdminWithApiKey.delete('/api/security/role/role_to_delete').expect(204); const deletedRole = await es.security.getRole( { name: 'role_to_delete' }, diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts index 386d1b3cb770c..c76ccb81f8ce2 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/sessions.ts @@ -6,28 +6,31 @@ */ import expect from 'expect'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const samlAuth = getService('samlAuth'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestViewerWithCookieCredentials: SupertestWithRoleScopeType; + describe('security/sessions', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('viewer'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestViewerWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'viewer', + { + useCookieHeader: true, + } + ); }); + describe('route access', () => { describe('disabled', () => { it('invalidate', async () => { - const { body, status } = await supertestWithoutAuth + const { body, status } = await supertestViewerWithCookieCredentials .post('/api/security/session/_invalidate') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) + .set(samlAuth.getInternalRequestHeader()) .send({ match: 'all' }); svlCommonApi.assertApiNotFound(body, status); }); @@ -38,11 +41,9 @@ export default function ({ getService }: FtrProviderContext) { let body: any; let status: number; - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestViewerWithCookieCredentials .get('/internal/security/session') - .set(roleAuthc.apiKeyHeader) - .set(svlCommonApi.getCommonRequestHeader())); - + .set(samlAuth.getCommonRequestHeader())); // expect a rejection because we're not using the internal header expect(body).toEqual({ statusCode: 400, @@ -53,22 +54,20 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestViewerWithCookieCredentials .get('/internal/security/session') - .set(roleAuthc.apiKeyHeader) - .set(svlCommonApi.getInternalRequestHeader())); - // expect 204 because there is no session - expect(status).toBe(204); + .set(samlAuth.getInternalRequestHeader())); + // expect 200 because there is a session + expect(status).toBe(200); }); it('extend', async () => { let body: any; let status: number; - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestViewerWithCookieCredentials .post('/internal/security/session') - .set(roleAuthc.apiKeyHeader) - .set(svlCommonApi.getCommonRequestHeader())); + .set(samlAuth.getCommonRequestHeader())); // expect a rejection because we're not using the internal header expect(body).toEqual({ statusCode: 400, @@ -79,10 +78,9 @@ export default function ({ getService }: FtrProviderContext) { }); expect(status).toBe(400); - ({ body, status } = await supertestWithoutAuth + ({ body, status } = await supertestViewerWithCookieCredentials .post('/internal/security/session') - .set(roleAuthc.apiKeyHeader) - .set(svlCommonApi.getInternalRequestHeader())); + .set(samlAuth.getInternalRequestHeader())); // expect redirect expect(status).toBe(302); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts index 0217eb39017cc..481e5d9394d22 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/user_profiles.ts @@ -7,23 +7,25 @@ import expect from 'expect'; import { kibanaTestUser } from '@kbn/test'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { const samlTools = getService('samlTools'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestViewerWithCookieCredentials: SupertestWithRoleScopeType; describe('security/user_profiles', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('viewer'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestViewerWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'viewer', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + describe('route access', () => { describe('internal', () => { // When we run tests on MKI, SAML realm is configured differently, and we cannot handcraft SAML responses to @@ -31,29 +33,23 @@ export default function ({ getService }: FtrProviderContext) { this.tags(['skipMKI']); it('update', async () => { - const { status } = await supertestWithoutAuth + const { status } = await supertestViewerWithCookieCredentials .post(`/internal/security/user_profile/_data`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .set(await samlTools.login(kibanaTestUser.username)) .send({ key: 'value' }); expect(status).not.toBe(404); }); it('get current', async () => { - const { status } = await supertestWithoutAuth + const { status } = await supertestViewerWithCookieCredentials .get(`/internal/security/user_profile`) - .set(roleAuthc.apiKeyHeader) - .set(svlCommonApi.getInternalRequestHeader()) .set(await samlTools.login(kibanaTestUser.username)); expect(status).not.toBe(404); }); it('bulk get', async () => { - const { status } = await supertestWithoutAuth + const { status } = await supertestViewerWithCookieCredentials .get(`/internal/security/user_profile`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .set(await samlTools.login(kibanaTestUser.username)) .send({ uids: ['12345678'] }); expect(status).not.toBe(404); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts index a94fc609ea496..58d8e1b6eee9a 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/users.ts @@ -6,77 +6,77 @@ */ import expect from 'expect'; -import { RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); + const samlAuth = getService('samlAuth'); const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const svlCommonApi = getService('svlCommonApi'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('security/users', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + describe('route access', () => { // ToDo: uncomment when we disable user APIs describe.skip('disabled', () => { it('get', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/users/elastic') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/users/elastic' + ); svlCommonApi.assertApiNotFound(body, status); }); it('get all', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/users') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/users' + ); svlCommonApi.assertApiNotFound(body, status); }); it('create/update', async () => { const { body, status } = await supertestWithoutAuth .post(`/internal/security/users/some_testuser`) - .set(svlCommonApi.getInternalRequestHeader()) + .set(samlAuth.getInternalRequestHeader()) .send({ username: 'some_testuser', password: 'testpassword', roles: [] }); svlCommonApi.assertApiNotFound(body, status); }); it('delete', async () => { - const { body, status } = await supertestWithoutAuth - .delete(`/internal/security/users/elastic`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.delete( + `/internal/security/users/elastic` + ); svlCommonApi.assertApiNotFound(body, status); }); it('disable', async () => { - const { body, status } = await supertestWithoutAuth - .post(`/internal/security/users/elastic/_disable`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.post( + `/internal/security/users/elastic/_disable` + ); svlCommonApi.assertApiNotFound(body, status); }); it('enable', async () => { - const { body, status } = await supertestWithoutAuth - .post(`/internal/security/users/elastic/_enable`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.post( + `/internal/security/users/elastic/_enable` + ); svlCommonApi.assertApiNotFound(body, status); }); it('set password', async () => { const { body, status } = await supertestWithoutAuth .post(`/internal/security/users/{username}/password`) - .set(svlCommonApi.getInternalRequestHeader()) + .set(samlAuth.getInternalRequestHeader()) .send({ password: 'old_pw', newPassword: 'new_pw', @@ -88,57 +88,52 @@ export default function ({ getService }: FtrProviderContext) { // ToDo: remove when we disable user APIs describe('internal', () => { it('get', async () => { - const { status } = await supertestWithoutAuth - .get('/internal/security/users/elastic') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/users/elastic' + ); expect(status).not.toBe(404); }); it('get all', async () => { - const { status } = await supertestWithoutAuth - .get('/internal/security/users') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/users' + ); expect(status).not.toBe(404); }); it('create/update', async () => { const { status } = await supertestWithoutAuth .post(`/internal/security/users/some_testuser`) - .set(svlCommonApi.getInternalRequestHeader()) + .set(samlAuth.getInternalRequestHeader()) .send({ username: 'some_testuser', password: 'testpassword', roles: [] }); expect(status).not.toBe(404); }); it('delete', async () => { - const { status } = await supertestWithoutAuth - .delete(`/internal/security/users/elastic`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.delete( + `/internal/security/users/elastic` + ); expect(status).not.toBe(404); }); it('disable', async () => { - const { status } = await supertestWithoutAuth - .post(`/internal/security/users/elastic/_disable`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.post( + `/internal/security/users/elastic/_disable` + ); expect(status).not.toBe(404); }); it('enable', async () => { - const { status } = await supertestWithoutAuth - .post(`/internal/security/users/elastic/_enable`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.post( + `/internal/security/users/elastic/_enable` + ); expect(status).not.toBe(404); }); it('set password', async () => { const { status } = await supertestWithoutAuth .post(`/internal/security/users/{username}/password`) - .set(svlCommonApi.getInternalRequestHeader()) + .set(samlAuth.getInternalRequestHeader()) .send({ password: 'old_pw', newPassword: 'new_pw', diff --git a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts index 76cf863034d04..8234fa61113d4 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/platform_security/views.ts @@ -6,131 +6,107 @@ */ import expect from 'expect'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; - let internalReqHeader: InternalRequestHeader; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('security/views', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalReqHeader = svlCommonApi.getInternalRequestHeader(); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + describe('route access', () => { describe('disabled', () => { // ToDo: unskip these when we disable login routes xit('login', async () => { - const { body, status } = await supertestWithoutAuth - .get('/login') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get('/login'); svlCommonApi.assertApiNotFound(body, status); }); // ToDo: unskip these when we disable login routes xit('get login state', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/login_state') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/login_state' + ); svlCommonApi.assertApiNotFound(body, status); }); it('access agreement', async () => { - const { body, status } = await supertestWithoutAuth - .get('/security/access_agreement') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/security/access_agreement' + ); svlCommonApi.assertApiNotFound(body, status); }); it('get access agreement state', async () => { - const { body, status } = await supertestWithoutAuth - .get('/internal/security/access_agreement/state') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { body, status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/access_agreement/state' + ); svlCommonApi.assertApiNotFound(body, status); }); }); describe('public', () => { it('login', async () => { - const { status } = await supertestWithoutAuth - .get('/login') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get('/login'); expect(status).toBe(302); }); it('get login state', async () => { - const { status } = await supertestWithoutAuth - .get('/internal/security/login_state') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/login_state' + ); expect(status).toBe(200); }); it('capture URL', async () => { - const { status } = await supertestWithoutAuth - .get('/internal/security/capture-url') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get( + '/internal/security/capture-url' + ); expect(status).toBe(200); }); it('space selector', async () => { - const { status } = await supertestWithoutAuth - .get('/spaces/space_selector') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get( + '/spaces/space_selector' + ); expect(status).toBe(200); }); it('enter space', async () => { - const { status } = await supertestWithoutAuth - .get('/spaces/enter') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get('/spaces/enter'); expect(status).toBe(302); }); it('account', async () => { - const { status } = await supertestWithoutAuth - .get('/security/account') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get('/security/account'); expect(status).toBe(200); }); it('logged out', async () => { - const { status } = await supertestWithoutAuth - .get('/security/logged_out') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); - expect(status).toBe(200); + const { status } = await supertestAdminWithCookieCredentials.get('/security/logged_out'); + expect(status).toBe(302); }); it('logout', async () => { - const { status } = await supertestWithoutAuth - .get('/logout') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get('/logout'); expect(status).toBe(200); }); it('overwritten session', async () => { - const { status } = await supertestWithoutAuth - .get('/security/overwritten_session') - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader); + const { status } = await supertestAdminWithCookieCredentials.get( + '/security/overwritten_session' + ); expect(status).toBe(200); }); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/scripts_tests/languages.ts b/x-pack/test_serverless/api_integration/test_suites/common/scripts_tests/languages.ts index 9a2131b5defa4..93a0359bfe2c7 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/scripts_tests/languages.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/scripts_tests/languages.ts @@ -9,38 +9,37 @@ import expect from '@kbn/expect'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import { SCRIPT_LANGUAGES_ROUTE_LATEST_VERSION } from '@kbn/data-plugin/common/constants'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; -import { RoleCredentials } from '../../../../shared/services'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - let roleAuthc: RoleCredentials; - const supertestWithoutAuth = getService('supertestWithoutAuth'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('Script Languages API', function getLanguages() { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + withCustomHeaders: { + [ELASTIC_HTTP_VERSION_HEADER]: SCRIPT_LANGUAGES_ROUTE_LATEST_VERSION, + }, + } + ); }); + it('should return 200 with an array of languages', async () => { - const response = await supertestWithoutAuth + const response = await supertestAdminWithCookieCredentials .get('/internal/scripts/languages') - .set(ELASTIC_HTTP_VERSION_HEADER, SCRIPT_LANGUAGES_ROUTE_LATEST_VERSION) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(response.body).to.be.an('array'); }); it.skip('should only return langs enabled for inline scripting', async () => { - const response = await supertestWithoutAuth + const response = await supertestAdminWithCookieCredentials .get('/internal/scripts/languages') - .set(ELASTIC_HTTP_VERSION_HEADER, SCRIPT_LANGUAGES_ROUTE_LATEST_VERSION) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(response.body).to.contain('expression'); expect(response.body).to.contain('painless'); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/search_oss/bsearch.ts b/x-pack/test_serverless/api_integration/test_suites/common/search_oss/bsearch.ts index 718f40d812f8e..93da25aed6000 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/search_oss/bsearch.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/search_oss/bsearch.ts @@ -10,7 +10,7 @@ import request from 'superagent'; import { inflateResponse } from '@kbn/bfetch-plugin/public/streaming'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import { BFETCH_ROUTE_VERSION_LATEST } from '@kbn/bfetch-plugin/common'; -import { RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import type { FtrProviderContext } from '../../../ftr_provider_context'; import { painlessErrReq } from './painless_err_req'; import { verifyErrorResponse } from './verify_error'; @@ -26,46 +26,44 @@ function parseBfetchResponse(resp: request.Response, compressed: boolean = false export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); - const svlCommonApi = getService('svlCommonApi'); - - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('bsearch', () => { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + withCustomHeaders: { + [ELASTIC_HTTP_VERSION_HEADER]: BFETCH_ROUTE_VERSION_LATEST, + }, + } + ); }); + describe('post', () => { it('should return 200 a single response', async () => { - const resp = await supertestWithoutAuth - .post(`/internal/bsearch`) - .set(ELASTIC_HTTP_VERSION_HEADER, BFETCH_ROUTE_VERSION_LATEST) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) - .send({ - batch: [ - { - request: { - params: { - index: '.kibana', - body: { - query: { - match_all: {}, - }, + const resp = await supertestAdminWithCookieCredentials.post(`/internal/bsearch`).send({ + batch: [ + { + request: { + params: { + index: '.kibana', + body: { + query: { + match_all: {}, }, }, }, - options: { - strategy: 'es', - }, }, - ], - }); + options: { + strategy: 'es', + }, + }, + ], + }); const jsonBody = parseBfetchResponse(resp); @@ -77,12 +75,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 200 a single response from compressed', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/bsearch?compress=true`) - .set(ELASTIC_HTTP_VERSION_HEADER, BFETCH_ROUTE_VERSION_LATEST) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ batch: [ { @@ -113,12 +107,9 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return a batch of successful responses', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/bsearch`) .set(ELASTIC_HTTP_VERSION_HEADER, BFETCH_ROUTE_VERSION_LATEST) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ batch: [ { @@ -159,12 +150,9 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return error for not found strategy', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/bsearch`) .set(ELASTIC_HTTP_VERSION_HEADER, BFETCH_ROUTE_VERSION_LATEST) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ batch: [ { @@ -193,12 +181,9 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 400 when index type is provided in "es" strategy', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/bsearch`) .set(ELASTIC_HTTP_VERSION_HEADER, BFETCH_ROUTE_VERSION_LATEST) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ batch: [ { @@ -236,12 +221,9 @@ export default function ({ getService }: FtrProviderContext) { await esArchiver.unload('test/functional/fixtures/es_archiver/logstash_functional'); }); it('should return 400 "search_phase_execution_exception" for Painless error in "es" strategy', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/bsearch`) .set(ELASTIC_HTTP_VERSION_HEADER, BFETCH_ROUTE_VERSION_LATEST) - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ batch: [ { diff --git a/x-pack/test_serverless/api_integration/test_suites/common/search_oss/search.ts b/x-pack/test_serverless/api_integration/test_suites/common/search_oss/search.ts index 88772826e9200..2d4e7190b93b1 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/search_oss/search.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/search_oss/search.ts @@ -7,23 +7,29 @@ import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import expect from '@kbn/expect'; -import { RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import type { FtrProviderContext } from '../../../ftr_provider_context'; import { painlessErrReq } from './painless_err_req'; import { verifyErrorResponse } from './verify_error'; export default function ({ getService }: FtrProviderContext) { const esArchiver = getService('esArchiver'); - const svlCommonApi = getService('svlCommonApi'); const kibanaServer = getService('kibanaServer'); - - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('search', () => { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + withCustomHeaders: { + [ELASTIC_HTTP_VERSION_HEADER]: '1', + }, + } + ); // TODO: emptyKibanaIndex fails in Serverless with // "index_not_found_exception: no such index [.kibana_ingest]", // so it was switched to `savedObjects.cleanStandardList()` @@ -32,17 +38,12 @@ export default function ({ getService }: FtrProviderContext) { }); after(async () => { await esArchiver.unload('test/functional/fixtures/es_archiver/logstash_functional'); - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); }); describe('post', () => { it('should return 200 when correctly formatted searches are provided', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/search/es`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ params: { body: { @@ -62,12 +63,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 200 if terminated early', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/search/es`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ params: { terminateAfter: 1, @@ -90,12 +87,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 404 when if no strategy is provided', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/search`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ body: { query: { @@ -109,12 +102,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 404 when if unknown strategy is provided', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/search/banana`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ body: { query: { @@ -130,12 +119,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 400 with illegal ES argument', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/search/es`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ params: { timeout: 1, // This should be a time range string! @@ -154,12 +139,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 400 with a bad body', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/search/es`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send({ params: { body: { @@ -174,12 +155,8 @@ export default function ({ getService }: FtrProviderContext) { }); it('should return 400 for a painless error', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .post(`/internal/search/es`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send(painlessErrReq) .expect(400); @@ -189,24 +166,16 @@ export default function ({ getService }: FtrProviderContext) { describe('delete', () => { it('should return 404 when no search id provided', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .delete(`/internal/search/es`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send() .expect(404); verifyErrorResponse(resp.body, 404); }); it('should return 400 when trying a delete on a non supporting strategy', async () => { - const resp = await supertestWithoutAuth + const resp = await supertestAdminWithCookieCredentials .delete(`/internal/search/es/123`) - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - // TODO: API requests in Serverless require internal request headers - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .send() .expect(400); verifyErrorResponse(resp.body, 400); diff --git a/x-pack/test_serverless/api_integration/test_suites/common/telemetry/telemetry_config.ts b/x-pack/test_serverless/api_integration/test_suites/common/telemetry/telemetry_config.ts index 6518dcd30f147..b6ca1666181f2 100644 --- a/x-pack/test_serverless/api_integration/test_suites/common/telemetry/telemetry_config.ts +++ b/x-pack/test_serverless/api_integration/test_suites/common/telemetry/telemetry_config.ts @@ -6,23 +6,30 @@ */ import { expect } from 'expect'; -import type { RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; export default function telemetryConfigTest({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithApiKey: SupertestWithRoleScopeType; + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; describe('/api/telemetry/v2/config API Telemetry config', function () { - let roleAuthc: RoleCredentials; - before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); + supertestAdminWithApiKey = await roleScopedSupertest.getSupertestWithRoleScope('admin', { + withCommonHeaders: true, + }); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + await supertestAdminWithApiKey.destroy(); }); const baseConfig = { @@ -33,56 +40,38 @@ export default function telemetryConfigTest({ getService }: FtrProviderContext) }; it('GET should get the default config', async () => { - const { body } = await supertestWithoutAuth - .get('/api/telemetry/v2/config') - .set(svlCommonApi.getCommonRequestHeader()) - .set(roleAuthc.apiKeyHeader) - .expect(200); + const { body } = await supertestAdminWithApiKey.get('/api/telemetry/v2/config').expect(200); expect(body).toMatchObject(baseConfig); }); it('GET should get updated labels after dynamically updating them', async () => { - const { body: initialConfig } = await supertestWithoutAuth + const { body: initialConfig } = await supertestAdminWithApiKey .get('/api/telemetry/v2/config') - .set(svlCommonApi.getCommonRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .put('/internal/core/_settings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .set('elastic-api-version', '1') .send({ 'telemetry.labels.journeyName': 'my-ftr-test' }) .expect(200, { ok: true }); - await supertestWithoutAuth - .get('/api/telemetry/v2/config') - .set(svlCommonApi.getCommonRequestHeader()) - .set(roleAuthc.apiKeyHeader) - .expect(200, { - ...initialConfig, - labels: { - ...initialConfig.labels, - journeyName: 'my-ftr-test', - }, - }); + await supertestAdminWithApiKey.get('/api/telemetry/v2/config').expect(200, { + ...initialConfig, + labels: { + ...initialConfig.labels, + journeyName: 'my-ftr-test', + }, + }); // Sends "null" to remove the label - await supertestWithoutAuth + await supertestAdminWithCookieCredentials .put('/internal/core/_settings') - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .set('elastic-api-version', '1') .send({ 'telemetry.labels.journeyName': null }) .expect(200, { ok: true }); - await supertestWithoutAuth - .get('/api/telemetry/v2/config') - .set(svlCommonApi.getCommonRequestHeader()) - .set(roleAuthc.apiKeyHeader) - .expect(200, initialConfig); + await supertestAdminWithApiKey.get('/api/telemetry/v2/config').expect(200, initialConfig); }); }); } diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts index 2e41125e8265b..ecf6ddd2c76f8 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/platform_security/authorization.ts @@ -18,7 +18,7 @@ export default function ({ getService }: FtrProviderContext) { before(async () => { // get auth header for Viewer role - adminCredentials = await svlUserManager.getM2MApiCredentialsWithRoleScope('admin'); + adminCredentials = await svlUserManager.getM2MApiCookieCredentialsWithRoleScope('admin'); }); it('composite features', async () => { diff --git a/x-pack/test_serverless/api_integration/test_suites/observability/synthetics/synthetics_enablement.ts b/x-pack/test_serverless/api_integration/test_suites/observability/synthetics/synthetics_enablement.ts index f33e8195c4d9c..7e8fcc343db75 100644 --- a/x-pack/test_serverless/api_integration/test_suites/observability/synthetics/synthetics_enablement.ts +++ b/x-pack/test_serverless/api_integration/test_suites/observability/synthetics/synthetics_enablement.ts @@ -69,7 +69,7 @@ export default function ({ getService }: FtrProviderContext) { return supertestWithoutAuth .put(SYNTHETICS_API_URLS.SYNTHETICS_ENABLEMENT) .set(internalRequestHeader as unknown as Record) - .set(await svlUserManager.getM2MApiCredentialsWithRoleScope(role)) + .set(await svlUserManager.getM2MApiCookieCredentialsWithRoleScope(role)) .expect(expectedStatus); } @@ -77,7 +77,7 @@ export default function ({ getService }: FtrProviderContext) { return supertestWithoutAuth .delete(SYNTHETICS_API_URLS.SYNTHETICS_ENABLEMENT) .set(internalRequestHeader as unknown as Record) - .set(await svlUserManager.getM2MApiCredentialsWithRoleScope(role)) + .set(await svlUserManager.getM2MApiCookieCredentialsWithRoleScope(role)) .expect(expectedStatus); } diff --git a/x-pack/test_serverless/api_integration/test_suites/search/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/search/platform_security/authorization.ts index 472647f92382e..a30b8aca571ea 100644 --- a/x-pack/test_serverless/api_integration/test_suites/search/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/search/platform_security/authorization.ts @@ -18,7 +18,7 @@ export default function ({ getService }: FtrProviderContext) { before(async () => { // get auth header for Viewer role - adminCredentials = await svlUserManager.getM2MApiCredentialsWithRoleScope('admin'); + adminCredentials = await svlUserManager.getM2MApiCookieCredentialsWithRoleScope('admin'); }); it('composite features', async () => { diff --git a/x-pack/test_serverless/api_integration/test_suites/search/search_indices/indices.ts b/x-pack/test_serverless/api_integration/test_suites/search/search_indices/indices.ts index 4ece363018554..ba75d1334f4fb 100644 --- a/x-pack/test_serverless/api_integration/test_suites/search/search_indices/indices.ts +++ b/x-pack/test_serverless/api_integration/test_suites/search/search_indices/indices.ts @@ -6,31 +6,30 @@ */ import expect from 'expect'; -import { InternalRequestHeader, RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; const INTERNAL_API_BASE_PATH = '/internal/search_indices'; export default function ({ getService }: FtrProviderContext) { const log = getService('log'); - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); const esDeleteAllIndices = getService('esDeleteAllIndices'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; - let internalReqHeader: InternalRequestHeader; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestDeveloperWithCookieCredentials: SupertestWithRoleScopeType; + let supertestViewerWithCookieCredentials: SupertestWithRoleScopeType; describe('search_indices Indices APIs', function () { - before(function () { - internalReqHeader = svlCommonApi.getInternalRequestHeader(); - }); describe('create index', function () { const createIndexName = 'a-test-index'; describe('developer', function () { before(async () => { - // get auth header for Viewer role - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('developer'); + supertestDeveloperWithCookieCredentials = + await roleScopedSupertest.getSupertestWithRoleScope('developer', { + useCookieHeader: true, + withInternalHeaders: true, + }); }); + after(async () => { // Cleanup index created for testing purposes try { @@ -39,14 +38,11 @@ export default function ({ getService }: FtrProviderContext) { log.debug('[Cleanup error] Error deleting index'); throw err; } - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); }); it('can create a new index', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestDeveloperWithCookieCredentials .post(`${INTERNAL_API_BASE_PATH}/indices/create`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ indexName: createIndexName, }) @@ -55,10 +51,8 @@ export default function ({ getService }: FtrProviderContext) { expect(body?.index).toBe(createIndexName); }); it('gives a conflict error if the index exists already', async () => { - await supertestWithoutAuth + await supertestDeveloperWithCookieCredentials .post(`${INTERNAL_API_BASE_PATH}/indices/create`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ indexName: createIndexName, }) @@ -67,15 +61,16 @@ export default function ({ getService }: FtrProviderContext) { }); describe('viewer', function () { before(async () => { - // get auth header for Viewer role - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('viewer'); + supertestViewerWithCookieCredentials = + await roleScopedSupertest.getSupertestWithRoleScope('viewer', { + useCookieHeader: true, + withInternalHeaders: true, + }); }); it('cannot create a new index', async () => { - await supertestWithoutAuth + await supertestViewerWithCookieCredentials .post(`${INTERNAL_API_BASE_PATH}/indices/create`) - .set(internalReqHeader) - .set(roleAuthc.apiKeyHeader) .send({ indexName: 'a-new-index', }) diff --git a/x-pack/test_serverless/api_integration/test_suites/search/search_indices/status.ts b/x-pack/test_serverless/api_integration/test_suites/search/search_indices/status.ts index b9e9fedbb0396..33a2a438016b9 100644 --- a/x-pack/test_serverless/api_integration/test_suites/search/search_indices/status.ts +++ b/x-pack/test_serverless/api_integration/test_suites/search/search_indices/status.ts @@ -6,25 +6,26 @@ */ import expect from 'expect'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let credentials: { Cookie: string }; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestDeveloperWithCookieCredentials: SupertestWithRoleScopeType; + let supertestViewerWithCookieCredentials: SupertestWithRoleScopeType; describe('search_indices Status APIs', function () { describe('indices status', function () { before(async () => { - // get auth header for Viewer role - credentials = await svlUserManager.getM2MApiCredentialsWithRoleScope('developer'); + supertestDeveloperWithCookieCredentials = + await roleScopedSupertest.getSupertestWithRoleScope('developer', { + useCookieHeader: true, + withInternalHeaders: true, + }); }); it('returns list of index names', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestDeveloperWithCookieCredentials .get('/internal/search_indices/status') - .set(svlCommonApi.getInternalRequestHeader()) - .set(credentials) .expect(200); expect(body.indexNames).toBeDefined(); @@ -34,16 +35,9 @@ export default function ({ getService }: FtrProviderContext) { describe('user privileges', function () { // GET /internal/search_indices/start_privileges describe('developer', function () { - before(async () => { - // get auth header for Viewer role - credentials = await svlUserManager.getM2MApiCredentialsWithRoleScope('developer'); - }); - it('returns expected privileges', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestDeveloperWithCookieCredentials .get('/internal/search_indices/start_privileges') - .set(svlCommonApi.getInternalRequestHeader()) - .set(credentials) .expect(200); expect(body).toEqual({ @@ -56,15 +50,16 @@ export default function ({ getService }: FtrProviderContext) { }); describe('viewer', function () { before(async () => { - // get auth header for Viewer role - credentials = await svlUserManager.getM2MApiCredentialsWithRoleScope('viewer'); + supertestViewerWithCookieCredentials = + await roleScopedSupertest.getSupertestWithRoleScope('viewer', { + useCookieHeader: true, + withInternalHeaders: true, + }); }); it('returns expected privileges', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestViewerWithCookieCredentials .get('/internal/search_indices/start_privileges') - .set(svlCommonApi.getInternalRequestHeader()) - .set(credentials) .expect(200); expect(body).toEqual({ diff --git a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts index 3c94acc039c3f..9c8cca9900c9b 100644 --- a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts +++ b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/api_key.ts @@ -8,32 +8,30 @@ import expect from 'expect'; import { kibanaTestSuperuserServerless } from '@kbn/test'; import { SecurityApiKey } from '@elastic/elasticsearch/lib/api/types'; -import { RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import { FtrProviderContext } from '../../../ftr_provider_context'; const API_BASE_PATH = '/internal/serverless_search'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - const svlUserManager = getService('svlUserManager'); + const roleScopedSupertest = getService('roleScopedSupertest'); const es = getService('es'); const log = getService('log'); - let roleAuthc: RoleCredentials; + let supertestDeveloperWithCookieCredentials: SupertestWithRoleScopeType; describe('API Key routes', function () { describe('GET api_keys', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('developer'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestDeveloperWithCookieCredentials = + await roleScopedSupertest.getSupertestWithRoleScope('developer', { + useCookieHeader: true, + withInternalHeaders: true, + }); }); + it('return apiKeys', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestDeveloperWithCookieCredentials .get(`${API_BASE_PATH}/api_keys`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(body).toBeDefined(); @@ -43,6 +41,8 @@ export default function ({ getService }: FtrProviderContext) { }); describe('POST api_key', function () { + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; + const deleteAllApiKeys = async () => { let apiKeys: SecurityApiKey[]; // Delete existing API keys @@ -66,21 +66,24 @@ export default function ({ getService }: FtrProviderContext) { }; before(async () => { await deleteAllApiKeys(); - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('developer'); + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); after(async () => { await deleteAllApiKeys(); - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); }); it('can create a key that expires', async () => { const createBody = { name: 'test-api-key-001', expiration: '60d', }; - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`${API_BASE_PATH}/api_key`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.cookieHeader) .send(createBody) .expect(200); @@ -90,10 +93,8 @@ export default function ({ getService }: FtrProviderContext) { const createBody = { name: 'test-api-key-002', }; - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`${API_BASE_PATH}/api_key`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.cookieHeader) .send(createBody) .expect(200); @@ -103,11 +104,9 @@ export default function ({ getService }: FtrProviderContext) { const createBody = { name: 'test-api-key-003', }; - const { body } = await supertestWithoutAuth + const { body } = await supertestAdminWithCookieCredentials .post(`${API_BASE_PATH}/api_key`) - .set(svlCommonApi.getInternalRequestHeader()) .send(createBody) - .set(roleAuthc.cookieHeader) .expect(200); expect(body).toMatchObject({ diff --git a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts index fbf5810cec555..819500aadf71a 100644 --- a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts +++ b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/connectors.ts @@ -6,30 +6,30 @@ */ import expect from 'expect'; -import { RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScope } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services/role_scoped_supertest'; import { FtrProviderContext } from '../../../ftr_provider_context'; const API_BASE_PATH = '/internal/serverless_search'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const svlUserManager = getService('svlUserManager'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestViewerWithCookieCredentials: SupertestWithRoleScope; describe('Connectors routes', function () { describe('GET connectors', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('viewer'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestViewerWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'viewer', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + it('returns list of connectors', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestViewerWithCookieCredentials .get(`${API_BASE_PATH}/connectors`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(body.connectors).toBeDefined(); diff --git a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts index b5138e70a8c3f..35c61f354892b 100644 --- a/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts +++ b/x-pack/test_serverless/api_integration/test_suites/search/serverless_search/indices.ts @@ -6,47 +6,43 @@ */ import expect from 'expect'; -import { RoleCredentials } from '../../../../shared/services'; +import { SupertestWithRoleScope } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services/role_scoped_supertest'; import { FtrProviderContext } from '../../../ftr_provider_context'; const API_BASE_PATH = '/internal/serverless_search'; export default function ({ getService }: FtrProviderContext) { - const svlCommonApi = getService('svlCommonApi'); - const supertestWithoutAuth = getService('supertestWithoutAuth'); - const svlUserManager = getService('svlUserManager'); - let roleAuthc: RoleCredentials; + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestViewerWithCookieCredentials: SupertestWithRoleScope; describe('Indices routes', function () { describe('GET indices', function () { before(async () => { - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('viewer'); - }); - after(async () => { - await svlUserManager.invalidateM2mApiKeyWithRoleScope(roleAuthc); + supertestViewerWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'viewer', + { + useCookieHeader: true, + withInternalHeaders: true, + } + ); }); + it('has route', async () => { - const { body } = await supertestWithoutAuth + const { body } = await supertestViewerWithCookieCredentials .get(`${API_BASE_PATH}/indices`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .expect(200); expect(body).toBeDefined(); }); it('accepts search_query', async () => { - await supertestWithoutAuth + await supertestViewerWithCookieCredentials .get(`${API_BASE_PATH}/indices`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .query({ search_query: 'foo' }) .expect(200); }); it('accepts from & size', async () => { - await supertestWithoutAuth + await supertestViewerWithCookieCredentials .get(`${API_BASE_PATH}/indices`) - .set(svlCommonApi.getInternalRequestHeader()) - .set(roleAuthc.apiKeyHeader) .query({ from: 0, size: 10 }) .expect(200); }); diff --git a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts index 837a9a7e6ba93..62cf85b47d997 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/cloud_security_posture/telemetry.ts @@ -6,13 +6,13 @@ */ import expect from '@kbn/expect'; -import type { Agent as SuperTestAgent } from 'supertest'; import { ELASTIC_HTTP_VERSION_HEADER } from '@kbn/core-http-common'; import { data as telemetryMockData, MockTelemetryFindings, } from '@kbn/test-suites-xpack/cloud_security_posture_api/telemetry/data'; import { createPackagePolicy } from '@kbn/test-suites-xpack/api_integration/apis/cloud_security_posture/helper'; +import { SupertestWithRoleScopeType } from '@kbn/test-suites-xpack/api_integration/deployment_agnostic/services'; import type { FtrProviderContext } from '../../../ftr_provider_context'; import { RoleCredentials } from '../../../../shared/services'; @@ -27,32 +27,12 @@ export default function ({ getService }: FtrProviderContext) { const supertestWithoutAuth = getService('supertestWithoutAuth'); const svlCommonApi = getService('svlCommonApi'); const svlUserManager = getService('svlUserManager'); + const roleScopedSupertest = getService('roleScopedSupertest'); + let supertestAdminWithCookieCredentials: SupertestWithRoleScopeType; let roleAuthc: RoleCredentials; let internalRequestHeader: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string }; - /** - * required before indexing findings - */ - const waitForPluginInitialized = ( - supertestWithoutAuthParam: SuperTestAgent, - internalRequestHeaderParam: { 'x-elastic-internal-origin': string; 'kbn-xsrf': string }, - roleAuthcParam: RoleCredentials - ): Promise => - retry.try(async () => { - log.debug('Check CSP plugin is initialized'); - roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); - internalRequestHeader = svlCommonApi.getInternalRequestHeader(); - const response = await supertestWithoutAuthParam - .get('/internal/cloud_security_posture/status?check=init') - .set(ELASTIC_HTTP_VERSION_HEADER, '1') - .set(internalRequestHeaderParam) - .set(roleAuthcParam.apiKeyHeader) - .expect(200); - expect(response.body).to.eql({ isPluginInitialized: true }); - log.debug('CSP plugin is initialized'); - }); - const index = { remove: () => es.deleteByQuery({ @@ -79,6 +59,14 @@ export default function ({ getService }: FtrProviderContext) { let agentPolicyId: string; before(async () => { + supertestAdminWithCookieCredentials = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + withCustomHeaders: { [ELASTIC_HTTP_VERSION_HEADER]: '2' }, + } + ); roleAuthc = await svlUserManager.createM2mApiKeyWithRoleScope('admin'); internalRequestHeader = svlCommonApi.getInternalRequestHeader(); await kibanaServer.savedObjects.cleanStandardList(); @@ -106,7 +94,23 @@ export default function ({ getService }: FtrProviderContext) { roleAuthc, internalRequestHeader ); - await waitForPluginInitialized(supertestWithoutAuth, internalRequestHeader, roleAuthc); + + log.debug('Check CSP plugin is initialized'); + await retry.try(async () => { + const supertestAdminWithHttpHeaderV1 = await roleScopedSupertest.getSupertestWithRoleScope( + 'admin', + { + useCookieHeader: true, + withInternalHeaders: true, + withCustomHeaders: { [ELASTIC_HTTP_VERSION_HEADER]: '1' }, + } + ); + const response = await supertestAdminWithHttpHeaderV1 + .get('/internal/cloud_security_posture/status?check=init') + .expect(200); + expect(response.body).to.eql({ isPluginInitialized: true }); + log.debug('CSP plugin is initialized'); + }); }); after(async () => { @@ -124,11 +128,8 @@ export default function ({ getService }: FtrProviderContext) { const { body: [{ stats: apiResponse }], - } = await supertestWithoutAuth + } = await supertestAdminWithCookieCredentials .post(`/internal/telemetry/clusters/_stats`) - .set(ELASTIC_HTTP_VERSION_HEADER, '2') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) .send({ unencrypted: true, refreshCache: true, @@ -178,11 +179,8 @@ export default function ({ getService }: FtrProviderContext) { const { body: [{ stats: apiResponse }], - } = await supertestWithoutAuth + } = await supertestAdminWithCookieCredentials .post(`/internal/telemetry/clusters/_stats`) - .set(ELASTIC_HTTP_VERSION_HEADER, '2') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) .send({ unencrypted: true, refreshCache: true, @@ -225,11 +223,8 @@ export default function ({ getService }: FtrProviderContext) { const { body: [{ stats: apiResponse }], - } = await supertestWithoutAuth + } = await supertestAdminWithCookieCredentials .post(`/internal/telemetry/clusters/_stats`) - .set(ELASTIC_HTTP_VERSION_HEADER, '2') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) .send({ unencrypted: true, refreshCache: true, @@ -303,11 +298,8 @@ export default function ({ getService }: FtrProviderContext) { const { body: [{ stats: apiResponse }], - } = await supertestWithoutAuth + } = await supertestAdminWithCookieCredentials .post(`/internal/telemetry/clusters/_stats`) - .set(ELASTIC_HTTP_VERSION_HEADER, '2') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) .send({ unencrypted: true, refreshCache: true, @@ -359,11 +351,8 @@ export default function ({ getService }: FtrProviderContext) { const { body: [{ stats: apiResponse }], - } = await supertestWithoutAuth + } = await supertestAdminWithCookieCredentials .post(`/internal/telemetry/clusters/_stats`) - .set(ELASTIC_HTTP_VERSION_HEADER, '2') - .set(internalRequestHeader) - .set(roleAuthc.apiKeyHeader) .send({ unencrypted: true, refreshCache: true, diff --git a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts index 5cf491188ba96..8852f274aeea3 100644 --- a/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts +++ b/x-pack/test_serverless/api_integration/test_suites/security/platform_security/authorization.ts @@ -18,7 +18,7 @@ export default function ({ getService }: FtrProviderContext) { before(async () => { // get auth header for Viewer role - adminCredentials = await svlUserManager.getM2MApiCredentialsWithRoleScope('admin'); + adminCredentials = await svlUserManager.getM2MApiCookieCredentialsWithRoleScope('admin'); }); it('composite features', async () => { From ef5aee1cc252e79aaa833eddeb686dc9492de98c Mon Sep 17 00:00:00 2001 From: "Quynh Nguyen (Quinn)" <43350163+qn895@users.noreply.github.com> Date: Thu, 19 Sep 2024 18:44:40 -0500 Subject: [PATCH 23/74] [ES|QL] Fix new variables being suggested in incorrect places (#192405) ## Summary Fixes https://github.com/elastic/kibana/issues/191876 and another bug where var0 was being suggested within the case expression if it was not previously prefixed with `var0 =`. 1. No more suggestions for new variable assignment if cursor is within a function Before https://github.com/user-attachments/assets/01327c3e-f339-44f5-bb69-922318d2ded6 After https://github.com/user-attachments/assets/3eb490d4-46c3-4839-a1d9-06b61a030e97 2. No more suggestions within `case()` Before https://github.com/user-attachments/assets/36707c65-e2c8-458a-97c2-4b287cada3f8 After https://github.com/user-attachments/assets/bee088cd-2140-4e9e-bf09-22bd278a242d ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine --- .../autocomplete.suggest.eval.test.ts | 3 +-- .../src/autocomplete/autocomplete.ts | 19 +++++++++++++------ 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts index c07b065b23ce8..cc04ccb407e6e 100644 --- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts +++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/__tests__/autocomplete.suggest.eval.test.ts @@ -559,7 +559,7 @@ describe('autocomplete.suggest', () => { test('case', async () => { const { assertSuggestions } = await setup(); const comparisonOperators = ['==', '!=', '>', '<', '>=', '<='] - .map((op) => `${op} `) + .map((op) => `${op}`) .concat(','); // case( / ) suggest any field/eval function in this position as first argument @@ -626,7 +626,6 @@ describe('autocomplete.suggest', () => { // Notice no extra space after field name ...getFieldNamesByType('any').map((field) => `${field}`), ...getFunctionSignaturesByReturnType('eval', 'any', { scalar: true }, undefined, []), - 'var0 = ', ]); // case( field > 0, >) suggests fields like normal diff --git a/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts b/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts index 50937abbde9fc..a6ee324fd2621 100644 --- a/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts +++ b/packages/kbn-esql-validation-autocomplete/src/autocomplete/autocomplete.ts @@ -112,6 +112,7 @@ import { } from '../definitions/types'; import { metadataOption } from '../definitions/options'; import { comparisonFunctions } from '../definitions/builtin'; +import { countBracketsUnclosed } from '../shared/helpers'; type GetFieldsByTypeFn = ( type: string | string[], @@ -559,8 +560,11 @@ async function getExpressionSuggestionsByType( const fieldsMap: Map = await (argDef ? getFieldsMap() : new Map()); const anyVariables = collectVariables(commands, fieldsMap, innerText); + const previousWord = findPreviousWord(innerText); // enrich with assignment has some special rules who are handled somewhere else - const canHaveAssignments = ['eval', 'stats', 'row'].includes(command.name); + const canHaveAssignments = + ['eval', 'stats', 'row'].includes(command.name) && + !comparisonFunctions.map((fn) => fn.name).includes(previousWord); const references = { fields: fieldsMap, variables: anyVariables }; @@ -1427,10 +1431,9 @@ async function getFunctionArgsSuggestions( suggestions.push( ...comparisonFunctions.map(({ name, description }) => ({ label: name, - text: name + ' ', + text: name, kind: 'Function' as ItemKind, detail: description, - command: TRIGGER_SUGGESTION_COMMAND, })) ); } @@ -1791,10 +1794,13 @@ async function getOptionArgsSuggestions( openSuggestions: true, })) ); + // Checks if cursor is still within function () + // by checking if the marker editor/cursor is within an unclosed parenthesis + const canHaveAssignment = countBracketsUnclosed('(', innerText) === 0; if (option.name === 'by') { // Add quick snippet for for stats ... by bucket(<>) - if (command.name === 'stats') { + if (command.name === 'stats' && canHaveAssignment) { suggestions.push({ label: i18n.translate( 'kbn-esql-validation-autocomplete.esql.autocomplete.addDateHistogram', @@ -1825,12 +1831,13 @@ async function getOptionArgsSuggestions( { functions: true, fields: false, - } + }, + { ignoreFn: canHaveAssignment ? [] : ['bucket', 'case'] } )) ); } - if (command.name === 'stats' && isNewExpression) { + if (command.name === 'stats' && isNewExpression && canHaveAssignment) { suggestions.push(buildNewVarDefinition(findNewVariable(anyVariables))); } } From 258adf533561b11d0cc0dae8c2fc2a1acc0d8e02 Mon Sep 17 00:00:00 2001 From: Philippe Oberti Date: Fri, 20 Sep 2024 02:39:28 +0200 Subject: [PATCH 24/74] [Security Solution][Notes] - add note block to alert defaitls flyout header (#193373) --- .../components/alert_header_block.test.tsx | 27 +++ .../right/components/alert_header_block.tsx | 45 +++++ .../components/alert_header_title.test.tsx | 21 ++- .../right/components/alert_header_title.tsx | 80 ++++++--- .../right/components/assignees.test.tsx | 4 +- .../right/components/assignees.tsx | 34 ++-- .../right/components/notes.test.tsx | 154 ++++++++++++++++++ .../right/components/notes.tsx | 87 ++++++++++ .../right/components/risk_score.tsx | 28 ++-- .../right/components/status.tsx | 50 +++--- .../right/components/test_ids.ts | 7 +- .../alert_details_right_panel.cy.ts | 8 +- .../alert_details_right_panel.ts | 13 +- .../cypress/tasks/alert_assignments.ts | 8 +- 14 files changed, 465 insertions(+), 101 deletions(-) create mode 100644 x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.test.tsx create mode 100644 x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.tsx create mode 100644 x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.test.tsx create mode 100644 x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.tsx diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.test.tsx new file mode 100644 index 0000000000000..ebe68d31f0e60 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.test.tsx @@ -0,0 +1,27 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { render } from '@testing-library/react'; +import { AlertHeaderBlock } from './alert_header_block'; + +const title =
{'title'}
; +const children =
{'children'}
; +const dataTestSubj = 'TITLE_TEST_ID'; + +describe('', () => { + it('should render component', () => { + const { getByTestId } = render( + + {children} + + ); + + expect(getByTestId('TITLE_TEST_ID')).toHaveTextContent('title'); + expect(getByTestId('CHILDREN_TEST_ID')).toBeInTheDocument(); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.tsx new file mode 100644 index 0000000000000..84259ffcf0eb6 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_block.tsx @@ -0,0 +1,45 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import type { ReactElement, ReactNode, VFC } from 'react'; +import React, { memo } from 'react'; +import { EuiFlexGroup, EuiFlexItem, EuiPanel, EuiTitle } from '@elastic/eui'; + +export interface AlertHeaderBlockProps { + /** + * React component to render as the title + */ + title: ReactElement; + /** + * React component to render as the value + */ + children: ReactNode; + /** + * data-test-subj to use for the title + */ + ['data-test-subj']?: string; +} + +/** + * Reusable component for rendering a block with rounded edges, show a title and value below one another + */ +export const AlertHeaderBlock: VFC = memo( + ({ title, children, 'data-test-subj': dataTestSubj }) => ( + + + + +

{title}

+ + + {children} + + + ) +); + +AlertHeaderBlock.displayName = 'AlertHeaderBlock'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx index 4a0267a8dade8..6d72ca9e58dfa 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.test.tsx @@ -13,8 +13,10 @@ import { SEVERITY_VALUE_TEST_ID, FLYOUT_ALERT_HEADER_TITLE_TEST_ID, STATUS_BUTTON_TEST_ID, - ASSIGNEES_HEADER_TEST_ID, ALERT_SUMMARY_PANEL_TEST_ID, + ASSIGNEES_TEST_ID, + ASSIGNEES_EMPTY_TEST_ID, + NOTES_TITLE_TEST_ID, } from './test_ids'; import { AlertHeaderTitle } from './alert_header_title'; import moment from 'moment-timezone'; @@ -22,8 +24,10 @@ import { useDateFormat, useTimeZone } from '../../../../common/lib/kibana'; import { mockGetFieldsData } from '../../shared/mocks/mock_get_fields_data'; import { mockDataFormattedForFieldBrowser } from '../../shared/mocks/mock_data_formatted_for_field_browser'; import { TestProvidersComponent } from '../../../../common/mock'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; jest.mock('../../../../common/lib/kibana'); +jest.mock('../../../../common/hooks/use_experimental_features'); moment.suppressDeprecationWarnings = true; moment.tz.setDefault('UTC'); @@ -51,7 +55,7 @@ describe('', () => { }); it('should render component', () => { - const { getByTestId } = renderHeader(mockContextValue); + const { getByTestId, queryByTestId } = renderHeader(mockContextValue); expect(getByTestId(HEADER_TEXT_TEST_ID)).toHaveTextContent('rule-name'); expect(getByTestId(SEVERITY_VALUE_TEST_ID)).toBeInTheDocument(); @@ -59,7 +63,8 @@ describe('', () => { expect(getByTestId(RISK_SCORE_VALUE_TEST_ID)).toBeInTheDocument(); expect(getByTestId(STATUS_BUTTON_TEST_ID)).toBeInTheDocument(); - expect(getByTestId(ASSIGNEES_HEADER_TEST_ID)).toBeInTheDocument(); + expect(getByTestId(ASSIGNEES_TEST_ID)).toBeInTheDocument(); + expect(queryByTestId(ASSIGNEES_EMPTY_TEST_ID)).not.toBeInTheDocument(); }); it('should render title correctly if flyout is in preview', () => { @@ -68,7 +73,15 @@ describe('', () => { expect(getByTestId(RISK_SCORE_VALUE_TEST_ID)).toBeInTheDocument(); expect(queryByTestId(STATUS_BUTTON_TEST_ID)).not.toBeInTheDocument(); - expect(getByTestId(ASSIGNEES_HEADER_TEST_ID)).toHaveTextContent('Assignees—'); + expect(getByTestId(ASSIGNEES_EMPTY_TEST_ID)).toBeInTheDocument(); + expect(queryByTestId(ASSIGNEES_TEST_ID)).not.toBeInTheDocument(); + }); + + it('should render notes section if experimental flag is enabled', () => { + (useIsExperimentalFeatureEnabled as jest.Mock).mockReturnValue(true); + + const { getByTestId } = renderHeader(mockContextValue); + expect(getByTestId(NOTES_TITLE_TEST_ID)).toBeInTheDocument(); }); it('should render fall back values if document is not alert', () => { diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx index a54a3a027fad1..f128fada5fb29 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/alert_header_title.tsx @@ -6,11 +6,12 @@ */ import React, { memo, useCallback, useMemo } from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiPanel, useEuiTheme, EuiLink } from '@elastic/eui'; -import { css } from '@emotion/css'; +import { EuiFlexGroup, EuiFlexItem, EuiSpacer, EuiLink } from '@elastic/eui'; import { ALERT_WORKFLOW_ASSIGNEE_IDS } from '@kbn/rule-data-utils'; import { i18n } from '@kbn/i18n'; import { FlyoutTitle } from '@kbn/security-solution-common'; +import { useIsExperimentalFeatureEnabled } from '../../../../common/hooks/use_experimental_features'; +import { Notes } from './notes'; import { useRuleDetailsLink } from '../../shared/hooks/use_rule_details_link'; import { DocumentStatus } from './status'; import { DocumentSeverity } from './severity'; @@ -22,6 +23,11 @@ import { PreferenceFormattedDate } from '../../../../common/components/formatted import { FLYOUT_ALERT_HEADER_TITLE_TEST_ID, ALERT_SUMMARY_PANEL_TEST_ID } from './test_ids'; import { Assignees } from './assignees'; +// minWidth for each block, allows to switch for a 1 row 4 blocks to 2 rows with 2 block each +const blockStyles = { + minWidth: 280, +}; + /** * Alert details flyout right section header */ @@ -34,10 +40,13 @@ export const AlertHeaderTitle = memo(() => { refetchFlyoutData, getFieldsData, } = useDocumentDetailsContext(); + const securitySolutionNotesEnabled = useIsExperimentalFeatureEnabled( + 'securitySolutionNotesEnabled' + ); + const { isAlert, ruleName, timestamp, ruleId } = useBasicDataFromDetailsData( dataFormattedForFieldBrowser ); - const { euiTheme } = useEuiTheme(); const href = useRuleDetailsLink({ ruleId: !isPreview ? ruleId : null }); const ruleTitle = useMemo( @@ -89,27 +98,52 @@ export const AlertHeaderTitle = memo(() => { /> )} - - - + {securitySolutionNotesEnabled ? ( + + + + + + + + + + + + + + + + + + + + + + + ) : ( + + - + @@ -121,7 +155,7 @@ export const AlertHeaderTitle = memo(() => { /> - + )} ); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.test.tsx index 161fc4db117de..3c27165f8cc11 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.test.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.test.tsx @@ -10,8 +10,8 @@ import { render } from '@testing-library/react'; import { ASSIGNEES_ADD_BUTTON_TEST_ID, + ASSIGNEES_EMPTY_TEST_ID, ASSIGNEES_TITLE_TEST_ID, - ASSIGNEES_HEADER_TEST_ID, } from './test_ids'; import { Assignees } from './assignees'; @@ -180,6 +180,6 @@ describe('', () => { ); expect(queryByTestId(ASSIGNEES_ADD_BUTTON_TEST_ID)).not.toBeInTheDocument(); - expect(getByTestId(ASSIGNEES_HEADER_TEST_ID)).toHaveTextContent('Assignees—'); + expect(getByTestId(ASSIGNEES_EMPTY_TEST_ID)).toHaveTextContent('—'); }); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.tsx index 140a7baab04ab..aa8360c30d292 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/assignees.tsx @@ -14,12 +14,12 @@ import { EuiFlexGroup, EuiFlexItem, EuiPopover, - EuiTitle, EuiToolTip, useGeneratedHtmlId, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n-react'; +import { AlertHeaderBlock } from './alert_header_block'; import { useSetAlertAssignees } from '../../../../common/components/toolbar/bulk_actions/use_set_alert_assignees'; import { getEmptyTagValue } from '../../../../common/components/empty_value'; import { ASSIGNEES_PANEL_WIDTH } from '../../../../common/components/assignees/constants'; @@ -32,7 +32,8 @@ import { useBulkGetUserProfiles } from '../../../../common/components/user_profi import { UsersAvatarsPanel } from '../../../../common/components/user_profiles/users_avatars_panel'; import { ASSIGNEES_ADD_BUTTON_TEST_ID, - ASSIGNEES_HEADER_TEST_ID, + ASSIGNEES_EMPTY_TEST_ID, + ASSIGNEES_TEST_ID, ASSIGNEES_TITLE_TEST_ID, } from './test_ids'; @@ -158,26 +159,19 @@ export const Assignees: FC = memo( ]); return ( - + } + data-test-subj={ASSIGNEES_TITLE_TEST_ID} > - - -

- -

- - {isPreview ? ( - getEmptyTagValue() +
{getEmptyTagValue()}
) : ( - + {assignedUsers && ( @@ -186,7 +180,7 @@ export const Assignees: FC = memo( {updateAssigneesPopover} )} - + ); } ); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.test.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.test.tsx new file mode 100644 index 0000000000000..437fb5d9e21b2 --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.test.tsx @@ -0,0 +1,154 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React from 'react'; +import { render } from '@testing-library/react'; +import { DocumentDetailsContext } from '../../shared/context'; +import { NOTES_COUNT_TEST_ID, NOTES_LOADING_TEST_ID, NOTES_TITLE_TEST_ID } from './test_ids'; +import { FETCH_NOTES_ERROR, Notes } from './notes'; +import { mockContextValue } from '../../shared/mocks/mock_context'; +import { createMockStore, mockGlobalState, TestProviders } from '../../../../common/mock'; +import { ReqStatus } from '../../../../notes'; +import type { Note } from '../../../../../common/api/timeline'; + +const mockAddError = jest.fn(); +jest.mock('../../../../common/hooks/use_app_toasts', () => ({ + useAppToasts: () => ({ + addError: mockAddError, + }), +})); + +const mockDispatch = jest.fn(); +jest.mock('react-redux', () => { + const original = jest.requireActual('react-redux'); + return { + ...original, + useDispatch: () => mockDispatch, + }; +}); + +describe('', () => { + it('should render loading spinner', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + fetchNotesByDocumentIds: ReqStatus.Loading, + }, + }, + }); + + const { getByTestId } = render( + + + + + + ); + + expect(mockDispatch).toHaveBeenCalled(); + expect(getByTestId(NOTES_TITLE_TEST_ID)).toBeInTheDocument(); + expect(getByTestId(NOTES_TITLE_TEST_ID)).toHaveTextContent('Notes'); + expect(getByTestId(NOTES_LOADING_TEST_ID)).toBeInTheDocument(); + }); + + it('should render number of notes', () => { + const contextValue = { + ...mockContextValue, + eventId: '1', + }; + + const { getByTestId } = render( + + + + + + ); + + expect(getByTestId(NOTES_TITLE_TEST_ID)).toBeInTheDocument(); + expect(getByTestId(NOTES_TITLE_TEST_ID)).toHaveTextContent('Notes'); + expect(getByTestId(NOTES_COUNT_TEST_ID)).toBeInTheDocument(); + expect(getByTestId(NOTES_COUNT_TEST_ID)).toHaveTextContent('1'); + }); + + it('should render number of notes in scientific notation for big numbers', () => { + const createMockNote = (noteId: string): Note => ({ + eventId: '1', // should be a valid id based on mockTimelineData + noteId, + note: 'note-1', + timelineId: 'timeline-1', + created: 1663882629000, + createdBy: 'elastic', + updated: 1663882629000, + updatedBy: 'elastic', + version: 'version', + }); + const mockEntities = [...Array(1000).keys()] + .map((i: number) => createMockNote(i.toString())) + .reduce((acc, entity) => { + // @ts-ignore + acc[entity.noteId] = entity; + return acc; + }, {}); + const mockIds = Object.keys(mockEntities); + + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + entities: mockEntities, + ids: mockIds, + }, + }); + const contextValue = { + ...mockContextValue, + eventId: '1', + }; + + const { getByTestId } = render( + + + + + + ); + + expect(getByTestId(NOTES_COUNT_TEST_ID)).toHaveTextContent('1k'); + }); + + it('should render toast error', () => { + const store = createMockStore({ + ...mockGlobalState, + notes: { + ...mockGlobalState.notes, + status: { + ...mockGlobalState.notes.status, + fetchNotesByDocumentIds: ReqStatus.Failed, + }, + error: { + ...mockGlobalState.notes.error, + fetchNotesByDocumentIds: { type: 'http', status: 500 }, + }, + }, + }); + + render( + + + + + + ); + + expect(mockAddError).toHaveBeenCalledWith(null, { + title: FETCH_NOTES_ERROR, + }); + }); +}); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.tsx new file mode 100644 index 0000000000000..41f96c90f89ec --- /dev/null +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/notes.tsx @@ -0,0 +1,87 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import React, { memo, useEffect } from 'react'; +import { useDispatch, useSelector } from 'react-redux'; +import { FormattedMessage } from '@kbn/i18n-react'; +import { i18n } from '@kbn/i18n'; +import { EuiLoadingSpinner } from '@elastic/eui'; +import { FormattedCount } from '../../../../common/components/formatted_number'; +import { useDocumentDetailsContext } from '../../shared/context'; +import { NOTES_COUNT_TEST_ID, NOTES_LOADING_TEST_ID, NOTES_TITLE_TEST_ID } from './test_ids'; +import type { State } from '../../../../common/store'; +import type { Note } from '../../../../../common/api/timeline'; +import { + fetchNotesByDocumentIds, + ReqStatus, + selectFetchNotesByDocumentIdsError, + selectFetchNotesByDocumentIdsStatus, + selectSortedNotesByDocumentId, +} from '../../../../notes/store/notes.slice'; +import { useAppToasts } from '../../../../common/hooks/use_app_toasts'; +import { AlertHeaderBlock } from './alert_header_block'; + +export const FETCH_NOTES_ERROR = i18n.translate( + 'xpack.securitySolution.notes.fetchNotesErrorLabel', + { + defaultMessage: 'Error fetching notes', + } +); + +/** + * Renders a block with the number of notes for the event + */ +export const Notes = memo(() => { + const dispatch = useDispatch(); + const { eventId } = useDocumentDetailsContext(); + const { addError: addErrorToast } = useAppToasts(); + + useEffect(() => { + dispatch(fetchNotesByDocumentIds({ documentIds: [eventId] })); + }, [dispatch, eventId]); + + const fetchStatus = useSelector((state: State) => selectFetchNotesByDocumentIdsStatus(state)); + const fetchError = useSelector((state: State) => selectFetchNotesByDocumentIdsError(state)); + + const notes: Note[] = useSelector((state: State) => + selectSortedNotesByDocumentId(state, { + documentId: eventId, + sort: { field: 'created', direction: 'desc' }, + }) + ); + + // show a toast if the fetch notes call fails + useEffect(() => { + if (fetchStatus === ReqStatus.Failed && fetchError) { + addErrorToast(null, { + title: FETCH_NOTES_ERROR, + }); + } + }, [addErrorToast, fetchError, fetchStatus]); + + return ( + + } + data-test-subj={NOTES_TITLE_TEST_ID} + > + {fetchStatus === ReqStatus.Loading ? ( + + ) : ( +
+ +
+ )} + + ); +}); + +Notes.displayName = 'Notes'; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx index dfa03cabd53e6..fba4343e97499 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/risk_score.tsx @@ -6,9 +6,9 @@ */ import React, { memo } from 'react'; -import { EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui'; import { ALERT_RISK_SCORE } from '@kbn/rule-data-utils'; import { FormattedMessage } from '@kbn/i18n-react'; +import { AlertHeaderBlock } from './alert_header_block'; import { RISK_SCORE_TITLE_TEST_ID, RISK_SCORE_VALUE_TEST_ID } from './test_ids'; import { useDocumentDetailsContext } from '../../shared/context'; @@ -33,21 +33,17 @@ export const RiskScore = memo(() => { } return ( - - - -

- -

- - - - {alertRiskScore} - - + + } + data-test-subj={RISK_SCORE_TITLE_TEST_ID} + > + {alertRiskScore} + ); }); diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx index 420eb7feafa4a..601201f2e58e8 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/status.tsx @@ -9,7 +9,7 @@ import type { FC } from 'react'; import React, { useMemo } from 'react'; import { find } from 'lodash/fp'; import { FormattedMessage } from '@kbn/i18n-react'; -import { EuiFlexGroup, EuiFlexItem, EuiTitle } from '@elastic/eui'; +import { AlertHeaderBlock } from './alert_header_block'; import { getEmptyTagValue } from '../../../../common/components/empty_value'; import { SIGNAL_STATUS_FIELD_NAME } from '../../../../timelines/components/timeline/body/renderers/constants'; import { StatusPopoverButton } from './status_popover_button'; @@ -51,32 +51,28 @@ export const DocumentStatus: FC = () => { }, [browserFields, dataFormattedForFieldBrowser, eventId, scopeId]); return ( - - - -

- -

- - - - {!statusData || !hasData(statusData) || isPreview ? ( - getEmptyTagValue() - ) : ( - - - - )} - - + + } + data-test-subj={STATUS_TITLE_TEST_ID} + > + {!statusData || !hasData(statusData) || isPreview ? ( + getEmptyTagValue() + ) : ( + + + + )} + ); }; diff --git a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts index d215f16172414..83f833a4b24ac 100644 --- a/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts +++ b/x-pack/plugins/security_solution/public/flyout/document_details/right/components/test_ids.ts @@ -33,7 +33,12 @@ export const RISK_SCORE_VALUE_TEST_ID = `${FLYOUT_HEADER_TEST_ID}RiskScoreValue` export const SHARE_BUTTON_TEST_ID = `${FLYOUT_HEADER_TEST_ID}ShareButton` as const; export const CHAT_BUTTON_TEST_ID = 'newChatByTitle' as const; -export const ASSIGNEES_HEADER_TEST_ID = `${FLYOUT_HEADER_TEST_ID}AssigneesHeader` as const; +export const NOTES_TITLE_TEST_ID = `${FLYOUT_HEADER_TEST_ID}NotesTitle` as const; +export const NOTES_COUNT_TEST_ID = `${FLYOUT_HEADER_TEST_ID}NotesCount` as const; +export const NOTES_LOADING_TEST_ID = `${FLYOUT_HEADER_TEST_ID}NotesLoading` as const; + +export const ASSIGNEES_EMPTY_TEST_ID = `${FLYOUT_HEADER_TEST_ID}AssigneesEmpty` as const; +export const ASSIGNEES_TEST_ID = `${FLYOUT_HEADER_TEST_ID}Assignees` as const; export const ASSIGNEES_TITLE_TEST_ID = `${FLYOUT_HEADER_TEST_ID}AssigneesTitle` as const; export const ASSIGNEES_ADD_BUTTON_TEST_ID = `${FLYOUT_HEADER_TEST_ID}AssigneesAddButton` as const; diff --git a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts index 2d0d80af9c242..ab8f5557a5faf 100644 --- a/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts +++ b/x-pack/test/security_solution_cypress/cypress/e2e/investigations/alerts/expandable_flyout/alert_details_right_panel.cy.ts @@ -34,7 +34,6 @@ import { DOCUMENT_DETAILS_FLYOUT_HEADER_LINK_ICON, DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE, DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE, - DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES, DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE, DOCUMENT_DETAILS_FLYOUT_HEADER_STATUS, DOCUMENT_DETAILS_FLYOUT_HEADER_TITLE, @@ -42,6 +41,7 @@ import { DOCUMENT_DETAILS_FLYOUT_OVERVIEW_TAB, DOCUMENT_DETAILS_FLYOUT_TABLE_TAB, DOCUMENT_DETAILS_FLYOUT_FOOTER_ISOLATE_HOST, + DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_TITLE, } from '../../../../screens/expandable_flyout/alert_details_right_panel'; import { closeFlyout, @@ -93,7 +93,11 @@ describe('Alert details expandable flyout right panel', { tags: ['@ess', '@serve .should('be.visible') .and('have.text', rule.risk_score); - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES).should('have.text', 'Assignees'); + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_TITLE).should('have.text', 'Assignees'); + + // TODO uncomment when the securitySolutionNotesEnabled feature flag is removed + // cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_NOTES_TITLE).should('have.text', 'Notes'); + // cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_NOTES_VALUE).should('have.text', '0'); cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE) .should('be.visible') diff --git a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts index 41cd41eb83890..e84a70cbea621 100644 --- a/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts +++ b/x-pack/test/security_solution_cypress/cypress/screens/expandable_flyout/alert_details_right_panel.ts @@ -48,8 +48,17 @@ export const DOCUMENT_DETAILS_FLYOUT_HEADER_RISK_SCORE_VALUE = getDataTestSubjec 'securitySolutionFlyoutHeaderRiskScoreValue' ); export const DOCUMENT_DETAILS_FLYOUT_HEADER_SEVERITY_VALUE = getDataTestSubjectSelector('severity'); -export const DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES = getDataTestSubjectSelector( - 'securitySolutionFlyoutHeaderAssigneesHeader' +export const DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_TITLE = getDataTestSubjectSelector( + 'securitySolutionFlyoutHeaderAssigneesTitle' +); +export const DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_VALUE = getDataTestSubjectSelector( + 'securitySolutionFlyoutHeaderAssignees' +); +export const DOCUMENT_DETAILS_FLYOUT_HEADER_NOTES_TITLE = getDataTestSubjectSelector( + 'securitySolutionFlyoutHeaderAssigneesTitle' +); +export const DOCUMENT_DETAILS_FLYOUT_HEADER_NOTES_VALUE = getDataTestSubjectSelector( + 'securitySolutionFlyoutHeaderAssigneesValue' ); /* Footer */ diff --git a/x-pack/test/security_solution_cypress/cypress/tasks/alert_assignments.ts b/x-pack/test/security_solution_cypress/cypress/tasks/alert_assignments.ts index 460b9bf14ea33..eb2f81b84071a 100644 --- a/x-pack/test/security_solution_cypress/cypress/tasks/alert_assignments.ts +++ b/x-pack/test/security_solution_cypress/cypress/tasks/alert_assignments.ts @@ -27,7 +27,7 @@ import { ALERT_ASSIGNEES_SELECTABLE_OPTIONS, } from '../screens/alerts'; import { PAGE_TITLE } from '../screens/common/page'; -import { DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES } from '../screens/expandable_flyout/alert_details_right_panel'; +import { DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_VALUE } from '../screens/expandable_flyout/alert_details_right_panel'; import { expandFirstAlertActions, selectFirstPageAlerts } from './alerts'; import { login } from './login'; import { visitWithTimeRange } from './navigation'; @@ -85,7 +85,7 @@ export const checkEmptyAssigneesStateInAlertsTable = () => { }; export const checkEmptyAssigneesStateInAlertDetailsFlyout = () => { - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES).within(() => { + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_VALUE).within(() => { cy.get(ALERT_AVATARS_PANEL).children().should('have.length', 0); }); }; @@ -137,13 +137,13 @@ export const alertsTableShowsAssigneesBadgeForFirstAlert = (users: string[]) => }; export const alertDetailsFlyoutShowsAssignees = (users: string[]) => { - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES).within(() => { + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_VALUE).within(() => { users.forEach((user) => cy.get(`.euiAvatar${ALERT_USER_AVATAR(user)}`).should('exist')); }); }; export const alertDetailsFlyoutShowsAssigneesBadge = (users: string[]) => { - cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES).within(() => { + cy.get(DOCUMENT_DETAILS_FLYOUT_HEADER_ASSIGNEES_VALUE).within(() => { cy.get(ALERT_ASSIGNEES_COUNT_BADGE).contains(users.length); users.forEach((user) => cy.get(`.euiAvatar${ALERT_USER_AVATAR(user)}`).should('not.exist')); }); From 0ddbe0e5c7f9a8a677182860dfc26c231ff2e170 Mon Sep 17 00:00:00 2001 From: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Date: Fri, 20 Sep 2024 15:17:12 +1000 Subject: [PATCH 25/74] [api-docs] 2024-09-20 Daily api_docs build (#193505) Generated by https://buildkite.com/elastic/kibana-api-docs-daily/builds/836 --- api_docs/actions.mdx | 2 +- api_docs/advanced_settings.mdx | 2 +- .../ai_assistant_management_selection.mdx | 2 +- api_docs/aiops.mdx | 2 +- api_docs/alerting.mdx | 2 +- api_docs/apm.mdx | 2 +- api_docs/apm_data_access.mdx | 2 +- api_docs/banners.mdx | 2 +- api_docs/bfetch.mdx | 2 +- api_docs/canvas.mdx | 2 +- api_docs/cases.mdx | 2 +- api_docs/charts.mdx | 2 +- api_docs/cloud.devdocs.json | 32 ++- api_docs/cloud.mdx | 4 +- api_docs/cloud_data_migration.mdx | 2 +- api_docs/cloud_defend.mdx | 2 +- api_docs/cloud_security_posture.mdx | 2 +- api_docs/console.mdx | 2 +- api_docs/content_management.mdx | 2 +- api_docs/controls.devdocs.json | 154 +++------- api_docs/controls.mdx | 4 +- api_docs/custom_integrations.mdx | 2 +- api_docs/dashboard.devdocs.json | 18 +- api_docs/dashboard.mdx | 2 +- api_docs/dashboard_enhanced.mdx | 2 +- api_docs/data.mdx | 2 +- api_docs/data_quality.mdx | 2 +- api_docs/data_query.mdx | 2 +- api_docs/data_search.mdx | 2 +- api_docs/data_view_editor.mdx | 2 +- api_docs/data_view_field_editor.mdx | 2 +- api_docs/data_view_management.mdx | 2 +- api_docs/data_views.devdocs.json | 4 - api_docs/data_views.mdx | 2 +- api_docs/data_visualizer.mdx | 2 +- api_docs/dataset_quality.mdx | 2 +- api_docs/deprecations_by_api.mdx | 4 +- api_docs/deprecations_by_plugin.mdx | 5 +- api_docs/deprecations_by_team.mdx | 2 +- api_docs/dev_tools.mdx | 2 +- api_docs/discover.mdx | 2 +- api_docs/discover_enhanced.mdx | 2 +- api_docs/discover_shared.mdx | 2 +- api_docs/ecs_data_quality_dashboard.mdx | 2 +- api_docs/elastic_assistant.mdx | 2 +- api_docs/embeddable.devdocs.json | 12 - api_docs/embeddable.mdx | 2 +- api_docs/embeddable_enhanced.mdx | 2 +- api_docs/encrypted_saved_objects.mdx | 2 +- api_docs/enterprise_search.mdx | 2 +- api_docs/entities_data_access.mdx | 2 +- api_docs/entity_manager.mdx | 2 +- api_docs/es_ui_shared.mdx | 2 +- api_docs/esql.devdocs.json | 16 ++ api_docs/esql.mdx | 4 +- api_docs/esql_data_grid.mdx | 2 +- api_docs/event_annotation.mdx | 2 +- api_docs/event_annotation_listing.mdx | 2 +- api_docs/event_log.mdx | 2 +- api_docs/exploratory_view.mdx | 2 +- api_docs/expression_error.mdx | 2 +- api_docs/expression_gauge.mdx | 2 +- api_docs/expression_heatmap.mdx | 2 +- api_docs/expression_image.mdx | 2 +- api_docs/expression_legacy_metric_vis.mdx | 2 +- api_docs/expression_metric.mdx | 2 +- api_docs/expression_metric_vis.mdx | 2 +- api_docs/expression_partition_vis.mdx | 2 +- api_docs/expression_repeat_image.mdx | 2 +- api_docs/expression_reveal_image.mdx | 2 +- api_docs/expression_shape.mdx | 2 +- api_docs/expression_tagcloud.mdx | 2 +- api_docs/expression_x_y.mdx | 2 +- api_docs/expressions.mdx | 2 +- api_docs/features.mdx | 2 +- api_docs/field_formats.mdx | 2 +- api_docs/fields_metadata.mdx | 2 +- api_docs/file_upload.mdx | 2 +- api_docs/files.mdx | 2 +- api_docs/files_management.mdx | 2 +- api_docs/fleet.mdx | 2 +- api_docs/global_search.mdx | 2 +- api_docs/guided_onboarding.mdx | 2 +- api_docs/home.mdx | 2 +- api_docs/image_embeddable.mdx | 2 +- api_docs/index_lifecycle_management.mdx | 2 +- api_docs/index_management.mdx | 2 +- api_docs/inference.mdx | 2 +- api_docs/infra.mdx | 2 +- api_docs/ingest_pipelines.mdx | 2 +- api_docs/inspector.mdx | 2 +- api_docs/integration_assistant.mdx | 2 +- api_docs/interactive_setup.mdx | 2 +- api_docs/inventory.mdx | 2 +- api_docs/investigate.mdx | 2 +- api_docs/investigate_app.mdx | 2 +- api_docs/kbn_ace.mdx | 2 +- api_docs/kbn_actions_types.mdx | 2 +- api_docs/kbn_aiops_components.mdx | 2 +- api_docs/kbn_aiops_log_pattern_analysis.mdx | 2 +- api_docs/kbn_aiops_log_rate_analysis.mdx | 2 +- .../kbn_alerting_api_integration_helpers.mdx | 2 +- api_docs/kbn_alerting_comparators.mdx | 2 +- api_docs/kbn_alerting_state_types.mdx | 2 +- api_docs/kbn_alerting_types.mdx | 2 +- api_docs/kbn_alerts_as_data_utils.mdx | 2 +- api_docs/kbn_alerts_grouping.mdx | 2 +- api_docs/kbn_alerts_ui_shared.devdocs.json | 12 +- api_docs/kbn_alerts_ui_shared.mdx | 2 +- api_docs/kbn_analytics.mdx | 2 +- api_docs/kbn_analytics_collection_utils.mdx | 2 +- api_docs/kbn_apm_config_loader.mdx | 2 +- api_docs/kbn_apm_data_view.mdx | 2 +- api_docs/kbn_apm_synthtrace.mdx | 2 +- api_docs/kbn_apm_synthtrace_client.mdx | 2 +- api_docs/kbn_apm_types.mdx | 2 +- api_docs/kbn_apm_utils.mdx | 2 +- api_docs/kbn_avc_banner.mdx | 2 +- api_docs/kbn_axe_config.mdx | 2 +- api_docs/kbn_bfetch_error.mdx | 2 +- api_docs/kbn_calculate_auto.mdx | 2 +- .../kbn_calculate_width_from_char_count.mdx | 2 +- api_docs/kbn_cases_components.mdx | 2 +- api_docs/kbn_cbor.mdx | 2 +- api_docs/kbn_cell_actions.mdx | 2 +- api_docs/kbn_chart_expressions_common.mdx | 2 +- api_docs/kbn_chart_icons.mdx | 2 +- api_docs/kbn_ci_stats_core.mdx | 2 +- api_docs/kbn_ci_stats_performance_metrics.mdx | 2 +- api_docs/kbn_ci_stats_reporter.mdx | 2 +- api_docs/kbn_cli_dev_mode.mdx | 2 +- api_docs/kbn_cloud_security_posture.mdx | 2 +- .../kbn_cloud_security_posture_common.mdx | 2 +- api_docs/kbn_code_editor.mdx | 2 +- api_docs/kbn_code_editor_mock.mdx | 2 +- api_docs/kbn_code_owners.mdx | 2 +- api_docs/kbn_coloring.mdx | 2 +- api_docs/kbn_config.mdx | 2 +- api_docs/kbn_config_mocks.mdx | 2 +- api_docs/kbn_config_schema.mdx | 2 +- .../kbn_content_management_content_editor.mdx | 2 +- ...ent_management_content_insights_public.mdx | 2 +- ...ent_management_content_insights_server.mdx | 2 +- ...bn_content_management_favorites_public.mdx | 2 +- ...bn_content_management_favorites_server.mdx | 2 +- ...tent_management_tabbed_table_list_view.mdx | 2 +- ...kbn_content_management_table_list_view.mdx | 2 +- ...tent_management_table_list_view_common.mdx | 2 +- ...ntent_management_table_list_view_table.mdx | 2 +- .../kbn_content_management_user_profiles.mdx | 2 +- api_docs/kbn_content_management_utils.mdx | 2 +- api_docs/kbn_core_analytics_browser.mdx | 2 +- .../kbn_core_analytics_browser_internal.mdx | 2 +- api_docs/kbn_core_analytics_browser_mocks.mdx | 2 +- api_docs/kbn_core_analytics_server.mdx | 2 +- .../kbn_core_analytics_server_internal.mdx | 2 +- api_docs/kbn_core_analytics_server_mocks.mdx | 2 +- api_docs/kbn_core_application_browser.mdx | 2 +- .../kbn_core_application_browser_internal.mdx | 2 +- .../kbn_core_application_browser_mocks.mdx | 2 +- api_docs/kbn_core_application_common.mdx | 2 +- api_docs/kbn_core_apps_browser_internal.mdx | 2 +- api_docs/kbn_core_apps_browser_mocks.mdx | 2 +- api_docs/kbn_core_apps_server_internal.mdx | 2 +- api_docs/kbn_core_base_browser_mocks.mdx | 2 +- api_docs/kbn_core_base_common.mdx | 2 +- api_docs/kbn_core_base_server_internal.mdx | 2 +- api_docs/kbn_core_base_server_mocks.mdx | 2 +- .../kbn_core_capabilities_browser_mocks.mdx | 2 +- api_docs/kbn_core_capabilities_common.mdx | 2 +- api_docs/kbn_core_capabilities_server.mdx | 2 +- .../kbn_core_capabilities_server_mocks.mdx | 2 +- api_docs/kbn_core_chrome_browser.mdx | 2 +- api_docs/kbn_core_chrome_browser_mocks.mdx | 2 +- api_docs/kbn_core_config_server_internal.mdx | 2 +- api_docs/kbn_core_custom_branding_browser.mdx | 2 +- ..._core_custom_branding_browser_internal.mdx | 2 +- ...kbn_core_custom_branding_browser_mocks.mdx | 2 +- api_docs/kbn_core_custom_branding_common.mdx | 2 +- api_docs/kbn_core_custom_branding_server.mdx | 2 +- ...n_core_custom_branding_server_internal.mdx | 2 +- .../kbn_core_custom_branding_server_mocks.mdx | 2 +- api_docs/kbn_core_deprecations_browser.mdx | 2 +- ...kbn_core_deprecations_browser_internal.mdx | 2 +- .../kbn_core_deprecations_browser_mocks.mdx | 2 +- api_docs/kbn_core_deprecations_common.mdx | 2 +- api_docs/kbn_core_deprecations_server.mdx | 2 +- .../kbn_core_deprecations_server_internal.mdx | 2 +- .../kbn_core_deprecations_server_mocks.mdx | 2 +- api_docs/kbn_core_doc_links_browser.mdx | 2 +- api_docs/kbn_core_doc_links_browser_mocks.mdx | 2 +- api_docs/kbn_core_doc_links_server.mdx | 2 +- api_docs/kbn_core_doc_links_server_mocks.mdx | 2 +- ...e_elasticsearch_client_server_internal.mdx | 2 +- ...core_elasticsearch_client_server_mocks.mdx | 2 +- ...kbn_core_elasticsearch_server.devdocs.json | 16 ++ api_docs/kbn_core_elasticsearch_server.mdx | 4 +- ...kbn_core_elasticsearch_server_internal.mdx | 2 +- ...re_elasticsearch_server_mocks.devdocs.json | 2 +- .../kbn_core_elasticsearch_server_mocks.mdx | 2 +- .../kbn_core_environment_server_internal.mdx | 2 +- .../kbn_core_environment_server_mocks.mdx | 2 +- .../kbn_core_execution_context_browser.mdx | 2 +- ...ore_execution_context_browser_internal.mdx | 2 +- ...n_core_execution_context_browser_mocks.mdx | 2 +- .../kbn_core_execution_context_common.mdx | 2 +- .../kbn_core_execution_context_server.mdx | 2 +- ...core_execution_context_server_internal.mdx | 2 +- ...bn_core_execution_context_server_mocks.mdx | 2 +- api_docs/kbn_core_fatal_errors_browser.mdx | 2 +- .../kbn_core_fatal_errors_browser_mocks.mdx | 2 +- api_docs/kbn_core_feature_flags_browser.mdx | 2 +- ...bn_core_feature_flags_browser_internal.mdx | 2 +- .../kbn_core_feature_flags_browser_mocks.mdx | 2 +- api_docs/kbn_core_feature_flags_server.mdx | 2 +- ...kbn_core_feature_flags_server_internal.mdx | 2 +- .../kbn_core_feature_flags_server_mocks.mdx | 2 +- api_docs/kbn_core_http_browser.mdx | 2 +- api_docs/kbn_core_http_browser_internal.mdx | 2 +- api_docs/kbn_core_http_browser_mocks.mdx | 2 +- api_docs/kbn_core_http_common.mdx | 2 +- .../kbn_core_http_context_server_mocks.mdx | 2 +- ...re_http_request_handler_context_server.mdx | 2 +- api_docs/kbn_core_http_resources_server.mdx | 2 +- ...bn_core_http_resources_server_internal.mdx | 2 +- .../kbn_core_http_resources_server_mocks.mdx | 2 +- .../kbn_core_http_router_server_internal.mdx | 2 +- .../kbn_core_http_router_server_mocks.mdx | 2 +- api_docs/kbn_core_http_server.devdocs.json | 8 + api_docs/kbn_core_http_server.mdx | 2 +- api_docs/kbn_core_http_server_internal.mdx | 2 +- api_docs/kbn_core_http_server_mocks.mdx | 2 +- api_docs/kbn_core_i18n_browser.mdx | 2 +- api_docs/kbn_core_i18n_browser_mocks.mdx | 2 +- api_docs/kbn_core_i18n_server.mdx | 2 +- api_docs/kbn_core_i18n_server_internal.mdx | 2 +- api_docs/kbn_core_i18n_server_mocks.mdx | 2 +- ...n_core_injected_metadata_browser_mocks.mdx | 2 +- ...kbn_core_integrations_browser_internal.mdx | 2 +- .../kbn_core_integrations_browser_mocks.mdx | 2 +- api_docs/kbn_core_lifecycle_browser.mdx | 2 +- api_docs/kbn_core_lifecycle_browser_mocks.mdx | 2 +- api_docs/kbn_core_lifecycle_server.mdx | 2 +- api_docs/kbn_core_lifecycle_server_mocks.mdx | 2 +- api_docs/kbn_core_logging_browser_mocks.mdx | 2 +- api_docs/kbn_core_logging_common_internal.mdx | 2 +- api_docs/kbn_core_logging_server.mdx | 2 +- api_docs/kbn_core_logging_server_internal.mdx | 2 +- api_docs/kbn_core_logging_server_mocks.mdx | 2 +- ...ore_metrics_collectors_server_internal.mdx | 2 +- ...n_core_metrics_collectors_server_mocks.mdx | 2 +- api_docs/kbn_core_metrics_server.mdx | 2 +- api_docs/kbn_core_metrics_server_internal.mdx | 2 +- api_docs/kbn_core_metrics_server_mocks.mdx | 2 +- api_docs/kbn_core_mount_utils_browser.mdx | 2 +- api_docs/kbn_core_node_server.mdx | 2 +- api_docs/kbn_core_node_server_internal.mdx | 2 +- api_docs/kbn_core_node_server_mocks.mdx | 2 +- api_docs/kbn_core_notifications_browser.mdx | 2 +- ...bn_core_notifications_browser_internal.mdx | 2 +- .../kbn_core_notifications_browser_mocks.mdx | 2 +- api_docs/kbn_core_overlays_browser.mdx | 2 +- .../kbn_core_overlays_browser_internal.mdx | 2 +- api_docs/kbn_core_overlays_browser_mocks.mdx | 2 +- api_docs/kbn_core_plugins_browser.mdx | 2 +- api_docs/kbn_core_plugins_browser_mocks.mdx | 2 +- .../kbn_core_plugins_contracts_browser.mdx | 2 +- .../kbn_core_plugins_contracts_server.mdx | 2 +- api_docs/kbn_core_plugins_server.mdx | 2 +- api_docs/kbn_core_plugins_server_mocks.mdx | 2 +- api_docs/kbn_core_preboot_server.mdx | 2 +- api_docs/kbn_core_preboot_server_mocks.mdx | 2 +- api_docs/kbn_core_rendering_browser_mocks.mdx | 2 +- .../kbn_core_rendering_server_internal.mdx | 2 +- api_docs/kbn_core_rendering_server_mocks.mdx | 2 +- api_docs/kbn_core_root_server_internal.mdx | 2 +- .../kbn_core_saved_objects_api_browser.mdx | 2 +- .../kbn_core_saved_objects_api_server.mdx | 2 +- ...bn_core_saved_objects_api_server_mocks.mdx | 2 +- ...ore_saved_objects_base_server_internal.mdx | 2 +- ...n_core_saved_objects_base_server_mocks.mdx | 2 +- api_docs/kbn_core_saved_objects_browser.mdx | 2 +- ...bn_core_saved_objects_browser_internal.mdx | 2 +- .../kbn_core_saved_objects_browser_mocks.mdx | 2 +- api_docs/kbn_core_saved_objects_common.mdx | 2 +- ..._objects_import_export_server_internal.mdx | 2 +- ...ved_objects_import_export_server_mocks.mdx | 2 +- ...aved_objects_migration_server_internal.mdx | 2 +- ...e_saved_objects_migration_server_mocks.mdx | 2 +- api_docs/kbn_core_saved_objects_server.mdx | 2 +- ...kbn_core_saved_objects_server_internal.mdx | 2 +- .../kbn_core_saved_objects_server_mocks.mdx | 2 +- .../kbn_core_saved_objects_utils_server.mdx | 2 +- api_docs/kbn_core_security_browser.mdx | 2 +- .../kbn_core_security_browser_internal.mdx | 2 +- api_docs/kbn_core_security_browser_mocks.mdx | 2 +- api_docs/kbn_core_security_common.mdx | 2 +- api_docs/kbn_core_security_server.mdx | 2 +- .../kbn_core_security_server_internal.mdx | 2 +- api_docs/kbn_core_security_server_mocks.mdx | 2 +- api_docs/kbn_core_status_common.mdx | 2 +- api_docs/kbn_core_status_common_internal.mdx | 2 +- api_docs/kbn_core_status_server.mdx | 2 +- api_docs/kbn_core_status_server_internal.mdx | 2 +- api_docs/kbn_core_status_server_mocks.mdx | 2 +- ...core_test_helpers_deprecations_getters.mdx | 2 +- ...n_core_test_helpers_http_setup_browser.mdx | 2 +- api_docs/kbn_core_test_helpers_kbn_server.mdx | 2 +- .../kbn_core_test_helpers_model_versions.mdx | 2 +- ...n_core_test_helpers_so_type_serializer.mdx | 2 +- api_docs/kbn_core_test_helpers_test_utils.mdx | 2 +- api_docs/kbn_core_theme_browser.mdx | 2 +- api_docs/kbn_core_theme_browser_mocks.mdx | 2 +- api_docs/kbn_core_ui_settings_browser.mdx | 2 +- .../kbn_core_ui_settings_browser_internal.mdx | 2 +- .../kbn_core_ui_settings_browser_mocks.mdx | 2 +- api_docs/kbn_core_ui_settings_common.mdx | 2 +- api_docs/kbn_core_ui_settings_server.mdx | 2 +- .../kbn_core_ui_settings_server_internal.mdx | 2 +- .../kbn_core_ui_settings_server_mocks.mdx | 2 +- api_docs/kbn_core_usage_data_server.mdx | 2 +- .../kbn_core_usage_data_server_internal.mdx | 2 +- api_docs/kbn_core_usage_data_server_mocks.mdx | 2 +- api_docs/kbn_core_user_profile_browser.mdx | 2 +- ...kbn_core_user_profile_browser_internal.mdx | 2 +- .../kbn_core_user_profile_browser_mocks.mdx | 2 +- api_docs/kbn_core_user_profile_common.mdx | 2 +- api_docs/kbn_core_user_profile_server.mdx | 2 +- .../kbn_core_user_profile_server_internal.mdx | 2 +- .../kbn_core_user_profile_server_mocks.mdx | 2 +- api_docs/kbn_core_user_settings_server.mdx | 2 +- .../kbn_core_user_settings_server_mocks.mdx | 2 +- api_docs/kbn_crypto.mdx | 2 +- api_docs/kbn_crypto_browser.mdx | 2 +- api_docs/kbn_custom_icons.mdx | 2 +- api_docs/kbn_custom_integrations.mdx | 2 +- api_docs/kbn_cypress_config.mdx | 2 +- api_docs/kbn_data_forge.mdx | 2 +- api_docs/kbn_data_service.mdx | 2 +- api_docs/kbn_data_stream_adapter.mdx | 2 +- api_docs/kbn_data_view_utils.mdx | 2 +- api_docs/kbn_datemath.mdx | 2 +- api_docs/kbn_deeplinks_analytics.mdx | 2 +- api_docs/kbn_deeplinks_devtools.mdx | 2 +- api_docs/kbn_deeplinks_fleet.mdx | 2 +- api_docs/kbn_deeplinks_management.mdx | 2 +- api_docs/kbn_deeplinks_ml.mdx | 2 +- api_docs/kbn_deeplinks_observability.mdx | 2 +- api_docs/kbn_deeplinks_search.mdx | 2 +- api_docs/kbn_deeplinks_security.mdx | 2 +- api_docs/kbn_deeplinks_shared.mdx | 2 +- api_docs/kbn_default_nav_analytics.mdx | 2 +- api_docs/kbn_default_nav_devtools.mdx | 2 +- api_docs/kbn_default_nav_management.mdx | 2 +- api_docs/kbn_default_nav_ml.mdx | 2 +- api_docs/kbn_dev_cli_errors.mdx | 2 +- api_docs/kbn_dev_cli_runner.mdx | 2 +- api_docs/kbn_dev_proc_runner.mdx | 2 +- api_docs/kbn_dev_utils.mdx | 2 +- api_docs/kbn_discover_utils.mdx | 2 +- api_docs/kbn_doc_links.mdx | 2 +- api_docs/kbn_docs_utils.mdx | 2 +- api_docs/kbn_dom_drag_drop.mdx | 2 +- api_docs/kbn_ebt_tools.mdx | 2 +- api_docs/kbn_ecs_data_quality_dashboard.mdx | 2 +- api_docs/kbn_elastic_agent_utils.mdx | 2 +- api_docs/kbn_elastic_assistant.mdx | 2 +- api_docs/kbn_elastic_assistant_common.mdx | 2 +- api_docs/kbn_entities_schema.mdx | 2 +- api_docs/kbn_es.devdocs.json | 2 +- api_docs/kbn_es.mdx | 2 +- api_docs/kbn_es_archiver.mdx | 2 +- api_docs/kbn_es_errors.mdx | 2 +- api_docs/kbn_es_query.mdx | 2 +- api_docs/kbn_es_types.mdx | 2 +- api_docs/kbn_eslint_plugin_imports.mdx | 2 +- api_docs/kbn_esql_ast.mdx | 2 +- api_docs/kbn_esql_utils.mdx | 2 +- api_docs/kbn_esql_validation_autocomplete.mdx | 2 +- api_docs/kbn_event_annotation_common.mdx | 2 +- api_docs/kbn_event_annotation_components.mdx | 2 +- api_docs/kbn_expandable_flyout.mdx | 2 +- api_docs/kbn_field_types.mdx | 2 +- api_docs/kbn_field_utils.mdx | 2 +- api_docs/kbn_find_used_node_modules.mdx | 2 +- api_docs/kbn_formatters.mdx | 2 +- ...tr_common_functional_services.devdocs.json | 271 +++++++++++++++--- .../kbn_ftr_common_functional_services.mdx | 4 +- .../kbn_ftr_common_functional_ui_services.mdx | 2 +- api_docs/kbn_generate.mdx | 2 +- api_docs/kbn_generate_console_definitions.mdx | 2 +- api_docs/kbn_generate_csv.mdx | 2 +- api_docs/kbn_grid_layout.mdx | 2 +- api_docs/kbn_grouping.mdx | 2 +- api_docs/kbn_guided_onboarding.mdx | 2 +- api_docs/kbn_handlebars.mdx | 2 +- api_docs/kbn_hapi_mocks.mdx | 2 +- api_docs/kbn_health_gateway_server.mdx | 2 +- api_docs/kbn_home_sample_data_card.mdx | 2 +- api_docs/kbn_home_sample_data_tab.mdx | 2 +- api_docs/kbn_i18n.mdx | 2 +- api_docs/kbn_i18n_react.mdx | 2 +- api_docs/kbn_import_resolver.mdx | 2 +- .../kbn_index_management_shared_types.mdx | 2 +- api_docs/kbn_inference_integration_flyout.mdx | 2 +- api_docs/kbn_infra_forge.mdx | 2 +- api_docs/kbn_interpreter.mdx | 2 +- api_docs/kbn_investigation_shared.mdx | 2 +- api_docs/kbn_io_ts_utils.mdx | 2 +- api_docs/kbn_ipynb.mdx | 2 +- api_docs/kbn_jest_serializers.mdx | 2 +- api_docs/kbn_journeys.mdx | 2 +- api_docs/kbn_json_ast.mdx | 2 +- api_docs/kbn_json_schemas.mdx | 2 +- api_docs/kbn_kibana_manifest_schema.mdx | 2 +- ...anguage_documentation_popover.devdocs.json | 74 ++++- .../kbn_language_documentation_popover.mdx | 4 +- api_docs/kbn_lens_embeddable_utils.mdx | 2 +- api_docs/kbn_lens_formula_docs.mdx | 2 +- api_docs/kbn_logging.mdx | 2 +- api_docs/kbn_logging_mocks.mdx | 2 +- api_docs/kbn_managed_content_badge.mdx | 2 +- api_docs/kbn_managed_vscode_config.mdx | 2 +- api_docs/kbn_management_cards_navigation.mdx | 2 +- .../kbn_management_settings_application.mdx | 2 +- ...ent_settings_components_field_category.mdx | 2 +- ...gement_settings_components_field_input.mdx | 2 +- ...nagement_settings_components_field_row.mdx | 2 +- ...bn_management_settings_components_form.mdx | 2 +- ...n_management_settings_field_definition.mdx | 2 +- api_docs/kbn_management_settings_ids.mdx | 2 +- ...n_management_settings_section_registry.mdx | 2 +- api_docs/kbn_management_settings_types.mdx | 2 +- .../kbn_management_settings_utilities.mdx | 2 +- api_docs/kbn_management_storybook_config.mdx | 2 +- api_docs/kbn_mapbox_gl.mdx | 2 +- api_docs/kbn_maps_vector_tile_utils.mdx | 2 +- api_docs/kbn_ml_agg_utils.mdx | 2 +- api_docs/kbn_ml_anomaly_utils.devdocs.json | 5 +- api_docs/kbn_ml_anomaly_utils.mdx | 2 +- api_docs/kbn_ml_cancellable_search.mdx | 2 +- api_docs/kbn_ml_category_validator.mdx | 2 +- api_docs/kbn_ml_chi2test.mdx | 2 +- .../kbn_ml_data_frame_analytics_utils.mdx | 2 +- api_docs/kbn_ml_data_grid.mdx | 2 +- api_docs/kbn_ml_date_picker.mdx | 2 +- api_docs/kbn_ml_date_utils.mdx | 2 +- api_docs/kbn_ml_error_utils.mdx | 2 +- api_docs/kbn_ml_in_memory_table.mdx | 2 +- api_docs/kbn_ml_is_defined.mdx | 2 +- api_docs/kbn_ml_is_populated_object.mdx | 2 +- api_docs/kbn_ml_kibana_theme.mdx | 2 +- api_docs/kbn_ml_local_storage.mdx | 2 +- api_docs/kbn_ml_nested_property.mdx | 2 +- api_docs/kbn_ml_number_utils.mdx | 2 +- api_docs/kbn_ml_query_utils.mdx | 2 +- api_docs/kbn_ml_random_sampler_utils.mdx | 2 +- api_docs/kbn_ml_route_utils.mdx | 2 +- api_docs/kbn_ml_runtime_field_utils.mdx | 2 +- api_docs/kbn_ml_string_hash.mdx | 2 +- api_docs/kbn_ml_time_buckets.mdx | 2 +- api_docs/kbn_ml_trained_models_utils.mdx | 2 +- api_docs/kbn_ml_ui_actions.mdx | 2 +- api_docs/kbn_ml_url_state.mdx | 2 +- api_docs/kbn_mock_idp_utils.mdx | 2 +- api_docs/kbn_monaco.mdx | 2 +- api_docs/kbn_object_versioning.mdx | 2 +- api_docs/kbn_object_versioning_utils.mdx | 2 +- api_docs/kbn_observability_alert_details.mdx | 2 +- .../kbn_observability_alerting_rule_utils.mdx | 2 +- .../kbn_observability_alerting_test_data.mdx | 2 +- ...ility_get_padded_alert_time_range_util.mdx | 2 +- api_docs/kbn_openapi_bundler.mdx | 2 +- api_docs/kbn_openapi_generator.mdx | 2 +- api_docs/kbn_optimizer.mdx | 2 +- api_docs/kbn_optimizer_webpack_helpers.mdx | 2 +- api_docs/kbn_osquery_io_ts_types.mdx | 2 +- api_docs/kbn_panel_loader.mdx | 2 +- ..._performance_testing_dataset_extractor.mdx | 2 +- api_docs/kbn_plugin_check.mdx | 2 +- api_docs/kbn_plugin_generator.mdx | 2 +- api_docs/kbn_plugin_helpers.mdx | 2 +- api_docs/kbn_presentation_containers.mdx | 2 +- api_docs/kbn_presentation_publishing.mdx | 2 +- api_docs/kbn_profiling_utils.mdx | 2 +- api_docs/kbn_random_sampling.mdx | 2 +- api_docs/kbn_react_field.mdx | 2 +- api_docs/kbn_react_hooks.mdx | 2 +- api_docs/kbn_react_kibana_context_common.mdx | 2 +- api_docs/kbn_react_kibana_context_render.mdx | 2 +- api_docs/kbn_react_kibana_context_root.mdx | 2 +- api_docs/kbn_react_kibana_context_styled.mdx | 2 +- api_docs/kbn_react_kibana_context_theme.mdx | 2 +- api_docs/kbn_react_kibana_mount.mdx | 2 +- api_docs/kbn_recently_accessed.mdx | 2 +- api_docs/kbn_repo_file_maps.mdx | 2 +- api_docs/kbn_repo_linter.mdx | 2 +- api_docs/kbn_repo_path.mdx | 2 +- api_docs/kbn_repo_source_classifier.mdx | 2 +- api_docs/kbn_reporting_common.mdx | 2 +- api_docs/kbn_reporting_csv_share_panel.mdx | 2 +- api_docs/kbn_reporting_export_types_csv.mdx | 2 +- .../kbn_reporting_export_types_csv_common.mdx | 2 +- api_docs/kbn_reporting_export_types_pdf.mdx | 2 +- .../kbn_reporting_export_types_pdf_common.mdx | 2 +- api_docs/kbn_reporting_export_types_png.mdx | 2 +- .../kbn_reporting_export_types_png_common.mdx | 2 +- api_docs/kbn_reporting_mocks_server.mdx | 2 +- api_docs/kbn_reporting_public.mdx | 2 +- api_docs/kbn_reporting_server.mdx | 2 +- api_docs/kbn_resizable_layout.mdx | 2 +- .../kbn_response_ops_feature_flag_service.mdx | 2 +- api_docs/kbn_rison.mdx | 2 +- api_docs/kbn_rollup.mdx | 2 +- api_docs/kbn_router_to_openapispec.mdx | 2 +- api_docs/kbn_router_utils.mdx | 2 +- api_docs/kbn_rrule.mdx | 2 +- api_docs/kbn_rule_data_utils.mdx | 2 +- api_docs/kbn_saved_objects_settings.mdx | 2 +- api_docs/kbn_screenshotting_server.mdx | 2 +- api_docs/kbn_search_api_panels.mdx | 2 +- api_docs/kbn_search_connectors.mdx | 2 +- api_docs/kbn_search_errors.mdx | 2 +- api_docs/kbn_search_index_documents.mdx | 2 +- api_docs/kbn_search_response_warnings.mdx | 2 +- api_docs/kbn_search_types.mdx | 2 +- api_docs/kbn_security_api_key_management.mdx | 2 +- api_docs/kbn_security_authorization_core.mdx | 2 +- api_docs/kbn_security_form_components.mdx | 2 +- api_docs/kbn_security_hardening.mdx | 2 +- api_docs/kbn_security_plugin_types_common.mdx | 2 +- api_docs/kbn_security_plugin_types_public.mdx | 2 +- api_docs/kbn_security_plugin_types_server.mdx | 2 +- .../kbn_security_role_management_model.mdx | 2 +- api_docs/kbn_security_solution_common.mdx | 2 +- ...kbn_security_solution_distribution_bar.mdx | 2 +- api_docs/kbn_security_solution_features.mdx | 2 +- api_docs/kbn_security_solution_navigation.mdx | 2 +- api_docs/kbn_security_solution_side_nav.mdx | 2 +- ...kbn_security_solution_storybook_config.mdx | 2 +- api_docs/kbn_security_ui_components.mdx | 2 +- .../kbn_securitysolution_autocomplete.mdx | 2 +- api_docs/kbn_securitysolution_data_table.mdx | 2 +- api_docs/kbn_securitysolution_ecs.mdx | 2 +- api_docs/kbn_securitysolution_es_utils.mdx | 2 +- ...ritysolution_exception_list_components.mdx | 2 +- api_docs/kbn_securitysolution_hook_utils.mdx | 2 +- ..._securitysolution_io_ts_alerting_types.mdx | 2 +- .../kbn_securitysolution_io_ts_list_types.mdx | 2 +- api_docs/kbn_securitysolution_io_ts_types.mdx | 2 +- api_docs/kbn_securitysolution_io_ts_utils.mdx | 2 +- api_docs/kbn_securitysolution_list_api.mdx | 2 +- .../kbn_securitysolution_list_constants.mdx | 2 +- api_docs/kbn_securitysolution_list_hooks.mdx | 2 +- api_docs/kbn_securitysolution_list_utils.mdx | 2 +- api_docs/kbn_securitysolution_rules.mdx | 2 +- api_docs/kbn_securitysolution_t_grid.mdx | 2 +- api_docs/kbn_securitysolution_utils.mdx | 2 +- api_docs/kbn_server_http_tools.mdx | 2 +- api_docs/kbn_server_route_repository.mdx | 2 +- .../kbn_server_route_repository_client.mdx | 2 +- .../kbn_server_route_repository_utils.mdx | 2 +- api_docs/kbn_serverless_common_settings.mdx | 2 +- .../kbn_serverless_observability_settings.mdx | 2 +- api_docs/kbn_serverless_project_switcher.mdx | 2 +- api_docs/kbn_serverless_search_settings.mdx | 2 +- api_docs/kbn_serverless_security_settings.mdx | 2 +- api_docs/kbn_serverless_storybook_config.mdx | 2 +- api_docs/kbn_shared_svg.mdx | 2 +- api_docs/kbn_shared_ux_avatar_solution.mdx | 2 +- .../kbn_shared_ux_button_exit_full_screen.mdx | 2 +- api_docs/kbn_shared_ux_button_toolbar.mdx | 2 +- api_docs/kbn_shared_ux_card_no_data.mdx | 2 +- api_docs/kbn_shared_ux_card_no_data_mocks.mdx | 2 +- api_docs/kbn_shared_ux_chrome_navigation.mdx | 2 +- api_docs/kbn_shared_ux_error_boundary.mdx | 2 +- api_docs/kbn_shared_ux_file_context.mdx | 2 +- api_docs/kbn_shared_ux_file_image.mdx | 2 +- api_docs/kbn_shared_ux_file_image_mocks.mdx | 2 +- api_docs/kbn_shared_ux_file_mocks.mdx | 2 +- api_docs/kbn_shared_ux_file_picker.mdx | 2 +- api_docs/kbn_shared_ux_file_types.mdx | 2 +- api_docs/kbn_shared_ux_file_upload.mdx | 2 +- api_docs/kbn_shared_ux_file_util.mdx | 2 +- api_docs/kbn_shared_ux_link_redirect_app.mdx | 2 +- .../kbn_shared_ux_link_redirect_app_mocks.mdx | 2 +- api_docs/kbn_shared_ux_markdown.mdx | 2 +- api_docs/kbn_shared_ux_markdown_mocks.mdx | 2 +- .../kbn_shared_ux_page_analytics_no_data.mdx | 2 +- ...shared_ux_page_analytics_no_data_mocks.mdx | 2 +- .../kbn_shared_ux_page_kibana_no_data.mdx | 2 +- ...bn_shared_ux_page_kibana_no_data_mocks.mdx | 2 +- .../kbn_shared_ux_page_kibana_template.mdx | 2 +- ...n_shared_ux_page_kibana_template_mocks.mdx | 2 +- api_docs/kbn_shared_ux_page_no_data.mdx | 2 +- .../kbn_shared_ux_page_no_data_config.mdx | 2 +- ...bn_shared_ux_page_no_data_config_mocks.mdx | 2 +- api_docs/kbn_shared_ux_page_no_data_mocks.mdx | 2 +- api_docs/kbn_shared_ux_page_solution_nav.mdx | 2 +- .../kbn_shared_ux_prompt_no_data_views.mdx | 2 +- ...n_shared_ux_prompt_no_data_views_mocks.mdx | 2 +- api_docs/kbn_shared_ux_prompt_not_found.mdx | 2 +- api_docs/kbn_shared_ux_router.mdx | 2 +- api_docs/kbn_shared_ux_router_mocks.mdx | 2 +- api_docs/kbn_shared_ux_storybook_config.mdx | 2 +- api_docs/kbn_shared_ux_storybook_mock.mdx | 2 +- api_docs/kbn_shared_ux_tabbed_modal.mdx | 2 +- api_docs/kbn_shared_ux_table_persist.mdx | 2 +- api_docs/kbn_shared_ux_utility.mdx | 2 +- api_docs/kbn_slo_schema.devdocs.json | 24 +- api_docs/kbn_slo_schema.mdx | 2 +- api_docs/kbn_some_dev_log.mdx | 2 +- api_docs/kbn_sort_predicates.mdx | 2 +- api_docs/kbn_sse_utils.mdx | 2 +- api_docs/kbn_sse_utils_client.mdx | 2 +- api_docs/kbn_sse_utils_server.mdx | 2 +- api_docs/kbn_std.mdx | 2 +- api_docs/kbn_stdio_dev_helpers.mdx | 2 +- api_docs/kbn_storybook.mdx | 2 +- api_docs/kbn_synthetics_e2e.mdx | 2 +- api_docs/kbn_synthetics_private_location.mdx | 2 +- api_docs/kbn_telemetry_tools.mdx | 2 +- api_docs/kbn_test.mdx | 2 +- api_docs/kbn_test_eui_helpers.mdx | 2 +- api_docs/kbn_test_jest_helpers.mdx | 2 +- api_docs/kbn_test_subj_selector.mdx | 2 +- api_docs/kbn_text_based_editor.devdocs.json | 16 ++ api_docs/kbn_text_based_editor.mdx | 4 +- api_docs/kbn_timerange.mdx | 2 +- api_docs/kbn_tooling_log.mdx | 2 +- api_docs/kbn_triggers_actions_ui_types.mdx | 2 +- api_docs/kbn_try_in_console.mdx | 2 +- api_docs/kbn_ts_projects.mdx | 2 +- api_docs/kbn_typed_react_router_config.mdx | 2 +- api_docs/kbn_ui_actions_browser.mdx | 2 +- api_docs/kbn_ui_shared_deps_src.mdx | 2 +- api_docs/kbn_ui_theme.mdx | 2 +- api_docs/kbn_unified_data_table.mdx | 2 +- api_docs/kbn_unified_doc_viewer.mdx | 2 +- api_docs/kbn_unified_field_list.mdx | 2 +- api_docs/kbn_unsaved_changes_badge.mdx | 2 +- api_docs/kbn_unsaved_changes_prompt.mdx | 2 +- api_docs/kbn_use_tracked_promise.mdx | 2 +- api_docs/kbn_user_profile_components.mdx | 2 +- api_docs/kbn_utility_types.mdx | 2 +- api_docs/kbn_utility_types_jest.mdx | 2 +- api_docs/kbn_utils.mdx | 2 +- api_docs/kbn_visualization_ui_components.mdx | 2 +- api_docs/kbn_visualization_utils.mdx | 2 +- api_docs/kbn_xstate_utils.mdx | 2 +- api_docs/kbn_yarn_lock_validator.mdx | 2 +- api_docs/kbn_zod.mdx | 2 +- api_docs/kbn_zod_helpers.mdx | 2 +- api_docs/kibana_overview.mdx | 2 +- api_docs/kibana_react.mdx | 2 +- api_docs/kibana_utils.mdx | 2 +- api_docs/kubernetes_security.mdx | 2 +- api_docs/lens.mdx | 2 +- api_docs/license_api_guard.mdx | 2 +- api_docs/license_management.mdx | 2 +- api_docs/licensing.mdx | 2 +- api_docs/links.mdx | 2 +- api_docs/lists.mdx | 2 +- api_docs/logs_data_access.mdx | 2 +- api_docs/logs_explorer.mdx | 2 +- api_docs/logs_shared.mdx | 2 +- api_docs/management.mdx | 2 +- api_docs/maps.mdx | 2 +- api_docs/maps_ems.mdx | 2 +- api_docs/metrics_data_access.mdx | 2 +- api_docs/ml.mdx | 2 +- api_docs/mock_idp_plugin.mdx | 2 +- api_docs/monitoring.mdx | 2 +- api_docs/monitoring_collection.mdx | 2 +- api_docs/navigation.mdx | 2 +- api_docs/newsfeed.mdx | 2 +- api_docs/no_data_page.mdx | 2 +- api_docs/notifications.mdx | 2 +- api_docs/observability.mdx | 2 +- api_docs/observability_a_i_assistant.mdx | 2 +- api_docs/observability_a_i_assistant_app.mdx | 2 +- .../observability_ai_assistant_management.mdx | 2 +- api_docs/observability_logs_explorer.mdx | 2 +- api_docs/observability_onboarding.mdx | 2 +- api_docs/observability_shared.mdx | 2 +- api_docs/osquery.mdx | 2 +- api_docs/painless_lab.mdx | 2 +- api_docs/plugin_directory.mdx | 18 +- api_docs/presentation_panel.mdx | 2 +- api_docs/presentation_util.mdx | 2 +- api_docs/profiling.mdx | 2 +- api_docs/profiling_data_access.mdx | 2 +- api_docs/remote_clusters.mdx | 2 +- api_docs/reporting.mdx | 2 +- api_docs/rollup.mdx | 2 +- api_docs/rule_registry.mdx | 2 +- api_docs/runtime_fields.mdx | 2 +- api_docs/saved_objects.mdx | 2 +- api_docs/saved_objects_finder.mdx | 2 +- api_docs/saved_objects_management.mdx | 2 +- api_docs/saved_objects_tagging.mdx | 2 +- api_docs/saved_objects_tagging_oss.mdx | 2 +- api_docs/saved_search.mdx | 2 +- api_docs/screenshot_mode.mdx | 2 +- api_docs/screenshotting.mdx | 2 +- api_docs/search_assistant.mdx | 2 +- api_docs/search_connectors.mdx | 2 +- api_docs/search_homepage.mdx | 2 +- api_docs/search_indices.mdx | 2 +- api_docs/search_inference_endpoints.mdx | 2 +- api_docs/search_notebooks.mdx | 2 +- api_docs/search_playground.mdx | 2 +- api_docs/security.mdx | 2 +- api_docs/security_solution.devdocs.json | 12 +- api_docs/security_solution.mdx | 2 +- api_docs/security_solution_ess.mdx | 2 +- api_docs/security_solution_serverless.mdx | 2 +- api_docs/serverless.mdx | 2 +- api_docs/serverless_observability.mdx | 2 +- api_docs/serverless_search.mdx | 2 +- api_docs/session_view.mdx | 2 +- api_docs/share.mdx | 2 +- api_docs/slo.mdx | 2 +- api_docs/snapshot_restore.mdx | 2 +- api_docs/spaces.mdx | 2 +- api_docs/stack_alerts.mdx | 2 +- api_docs/stack_connectors.mdx | 2 +- api_docs/task_manager.mdx | 2 +- api_docs/telemetry.mdx | 2 +- api_docs/telemetry_collection_manager.mdx | 2 +- api_docs/telemetry_collection_xpack.mdx | 2 +- api_docs/telemetry_management_section.mdx | 2 +- api_docs/threat_intelligence.mdx | 2 +- api_docs/timelines.mdx | 2 +- api_docs/transform.mdx | 2 +- api_docs/triggers_actions_ui.mdx | 2 +- api_docs/ui_actions.mdx | 2 +- api_docs/ui_actions_enhanced.mdx | 2 +- api_docs/unified_doc_viewer.mdx | 2 +- api_docs/unified_histogram.mdx | 2 +- api_docs/unified_search.mdx | 2 +- api_docs/unified_search_autocomplete.mdx | 2 +- api_docs/uptime.mdx | 2 +- api_docs/url_forwarding.mdx | 2 +- api_docs/usage_collection.mdx | 2 +- api_docs/ux.mdx | 2 +- api_docs/vis_default_editor.mdx | 2 +- api_docs/vis_type_gauge.mdx | 2 +- api_docs/vis_type_heatmap.mdx | 2 +- api_docs/vis_type_pie.mdx | 2 +- api_docs/vis_type_table.mdx | 2 +- api_docs/vis_type_timelion.mdx | 2 +- api_docs/vis_type_timeseries.mdx | 2 +- api_docs/vis_type_vega.mdx | 2 +- api_docs/vis_type_vislib.mdx | 2 +- api_docs/vis_type_xy.mdx | 2 +- api_docs/visualizations.mdx | 2 +- 757 files changed, 1222 insertions(+), 971 deletions(-) diff --git a/api_docs/actions.mdx b/api_docs/actions.mdx index 9ed71acfceac0..e4e0104f1491f 100644 --- a/api_docs/actions.mdx +++ b/api_docs/actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/actions title: "actions" image: https://source.unsplash.com/400x175/?github description: API docs for the actions plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'actions'] --- import actionsObj from './actions.devdocs.json'; diff --git a/api_docs/advanced_settings.mdx b/api_docs/advanced_settings.mdx index ed64fcdda776d..1cb3a87f9e883 100644 --- a/api_docs/advanced_settings.mdx +++ b/api_docs/advanced_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/advancedSettings title: "advancedSettings" image: https://source.unsplash.com/400x175/?github description: API docs for the advancedSettings plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'advancedSettings'] --- import advancedSettingsObj from './advanced_settings.devdocs.json'; diff --git a/api_docs/ai_assistant_management_selection.mdx b/api_docs/ai_assistant_management_selection.mdx index d29944d472db0..dfc340739e4d5 100644 --- a/api_docs/ai_assistant_management_selection.mdx +++ b/api_docs/ai_assistant_management_selection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiAssistantManagementSelection title: "aiAssistantManagementSelection" image: https://source.unsplash.com/400x175/?github description: API docs for the aiAssistantManagementSelection plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiAssistantManagementSelection'] --- import aiAssistantManagementSelectionObj from './ai_assistant_management_selection.devdocs.json'; diff --git a/api_docs/aiops.mdx b/api_docs/aiops.mdx index ed11425824b38..b161052452d05 100644 --- a/api_docs/aiops.mdx +++ b/api_docs/aiops.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/aiops title: "aiops" image: https://source.unsplash.com/400x175/?github description: API docs for the aiops plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'aiops'] --- import aiopsObj from './aiops.devdocs.json'; diff --git a/api_docs/alerting.mdx b/api_docs/alerting.mdx index 53b27f764e367..b9277e60a8c21 100644 --- a/api_docs/alerting.mdx +++ b/api_docs/alerting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/alerting title: "alerting" image: https://source.unsplash.com/400x175/?github description: API docs for the alerting plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'alerting'] --- import alertingObj from './alerting.devdocs.json'; diff --git a/api_docs/apm.mdx b/api_docs/apm.mdx index 77c919d900ac3..89dcfb4015864 100644 --- a/api_docs/apm.mdx +++ b/api_docs/apm.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apm title: "apm" image: https://source.unsplash.com/400x175/?github description: API docs for the apm plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apm'] --- import apmObj from './apm.devdocs.json'; diff --git a/api_docs/apm_data_access.mdx b/api_docs/apm_data_access.mdx index fbe0dfc66d6ec..c7ed4fad1b0b4 100644 --- a/api_docs/apm_data_access.mdx +++ b/api_docs/apm_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/apmDataAccess title: "apmDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the apmDataAccess plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'apmDataAccess'] --- import apmDataAccessObj from './apm_data_access.devdocs.json'; diff --git a/api_docs/banners.mdx b/api_docs/banners.mdx index d08848dd3ab7b..13af2ccc3f215 100644 --- a/api_docs/banners.mdx +++ b/api_docs/banners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/banners title: "banners" image: https://source.unsplash.com/400x175/?github description: API docs for the banners plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'banners'] --- import bannersObj from './banners.devdocs.json'; diff --git a/api_docs/bfetch.mdx b/api_docs/bfetch.mdx index 36448f1aff363..3843c9535ccd6 100644 --- a/api_docs/bfetch.mdx +++ b/api_docs/bfetch.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/bfetch title: "bfetch" image: https://source.unsplash.com/400x175/?github description: API docs for the bfetch plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'bfetch'] --- import bfetchObj from './bfetch.devdocs.json'; diff --git a/api_docs/canvas.mdx b/api_docs/canvas.mdx index 14036c941eabb..12f4f0a614412 100644 --- a/api_docs/canvas.mdx +++ b/api_docs/canvas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/canvas title: "canvas" image: https://source.unsplash.com/400x175/?github description: API docs for the canvas plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'canvas'] --- import canvasObj from './canvas.devdocs.json'; diff --git a/api_docs/cases.mdx b/api_docs/cases.mdx index c488eb17c0a3f..da82fe3364d26 100644 --- a/api_docs/cases.mdx +++ b/api_docs/cases.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cases title: "cases" image: https://source.unsplash.com/400x175/?github description: API docs for the cases plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cases'] --- import casesObj from './cases.devdocs.json'; diff --git a/api_docs/charts.mdx b/api_docs/charts.mdx index 3e369f1ce4704..f87336b8ff83c 100644 --- a/api_docs/charts.mdx +++ b/api_docs/charts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/charts title: "charts" image: https://source.unsplash.com/400x175/?github description: API docs for the charts plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'charts'] --- import chartsObj from './charts.devdocs.json'; diff --git a/api_docs/cloud.devdocs.json b/api_docs/cloud.devdocs.json index a421bcc26d64a..9c44d677eb6ee 100644 --- a/api_docs/cloud.devdocs.json +++ b/api_docs/cloud.devdocs.json @@ -473,19 +473,23 @@ }, { "parentPluginId": "cloud", - "id": "def-public.CloudStart.elasticsearchUrl", - "type": "string", + "id": "def-public.CloudStart.fetchElasticsearchConfig", + "type": "Function", "tags": [], - "label": "elasticsearchUrl", + "label": "fetchElasticsearchConfig", "description": [ - "\nThe full URL to the elasticsearch cluster." + "\nFetches the full URL to the elasticsearch cluster." ], "signature": [ - "string | undefined" + "() => Promise<", + "PublicElasticsearchConfigType", + ">" ], "path": "x-pack/plugins/cloud/public/types.ts", "deprecated": false, - "trackAdoption": false + "trackAdoption": false, + "children": [], + "returnComment": [] }, { "parentPluginId": "cloud", @@ -730,19 +734,23 @@ }, { "parentPluginId": "cloud", - "id": "def-public.CloudSetup.elasticsearchUrl", - "type": "string", + "id": "def-public.CloudSetup.fetchElasticsearchConfig", + "type": "Function", "tags": [], - "label": "elasticsearchUrl", + "label": "fetchElasticsearchConfig", "description": [ - "\nThe full URL to the elasticsearch cluster." + "\nFetches the full URL to the elasticsearch cluster." ], "signature": [ - "string | undefined" + "() => Promise<", + "PublicElasticsearchConfigType", + ">" ], "path": "x-pack/plugins/cloud/public/types.ts", "deprecated": false, - "trackAdoption": false + "trackAdoption": false, + "children": [], + "returnComment": [] }, { "parentPluginId": "cloud", diff --git a/api_docs/cloud.mdx b/api_docs/cloud.mdx index c2037e08efc7c..52f7f8b9460e3 100644 --- a/api_docs/cloud.mdx +++ b/api_docs/cloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloud title: "cloud" image: https://source.unsplash.com/400x175/?github description: API docs for the cloud plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloud'] --- import cloudObj from './cloud.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 84 | 0 | 21 | 0 | +| 84 | 0 | 21 | 1 | ## Client diff --git a/api_docs/cloud_data_migration.mdx b/api_docs/cloud_data_migration.mdx index 206b59401defc..00da0feb4b77a 100644 --- a/api_docs/cloud_data_migration.mdx +++ b/api_docs/cloud_data_migration.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDataMigration title: "cloudDataMigration" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDataMigration plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDataMigration'] --- import cloudDataMigrationObj from './cloud_data_migration.devdocs.json'; diff --git a/api_docs/cloud_defend.mdx b/api_docs/cloud_defend.mdx index 5b0de299015b4..b549df3505d93 100644 --- a/api_docs/cloud_defend.mdx +++ b/api_docs/cloud_defend.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudDefend title: "cloudDefend" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudDefend plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudDefend'] --- import cloudDefendObj from './cloud_defend.devdocs.json'; diff --git a/api_docs/cloud_security_posture.mdx b/api_docs/cloud_security_posture.mdx index c15e48e575fe6..1f75ab142868d 100644 --- a/api_docs/cloud_security_posture.mdx +++ b/api_docs/cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/cloudSecurityPosture title: "cloudSecurityPosture" image: https://source.unsplash.com/400x175/?github description: API docs for the cloudSecurityPosture plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'cloudSecurityPosture'] --- import cloudSecurityPostureObj from './cloud_security_posture.devdocs.json'; diff --git a/api_docs/console.mdx b/api_docs/console.mdx index 35d1c012733e3..8a9219f181280 100644 --- a/api_docs/console.mdx +++ b/api_docs/console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/console title: "console" image: https://source.unsplash.com/400x175/?github description: API docs for the console plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'console'] --- import consoleObj from './console.devdocs.json'; diff --git a/api_docs/content_management.mdx b/api_docs/content_management.mdx index ca7a6fb27ba72..099962d6a9822 100644 --- a/api_docs/content_management.mdx +++ b/api_docs/content_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/contentManagement title: "contentManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the contentManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'contentManagement'] --- import contentManagementObj from './content_management.devdocs.json'; diff --git a/api_docs/controls.devdocs.json b/api_docs/controls.devdocs.json index 5dd8039372686..98a9926f2f4d5 100644 --- a/api_docs/controls.devdocs.json +++ b/api_docs/controls.devdocs.json @@ -866,80 +866,6 @@ ], "initialIsOpen": false }, - { - "parentPluginId": "controls", - "id": "def-public.DataControlServices", - "type": "Interface", - "tags": [], - "label": "DataControlServices", - "description": [], - "path": "src/plugins/controls/public/react_controls/controls/data_controls/types.ts", - "deprecated": false, - "trackAdoption": false, - "children": [ - { - "parentPluginId": "controls", - "id": "def-public.DataControlServices.core", - "type": "Object", - "tags": [], - "label": "core", - "description": [], - "signature": [ - { - "pluginId": "@kbn/core-lifecycle-browser", - "scope": "public", - "docId": "kibKbnCoreLifecycleBrowserPluginApi", - "section": "def-public.CoreStart", - "text": "CoreStart" - } - ], - "path": "src/plugins/controls/public/react_controls/controls/data_controls/types.ts", - "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "controls", - "id": "def-public.DataControlServices.data", - "type": "Object", - "tags": [], - "label": "data", - "description": [], - "signature": [ - { - "pluginId": "data", - "scope": "public", - "docId": "kibDataPluginApi", - "section": "def-public.DataPublicPluginStart", - "text": "DataPublicPluginStart" - } - ], - "path": "src/plugins/controls/public/react_controls/controls/data_controls/types.ts", - "deprecated": false, - "trackAdoption": false - }, - { - "parentPluginId": "controls", - "id": "def-public.DataControlServices.dataViews", - "type": "Object", - "tags": [], - "label": "dataViews", - "description": [], - "signature": [ - { - "pluginId": "dataViews", - "scope": "public", - "docId": "kibDataViewsPluginApi", - "section": "def-public.DataViewsServicePublic", - "text": "DataViewsServicePublic" - } - ], - "path": "src/plugins/controls/public/react_controls/controls/data_controls/types.ts", - "deprecated": false, - "trackAdoption": false - } - ], - "initialIsOpen": false - }, { "parentPluginId": "controls", "id": "def-public.DefaultDataControlState", @@ -1295,14 +1221,6 @@ "section": "def-public.HasEditCapabilities", "text": "HasEditCapabilities" }, - " & ", - { - "pluginId": "@kbn/presentation-publishing", - "scope": "public", - "docId": "kibKbnPresentationPublishingPluginApi", - "section": "def-public.PublishesDataLoading", - "text": "PublishesDataLoading" - }, " & Pick<", { "pluginId": "@kbn/presentation-publishing", @@ -1414,8 +1332,8 @@ "pluginId": "controls", "scope": "common", "docId": "kibControlsPluginApi", - "section": "def-common.ControlStyle", - "text": "ControlStyle" + "section": "def-common.ControlLabelPosition", + "text": "ControlLabelPosition" }, ">; asyncResetUnsavedChanges: () => Promise; controlFetch$: (controlUuid: string) => ", "Observable", @@ -1555,14 +1473,6 @@ "section": "def-public.HasEditCapabilities", "text": "HasEditCapabilities" }, - " & ", - { - "pluginId": "@kbn/presentation-publishing", - "scope": "public", - "docId": "kibKbnPresentationPublishingPluginApi", - "section": "def-public.PublishesDataLoading", - "text": "PublishesDataLoading" - }, " & Pick<", { "pluginId": "@kbn/presentation-publishing", @@ -1674,8 +1584,8 @@ "pluginId": "controls", "scope": "common", "docId": "kibControlsPluginApi", - "section": "def-common.ControlStyle", - "text": "ControlStyle" + "section": "def-common.ControlLabelPosition", + "text": "ControlLabelPosition" }, ">; asyncResetUnsavedChanges: () => Promise; controlFetch$: (controlUuid: string) => ", "Observable", @@ -1986,23 +1896,7 @@ "section": "def-public.ControlGroupApi", "text": "ControlGroupApi" }, - "> & { serializeState: () => ", - { - "pluginId": "@kbn/presentation-containers", - "scope": "public", - "docId": "kibKbnPresentationContainersPluginApi", - "section": "def-public.SerializedPanelState", - "text": "SerializedPanelState" - }, - "<", - { - "pluginId": "controls", - "scope": "common", - "docId": "kibControlsPluginApi", - "section": "def-common.DefaultControlState", - "text": "DefaultControlState" - }, - ">; setDataLoading: (loading: boolean) => void; setBlockingError: (error: Error | undefined) => void; grow: ", + "> & { setDataLoading: (loading: boolean) => void; setBlockingError: (error: Error | undefined) => void; grow: ", { "pluginId": "@kbn/presentation-publishing", "scope": "public", @@ -2026,7 +1920,23 @@ "section": "def-common.ControlWidth", "text": "ControlWidth" }, - " | undefined>; } & Omit<", + " | undefined>; serializeState: () => ", + { + "pluginId": "@kbn/presentation-containers", + "scope": "public", + "docId": "kibKbnPresentationContainersPluginApi", + "section": "def-public.SerializedPanelState", + "text": "SerializedPanelState" + }, + "<", + { + "pluginId": "controls", + "scope": "common", + "docId": "kibControlsPluginApi", + "section": "def-common.DefaultControlState", + "text": "DefaultControlState" + }, + ">; } & Omit<", { "pluginId": "@kbn/presentation-publishing", "scope": "public", @@ -3360,30 +3270,30 @@ }, { "parentPluginId": "controls", - "id": "def-common.ControlPanelState", + "id": "def-common.ControlLabelPosition", "type": "Type", "tags": [], - "label": "ControlPanelState", + "label": "ControlLabelPosition", "description": [], "signature": [ - "State & { type: string; order: number; }" + "\"twoLine\" | \"oneLine\"" ], - "path": "src/plugins/controls/common/control_group/types.ts", + "path": "src/plugins/controls/common/types.ts", "deprecated": false, "trackAdoption": false, "initialIsOpen": false }, { "parentPluginId": "controls", - "id": "def-common.ControlStyle", + "id": "def-common.ControlPanelState", "type": "Type", "tags": [], - "label": "ControlStyle", + "label": "ControlPanelState", "description": [], "signature": [ - "\"twoLine\" | \"oneLine\"" + "State & { type: string; order: number; }" ], - "path": "src/plugins/controls/common/types.ts", + "path": "src/plugins/controls/common/control_group/types.ts", "deprecated": false, "trackAdoption": false, "initialIsOpen": false @@ -3417,10 +3327,10 @@ }, { "parentPluginId": "controls", - "id": "def-common.DEFAULT_CONTROL_STYLE", + "id": "def-common.DEFAULT_CONTROL_LABEL_POSITION", "type": "CompoundType", "tags": [], - "label": "DEFAULT_CONTROL_STYLE", + "label": "DEFAULT_CONTROL_LABEL_POSITION", "description": [], "signature": [ "\"twoLine\" | \"oneLine\"" diff --git a/api_docs/controls.mdx b/api_docs/controls.mdx index 30c7f2faa1d34..0d2c150dd21ad 100644 --- a/api_docs/controls.mdx +++ b/api_docs/controls.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/controls title: "controls" image: https://source.unsplash.com/400x175/?github description: API docs for the controls plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'controls'] --- import controlsObj from './controls.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kib | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 138 | 0 | 134 | 14 | +| 134 | 0 | 130 | 14 | ## Client diff --git a/api_docs/custom_integrations.mdx b/api_docs/custom_integrations.mdx index c6ecf88f3dc93..ffaa52c43f2b9 100644 --- a/api_docs/custom_integrations.mdx +++ b/api_docs/custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/customIntegrations title: "customIntegrations" image: https://source.unsplash.com/400x175/?github description: API docs for the customIntegrations plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'customIntegrations'] --- import customIntegrationsObj from './custom_integrations.devdocs.json'; diff --git a/api_docs/dashboard.devdocs.json b/api_docs/dashboard.devdocs.json index ccd7ec7b1da4c..8cb2ab4a82d47 100644 --- a/api_docs/dashboard.devdocs.json +++ b/api_docs/dashboard.devdocs.json @@ -939,7 +939,23 @@ "section": "def-public.PublishingSubject", "text": "PublishingSubject" }, - "; forceRefresh: () => void; getPanelsState: () => ", + "; forceRefresh: () => void; getDashboardPanelFromId: (id: string) => Promise<", + { + "pluginId": "dashboard", + "scope": "common", + "docId": "kibDashboardPluginApi", + "section": "def-common.DashboardPanelState", + "text": "DashboardPanelState" + }, + "<", + { + "pluginId": "embeddable", + "scope": "common", + "docId": "kibEmbeddablePluginApi", + "section": "def-common.SavedObjectEmbeddableInput", + "text": "SavedObjectEmbeddableInput" + }, + ">>; getPanelsState: () => ", { "pluginId": "dashboard", "scope": "common", diff --git a/api_docs/dashboard.mdx b/api_docs/dashboard.mdx index 9bce02e76e9f8..348c49d3c7a02 100644 --- a/api_docs/dashboard.mdx +++ b/api_docs/dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboard title: "dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboard plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboard'] --- import dashboardObj from './dashboard.devdocs.json'; diff --git a/api_docs/dashboard_enhanced.mdx b/api_docs/dashboard_enhanced.mdx index 0b99232ddb3a6..7497c10d3dd1b 100644 --- a/api_docs/dashboard_enhanced.mdx +++ b/api_docs/dashboard_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dashboardEnhanced title: "dashboardEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the dashboardEnhanced plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dashboardEnhanced'] --- import dashboardEnhancedObj from './dashboard_enhanced.devdocs.json'; diff --git a/api_docs/data.mdx b/api_docs/data.mdx index 0d10393c7ac44..83a4cf8af4b4d 100644 --- a/api_docs/data.mdx +++ b/api_docs/data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data title: "data" image: https://source.unsplash.com/400x175/?github description: API docs for the data plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data'] --- import dataObj from './data.devdocs.json'; diff --git a/api_docs/data_quality.mdx b/api_docs/data_quality.mdx index bb1116e215251..64637a749f066 100644 --- a/api_docs/data_quality.mdx +++ b/api_docs/data_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataQuality title: "dataQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the dataQuality plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataQuality'] --- import dataQualityObj from './data_quality.devdocs.json'; diff --git a/api_docs/data_query.mdx b/api_docs/data_query.mdx index 8b715935d85d9..af0dff28b917f 100644 --- a/api_docs/data_query.mdx +++ b/api_docs/data_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-query title: "data.query" image: https://source.unsplash.com/400x175/?github description: API docs for the data.query plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.query'] --- import dataQueryObj from './data_query.devdocs.json'; diff --git a/api_docs/data_search.mdx b/api_docs/data_search.mdx index 2e3fd844ea627..8114e3510911e 100644 --- a/api_docs/data_search.mdx +++ b/api_docs/data_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/data-search title: "data.search" image: https://source.unsplash.com/400x175/?github description: API docs for the data.search plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'data.search'] --- import dataSearchObj from './data_search.devdocs.json'; diff --git a/api_docs/data_view_editor.mdx b/api_docs/data_view_editor.mdx index b0d223ed36891..e217389b8c69c 100644 --- a/api_docs/data_view_editor.mdx +++ b/api_docs/data_view_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewEditor title: "dataViewEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewEditor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewEditor'] --- import dataViewEditorObj from './data_view_editor.devdocs.json'; diff --git a/api_docs/data_view_field_editor.mdx b/api_docs/data_view_field_editor.mdx index ac615ba564f2d..ea9afd08ef7c9 100644 --- a/api_docs/data_view_field_editor.mdx +++ b/api_docs/data_view_field_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewFieldEditor title: "dataViewFieldEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewFieldEditor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewFieldEditor'] --- import dataViewFieldEditorObj from './data_view_field_editor.devdocs.json'; diff --git a/api_docs/data_view_management.mdx b/api_docs/data_view_management.mdx index 365e29e4de7d1..2952e866888b8 100644 --- a/api_docs/data_view_management.mdx +++ b/api_docs/data_view_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViewManagement title: "dataViewManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViewManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViewManagement'] --- import dataViewManagementObj from './data_view_management.devdocs.json'; diff --git a/api_docs/data_views.devdocs.json b/api_docs/data_views.devdocs.json index 9fdb448108404..1015fb02d2144 100644 --- a/api_docs/data_views.devdocs.json +++ b/api_docs/data_views.devdocs.json @@ -14390,10 +14390,6 @@ "plugin": "transform", "path": "x-pack/plugins/transform/public/app/sections/create_transform/components/step_define/common/common.test.ts" }, - { - "plugin": "controls", - "path": "src/plugins/controls/public/services/data_views/data_views.stub.ts" - }, { "plugin": "dataViewManagement", "path": "src/plugins/data_view_management/public/components/edit_index_pattern/edit_index_pattern.tsx" diff --git a/api_docs/data_views.mdx b/api_docs/data_views.mdx index 5ce3d1e7d3a65..22284b7b5f66c 100644 --- a/api_docs/data_views.mdx +++ b/api_docs/data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataViews title: "dataViews" image: https://source.unsplash.com/400x175/?github description: API docs for the dataViews plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataViews'] --- import dataViewsObj from './data_views.devdocs.json'; diff --git a/api_docs/data_visualizer.mdx b/api_docs/data_visualizer.mdx index 78bc2a29e4761..6dd527a489757 100644 --- a/api_docs/data_visualizer.mdx +++ b/api_docs/data_visualizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/dataVisualizer title: "dataVisualizer" image: https://source.unsplash.com/400x175/?github description: API docs for the dataVisualizer plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'dataVisualizer'] --- import dataVisualizerObj from './data_visualizer.devdocs.json'; diff --git a/api_docs/dataset_quality.mdx b/api_docs/dataset_quality.mdx index 0819ed916e673..6a1a10337af1c 100644 --- a/api_docs/dataset_quality.mdx +++ b/api_docs/dataset_quality.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/datasetQuality title: "datasetQuality" image: https://source.unsplash.com/400x175/?github description: API docs for the datasetQuality plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'datasetQuality'] --- import datasetQualityObj from './dataset_quality.devdocs.json'; diff --git a/api_docs/deprecations_by_api.mdx b/api_docs/deprecations_by_api.mdx index a70b90b8c5440..fd1c958327037 100644 --- a/api_docs/deprecations_by_api.mdx +++ b/api_docs/deprecations_by_api.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByApi slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-api title: Deprecated API usage by API description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -113,7 +113,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | @kbn/core, lens, savedObjects | - | | | lens, dashboard, canvas | - | | | lens, dashboard | - | -| | lens, controls, dashboard, investigateApp | - | +| | lens, dashboard, investigateApp | - | | | canvas, dashboard | - | | | dashboard | - | | | embeddable, dashboard | - | diff --git a/api_docs/deprecations_by_plugin.mdx b/api_docs/deprecations_by_plugin.mdx index 59fda57ae680d..9fe0f439213df 100644 --- a/api_docs/deprecations_by_plugin.mdx +++ b/api_docs/deprecations_by_plugin.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsByPlugin slug: /kibana-dev-docs/api-meta/deprecated-api-list-by-plugin title: Deprecated API usage by plugin description: A list of deprecated APIs, which plugins are still referencing them, and when they need to be removed by. -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -623,8 +623,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | Deprecated API | Reference location(s) | Remove By | | ---------------|-----------|-----------| -| | [options_list_fetch_cache.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/public/react_controls/controls/data_controls/options_list_control/options_list_fetch_cache.ts#:~:text=title), [data_views.stub.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/public/services/data_views/data_views.stub.ts#:~:text=title) | - | -| | [types.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/public/services/embeddable/types.ts#:~:text=getEmbeddableFactory), [embeddable_service.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/public/services/embeddable/embeddable_service.ts#:~:text=getEmbeddableFactory), [embeddable.stub.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/public/services/embeddable/embeddable.stub.ts#:~:text=getEmbeddableFactory) | - | +| | [options_list_fetch_cache.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/public/react_controls/controls/data_controls/options_list_control/options_list_fetch_cache.ts#:~:text=title) | - | | | [control_group_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/control_group/control_group_persistable_state.ts#:~:text=SavedObjectReference), [control_group_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/control_group/control_group_persistable_state.ts#:~:text=SavedObjectReference), [control_group_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/control_group/control_group_persistable_state.ts#:~:text=SavedObjectReference), [options_list_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/options_list/options_list_persistable_state.ts#:~:text=SavedObjectReference), [options_list_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/options_list/options_list_persistable_state.ts#:~:text=SavedObjectReference), [options_list_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/options_list/options_list_persistable_state.ts#:~:text=SavedObjectReference), [range_slider_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/range_slider/range_slider_persistable_state.ts#:~:text=SavedObjectReference), [range_slider_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/range_slider/range_slider_persistable_state.ts#:~:text=SavedObjectReference), [range_slider_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/range_slider/range_slider_persistable_state.ts#:~:text=SavedObjectReference), [time_slider_persistable_state.ts](https://github.com/elastic/kibana/tree/main/src/plugins/controls/server/time_slider/time_slider_persistable_state.ts#:~:text=SavedObjectReference)+ 2 more | - | diff --git a/api_docs/deprecations_by_team.mdx b/api_docs/deprecations_by_team.mdx index bcb2a7dfb8bce..115dd57a9eec7 100644 --- a/api_docs/deprecations_by_team.mdx +++ b/api_docs/deprecations_by_team.mdx @@ -7,7 +7,7 @@ id: kibDevDocsDeprecationsDueByTeam slug: /kibana-dev-docs/api-meta/deprecations-due-by-team title: Deprecated APIs due to be removed, by team description: Lists the teams that are referencing deprecated APIs with a remove by date. -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- diff --git a/api_docs/dev_tools.mdx b/api_docs/dev_tools.mdx index 9a6ca17e5097b..c7c734f1a1b49 100644 --- a/api_docs/dev_tools.mdx +++ b/api_docs/dev_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/devTools title: "devTools" image: https://source.unsplash.com/400x175/?github description: API docs for the devTools plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'devTools'] --- import devToolsObj from './dev_tools.devdocs.json'; diff --git a/api_docs/discover.mdx b/api_docs/discover.mdx index 2956e3c1fff47..98bd4052fe516 100644 --- a/api_docs/discover.mdx +++ b/api_docs/discover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discover title: "discover" image: https://source.unsplash.com/400x175/?github description: API docs for the discover plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discover'] --- import discoverObj from './discover.devdocs.json'; diff --git a/api_docs/discover_enhanced.mdx b/api_docs/discover_enhanced.mdx index 5051d5eec9715..95a6e526ced5e 100644 --- a/api_docs/discover_enhanced.mdx +++ b/api_docs/discover_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverEnhanced title: "discoverEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverEnhanced plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverEnhanced'] --- import discoverEnhancedObj from './discover_enhanced.devdocs.json'; diff --git a/api_docs/discover_shared.mdx b/api_docs/discover_shared.mdx index 669f55d105fd7..32c4067ee0dd7 100644 --- a/api_docs/discover_shared.mdx +++ b/api_docs/discover_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/discoverShared title: "discoverShared" image: https://source.unsplash.com/400x175/?github description: API docs for the discoverShared plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'discoverShared'] --- import discoverSharedObj from './discover_shared.devdocs.json'; diff --git a/api_docs/ecs_data_quality_dashboard.mdx b/api_docs/ecs_data_quality_dashboard.mdx index 4400f84cd4176..fcbbb8be61d85 100644 --- a/api_docs/ecs_data_quality_dashboard.mdx +++ b/api_docs/ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ecsDataQualityDashboard title: "ecsDataQualityDashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the ecsDataQualityDashboard plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ecsDataQualityDashboard'] --- import ecsDataQualityDashboardObj from './ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/elastic_assistant.mdx b/api_docs/elastic_assistant.mdx index 9ac382f688ffa..c74acbf576eb0 100644 --- a/api_docs/elastic_assistant.mdx +++ b/api_docs/elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/elasticAssistant title: "elasticAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the elasticAssistant plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'elasticAssistant'] --- import elasticAssistantObj from './elastic_assistant.devdocs.json'; diff --git a/api_docs/embeddable.devdocs.json b/api_docs/embeddable.devdocs.json index 82dda87fc5960..6b628765d44af 100644 --- a/api_docs/embeddable.devdocs.json +++ b/api_docs/embeddable.devdocs.json @@ -14874,14 +14874,6 @@ "plugin": "lens", "path": "x-pack/plugins/lens/public/embeddable/embeddable_component.tsx" }, - { - "plugin": "controls", - "path": "src/plugins/controls/public/services/embeddable/types.ts" - }, - { - "plugin": "controls", - "path": "src/plugins/controls/public/services/embeddable/embeddable_service.ts" - }, { "plugin": "dashboard", "path": "src/plugins/dashboard/public/services/dashboard_content_management/lib/migrate_dashboard_input.ts" @@ -14906,10 +14898,6 @@ "plugin": "dashboard", "path": "src/plugins/dashboard/public/services/embeddable/embeddable.stub.ts" }, - { - "plugin": "controls", - "path": "src/plugins/controls/public/services/embeddable/embeddable.stub.ts" - }, { "plugin": "dashboard", "path": "src/plugins/dashboard/public/dashboard_container/embeddable/create/create_dashboard.test.ts" diff --git a/api_docs/embeddable.mdx b/api_docs/embeddable.mdx index 6a8ab26813525..f85002d7080ca 100644 --- a/api_docs/embeddable.mdx +++ b/api_docs/embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddable title: "embeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddable plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddable'] --- import embeddableObj from './embeddable.devdocs.json'; diff --git a/api_docs/embeddable_enhanced.mdx b/api_docs/embeddable_enhanced.mdx index c239b13ac36b8..e06f75a1a48e3 100644 --- a/api_docs/embeddable_enhanced.mdx +++ b/api_docs/embeddable_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/embeddableEnhanced title: "embeddableEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the embeddableEnhanced plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'embeddableEnhanced'] --- import embeddableEnhancedObj from './embeddable_enhanced.devdocs.json'; diff --git a/api_docs/encrypted_saved_objects.mdx b/api_docs/encrypted_saved_objects.mdx index 804c6f28dc0a5..3b0a8c43ead37 100644 --- a/api_docs/encrypted_saved_objects.mdx +++ b/api_docs/encrypted_saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/encryptedSavedObjects title: "encryptedSavedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the encryptedSavedObjects plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'encryptedSavedObjects'] --- import encryptedSavedObjectsObj from './encrypted_saved_objects.devdocs.json'; diff --git a/api_docs/enterprise_search.mdx b/api_docs/enterprise_search.mdx index 8f021b66213fd..251ac77b529d2 100644 --- a/api_docs/enterprise_search.mdx +++ b/api_docs/enterprise_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/enterpriseSearch title: "enterpriseSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the enterpriseSearch plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'enterpriseSearch'] --- import enterpriseSearchObj from './enterprise_search.devdocs.json'; diff --git a/api_docs/entities_data_access.mdx b/api_docs/entities_data_access.mdx index 98cca9fff6dc3..8425d4a8ca448 100644 --- a/api_docs/entities_data_access.mdx +++ b/api_docs/entities_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entitiesDataAccess title: "entitiesDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the entitiesDataAccess plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entitiesDataAccess'] --- import entitiesDataAccessObj from './entities_data_access.devdocs.json'; diff --git a/api_docs/entity_manager.mdx b/api_docs/entity_manager.mdx index 2caaad0462184..e109d16be264b 100644 --- a/api_docs/entity_manager.mdx +++ b/api_docs/entity_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/entityManager title: "entityManager" image: https://source.unsplash.com/400x175/?github description: API docs for the entityManager plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'entityManager'] --- import entityManagerObj from './entity_manager.devdocs.json'; diff --git a/api_docs/es_ui_shared.mdx b/api_docs/es_ui_shared.mdx index 2cac616056835..a409e799903ea 100644 --- a/api_docs/es_ui_shared.mdx +++ b/api_docs/es_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esUiShared title: "esUiShared" image: https://source.unsplash.com/400x175/?github description: API docs for the esUiShared plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esUiShared'] --- import esUiSharedObj from './es_ui_shared.devdocs.json'; diff --git a/api_docs/esql.devdocs.json b/api_docs/esql.devdocs.json index ada151ff891ef..772be100e7465 100644 --- a/api_docs/esql.devdocs.json +++ b/api_docs/esql.devdocs.json @@ -440,6 +440,22 @@ "path": "packages/kbn-text-based-editor/src/types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "esql", + "id": "def-public.TextBasedLanguagesEditorProps.displayDocumentationAsFlyout", + "type": "CompoundType", + "tags": [], + "label": "displayDocumentationAsFlyout", + "description": [ + "adds a documentation icon in the footer which opens the inline docs as a flyout" + ], + "signature": [ + "boolean | undefined" + ], + "path": "packages/kbn-text-based-editor/src/types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/esql.mdx b/api_docs/esql.mdx index 6dbe40028c309..f75e7f1381f11 100644 --- a/api_docs/esql.mdx +++ b/api_docs/esql.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esql title: "esql" image: https://source.unsplash.com/400x175/?github description: API docs for the esql plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esql'] --- import esqlObj from './esql.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 24 | 0 | 9 | 0 | +| 25 | 0 | 9 | 0 | ## Client diff --git a/api_docs/esql_data_grid.mdx b/api_docs/esql_data_grid.mdx index af2ca301e79b4..c66e49807aa01 100644 --- a/api_docs/esql_data_grid.mdx +++ b/api_docs/esql_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/esqlDataGrid title: "esqlDataGrid" image: https://source.unsplash.com/400x175/?github description: API docs for the esqlDataGrid plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'esqlDataGrid'] --- import esqlDataGridObj from './esql_data_grid.devdocs.json'; diff --git a/api_docs/event_annotation.mdx b/api_docs/event_annotation.mdx index c8dc68d4ded72..b484324656592 100644 --- a/api_docs/event_annotation.mdx +++ b/api_docs/event_annotation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotation title: "eventAnnotation" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotation plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotation'] --- import eventAnnotationObj from './event_annotation.devdocs.json'; diff --git a/api_docs/event_annotation_listing.mdx b/api_docs/event_annotation_listing.mdx index 2e11f9022b774..4a6c490d6efe4 100644 --- a/api_docs/event_annotation_listing.mdx +++ b/api_docs/event_annotation_listing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventAnnotationListing title: "eventAnnotationListing" image: https://source.unsplash.com/400x175/?github description: API docs for the eventAnnotationListing plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventAnnotationListing'] --- import eventAnnotationListingObj from './event_annotation_listing.devdocs.json'; diff --git a/api_docs/event_log.mdx b/api_docs/event_log.mdx index 3636b498eea6a..5db1b1b20f6ea 100644 --- a/api_docs/event_log.mdx +++ b/api_docs/event_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/eventLog title: "eventLog" image: https://source.unsplash.com/400x175/?github description: API docs for the eventLog plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'eventLog'] --- import eventLogObj from './event_log.devdocs.json'; diff --git a/api_docs/exploratory_view.mdx b/api_docs/exploratory_view.mdx index 67d93afe0b2bb..524b1eb8e333d 100644 --- a/api_docs/exploratory_view.mdx +++ b/api_docs/exploratory_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/exploratoryView title: "exploratoryView" image: https://source.unsplash.com/400x175/?github description: API docs for the exploratoryView plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'exploratoryView'] --- import exploratoryViewObj from './exploratory_view.devdocs.json'; diff --git a/api_docs/expression_error.mdx b/api_docs/expression_error.mdx index f46305151ec05..a7da9bf16bf9a 100644 --- a/api_docs/expression_error.mdx +++ b/api_docs/expression_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionError title: "expressionError" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionError plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionError'] --- import expressionErrorObj from './expression_error.devdocs.json'; diff --git a/api_docs/expression_gauge.mdx b/api_docs/expression_gauge.mdx index 5069c0da2c125..2154b22551577 100644 --- a/api_docs/expression_gauge.mdx +++ b/api_docs/expression_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionGauge title: "expressionGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionGauge plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionGauge'] --- import expressionGaugeObj from './expression_gauge.devdocs.json'; diff --git a/api_docs/expression_heatmap.mdx b/api_docs/expression_heatmap.mdx index 6b4dd9519d0dd..fdf92c283113e 100644 --- a/api_docs/expression_heatmap.mdx +++ b/api_docs/expression_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionHeatmap title: "expressionHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionHeatmap plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionHeatmap'] --- import expressionHeatmapObj from './expression_heatmap.devdocs.json'; diff --git a/api_docs/expression_image.mdx b/api_docs/expression_image.mdx index 006f57341b075..5cce64323dcbb 100644 --- a/api_docs/expression_image.mdx +++ b/api_docs/expression_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionImage title: "expressionImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionImage plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionImage'] --- import expressionImageObj from './expression_image.devdocs.json'; diff --git a/api_docs/expression_legacy_metric_vis.mdx b/api_docs/expression_legacy_metric_vis.mdx index 6ec96d011f44f..701ebc4d10ccf 100644 --- a/api_docs/expression_legacy_metric_vis.mdx +++ b/api_docs/expression_legacy_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionLegacyMetricVis title: "expressionLegacyMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionLegacyMetricVis plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionLegacyMetricVis'] --- import expressionLegacyMetricVisObj from './expression_legacy_metric_vis.devdocs.json'; diff --git a/api_docs/expression_metric.mdx b/api_docs/expression_metric.mdx index 74a3b210fe6c9..fcbbf2b3f5b22 100644 --- a/api_docs/expression_metric.mdx +++ b/api_docs/expression_metric.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetric title: "expressionMetric" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetric plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetric'] --- import expressionMetricObj from './expression_metric.devdocs.json'; diff --git a/api_docs/expression_metric_vis.mdx b/api_docs/expression_metric_vis.mdx index b54fb51145dfd..294910a08a799 100644 --- a/api_docs/expression_metric_vis.mdx +++ b/api_docs/expression_metric_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionMetricVis title: "expressionMetricVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionMetricVis plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionMetricVis'] --- import expressionMetricVisObj from './expression_metric_vis.devdocs.json'; diff --git a/api_docs/expression_partition_vis.mdx b/api_docs/expression_partition_vis.mdx index 1441af154179a..cc6b86278fda5 100644 --- a/api_docs/expression_partition_vis.mdx +++ b/api_docs/expression_partition_vis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionPartitionVis title: "expressionPartitionVis" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionPartitionVis plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionPartitionVis'] --- import expressionPartitionVisObj from './expression_partition_vis.devdocs.json'; diff --git a/api_docs/expression_repeat_image.mdx b/api_docs/expression_repeat_image.mdx index f8facbe84550d..6ce00a32bdf43 100644 --- a/api_docs/expression_repeat_image.mdx +++ b/api_docs/expression_repeat_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRepeatImage title: "expressionRepeatImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRepeatImage plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRepeatImage'] --- import expressionRepeatImageObj from './expression_repeat_image.devdocs.json'; diff --git a/api_docs/expression_reveal_image.mdx b/api_docs/expression_reveal_image.mdx index a74c7a9660bad..d98aeb328e5fc 100644 --- a/api_docs/expression_reveal_image.mdx +++ b/api_docs/expression_reveal_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionRevealImage title: "expressionRevealImage" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionRevealImage plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionRevealImage'] --- import expressionRevealImageObj from './expression_reveal_image.devdocs.json'; diff --git a/api_docs/expression_shape.mdx b/api_docs/expression_shape.mdx index f2f7b44975220..f7278bdea7ee3 100644 --- a/api_docs/expression_shape.mdx +++ b/api_docs/expression_shape.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionShape title: "expressionShape" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionShape plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionShape'] --- import expressionShapeObj from './expression_shape.devdocs.json'; diff --git a/api_docs/expression_tagcloud.mdx b/api_docs/expression_tagcloud.mdx index 9cb109b5763ab..836651edcca37 100644 --- a/api_docs/expression_tagcloud.mdx +++ b/api_docs/expression_tagcloud.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionTagcloud title: "expressionTagcloud" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionTagcloud plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionTagcloud'] --- import expressionTagcloudObj from './expression_tagcloud.devdocs.json'; diff --git a/api_docs/expression_x_y.mdx b/api_docs/expression_x_y.mdx index a03c685d602c0..264ad0acdf5e6 100644 --- a/api_docs/expression_x_y.mdx +++ b/api_docs/expression_x_y.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressionXY title: "expressionXY" image: https://source.unsplash.com/400x175/?github description: API docs for the expressionXY plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressionXY'] --- import expressionXYObj from './expression_x_y.devdocs.json'; diff --git a/api_docs/expressions.mdx b/api_docs/expressions.mdx index 1f2b134b09902..97380e4eaaf7a 100644 --- a/api_docs/expressions.mdx +++ b/api_docs/expressions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/expressions title: "expressions" image: https://source.unsplash.com/400x175/?github description: API docs for the expressions plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'expressions'] --- import expressionsObj from './expressions.devdocs.json'; diff --git a/api_docs/features.mdx b/api_docs/features.mdx index f7fddce674289..da7b44f28d5d3 100644 --- a/api_docs/features.mdx +++ b/api_docs/features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/features title: "features" image: https://source.unsplash.com/400x175/?github description: API docs for the features plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'features'] --- import featuresObj from './features.devdocs.json'; diff --git a/api_docs/field_formats.mdx b/api_docs/field_formats.mdx index 9970f5cd7b2b3..ee205e3f7e95a 100644 --- a/api_docs/field_formats.mdx +++ b/api_docs/field_formats.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldFormats title: "fieldFormats" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldFormats plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldFormats'] --- import fieldFormatsObj from './field_formats.devdocs.json'; diff --git a/api_docs/fields_metadata.mdx b/api_docs/fields_metadata.mdx index e2cb0dcee171a..7eb78ee43f370 100644 --- a/api_docs/fields_metadata.mdx +++ b/api_docs/fields_metadata.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fieldsMetadata title: "fieldsMetadata" image: https://source.unsplash.com/400x175/?github description: API docs for the fieldsMetadata plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fieldsMetadata'] --- import fieldsMetadataObj from './fields_metadata.devdocs.json'; diff --git a/api_docs/file_upload.mdx b/api_docs/file_upload.mdx index 40f4da577b3bd..7cf49129cc42c 100644 --- a/api_docs/file_upload.mdx +++ b/api_docs/file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fileUpload title: "fileUpload" image: https://source.unsplash.com/400x175/?github description: API docs for the fileUpload plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fileUpload'] --- import fileUploadObj from './file_upload.devdocs.json'; diff --git a/api_docs/files.mdx b/api_docs/files.mdx index ec31b8f803a34..8f5682cd1a0f3 100644 --- a/api_docs/files.mdx +++ b/api_docs/files.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/files title: "files" image: https://source.unsplash.com/400x175/?github description: API docs for the files plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'files'] --- import filesObj from './files.devdocs.json'; diff --git a/api_docs/files_management.mdx b/api_docs/files_management.mdx index 532df3d04b95d..efafa88ba20fd 100644 --- a/api_docs/files_management.mdx +++ b/api_docs/files_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/filesManagement title: "filesManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the filesManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'filesManagement'] --- import filesManagementObj from './files_management.devdocs.json'; diff --git a/api_docs/fleet.mdx b/api_docs/fleet.mdx index 963c29aeeaf2f..1e0adcd6a15d5 100644 --- a/api_docs/fleet.mdx +++ b/api_docs/fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/fleet title: "fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the fleet plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'fleet'] --- import fleetObj from './fleet.devdocs.json'; diff --git a/api_docs/global_search.mdx b/api_docs/global_search.mdx index 6c7502c23834e..992642bd23bbe 100644 --- a/api_docs/global_search.mdx +++ b/api_docs/global_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/globalSearch title: "globalSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the globalSearch plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'globalSearch'] --- import globalSearchObj from './global_search.devdocs.json'; diff --git a/api_docs/guided_onboarding.mdx b/api_docs/guided_onboarding.mdx index 27101147b048b..50711b8b747b5 100644 --- a/api_docs/guided_onboarding.mdx +++ b/api_docs/guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/guidedOnboarding title: "guidedOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the guidedOnboarding plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'guidedOnboarding'] --- import guidedOnboardingObj from './guided_onboarding.devdocs.json'; diff --git a/api_docs/home.mdx b/api_docs/home.mdx index a595d8e442cdd..6bf43edb4c9b2 100644 --- a/api_docs/home.mdx +++ b/api_docs/home.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/home title: "home" image: https://source.unsplash.com/400x175/?github description: API docs for the home plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'home'] --- import homeObj from './home.devdocs.json'; diff --git a/api_docs/image_embeddable.mdx b/api_docs/image_embeddable.mdx index 5e4060262a598..935963ab7cc88 100644 --- a/api_docs/image_embeddable.mdx +++ b/api_docs/image_embeddable.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/imageEmbeddable title: "imageEmbeddable" image: https://source.unsplash.com/400x175/?github description: API docs for the imageEmbeddable plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'imageEmbeddable'] --- import imageEmbeddableObj from './image_embeddable.devdocs.json'; diff --git a/api_docs/index_lifecycle_management.mdx b/api_docs/index_lifecycle_management.mdx index 1748ad11a6634..f92262869703a 100644 --- a/api_docs/index_lifecycle_management.mdx +++ b/api_docs/index_lifecycle_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexLifecycleManagement title: "indexLifecycleManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexLifecycleManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexLifecycleManagement'] --- import indexLifecycleManagementObj from './index_lifecycle_management.devdocs.json'; diff --git a/api_docs/index_management.mdx b/api_docs/index_management.mdx index 3ba25d341191f..b766169c62f6c 100644 --- a/api_docs/index_management.mdx +++ b/api_docs/index_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/indexManagement title: "indexManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the indexManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'indexManagement'] --- import indexManagementObj from './index_management.devdocs.json'; diff --git a/api_docs/inference.mdx b/api_docs/inference.mdx index 66181618d8318..6432598095d44 100644 --- a/api_docs/inference.mdx +++ b/api_docs/inference.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inference title: "inference" image: https://source.unsplash.com/400x175/?github description: API docs for the inference plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inference'] --- import inferenceObj from './inference.devdocs.json'; diff --git a/api_docs/infra.mdx b/api_docs/infra.mdx index d642ad0f5d423..c373aa27bba59 100644 --- a/api_docs/infra.mdx +++ b/api_docs/infra.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/infra title: "infra" image: https://source.unsplash.com/400x175/?github description: API docs for the infra plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'infra'] --- import infraObj from './infra.devdocs.json'; diff --git a/api_docs/ingest_pipelines.mdx b/api_docs/ingest_pipelines.mdx index 8337adbc6aae9..c3c796f59da66 100644 --- a/api_docs/ingest_pipelines.mdx +++ b/api_docs/ingest_pipelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ingestPipelines title: "ingestPipelines" image: https://source.unsplash.com/400x175/?github description: API docs for the ingestPipelines plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ingestPipelines'] --- import ingestPipelinesObj from './ingest_pipelines.devdocs.json'; diff --git a/api_docs/inspector.mdx b/api_docs/inspector.mdx index df459d1759558..b688ffcc4287c 100644 --- a/api_docs/inspector.mdx +++ b/api_docs/inspector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inspector title: "inspector" image: https://source.unsplash.com/400x175/?github description: API docs for the inspector plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inspector'] --- import inspectorObj from './inspector.devdocs.json'; diff --git a/api_docs/integration_assistant.mdx b/api_docs/integration_assistant.mdx index adaf5e32f9ff8..e1a02841a440f 100644 --- a/api_docs/integration_assistant.mdx +++ b/api_docs/integration_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/integrationAssistant title: "integrationAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the integrationAssistant plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'integrationAssistant'] --- import integrationAssistantObj from './integration_assistant.devdocs.json'; diff --git a/api_docs/interactive_setup.mdx b/api_docs/interactive_setup.mdx index 965f1fd3eeb24..9d7903243a206 100644 --- a/api_docs/interactive_setup.mdx +++ b/api_docs/interactive_setup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/interactiveSetup title: "interactiveSetup" image: https://source.unsplash.com/400x175/?github description: API docs for the interactiveSetup plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'interactiveSetup'] --- import interactiveSetupObj from './interactive_setup.devdocs.json'; diff --git a/api_docs/inventory.mdx b/api_docs/inventory.mdx index 1204fab3fbabd..e00f0bd6b14ec 100644 --- a/api_docs/inventory.mdx +++ b/api_docs/inventory.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/inventory title: "inventory" image: https://source.unsplash.com/400x175/?github description: API docs for the inventory plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'inventory'] --- import inventoryObj from './inventory.devdocs.json'; diff --git a/api_docs/investigate.mdx b/api_docs/investigate.mdx index ec3a333bf1607..18f1572b50ba8 100644 --- a/api_docs/investigate.mdx +++ b/api_docs/investigate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigate title: "investigate" image: https://source.unsplash.com/400x175/?github description: API docs for the investigate plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigate'] --- import investigateObj from './investigate.devdocs.json'; diff --git a/api_docs/investigate_app.mdx b/api_docs/investigate_app.mdx index b2432c9731006..ba9a79b716dd7 100644 --- a/api_docs/investigate_app.mdx +++ b/api_docs/investigate_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/investigateApp title: "investigateApp" image: https://source.unsplash.com/400x175/?github description: API docs for the investigateApp plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'investigateApp'] --- import investigateAppObj from './investigate_app.devdocs.json'; diff --git a/api_docs/kbn_ace.mdx b/api_docs/kbn_ace.mdx index 2cef4b004471c..21407e5401d3c 100644 --- a/api_docs/kbn_ace.mdx +++ b/api_docs/kbn_ace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ace title: "@kbn/ace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ace plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ace'] --- import kbnAceObj from './kbn_ace.devdocs.json'; diff --git a/api_docs/kbn_actions_types.mdx b/api_docs/kbn_actions_types.mdx index 783aeef6789a2..7bd46b655e3dd 100644 --- a/api_docs/kbn_actions_types.mdx +++ b/api_docs/kbn_actions_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-actions-types title: "@kbn/actions-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/actions-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/actions-types'] --- import kbnActionsTypesObj from './kbn_actions_types.devdocs.json'; diff --git a/api_docs/kbn_aiops_components.mdx b/api_docs/kbn_aiops_components.mdx index e7354eb95c96d..330d1daf1fe69 100644 --- a/api_docs/kbn_aiops_components.mdx +++ b/api_docs/kbn_aiops_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-components title: "@kbn/aiops-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-components'] --- import kbnAiopsComponentsObj from './kbn_aiops_components.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_pattern_analysis.mdx b/api_docs/kbn_aiops_log_pattern_analysis.mdx index 2bb0f94957c28..c61f1b7acf872 100644 --- a/api_docs/kbn_aiops_log_pattern_analysis.mdx +++ b/api_docs/kbn_aiops_log_pattern_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-pattern-analysis title: "@kbn/aiops-log-pattern-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-pattern-analysis plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-pattern-analysis'] --- import kbnAiopsLogPatternAnalysisObj from './kbn_aiops_log_pattern_analysis.devdocs.json'; diff --git a/api_docs/kbn_aiops_log_rate_analysis.mdx b/api_docs/kbn_aiops_log_rate_analysis.mdx index 9852f5677b23b..c0373e5fda6c3 100644 --- a/api_docs/kbn_aiops_log_rate_analysis.mdx +++ b/api_docs/kbn_aiops_log_rate_analysis.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-aiops-log-rate-analysis title: "@kbn/aiops-log-rate-analysis" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/aiops-log-rate-analysis plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/aiops-log-rate-analysis'] --- import kbnAiopsLogRateAnalysisObj from './kbn_aiops_log_rate_analysis.devdocs.json'; diff --git a/api_docs/kbn_alerting_api_integration_helpers.mdx b/api_docs/kbn_alerting_api_integration_helpers.mdx index 6f202edfacab7..aba34876fed3e 100644 --- a/api_docs/kbn_alerting_api_integration_helpers.mdx +++ b/api_docs/kbn_alerting_api_integration_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-api-integration-helpers title: "@kbn/alerting-api-integration-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-api-integration-helpers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-api-integration-helpers'] --- import kbnAlertingApiIntegrationHelpersObj from './kbn_alerting_api_integration_helpers.devdocs.json'; diff --git a/api_docs/kbn_alerting_comparators.mdx b/api_docs/kbn_alerting_comparators.mdx index 675c7c5e4db24..bee730ce9626c 100644 --- a/api_docs/kbn_alerting_comparators.mdx +++ b/api_docs/kbn_alerting_comparators.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-comparators title: "@kbn/alerting-comparators" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-comparators plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-comparators'] --- import kbnAlertingComparatorsObj from './kbn_alerting_comparators.devdocs.json'; diff --git a/api_docs/kbn_alerting_state_types.mdx b/api_docs/kbn_alerting_state_types.mdx index abcb5caba8ea8..4f31741d85f0b 100644 --- a/api_docs/kbn_alerting_state_types.mdx +++ b/api_docs/kbn_alerting_state_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-state-types title: "@kbn/alerting-state-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-state-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-state-types'] --- import kbnAlertingStateTypesObj from './kbn_alerting_state_types.devdocs.json'; diff --git a/api_docs/kbn_alerting_types.mdx b/api_docs/kbn_alerting_types.mdx index 4742e50f6e00d..3e33a8df31808 100644 --- a/api_docs/kbn_alerting_types.mdx +++ b/api_docs/kbn_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerting-types title: "@kbn/alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerting-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerting-types'] --- import kbnAlertingTypesObj from './kbn_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_alerts_as_data_utils.mdx b/api_docs/kbn_alerts_as_data_utils.mdx index 6a9fdc5235ab6..c0f9cafa95708 100644 --- a/api_docs/kbn_alerts_as_data_utils.mdx +++ b/api_docs/kbn_alerts_as_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-as-data-utils title: "@kbn/alerts-as-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-as-data-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-as-data-utils'] --- import kbnAlertsAsDataUtilsObj from './kbn_alerts_as_data_utils.devdocs.json'; diff --git a/api_docs/kbn_alerts_grouping.mdx b/api_docs/kbn_alerts_grouping.mdx index 04fd3b9533b27..6d90d0917defd 100644 --- a/api_docs/kbn_alerts_grouping.mdx +++ b/api_docs/kbn_alerts_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-grouping title: "@kbn/alerts-grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-grouping plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-grouping'] --- import kbnAlertsGroupingObj from './kbn_alerts_grouping.devdocs.json'; diff --git a/api_docs/kbn_alerts_ui_shared.devdocs.json b/api_docs/kbn_alerts_ui_shared.devdocs.json index 7202c7bd7bf1e..731409da954e8 100644 --- a/api_docs/kbn_alerts_ui_shared.devdocs.json +++ b/api_docs/kbn_alerts_ui_shared.devdocs.json @@ -5957,14 +5957,6 @@ "section": "def-public.HasEditCapabilities", "text": "HasEditCapabilities" }, - " & ", - { - "pluginId": "@kbn/presentation-publishing", - "scope": "public", - "docId": "kibKbnPresentationPublishingPluginApi", - "section": "def-public.PublishesDataLoading", - "text": "PublishesDataLoading" - }, " & Pick<", { "pluginId": "@kbn/presentation-publishing", @@ -6076,8 +6068,8 @@ "pluginId": "controls", "scope": "common", "docId": "kibControlsPluginApi", - "section": "def-common.ControlStyle", - "text": "ControlStyle" + "section": "def-common.ControlLabelPosition", + "text": "ControlLabelPosition" }, ">; asyncResetUnsavedChanges: () => Promise; controlFetch$: (controlUuid: string) => ", "Observable", diff --git a/api_docs/kbn_alerts_ui_shared.mdx b/api_docs/kbn_alerts_ui_shared.mdx index 7c9340bf0f6d9..17b7243d3df1c 100644 --- a/api_docs/kbn_alerts_ui_shared.mdx +++ b/api_docs/kbn_alerts_ui_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-alerts-ui-shared title: "@kbn/alerts-ui-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/alerts-ui-shared plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/alerts-ui-shared'] --- import kbnAlertsUiSharedObj from './kbn_alerts_ui_shared.devdocs.json'; diff --git a/api_docs/kbn_analytics.mdx b/api_docs/kbn_analytics.mdx index da8e66fde28b0..f45880014bd4a 100644 --- a/api_docs/kbn_analytics.mdx +++ b/api_docs/kbn_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics title: "@kbn/analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics'] --- import kbnAnalyticsObj from './kbn_analytics.devdocs.json'; diff --git a/api_docs/kbn_analytics_collection_utils.mdx b/api_docs/kbn_analytics_collection_utils.mdx index 4d9eee6838a6a..12aa4a85dc93c 100644 --- a/api_docs/kbn_analytics_collection_utils.mdx +++ b/api_docs/kbn_analytics_collection_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-analytics-collection-utils title: "@kbn/analytics-collection-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/analytics-collection-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/analytics-collection-utils'] --- import kbnAnalyticsCollectionUtilsObj from './kbn_analytics_collection_utils.devdocs.json'; diff --git a/api_docs/kbn_apm_config_loader.mdx b/api_docs/kbn_apm_config_loader.mdx index b2bf5bc09149f..d60cba60dda4d 100644 --- a/api_docs/kbn_apm_config_loader.mdx +++ b/api_docs/kbn_apm_config_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-config-loader title: "@kbn/apm-config-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-config-loader plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-config-loader'] --- import kbnApmConfigLoaderObj from './kbn_apm_config_loader.devdocs.json'; diff --git a/api_docs/kbn_apm_data_view.mdx b/api_docs/kbn_apm_data_view.mdx index 213476c2289f4..e7794b3e77551 100644 --- a/api_docs/kbn_apm_data_view.mdx +++ b/api_docs/kbn_apm_data_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-data-view title: "@kbn/apm-data-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-data-view plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-data-view'] --- import kbnApmDataViewObj from './kbn_apm_data_view.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace.mdx b/api_docs/kbn_apm_synthtrace.mdx index 4aec2fc7a6ab7..4c44faaacfd41 100644 --- a/api_docs/kbn_apm_synthtrace.mdx +++ b/api_docs/kbn_apm_synthtrace.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace title: "@kbn/apm-synthtrace" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace'] --- import kbnApmSynthtraceObj from './kbn_apm_synthtrace.devdocs.json'; diff --git a/api_docs/kbn_apm_synthtrace_client.mdx b/api_docs/kbn_apm_synthtrace_client.mdx index 95e0d9d7dc2e9..d9b843da76e65 100644 --- a/api_docs/kbn_apm_synthtrace_client.mdx +++ b/api_docs/kbn_apm_synthtrace_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-synthtrace-client title: "@kbn/apm-synthtrace-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-synthtrace-client plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-synthtrace-client'] --- import kbnApmSynthtraceClientObj from './kbn_apm_synthtrace_client.devdocs.json'; diff --git a/api_docs/kbn_apm_types.mdx b/api_docs/kbn_apm_types.mdx index 4137326507734..42a4705773c1c 100644 --- a/api_docs/kbn_apm_types.mdx +++ b/api_docs/kbn_apm_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-types title: "@kbn/apm-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-types'] --- import kbnApmTypesObj from './kbn_apm_types.devdocs.json'; diff --git a/api_docs/kbn_apm_utils.mdx b/api_docs/kbn_apm_utils.mdx index 8a8ae8d215191..3dabeb9d984f6 100644 --- a/api_docs/kbn_apm_utils.mdx +++ b/api_docs/kbn_apm_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-apm-utils title: "@kbn/apm-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/apm-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/apm-utils'] --- import kbnApmUtilsObj from './kbn_apm_utils.devdocs.json'; diff --git a/api_docs/kbn_avc_banner.mdx b/api_docs/kbn_avc_banner.mdx index 9b6c7093e3ba7..f1a5bb031120b 100644 --- a/api_docs/kbn_avc_banner.mdx +++ b/api_docs/kbn_avc_banner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-avc-banner title: "@kbn/avc-banner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/avc-banner plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/avc-banner'] --- import kbnAvcBannerObj from './kbn_avc_banner.devdocs.json'; diff --git a/api_docs/kbn_axe_config.mdx b/api_docs/kbn_axe_config.mdx index f9223489c42a5..8c34d0e568bde 100644 --- a/api_docs/kbn_axe_config.mdx +++ b/api_docs/kbn_axe_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-axe-config title: "@kbn/axe-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/axe-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/axe-config'] --- import kbnAxeConfigObj from './kbn_axe_config.devdocs.json'; diff --git a/api_docs/kbn_bfetch_error.mdx b/api_docs/kbn_bfetch_error.mdx index 98d1b165e9ff8..bbd03914cd226 100644 --- a/api_docs/kbn_bfetch_error.mdx +++ b/api_docs/kbn_bfetch_error.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-bfetch-error title: "@kbn/bfetch-error" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/bfetch-error plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/bfetch-error'] --- import kbnBfetchErrorObj from './kbn_bfetch_error.devdocs.json'; diff --git a/api_docs/kbn_calculate_auto.mdx b/api_docs/kbn_calculate_auto.mdx index 588c903d7579d..68ef42d09d85c 100644 --- a/api_docs/kbn_calculate_auto.mdx +++ b/api_docs/kbn_calculate_auto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-auto title: "@kbn/calculate-auto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-auto plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-auto'] --- import kbnCalculateAutoObj from './kbn_calculate_auto.devdocs.json'; diff --git a/api_docs/kbn_calculate_width_from_char_count.mdx b/api_docs/kbn_calculate_width_from_char_count.mdx index 6754c37c58916..2d6ccb0dc7c63 100644 --- a/api_docs/kbn_calculate_width_from_char_count.mdx +++ b/api_docs/kbn_calculate_width_from_char_count.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-calculate-width-from-char-count title: "@kbn/calculate-width-from-char-count" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/calculate-width-from-char-count plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/calculate-width-from-char-count'] --- import kbnCalculateWidthFromCharCountObj from './kbn_calculate_width_from_char_count.devdocs.json'; diff --git a/api_docs/kbn_cases_components.mdx b/api_docs/kbn_cases_components.mdx index fb97731bf3e29..7532e67882f7b 100644 --- a/api_docs/kbn_cases_components.mdx +++ b/api_docs/kbn_cases_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cases-components title: "@kbn/cases-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cases-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cases-components'] --- import kbnCasesComponentsObj from './kbn_cases_components.devdocs.json'; diff --git a/api_docs/kbn_cbor.mdx b/api_docs/kbn_cbor.mdx index 6dd30ff4a078f..75f4eee3fec8f 100644 --- a/api_docs/kbn_cbor.mdx +++ b/api_docs/kbn_cbor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cbor title: "@kbn/cbor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cbor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cbor'] --- import kbnCborObj from './kbn_cbor.devdocs.json'; diff --git a/api_docs/kbn_cell_actions.mdx b/api_docs/kbn_cell_actions.mdx index 476ee7fd63c5c..9b4682db6ea3c 100644 --- a/api_docs/kbn_cell_actions.mdx +++ b/api_docs/kbn_cell_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cell-actions title: "@kbn/cell-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cell-actions plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cell-actions'] --- import kbnCellActionsObj from './kbn_cell_actions.devdocs.json'; diff --git a/api_docs/kbn_chart_expressions_common.mdx b/api_docs/kbn_chart_expressions_common.mdx index 3b21310b02e98..51e48e3ea52c0 100644 --- a/api_docs/kbn_chart_expressions_common.mdx +++ b/api_docs/kbn_chart_expressions_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-expressions-common title: "@kbn/chart-expressions-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-expressions-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-expressions-common'] --- import kbnChartExpressionsCommonObj from './kbn_chart_expressions_common.devdocs.json'; diff --git a/api_docs/kbn_chart_icons.mdx b/api_docs/kbn_chart_icons.mdx index ead1c5f59e11a..d490ba3e41a7d 100644 --- a/api_docs/kbn_chart_icons.mdx +++ b/api_docs/kbn_chart_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-chart-icons title: "@kbn/chart-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/chart-icons plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/chart-icons'] --- import kbnChartIconsObj from './kbn_chart_icons.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_core.mdx b/api_docs/kbn_ci_stats_core.mdx index 200a7d481f060..bbb2560c76007 100644 --- a/api_docs/kbn_ci_stats_core.mdx +++ b/api_docs/kbn_ci_stats_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-core title: "@kbn/ci-stats-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-core plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-core'] --- import kbnCiStatsCoreObj from './kbn_ci_stats_core.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_performance_metrics.mdx b/api_docs/kbn_ci_stats_performance_metrics.mdx index 4d54a9dea3bac..0a9d18433dd29 100644 --- a/api_docs/kbn_ci_stats_performance_metrics.mdx +++ b/api_docs/kbn_ci_stats_performance_metrics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-performance-metrics title: "@kbn/ci-stats-performance-metrics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-performance-metrics plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-performance-metrics'] --- import kbnCiStatsPerformanceMetricsObj from './kbn_ci_stats_performance_metrics.devdocs.json'; diff --git a/api_docs/kbn_ci_stats_reporter.mdx b/api_docs/kbn_ci_stats_reporter.mdx index f1a36dea79537..dda4ca61bcf2e 100644 --- a/api_docs/kbn_ci_stats_reporter.mdx +++ b/api_docs/kbn_ci_stats_reporter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ci-stats-reporter title: "@kbn/ci-stats-reporter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ci-stats-reporter plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ci-stats-reporter'] --- import kbnCiStatsReporterObj from './kbn_ci_stats_reporter.devdocs.json'; diff --git a/api_docs/kbn_cli_dev_mode.mdx b/api_docs/kbn_cli_dev_mode.mdx index 7c5481c3e699b..f86b1b49700c0 100644 --- a/api_docs/kbn_cli_dev_mode.mdx +++ b/api_docs/kbn_cli_dev_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cli-dev-mode title: "@kbn/cli-dev-mode" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cli-dev-mode plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cli-dev-mode'] --- import kbnCliDevModeObj from './kbn_cli_dev_mode.devdocs.json'; diff --git a/api_docs/kbn_cloud_security_posture.mdx b/api_docs/kbn_cloud_security_posture.mdx index 6a3e05c3ea4cc..26a39b27842cc 100644 --- a/api_docs/kbn_cloud_security_posture.mdx +++ b/api_docs/kbn_cloud_security_posture.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture title: "@kbn/cloud-security-posture" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cloud-security-posture plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture'] --- import kbnCloudSecurityPostureObj from './kbn_cloud_security_posture.devdocs.json'; diff --git a/api_docs/kbn_cloud_security_posture_common.mdx b/api_docs/kbn_cloud_security_posture_common.mdx index 7334cb8826fa7..3e03a0caaa377 100644 --- a/api_docs/kbn_cloud_security_posture_common.mdx +++ b/api_docs/kbn_cloud_security_posture_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cloud-security-posture-common title: "@kbn/cloud-security-posture-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cloud-security-posture-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cloud-security-posture-common'] --- import kbnCloudSecurityPostureCommonObj from './kbn_cloud_security_posture_common.devdocs.json'; diff --git a/api_docs/kbn_code_editor.mdx b/api_docs/kbn_code_editor.mdx index 3f024fe6002c0..22883f72e90f6 100644 --- a/api_docs/kbn_code_editor.mdx +++ b/api_docs/kbn_code_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor title: "@kbn/code-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor'] --- import kbnCodeEditorObj from './kbn_code_editor.devdocs.json'; diff --git a/api_docs/kbn_code_editor_mock.mdx b/api_docs/kbn_code_editor_mock.mdx index 5fcccb2c79a57..73cdcf5992213 100644 --- a/api_docs/kbn_code_editor_mock.mdx +++ b/api_docs/kbn_code_editor_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-editor-mock title: "@kbn/code-editor-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-editor-mock plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-editor-mock'] --- import kbnCodeEditorMockObj from './kbn_code_editor_mock.devdocs.json'; diff --git a/api_docs/kbn_code_owners.mdx b/api_docs/kbn_code_owners.mdx index d5d85aa90baa2..87485757247dc 100644 --- a/api_docs/kbn_code_owners.mdx +++ b/api_docs/kbn_code_owners.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-code-owners title: "@kbn/code-owners" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/code-owners plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/code-owners'] --- import kbnCodeOwnersObj from './kbn_code_owners.devdocs.json'; diff --git a/api_docs/kbn_coloring.mdx b/api_docs/kbn_coloring.mdx index a97d123a5c655..8ce23f2089d2d 100644 --- a/api_docs/kbn_coloring.mdx +++ b/api_docs/kbn_coloring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-coloring title: "@kbn/coloring" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/coloring plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/coloring'] --- import kbnColoringObj from './kbn_coloring.devdocs.json'; diff --git a/api_docs/kbn_config.mdx b/api_docs/kbn_config.mdx index 316f68651ad0e..047e8fbe4b7e6 100644 --- a/api_docs/kbn_config.mdx +++ b/api_docs/kbn_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config title: "@kbn/config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config'] --- import kbnConfigObj from './kbn_config.devdocs.json'; diff --git a/api_docs/kbn_config_mocks.mdx b/api_docs/kbn_config_mocks.mdx index eff871690ddcb..f08d02851441d 100644 --- a/api_docs/kbn_config_mocks.mdx +++ b/api_docs/kbn_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-mocks title: "@kbn/config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-mocks'] --- import kbnConfigMocksObj from './kbn_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_config_schema.mdx b/api_docs/kbn_config_schema.mdx index fb0de4bf1a57a..f01b736418d57 100644 --- a/api_docs/kbn_config_schema.mdx +++ b/api_docs/kbn_config_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-config-schema title: "@kbn/config-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/config-schema plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/config-schema'] --- import kbnConfigSchemaObj from './kbn_config_schema.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_editor.mdx b/api_docs/kbn_content_management_content_editor.mdx index e251986021604..65cfb7b19b20b 100644 --- a/api_docs/kbn_content_management_content_editor.mdx +++ b/api_docs/kbn_content_management_content_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-editor title: "@kbn/content-management-content-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-editor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-editor'] --- import kbnContentManagementContentEditorObj from './kbn_content_management_content_editor.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_insights_public.mdx b/api_docs/kbn_content_management_content_insights_public.mdx index 14e5040833d45..3d392fa8bedf0 100644 --- a/api_docs/kbn_content_management_content_insights_public.mdx +++ b/api_docs/kbn_content_management_content_insights_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-public title: "@kbn/content-management-content-insights-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-insights-public plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-public'] --- import kbnContentManagementContentInsightsPublicObj from './kbn_content_management_content_insights_public.devdocs.json'; diff --git a/api_docs/kbn_content_management_content_insights_server.mdx b/api_docs/kbn_content_management_content_insights_server.mdx index b13f823d9baa1..e021c0868de3a 100644 --- a/api_docs/kbn_content_management_content_insights_server.mdx +++ b/api_docs/kbn_content_management_content_insights_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-content-insights-server title: "@kbn/content-management-content-insights-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-content-insights-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-content-insights-server'] --- import kbnContentManagementContentInsightsServerObj from './kbn_content_management_content_insights_server.devdocs.json'; diff --git a/api_docs/kbn_content_management_favorites_public.mdx b/api_docs/kbn_content_management_favorites_public.mdx index 181459e4b9f89..07b4d0c9dfbfc 100644 --- a/api_docs/kbn_content_management_favorites_public.mdx +++ b/api_docs/kbn_content_management_favorites_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-public title: "@kbn/content-management-favorites-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-favorites-public plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-public'] --- import kbnContentManagementFavoritesPublicObj from './kbn_content_management_favorites_public.devdocs.json'; diff --git a/api_docs/kbn_content_management_favorites_server.mdx b/api_docs/kbn_content_management_favorites_server.mdx index 031601f15e157..9ded67b298292 100644 --- a/api_docs/kbn_content_management_favorites_server.mdx +++ b/api_docs/kbn_content_management_favorites_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-favorites-server title: "@kbn/content-management-favorites-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-favorites-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-favorites-server'] --- import kbnContentManagementFavoritesServerObj from './kbn_content_management_favorites_server.devdocs.json'; diff --git a/api_docs/kbn_content_management_tabbed_table_list_view.mdx b/api_docs/kbn_content_management_tabbed_table_list_view.mdx index a3f34cfe9f32b..4063fb44ce59b 100644 --- a/api_docs/kbn_content_management_tabbed_table_list_view.mdx +++ b/api_docs/kbn_content_management_tabbed_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-tabbed-table-list-view title: "@kbn/content-management-tabbed-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-tabbed-table-list-view plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-tabbed-table-list-view'] --- import kbnContentManagementTabbedTableListViewObj from './kbn_content_management_tabbed_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view.mdx b/api_docs/kbn_content_management_table_list_view.mdx index 71ff10f2487b2..21f254a9421dc 100644 --- a/api_docs/kbn_content_management_table_list_view.mdx +++ b/api_docs/kbn_content_management_table_list_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view title: "@kbn/content-management-table-list-view" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view'] --- import kbnContentManagementTableListViewObj from './kbn_content_management_table_list_view.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_common.mdx b/api_docs/kbn_content_management_table_list_view_common.mdx index 20063a8e6fc8f..e96753233ef4e 100644 --- a/api_docs/kbn_content_management_table_list_view_common.mdx +++ b/api_docs/kbn_content_management_table_list_view_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-common title: "@kbn/content-management-table-list-view-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-common'] --- import kbnContentManagementTableListViewCommonObj from './kbn_content_management_table_list_view_common.devdocs.json'; diff --git a/api_docs/kbn_content_management_table_list_view_table.mdx b/api_docs/kbn_content_management_table_list_view_table.mdx index b6ca456166c8b..477ae2525ff73 100644 --- a/api_docs/kbn_content_management_table_list_view_table.mdx +++ b/api_docs/kbn_content_management_table_list_view_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-table-list-view-table title: "@kbn/content-management-table-list-view-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-table-list-view-table plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-table-list-view-table'] --- import kbnContentManagementTableListViewTableObj from './kbn_content_management_table_list_view_table.devdocs.json'; diff --git a/api_docs/kbn_content_management_user_profiles.mdx b/api_docs/kbn_content_management_user_profiles.mdx index c66cf7b6c02f7..66b9ac1cfc2ce 100644 --- a/api_docs/kbn_content_management_user_profiles.mdx +++ b/api_docs/kbn_content_management_user_profiles.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-user-profiles title: "@kbn/content-management-user-profiles" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-user-profiles plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-user-profiles'] --- import kbnContentManagementUserProfilesObj from './kbn_content_management_user_profiles.devdocs.json'; diff --git a/api_docs/kbn_content_management_utils.mdx b/api_docs/kbn_content_management_utils.mdx index bac450f0a6adc..653210b7a300a 100644 --- a/api_docs/kbn_content_management_utils.mdx +++ b/api_docs/kbn_content_management_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-content-management-utils title: "@kbn/content-management-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/content-management-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/content-management-utils'] --- import kbnContentManagementUtilsObj from './kbn_content_management_utils.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser.mdx b/api_docs/kbn_core_analytics_browser.mdx index 7a1b68c7962d2..3d36cef557842 100644 --- a/api_docs/kbn_core_analytics_browser.mdx +++ b/api_docs/kbn_core_analytics_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser title: "@kbn/core-analytics-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser'] --- import kbnCoreAnalyticsBrowserObj from './kbn_core_analytics_browser.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_internal.mdx b/api_docs/kbn_core_analytics_browser_internal.mdx index cb5d8d997202e..0bd6d2f76bb5f 100644 --- a/api_docs/kbn_core_analytics_browser_internal.mdx +++ b/api_docs/kbn_core_analytics_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-internal title: "@kbn/core-analytics-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-internal'] --- import kbnCoreAnalyticsBrowserInternalObj from './kbn_core_analytics_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_browser_mocks.mdx b/api_docs/kbn_core_analytics_browser_mocks.mdx index 5e7b27d425a17..aeb9800fb70d4 100644 --- a/api_docs/kbn_core_analytics_browser_mocks.mdx +++ b/api_docs/kbn_core_analytics_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-browser-mocks title: "@kbn/core-analytics-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-browser-mocks'] --- import kbnCoreAnalyticsBrowserMocksObj from './kbn_core_analytics_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server.mdx b/api_docs/kbn_core_analytics_server.mdx index 4acd9706c8dc7..7b8b0d7f8ff84 100644 --- a/api_docs/kbn_core_analytics_server.mdx +++ b/api_docs/kbn_core_analytics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server title: "@kbn/core-analytics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server'] --- import kbnCoreAnalyticsServerObj from './kbn_core_analytics_server.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_internal.mdx b/api_docs/kbn_core_analytics_server_internal.mdx index 2a39947efb85d..89d49ec5358ea 100644 --- a/api_docs/kbn_core_analytics_server_internal.mdx +++ b/api_docs/kbn_core_analytics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-internal title: "@kbn/core-analytics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-internal'] --- import kbnCoreAnalyticsServerInternalObj from './kbn_core_analytics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_analytics_server_mocks.mdx b/api_docs/kbn_core_analytics_server_mocks.mdx index 84cddad68307a..583a0359cd001 100644 --- a/api_docs/kbn_core_analytics_server_mocks.mdx +++ b/api_docs/kbn_core_analytics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-analytics-server-mocks title: "@kbn/core-analytics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-analytics-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-analytics-server-mocks'] --- import kbnCoreAnalyticsServerMocksObj from './kbn_core_analytics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser.mdx b/api_docs/kbn_core_application_browser.mdx index 6d01e985756c2..4fc25fdd55274 100644 --- a/api_docs/kbn_core_application_browser.mdx +++ b/api_docs/kbn_core_application_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser title: "@kbn/core-application-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser'] --- import kbnCoreApplicationBrowserObj from './kbn_core_application_browser.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_internal.mdx b/api_docs/kbn_core_application_browser_internal.mdx index b1e90a921ee2e..24eaeba9a0524 100644 --- a/api_docs/kbn_core_application_browser_internal.mdx +++ b/api_docs/kbn_core_application_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-internal title: "@kbn/core-application-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-internal'] --- import kbnCoreApplicationBrowserInternalObj from './kbn_core_application_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_application_browser_mocks.mdx b/api_docs/kbn_core_application_browser_mocks.mdx index ea52f7ac98ac5..59e07e8efefe8 100644 --- a/api_docs/kbn_core_application_browser_mocks.mdx +++ b/api_docs/kbn_core_application_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-browser-mocks title: "@kbn/core-application-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-browser-mocks'] --- import kbnCoreApplicationBrowserMocksObj from './kbn_core_application_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_application_common.mdx b/api_docs/kbn_core_application_common.mdx index 7592d46c44d91..e8006fa3c2e08 100644 --- a/api_docs/kbn_core_application_common.mdx +++ b/api_docs/kbn_core_application_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-application-common title: "@kbn/core-application-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-application-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-application-common'] --- import kbnCoreApplicationCommonObj from './kbn_core_application_common.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_internal.mdx b/api_docs/kbn_core_apps_browser_internal.mdx index 4517d56c2cae8..9561c15624d0b 100644 --- a/api_docs/kbn_core_apps_browser_internal.mdx +++ b/api_docs/kbn_core_apps_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-internal title: "@kbn/core-apps-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-internal'] --- import kbnCoreAppsBrowserInternalObj from './kbn_core_apps_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_apps_browser_mocks.mdx b/api_docs/kbn_core_apps_browser_mocks.mdx index ac780c469f578..1dc319b9009c2 100644 --- a/api_docs/kbn_core_apps_browser_mocks.mdx +++ b/api_docs/kbn_core_apps_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-browser-mocks title: "@kbn/core-apps-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-browser-mocks'] --- import kbnCoreAppsBrowserMocksObj from './kbn_core_apps_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_apps_server_internal.mdx b/api_docs/kbn_core_apps_server_internal.mdx index 259acec5dbf7d..5e03c4bc9539a 100644 --- a/api_docs/kbn_core_apps_server_internal.mdx +++ b/api_docs/kbn_core_apps_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-apps-server-internal title: "@kbn/core-apps-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-apps-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-apps-server-internal'] --- import kbnCoreAppsServerInternalObj from './kbn_core_apps_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_browser_mocks.mdx b/api_docs/kbn_core_base_browser_mocks.mdx index 377361544894d..bbbc987f2443c 100644 --- a/api_docs/kbn_core_base_browser_mocks.mdx +++ b/api_docs/kbn_core_base_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-browser-mocks title: "@kbn/core-base-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-browser-mocks'] --- import kbnCoreBaseBrowserMocksObj from './kbn_core_base_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_base_common.mdx b/api_docs/kbn_core_base_common.mdx index 1f48fa8edd8e4..a5475c04899db 100644 --- a/api_docs/kbn_core_base_common.mdx +++ b/api_docs/kbn_core_base_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-common title: "@kbn/core-base-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-common'] --- import kbnCoreBaseCommonObj from './kbn_core_base_common.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_internal.mdx b/api_docs/kbn_core_base_server_internal.mdx index 650218656579e..8ca0ac1008dc3 100644 --- a/api_docs/kbn_core_base_server_internal.mdx +++ b/api_docs/kbn_core_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-internal title: "@kbn/core-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-internal'] --- import kbnCoreBaseServerInternalObj from './kbn_core_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_base_server_mocks.mdx b/api_docs/kbn_core_base_server_mocks.mdx index 1eda1d4eb249f..78eaaa9b6f9c4 100644 --- a/api_docs/kbn_core_base_server_mocks.mdx +++ b/api_docs/kbn_core_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-base-server-mocks title: "@kbn/core-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-base-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-base-server-mocks'] --- import kbnCoreBaseServerMocksObj from './kbn_core_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_browser_mocks.mdx b/api_docs/kbn_core_capabilities_browser_mocks.mdx index 198be3abd86c0..ddcc033da4a33 100644 --- a/api_docs/kbn_core_capabilities_browser_mocks.mdx +++ b/api_docs/kbn_core_capabilities_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-browser-mocks title: "@kbn/core-capabilities-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-browser-mocks'] --- import kbnCoreCapabilitiesBrowserMocksObj from './kbn_core_capabilities_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_common.mdx b/api_docs/kbn_core_capabilities_common.mdx index 4aa6567baad3c..a1b1df98d78d0 100644 --- a/api_docs/kbn_core_capabilities_common.mdx +++ b/api_docs/kbn_core_capabilities_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-common title: "@kbn/core-capabilities-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-common'] --- import kbnCoreCapabilitiesCommonObj from './kbn_core_capabilities_common.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server.mdx b/api_docs/kbn_core_capabilities_server.mdx index c950f1b7a7191..32e734d28ded2 100644 --- a/api_docs/kbn_core_capabilities_server.mdx +++ b/api_docs/kbn_core_capabilities_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server title: "@kbn/core-capabilities-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server'] --- import kbnCoreCapabilitiesServerObj from './kbn_core_capabilities_server.devdocs.json'; diff --git a/api_docs/kbn_core_capabilities_server_mocks.mdx b/api_docs/kbn_core_capabilities_server_mocks.mdx index 3f238d298c2a1..f450c0e1a2398 100644 --- a/api_docs/kbn_core_capabilities_server_mocks.mdx +++ b/api_docs/kbn_core_capabilities_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-capabilities-server-mocks title: "@kbn/core-capabilities-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-capabilities-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-capabilities-server-mocks'] --- import kbnCoreCapabilitiesServerMocksObj from './kbn_core_capabilities_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser.mdx b/api_docs/kbn_core_chrome_browser.mdx index 22ed0d01a4ef8..4be4b2b05f6c3 100644 --- a/api_docs/kbn_core_chrome_browser.mdx +++ b/api_docs/kbn_core_chrome_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser title: "@kbn/core-chrome-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser'] --- import kbnCoreChromeBrowserObj from './kbn_core_chrome_browser.devdocs.json'; diff --git a/api_docs/kbn_core_chrome_browser_mocks.mdx b/api_docs/kbn_core_chrome_browser_mocks.mdx index 958672b179546..7777ebca0552f 100644 --- a/api_docs/kbn_core_chrome_browser_mocks.mdx +++ b/api_docs/kbn_core_chrome_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-chrome-browser-mocks title: "@kbn/core-chrome-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-chrome-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-chrome-browser-mocks'] --- import kbnCoreChromeBrowserMocksObj from './kbn_core_chrome_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_config_server_internal.mdx b/api_docs/kbn_core_config_server_internal.mdx index 958990ac4bb65..cf7990ad46b75 100644 --- a/api_docs/kbn_core_config_server_internal.mdx +++ b/api_docs/kbn_core_config_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-config-server-internal title: "@kbn/core-config-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-config-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-config-server-internal'] --- import kbnCoreConfigServerInternalObj from './kbn_core_config_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser.mdx b/api_docs/kbn_core_custom_branding_browser.mdx index 962a02901fff0..b3bb6b19c9073 100644 --- a/api_docs/kbn_core_custom_branding_browser.mdx +++ b/api_docs/kbn_core_custom_branding_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser title: "@kbn/core-custom-branding-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser'] --- import kbnCoreCustomBrandingBrowserObj from './kbn_core_custom_branding_browser.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_internal.mdx b/api_docs/kbn_core_custom_branding_browser_internal.mdx index e93c3ad050de8..7034c10b045ce 100644 --- a/api_docs/kbn_core_custom_branding_browser_internal.mdx +++ b/api_docs/kbn_core_custom_branding_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-internal title: "@kbn/core-custom-branding-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-internal'] --- import kbnCoreCustomBrandingBrowserInternalObj from './kbn_core_custom_branding_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_browser_mocks.mdx b/api_docs/kbn_core_custom_branding_browser_mocks.mdx index 75c036a31bf71..a3e2e6f527031 100644 --- a/api_docs/kbn_core_custom_branding_browser_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-browser-mocks title: "@kbn/core-custom-branding-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-browser-mocks'] --- import kbnCoreCustomBrandingBrowserMocksObj from './kbn_core_custom_branding_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_common.mdx b/api_docs/kbn_core_custom_branding_common.mdx index 885e6d9b699ca..f423a08b9296a 100644 --- a/api_docs/kbn_core_custom_branding_common.mdx +++ b/api_docs/kbn_core_custom_branding_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-common title: "@kbn/core-custom-branding-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-common'] --- import kbnCoreCustomBrandingCommonObj from './kbn_core_custom_branding_common.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server.mdx b/api_docs/kbn_core_custom_branding_server.mdx index 8378a47454f06..f80f77426200d 100644 --- a/api_docs/kbn_core_custom_branding_server.mdx +++ b/api_docs/kbn_core_custom_branding_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server title: "@kbn/core-custom-branding-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server'] --- import kbnCoreCustomBrandingServerObj from './kbn_core_custom_branding_server.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_internal.mdx b/api_docs/kbn_core_custom_branding_server_internal.mdx index 029a69b1f9482..e77560f2d0861 100644 --- a/api_docs/kbn_core_custom_branding_server_internal.mdx +++ b/api_docs/kbn_core_custom_branding_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-internal title: "@kbn/core-custom-branding-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-internal'] --- import kbnCoreCustomBrandingServerInternalObj from './kbn_core_custom_branding_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_custom_branding_server_mocks.mdx b/api_docs/kbn_core_custom_branding_server_mocks.mdx index 3faea73eb0892..6123a5a65192d 100644 --- a/api_docs/kbn_core_custom_branding_server_mocks.mdx +++ b/api_docs/kbn_core_custom_branding_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-custom-branding-server-mocks title: "@kbn/core-custom-branding-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-custom-branding-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-custom-branding-server-mocks'] --- import kbnCoreCustomBrandingServerMocksObj from './kbn_core_custom_branding_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser.mdx b/api_docs/kbn_core_deprecations_browser.mdx index 95eeca208f028..872064b3df1b9 100644 --- a/api_docs/kbn_core_deprecations_browser.mdx +++ b/api_docs/kbn_core_deprecations_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser title: "@kbn/core-deprecations-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser'] --- import kbnCoreDeprecationsBrowserObj from './kbn_core_deprecations_browser.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_internal.mdx b/api_docs/kbn_core_deprecations_browser_internal.mdx index 8809e0da44586..e63139fb73058 100644 --- a/api_docs/kbn_core_deprecations_browser_internal.mdx +++ b/api_docs/kbn_core_deprecations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-internal title: "@kbn/core-deprecations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-internal'] --- import kbnCoreDeprecationsBrowserInternalObj from './kbn_core_deprecations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_browser_mocks.mdx b/api_docs/kbn_core_deprecations_browser_mocks.mdx index 19eba63961e04..58f7db65c14e9 100644 --- a/api_docs/kbn_core_deprecations_browser_mocks.mdx +++ b/api_docs/kbn_core_deprecations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-browser-mocks title: "@kbn/core-deprecations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-browser-mocks'] --- import kbnCoreDeprecationsBrowserMocksObj from './kbn_core_deprecations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_common.mdx b/api_docs/kbn_core_deprecations_common.mdx index 7138342511f2a..d0f9e34e38481 100644 --- a/api_docs/kbn_core_deprecations_common.mdx +++ b/api_docs/kbn_core_deprecations_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-common title: "@kbn/core-deprecations-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-common'] --- import kbnCoreDeprecationsCommonObj from './kbn_core_deprecations_common.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server.mdx b/api_docs/kbn_core_deprecations_server.mdx index 114981efe6fdc..c768ced867f6c 100644 --- a/api_docs/kbn_core_deprecations_server.mdx +++ b/api_docs/kbn_core_deprecations_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server title: "@kbn/core-deprecations-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server'] --- import kbnCoreDeprecationsServerObj from './kbn_core_deprecations_server.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_internal.mdx b/api_docs/kbn_core_deprecations_server_internal.mdx index b1b8561068183..439081e3b9170 100644 --- a/api_docs/kbn_core_deprecations_server_internal.mdx +++ b/api_docs/kbn_core_deprecations_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-internal title: "@kbn/core-deprecations-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-internal'] --- import kbnCoreDeprecationsServerInternalObj from './kbn_core_deprecations_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_deprecations_server_mocks.mdx b/api_docs/kbn_core_deprecations_server_mocks.mdx index 6c54d776d4b21..4dbea8335d921 100644 --- a/api_docs/kbn_core_deprecations_server_mocks.mdx +++ b/api_docs/kbn_core_deprecations_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-deprecations-server-mocks title: "@kbn/core-deprecations-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-deprecations-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-deprecations-server-mocks'] --- import kbnCoreDeprecationsServerMocksObj from './kbn_core_deprecations_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser.mdx b/api_docs/kbn_core_doc_links_browser.mdx index 6e21065e7b3f1..a8c868008710e 100644 --- a/api_docs/kbn_core_doc_links_browser.mdx +++ b/api_docs/kbn_core_doc_links_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser title: "@kbn/core-doc-links-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser'] --- import kbnCoreDocLinksBrowserObj from './kbn_core_doc_links_browser.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_browser_mocks.mdx b/api_docs/kbn_core_doc_links_browser_mocks.mdx index 30c99b193c122..9f741ba7daa8f 100644 --- a/api_docs/kbn_core_doc_links_browser_mocks.mdx +++ b/api_docs/kbn_core_doc_links_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-browser-mocks title: "@kbn/core-doc-links-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-browser-mocks'] --- import kbnCoreDocLinksBrowserMocksObj from './kbn_core_doc_links_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server.mdx b/api_docs/kbn_core_doc_links_server.mdx index 0192b706a5ca9..9f814d1ab7a77 100644 --- a/api_docs/kbn_core_doc_links_server.mdx +++ b/api_docs/kbn_core_doc_links_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server title: "@kbn/core-doc-links-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server'] --- import kbnCoreDocLinksServerObj from './kbn_core_doc_links_server.devdocs.json'; diff --git a/api_docs/kbn_core_doc_links_server_mocks.mdx b/api_docs/kbn_core_doc_links_server_mocks.mdx index 9770a40b94511..0baf54733d3c6 100644 --- a/api_docs/kbn_core_doc_links_server_mocks.mdx +++ b/api_docs/kbn_core_doc_links_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-doc-links-server-mocks title: "@kbn/core-doc-links-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-doc-links-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-doc-links-server-mocks'] --- import kbnCoreDocLinksServerMocksObj from './kbn_core_doc_links_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx index bc9ff9d057401..3e2b4fbfcde94 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-internal title: "@kbn/core-elasticsearch-client-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-internal'] --- import kbnCoreElasticsearchClientServerInternalObj from './kbn_core_elasticsearch_client_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx index 7db92d21054cf..e5deb095e2a55 100644 --- a/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_client_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-client-server-mocks title: "@kbn/core-elasticsearch-client-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-client-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-client-server-mocks'] --- import kbnCoreElasticsearchClientServerMocksObj from './kbn_core_elasticsearch_client_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server.devdocs.json b/api_docs/kbn_core_elasticsearch_server.devdocs.json index 3545ca05a5d0a..14c2183992b42 100644 --- a/api_docs/kbn_core_elasticsearch_server.devdocs.json +++ b/api_docs/kbn_core_elasticsearch_server.devdocs.json @@ -957,6 +957,22 @@ "trackAdoption": false, "children": [], "returnComment": [] + }, + { + "parentPluginId": "@kbn/core-elasticsearch-server", + "id": "def-server.ElasticsearchServiceStart.publicBaseUrl", + "type": "string", + "tags": [], + "label": "publicBaseUrl", + "description": [ + "\nThe public base URL (if any) that should be used by end users to access the Elasticsearch cluster." + ], + "signature": [ + "string | undefined" + ], + "path": "packages/core/elasticsearch/core-elasticsearch-server/src/contracts.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/kbn_core_elasticsearch_server.mdx b/api_docs/kbn_core_elasticsearch_server.mdx index f9e5b295184b1..bb361d8daea6f 100644 --- a/api_docs/kbn_core_elasticsearch_server.mdx +++ b/api_docs/kbn_core_elasticsearch_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server title: "@kbn/core-elasticsearch-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server'] --- import kbnCoreElasticsearchServerObj from './kbn_core_elasticsearch_server.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 117 | 0 | 56 | 0 | +| 118 | 0 | 56 | 0 | ## Server diff --git a/api_docs/kbn_core_elasticsearch_server_internal.mdx b/api_docs/kbn_core_elasticsearch_server_internal.mdx index d9320e2f19a94..ac2e619de320b 100644 --- a/api_docs/kbn_core_elasticsearch_server_internal.mdx +++ b/api_docs/kbn_core_elasticsearch_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-internal title: "@kbn/core-elasticsearch-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-internal'] --- import kbnCoreElasticsearchServerInternalObj from './kbn_core_elasticsearch_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.devdocs.json b/api_docs/kbn_core_elasticsearch_server_mocks.devdocs.json index 702a8890af3d9..7c0baefca2c20 100644 --- a/api_docs/kbn_core_elasticsearch_server_mocks.devdocs.json +++ b/api_docs/kbn_core_elasticsearch_server_mocks.devdocs.json @@ -57,7 +57,7 @@ "label": "MockedElasticSearchServiceStart", "description": [], "signature": [ - "{ getCapabilities: jest.MockInstance<", + "{ readonly publicBaseUrl?: string | undefined; getCapabilities: jest.MockInstance<", { "pluginId": "@kbn/core-elasticsearch-server", "scope": "server", diff --git a/api_docs/kbn_core_elasticsearch_server_mocks.mdx b/api_docs/kbn_core_elasticsearch_server_mocks.mdx index 79aec8ee176e7..715d5c25493b9 100644 --- a/api_docs/kbn_core_elasticsearch_server_mocks.mdx +++ b/api_docs/kbn_core_elasticsearch_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-elasticsearch-server-mocks title: "@kbn/core-elasticsearch-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-elasticsearch-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-elasticsearch-server-mocks'] --- import kbnCoreElasticsearchServerMocksObj from './kbn_core_elasticsearch_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_internal.mdx b/api_docs/kbn_core_environment_server_internal.mdx index 27f5426494047..11bfb9e26df74 100644 --- a/api_docs/kbn_core_environment_server_internal.mdx +++ b/api_docs/kbn_core_environment_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-internal title: "@kbn/core-environment-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-internal'] --- import kbnCoreEnvironmentServerInternalObj from './kbn_core_environment_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_environment_server_mocks.mdx b/api_docs/kbn_core_environment_server_mocks.mdx index bd87bab1c5b88..57cad2b1d4cba 100644 --- a/api_docs/kbn_core_environment_server_mocks.mdx +++ b/api_docs/kbn_core_environment_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-environment-server-mocks title: "@kbn/core-environment-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-environment-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-environment-server-mocks'] --- import kbnCoreEnvironmentServerMocksObj from './kbn_core_environment_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser.mdx b/api_docs/kbn_core_execution_context_browser.mdx index 493bd0a27ad18..2b7452c501110 100644 --- a/api_docs/kbn_core_execution_context_browser.mdx +++ b/api_docs/kbn_core_execution_context_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser title: "@kbn/core-execution-context-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser'] --- import kbnCoreExecutionContextBrowserObj from './kbn_core_execution_context_browser.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_internal.mdx b/api_docs/kbn_core_execution_context_browser_internal.mdx index a8a039c520a7c..293bf0ed890ad 100644 --- a/api_docs/kbn_core_execution_context_browser_internal.mdx +++ b/api_docs/kbn_core_execution_context_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-internal title: "@kbn/core-execution-context-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-internal'] --- import kbnCoreExecutionContextBrowserInternalObj from './kbn_core_execution_context_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_browser_mocks.mdx b/api_docs/kbn_core_execution_context_browser_mocks.mdx index 2acbad65865e9..7f9972d184abe 100644 --- a/api_docs/kbn_core_execution_context_browser_mocks.mdx +++ b/api_docs/kbn_core_execution_context_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-browser-mocks title: "@kbn/core-execution-context-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-browser-mocks'] --- import kbnCoreExecutionContextBrowserMocksObj from './kbn_core_execution_context_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_common.mdx b/api_docs/kbn_core_execution_context_common.mdx index 1dc82cb47712e..bad76c3bd2395 100644 --- a/api_docs/kbn_core_execution_context_common.mdx +++ b/api_docs/kbn_core_execution_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-common title: "@kbn/core-execution-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-common'] --- import kbnCoreExecutionContextCommonObj from './kbn_core_execution_context_common.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server.mdx b/api_docs/kbn_core_execution_context_server.mdx index 5e61dae29dc51..2bbc7849cf89b 100644 --- a/api_docs/kbn_core_execution_context_server.mdx +++ b/api_docs/kbn_core_execution_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server title: "@kbn/core-execution-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server'] --- import kbnCoreExecutionContextServerObj from './kbn_core_execution_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_internal.mdx b/api_docs/kbn_core_execution_context_server_internal.mdx index 9ac71c0ec0e1c..e6d31a8d50c79 100644 --- a/api_docs/kbn_core_execution_context_server_internal.mdx +++ b/api_docs/kbn_core_execution_context_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-internal title: "@kbn/core-execution-context-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-internal'] --- import kbnCoreExecutionContextServerInternalObj from './kbn_core_execution_context_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_execution_context_server_mocks.mdx b/api_docs/kbn_core_execution_context_server_mocks.mdx index b85661f46ce6f..8d5766cf3272b 100644 --- a/api_docs/kbn_core_execution_context_server_mocks.mdx +++ b/api_docs/kbn_core_execution_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-execution-context-server-mocks title: "@kbn/core-execution-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-execution-context-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-execution-context-server-mocks'] --- import kbnCoreExecutionContextServerMocksObj from './kbn_core_execution_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser.mdx b/api_docs/kbn_core_fatal_errors_browser.mdx index 36285c083458c..9c6bd827f7f31 100644 --- a/api_docs/kbn_core_fatal_errors_browser.mdx +++ b/api_docs/kbn_core_fatal_errors_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser title: "@kbn/core-fatal-errors-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser'] --- import kbnCoreFatalErrorsBrowserObj from './kbn_core_fatal_errors_browser.devdocs.json'; diff --git a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx index 7f6720c4cd315..cadbbf580773a 100644 --- a/api_docs/kbn_core_fatal_errors_browser_mocks.mdx +++ b/api_docs/kbn_core_fatal_errors_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-fatal-errors-browser-mocks title: "@kbn/core-fatal-errors-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-fatal-errors-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-fatal-errors-browser-mocks'] --- import kbnCoreFatalErrorsBrowserMocksObj from './kbn_core_fatal_errors_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser.mdx b/api_docs/kbn_core_feature_flags_browser.mdx index 721f50f22c842..0293441f14615 100644 --- a/api_docs/kbn_core_feature_flags_browser.mdx +++ b/api_docs/kbn_core_feature_flags_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser title: "@kbn/core-feature-flags-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser'] --- import kbnCoreFeatureFlagsBrowserObj from './kbn_core_feature_flags_browser.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser_internal.mdx b/api_docs/kbn_core_feature_flags_browser_internal.mdx index 4adc3c21c248c..c163cf40155a6 100644 --- a/api_docs/kbn_core_feature_flags_browser_internal.mdx +++ b/api_docs/kbn_core_feature_flags_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-internal title: "@kbn/core-feature-flags-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-internal'] --- import kbnCoreFeatureFlagsBrowserInternalObj from './kbn_core_feature_flags_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_browser_mocks.mdx b/api_docs/kbn_core_feature_flags_browser_mocks.mdx index 4bf9e3aefedce..94547c6b7132a 100644 --- a/api_docs/kbn_core_feature_flags_browser_mocks.mdx +++ b/api_docs/kbn_core_feature_flags_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-browser-mocks title: "@kbn/core-feature-flags-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-browser-mocks'] --- import kbnCoreFeatureFlagsBrowserMocksObj from './kbn_core_feature_flags_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server.mdx b/api_docs/kbn_core_feature_flags_server.mdx index dde7caaa8329c..3c8e56af7b14d 100644 --- a/api_docs/kbn_core_feature_flags_server.mdx +++ b/api_docs/kbn_core_feature_flags_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server title: "@kbn/core-feature-flags-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server'] --- import kbnCoreFeatureFlagsServerObj from './kbn_core_feature_flags_server.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server_internal.mdx b/api_docs/kbn_core_feature_flags_server_internal.mdx index 347d8d300b904..cc88d175dc185 100644 --- a/api_docs/kbn_core_feature_flags_server_internal.mdx +++ b/api_docs/kbn_core_feature_flags_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-internal title: "@kbn/core-feature-flags-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-internal'] --- import kbnCoreFeatureFlagsServerInternalObj from './kbn_core_feature_flags_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_feature_flags_server_mocks.mdx b/api_docs/kbn_core_feature_flags_server_mocks.mdx index a064a024ed9ed..7e6e6d8b9e539 100644 --- a/api_docs/kbn_core_feature_flags_server_mocks.mdx +++ b/api_docs/kbn_core_feature_flags_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-feature-flags-server-mocks title: "@kbn/core-feature-flags-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-feature-flags-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-feature-flags-server-mocks'] --- import kbnCoreFeatureFlagsServerMocksObj from './kbn_core_feature_flags_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser.mdx b/api_docs/kbn_core_http_browser.mdx index b171b7227d466..6581b27a433f6 100644 --- a/api_docs/kbn_core_http_browser.mdx +++ b/api_docs/kbn_core_http_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser title: "@kbn/core-http-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser'] --- import kbnCoreHttpBrowserObj from './kbn_core_http_browser.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_internal.mdx b/api_docs/kbn_core_http_browser_internal.mdx index 0c6e103b198bb..39563f17dc6e6 100644 --- a/api_docs/kbn_core_http_browser_internal.mdx +++ b/api_docs/kbn_core_http_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-internal title: "@kbn/core-http-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-internal'] --- import kbnCoreHttpBrowserInternalObj from './kbn_core_http_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_browser_mocks.mdx b/api_docs/kbn_core_http_browser_mocks.mdx index c307b34e653c9..de937ef5a9668 100644 --- a/api_docs/kbn_core_http_browser_mocks.mdx +++ b/api_docs/kbn_core_http_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-browser-mocks title: "@kbn/core-http-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-browser-mocks'] --- import kbnCoreHttpBrowserMocksObj from './kbn_core_http_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_common.mdx b/api_docs/kbn_core_http_common.mdx index 783fcd2b09c59..98c590162e705 100644 --- a/api_docs/kbn_core_http_common.mdx +++ b/api_docs/kbn_core_http_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-common title: "@kbn/core-http-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-common'] --- import kbnCoreHttpCommonObj from './kbn_core_http_common.devdocs.json'; diff --git a/api_docs/kbn_core_http_context_server_mocks.mdx b/api_docs/kbn_core_http_context_server_mocks.mdx index 75e523ca0ea52..1fb388fb50455 100644 --- a/api_docs/kbn_core_http_context_server_mocks.mdx +++ b/api_docs/kbn_core_http_context_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-context-server-mocks title: "@kbn/core-http-context-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-context-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-context-server-mocks'] --- import kbnCoreHttpContextServerMocksObj from './kbn_core_http_context_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_request_handler_context_server.mdx b/api_docs/kbn_core_http_request_handler_context_server.mdx index 08145941f03ce..fa0aa8cc8e05f 100644 --- a/api_docs/kbn_core_http_request_handler_context_server.mdx +++ b/api_docs/kbn_core_http_request_handler_context_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-request-handler-context-server title: "@kbn/core-http-request-handler-context-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-request-handler-context-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-request-handler-context-server'] --- import kbnCoreHttpRequestHandlerContextServerObj from './kbn_core_http_request_handler_context_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server.mdx b/api_docs/kbn_core_http_resources_server.mdx index 419ec334f419a..683850b8ea017 100644 --- a/api_docs/kbn_core_http_resources_server.mdx +++ b/api_docs/kbn_core_http_resources_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server title: "@kbn/core-http-resources-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server'] --- import kbnCoreHttpResourcesServerObj from './kbn_core_http_resources_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_internal.mdx b/api_docs/kbn_core_http_resources_server_internal.mdx index e98be0ff713e0..74f803867f54d 100644 --- a/api_docs/kbn_core_http_resources_server_internal.mdx +++ b/api_docs/kbn_core_http_resources_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-internal title: "@kbn/core-http-resources-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-internal'] --- import kbnCoreHttpResourcesServerInternalObj from './kbn_core_http_resources_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_resources_server_mocks.mdx b/api_docs/kbn_core_http_resources_server_mocks.mdx index 67055448954e1..27b6a34ec58fd 100644 --- a/api_docs/kbn_core_http_resources_server_mocks.mdx +++ b/api_docs/kbn_core_http_resources_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-resources-server-mocks title: "@kbn/core-http-resources-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-resources-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-resources-server-mocks'] --- import kbnCoreHttpResourcesServerMocksObj from './kbn_core_http_resources_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_internal.mdx b/api_docs/kbn_core_http_router_server_internal.mdx index 360e51e41af92..5136ae90c0ceb 100644 --- a/api_docs/kbn_core_http_router_server_internal.mdx +++ b/api_docs/kbn_core_http_router_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-internal title: "@kbn/core-http-router-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-internal'] --- import kbnCoreHttpRouterServerInternalObj from './kbn_core_http_router_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_router_server_mocks.mdx b/api_docs/kbn_core_http_router_server_mocks.mdx index bf2a19b47b7fe..3942218a1ab16 100644 --- a/api_docs/kbn_core_http_router_server_mocks.mdx +++ b/api_docs/kbn_core_http_router_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-router-server-mocks title: "@kbn/core-http-router-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-router-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-router-server-mocks'] --- import kbnCoreHttpRouterServerMocksObj from './kbn_core_http_router_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_http_server.devdocs.json b/api_docs/kbn_core_http_server.devdocs.json index 596dec9690097..09c0da0905891 100644 --- a/api_docs/kbn_core_http_server.devdocs.json +++ b/api_docs/kbn_core_http_server.devdocs.json @@ -14254,6 +14254,10 @@ "plugin": "@kbn/core-metrics-server-internal", "path": "packages/core/metrics/core-metrics-server-internal/src/routes/elu_history.ts" }, + { + "plugin": "cloud", + "path": "x-pack/plugins/cloud/server/routes/elasticsearch_routes.ts" + }, { "plugin": "@kbn/core-http-router-server-mocks", "path": "packages/core/http/core-http-router-server-mocks/src/versioned_router.mock.ts" @@ -15022,6 +15026,10 @@ "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/risk_engine/routes/settings.ts" }, + { + "plugin": "securitySolution", + "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/entities/list.ts" + }, { "plugin": "securitySolution", "path": "x-pack/plugins/security_solution/server/lib/entity_analytics/entity_store/routes/get.ts" diff --git a/api_docs/kbn_core_http_server.mdx b/api_docs/kbn_core_http_server.mdx index ec98554b403f5..c4ab7c580b611 100644 --- a/api_docs/kbn_core_http_server.mdx +++ b/api_docs/kbn_core_http_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server title: "@kbn/core-http-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server'] --- import kbnCoreHttpServerObj from './kbn_core_http_server.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_internal.mdx b/api_docs/kbn_core_http_server_internal.mdx index 8ca3c4fac051c..33e9a0c3ade6f 100644 --- a/api_docs/kbn_core_http_server_internal.mdx +++ b/api_docs/kbn_core_http_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-internal title: "@kbn/core-http-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-internal'] --- import kbnCoreHttpServerInternalObj from './kbn_core_http_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_http_server_mocks.mdx b/api_docs/kbn_core_http_server_mocks.mdx index 3b2d889f8f68a..f4075a90bc72e 100644 --- a/api_docs/kbn_core_http_server_mocks.mdx +++ b/api_docs/kbn_core_http_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-http-server-mocks title: "@kbn/core-http-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-http-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-http-server-mocks'] --- import kbnCoreHttpServerMocksObj from './kbn_core_http_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser.mdx b/api_docs/kbn_core_i18n_browser.mdx index bc5eb016cfda0..572b3e7d794d5 100644 --- a/api_docs/kbn_core_i18n_browser.mdx +++ b/api_docs/kbn_core_i18n_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser title: "@kbn/core-i18n-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser'] --- import kbnCoreI18nBrowserObj from './kbn_core_i18n_browser.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_browser_mocks.mdx b/api_docs/kbn_core_i18n_browser_mocks.mdx index 5b01d4a4fe5f1..e2d673d573808 100644 --- a/api_docs/kbn_core_i18n_browser_mocks.mdx +++ b/api_docs/kbn_core_i18n_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-browser-mocks title: "@kbn/core-i18n-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-browser-mocks'] --- import kbnCoreI18nBrowserMocksObj from './kbn_core_i18n_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server.mdx b/api_docs/kbn_core_i18n_server.mdx index 9d29fef8633ea..f6581fb208883 100644 --- a/api_docs/kbn_core_i18n_server.mdx +++ b/api_docs/kbn_core_i18n_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server title: "@kbn/core-i18n-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server'] --- import kbnCoreI18nServerObj from './kbn_core_i18n_server.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_internal.mdx b/api_docs/kbn_core_i18n_server_internal.mdx index 4e41d91702c75..89b76e6a28e09 100644 --- a/api_docs/kbn_core_i18n_server_internal.mdx +++ b/api_docs/kbn_core_i18n_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-internal title: "@kbn/core-i18n-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-internal'] --- import kbnCoreI18nServerInternalObj from './kbn_core_i18n_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_i18n_server_mocks.mdx b/api_docs/kbn_core_i18n_server_mocks.mdx index cc0b5d30f759c..745b7c04b9a98 100644 --- a/api_docs/kbn_core_i18n_server_mocks.mdx +++ b/api_docs/kbn_core_i18n_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-i18n-server-mocks title: "@kbn/core-i18n-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-i18n-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-i18n-server-mocks'] --- import kbnCoreI18nServerMocksObj from './kbn_core_i18n_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx index f0093d24ffa61..1300a21202f63 100644 --- a/api_docs/kbn_core_injected_metadata_browser_mocks.mdx +++ b/api_docs/kbn_core_injected_metadata_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-injected-metadata-browser-mocks title: "@kbn/core-injected-metadata-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-injected-metadata-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-injected-metadata-browser-mocks'] --- import kbnCoreInjectedMetadataBrowserMocksObj from './kbn_core_injected_metadata_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_internal.mdx b/api_docs/kbn_core_integrations_browser_internal.mdx index a61b35955ae35..1504c5944d490 100644 --- a/api_docs/kbn_core_integrations_browser_internal.mdx +++ b/api_docs/kbn_core_integrations_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-internal title: "@kbn/core-integrations-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-internal'] --- import kbnCoreIntegrationsBrowserInternalObj from './kbn_core_integrations_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_integrations_browser_mocks.mdx b/api_docs/kbn_core_integrations_browser_mocks.mdx index 1a8c594ff1b67..b17bb74133b52 100644 --- a/api_docs/kbn_core_integrations_browser_mocks.mdx +++ b/api_docs/kbn_core_integrations_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-integrations-browser-mocks title: "@kbn/core-integrations-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-integrations-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-integrations-browser-mocks'] --- import kbnCoreIntegrationsBrowserMocksObj from './kbn_core_integrations_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser.mdx b/api_docs/kbn_core_lifecycle_browser.mdx index 9e1ece44c430e..01d2f1a69dedc 100644 --- a/api_docs/kbn_core_lifecycle_browser.mdx +++ b/api_docs/kbn_core_lifecycle_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser title: "@kbn/core-lifecycle-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser'] --- import kbnCoreLifecycleBrowserObj from './kbn_core_lifecycle_browser.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_browser_mocks.mdx b/api_docs/kbn_core_lifecycle_browser_mocks.mdx index 30bbd2a10a894..1428d7bba9204 100644 --- a/api_docs/kbn_core_lifecycle_browser_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-browser-mocks title: "@kbn/core-lifecycle-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-browser-mocks'] --- import kbnCoreLifecycleBrowserMocksObj from './kbn_core_lifecycle_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server.mdx b/api_docs/kbn_core_lifecycle_server.mdx index 918a65a7b4b9d..994a83ba82b76 100644 --- a/api_docs/kbn_core_lifecycle_server.mdx +++ b/api_docs/kbn_core_lifecycle_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server title: "@kbn/core-lifecycle-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server'] --- import kbnCoreLifecycleServerObj from './kbn_core_lifecycle_server.devdocs.json'; diff --git a/api_docs/kbn_core_lifecycle_server_mocks.mdx b/api_docs/kbn_core_lifecycle_server_mocks.mdx index c62edeccd0137..070677f5edb47 100644 --- a/api_docs/kbn_core_lifecycle_server_mocks.mdx +++ b/api_docs/kbn_core_lifecycle_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-lifecycle-server-mocks title: "@kbn/core-lifecycle-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-lifecycle-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-lifecycle-server-mocks'] --- import kbnCoreLifecycleServerMocksObj from './kbn_core_lifecycle_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_browser_mocks.mdx b/api_docs/kbn_core_logging_browser_mocks.mdx index 61b094664f764..a784834b0ab25 100644 --- a/api_docs/kbn_core_logging_browser_mocks.mdx +++ b/api_docs/kbn_core_logging_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-browser-mocks title: "@kbn/core-logging-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-browser-mocks'] --- import kbnCoreLoggingBrowserMocksObj from './kbn_core_logging_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_logging_common_internal.mdx b/api_docs/kbn_core_logging_common_internal.mdx index 265325361d25c..435290205514e 100644 --- a/api_docs/kbn_core_logging_common_internal.mdx +++ b/api_docs/kbn_core_logging_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-common-internal title: "@kbn/core-logging-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-common-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-common-internal'] --- import kbnCoreLoggingCommonInternalObj from './kbn_core_logging_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server.mdx b/api_docs/kbn_core_logging_server.mdx index b5f156fe88553..9aa501d7e97c3 100644 --- a/api_docs/kbn_core_logging_server.mdx +++ b/api_docs/kbn_core_logging_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server title: "@kbn/core-logging-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server'] --- import kbnCoreLoggingServerObj from './kbn_core_logging_server.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_internal.mdx b/api_docs/kbn_core_logging_server_internal.mdx index 76967400fea71..e29ff073f19dd 100644 --- a/api_docs/kbn_core_logging_server_internal.mdx +++ b/api_docs/kbn_core_logging_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-internal title: "@kbn/core-logging-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-internal'] --- import kbnCoreLoggingServerInternalObj from './kbn_core_logging_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_logging_server_mocks.mdx b/api_docs/kbn_core_logging_server_mocks.mdx index cbf8741213c0c..c7a164b03f9d8 100644 --- a/api_docs/kbn_core_logging_server_mocks.mdx +++ b/api_docs/kbn_core_logging_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-logging-server-mocks title: "@kbn/core-logging-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-logging-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-logging-server-mocks'] --- import kbnCoreLoggingServerMocksObj from './kbn_core_logging_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_internal.mdx b/api_docs/kbn_core_metrics_collectors_server_internal.mdx index cde4a55c6de8d..d7f31e54092b3 100644 --- a/api_docs/kbn_core_metrics_collectors_server_internal.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-internal title: "@kbn/core-metrics-collectors-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-internal'] --- import kbnCoreMetricsCollectorsServerInternalObj from './kbn_core_metrics_collectors_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx index 2a2cc31da838f..3e2663580b27e 100644 --- a/api_docs/kbn_core_metrics_collectors_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_collectors_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-collectors-server-mocks title: "@kbn/core-metrics-collectors-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-collectors-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-collectors-server-mocks'] --- import kbnCoreMetricsCollectorsServerMocksObj from './kbn_core_metrics_collectors_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server.mdx b/api_docs/kbn_core_metrics_server.mdx index 7d287adca1f2a..20cec39f84f09 100644 --- a/api_docs/kbn_core_metrics_server.mdx +++ b/api_docs/kbn_core_metrics_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server title: "@kbn/core-metrics-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server'] --- import kbnCoreMetricsServerObj from './kbn_core_metrics_server.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_internal.mdx b/api_docs/kbn_core_metrics_server_internal.mdx index b9244ae1abb17..4601edb2a7de4 100644 --- a/api_docs/kbn_core_metrics_server_internal.mdx +++ b/api_docs/kbn_core_metrics_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-internal title: "@kbn/core-metrics-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-internal'] --- import kbnCoreMetricsServerInternalObj from './kbn_core_metrics_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_metrics_server_mocks.mdx b/api_docs/kbn_core_metrics_server_mocks.mdx index 52b920762fbe7..aac17040622d0 100644 --- a/api_docs/kbn_core_metrics_server_mocks.mdx +++ b/api_docs/kbn_core_metrics_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-metrics-server-mocks title: "@kbn/core-metrics-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-metrics-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-metrics-server-mocks'] --- import kbnCoreMetricsServerMocksObj from './kbn_core_metrics_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_mount_utils_browser.mdx b/api_docs/kbn_core_mount_utils_browser.mdx index 218979ff31fc7..6784b9db8fcb7 100644 --- a/api_docs/kbn_core_mount_utils_browser.mdx +++ b/api_docs/kbn_core_mount_utils_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-mount-utils-browser title: "@kbn/core-mount-utils-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-mount-utils-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-mount-utils-browser'] --- import kbnCoreMountUtilsBrowserObj from './kbn_core_mount_utils_browser.devdocs.json'; diff --git a/api_docs/kbn_core_node_server.mdx b/api_docs/kbn_core_node_server.mdx index af7fe8e19e747..5714c0edb0cfe 100644 --- a/api_docs/kbn_core_node_server.mdx +++ b/api_docs/kbn_core_node_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server title: "@kbn/core-node-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server'] --- import kbnCoreNodeServerObj from './kbn_core_node_server.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_internal.mdx b/api_docs/kbn_core_node_server_internal.mdx index 227d7f6a58519..ae966cf6df326 100644 --- a/api_docs/kbn_core_node_server_internal.mdx +++ b/api_docs/kbn_core_node_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-internal title: "@kbn/core-node-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-internal'] --- import kbnCoreNodeServerInternalObj from './kbn_core_node_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_node_server_mocks.mdx b/api_docs/kbn_core_node_server_mocks.mdx index 1e5650e079a85..c0821cca9849f 100644 --- a/api_docs/kbn_core_node_server_mocks.mdx +++ b/api_docs/kbn_core_node_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-node-server-mocks title: "@kbn/core-node-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-node-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-node-server-mocks'] --- import kbnCoreNodeServerMocksObj from './kbn_core_node_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser.mdx b/api_docs/kbn_core_notifications_browser.mdx index 293fe9f0658e1..23e411acec090 100644 --- a/api_docs/kbn_core_notifications_browser.mdx +++ b/api_docs/kbn_core_notifications_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser title: "@kbn/core-notifications-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser'] --- import kbnCoreNotificationsBrowserObj from './kbn_core_notifications_browser.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_internal.mdx b/api_docs/kbn_core_notifications_browser_internal.mdx index 7a253a4d4e978..da6a5a60284c8 100644 --- a/api_docs/kbn_core_notifications_browser_internal.mdx +++ b/api_docs/kbn_core_notifications_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-internal title: "@kbn/core-notifications-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-internal'] --- import kbnCoreNotificationsBrowserInternalObj from './kbn_core_notifications_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_notifications_browser_mocks.mdx b/api_docs/kbn_core_notifications_browser_mocks.mdx index b7cdd17426a7a..93d669b58506c 100644 --- a/api_docs/kbn_core_notifications_browser_mocks.mdx +++ b/api_docs/kbn_core_notifications_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-notifications-browser-mocks title: "@kbn/core-notifications-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-notifications-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-notifications-browser-mocks'] --- import kbnCoreNotificationsBrowserMocksObj from './kbn_core_notifications_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser.mdx b/api_docs/kbn_core_overlays_browser.mdx index c57c89038615e..4a210019f8e46 100644 --- a/api_docs/kbn_core_overlays_browser.mdx +++ b/api_docs/kbn_core_overlays_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser title: "@kbn/core-overlays-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser'] --- import kbnCoreOverlaysBrowserObj from './kbn_core_overlays_browser.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_internal.mdx b/api_docs/kbn_core_overlays_browser_internal.mdx index 4325967630cff..3ce320d69585f 100644 --- a/api_docs/kbn_core_overlays_browser_internal.mdx +++ b/api_docs/kbn_core_overlays_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-internal title: "@kbn/core-overlays-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-internal'] --- import kbnCoreOverlaysBrowserInternalObj from './kbn_core_overlays_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_overlays_browser_mocks.mdx b/api_docs/kbn_core_overlays_browser_mocks.mdx index 0fd92eb1c5461..29240fe4f2445 100644 --- a/api_docs/kbn_core_overlays_browser_mocks.mdx +++ b/api_docs/kbn_core_overlays_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-overlays-browser-mocks title: "@kbn/core-overlays-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-overlays-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-overlays-browser-mocks'] --- import kbnCoreOverlaysBrowserMocksObj from './kbn_core_overlays_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser.mdx b/api_docs/kbn_core_plugins_browser.mdx index 32cf621c34cab..0d0523e658cc9 100644 --- a/api_docs/kbn_core_plugins_browser.mdx +++ b/api_docs/kbn_core_plugins_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser title: "@kbn/core-plugins-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser'] --- import kbnCorePluginsBrowserObj from './kbn_core_plugins_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_browser_mocks.mdx b/api_docs/kbn_core_plugins_browser_mocks.mdx index 49f4f3d274a4c..3ab790b55730e 100644 --- a/api_docs/kbn_core_plugins_browser_mocks.mdx +++ b/api_docs/kbn_core_plugins_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-browser-mocks title: "@kbn/core-plugins-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-browser-mocks'] --- import kbnCorePluginsBrowserMocksObj from './kbn_core_plugins_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_browser.mdx b/api_docs/kbn_core_plugins_contracts_browser.mdx index acf7337fec743..754be4a572a58 100644 --- a/api_docs/kbn_core_plugins_contracts_browser.mdx +++ b/api_docs/kbn_core_plugins_contracts_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-browser title: "@kbn/core-plugins-contracts-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-browser'] --- import kbnCorePluginsContractsBrowserObj from './kbn_core_plugins_contracts_browser.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_contracts_server.mdx b/api_docs/kbn_core_plugins_contracts_server.mdx index 35bd5fc0b188e..ee9582a69e320 100644 --- a/api_docs/kbn_core_plugins_contracts_server.mdx +++ b/api_docs/kbn_core_plugins_contracts_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-contracts-server title: "@kbn/core-plugins-contracts-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-contracts-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-contracts-server'] --- import kbnCorePluginsContractsServerObj from './kbn_core_plugins_contracts_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server.mdx b/api_docs/kbn_core_plugins_server.mdx index 880f5a199861f..b38859c3592d3 100644 --- a/api_docs/kbn_core_plugins_server.mdx +++ b/api_docs/kbn_core_plugins_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server title: "@kbn/core-plugins-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server'] --- import kbnCorePluginsServerObj from './kbn_core_plugins_server.devdocs.json'; diff --git a/api_docs/kbn_core_plugins_server_mocks.mdx b/api_docs/kbn_core_plugins_server_mocks.mdx index c2f1025126f7d..fc208a8c8eadb 100644 --- a/api_docs/kbn_core_plugins_server_mocks.mdx +++ b/api_docs/kbn_core_plugins_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-plugins-server-mocks title: "@kbn/core-plugins-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-plugins-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-plugins-server-mocks'] --- import kbnCorePluginsServerMocksObj from './kbn_core_plugins_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server.mdx b/api_docs/kbn_core_preboot_server.mdx index 72a8de7fea2d5..7e1d2c3bb5d7b 100644 --- a/api_docs/kbn_core_preboot_server.mdx +++ b/api_docs/kbn_core_preboot_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server title: "@kbn/core-preboot-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server'] --- import kbnCorePrebootServerObj from './kbn_core_preboot_server.devdocs.json'; diff --git a/api_docs/kbn_core_preboot_server_mocks.mdx b/api_docs/kbn_core_preboot_server_mocks.mdx index 7379ba432d315..dc1363e7d04d7 100644 --- a/api_docs/kbn_core_preboot_server_mocks.mdx +++ b/api_docs/kbn_core_preboot_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-preboot-server-mocks title: "@kbn/core-preboot-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-preboot-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-preboot-server-mocks'] --- import kbnCorePrebootServerMocksObj from './kbn_core_preboot_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_browser_mocks.mdx b/api_docs/kbn_core_rendering_browser_mocks.mdx index 7a61372f6c497..60a9a00f25a98 100644 --- a/api_docs/kbn_core_rendering_browser_mocks.mdx +++ b/api_docs/kbn_core_rendering_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-browser-mocks title: "@kbn/core-rendering-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-browser-mocks'] --- import kbnCoreRenderingBrowserMocksObj from './kbn_core_rendering_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_internal.mdx b/api_docs/kbn_core_rendering_server_internal.mdx index 52ebd954afd30..a5c9f1dc465bd 100644 --- a/api_docs/kbn_core_rendering_server_internal.mdx +++ b/api_docs/kbn_core_rendering_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-internal title: "@kbn/core-rendering-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-internal'] --- import kbnCoreRenderingServerInternalObj from './kbn_core_rendering_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_rendering_server_mocks.mdx b/api_docs/kbn_core_rendering_server_mocks.mdx index 12f4aeb686c10..4fad97ab7aac1 100644 --- a/api_docs/kbn_core_rendering_server_mocks.mdx +++ b/api_docs/kbn_core_rendering_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-rendering-server-mocks title: "@kbn/core-rendering-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-rendering-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-rendering-server-mocks'] --- import kbnCoreRenderingServerMocksObj from './kbn_core_rendering_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_root_server_internal.mdx b/api_docs/kbn_core_root_server_internal.mdx index a4fd7a6a7ae33..f32003757cc90 100644 --- a/api_docs/kbn_core_root_server_internal.mdx +++ b/api_docs/kbn_core_root_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-root-server-internal title: "@kbn/core-root-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-root-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-root-server-internal'] --- import kbnCoreRootServerInternalObj from './kbn_core_root_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_browser.mdx b/api_docs/kbn_core_saved_objects_api_browser.mdx index ef6ae34fe7fb2..9f707d1d6e060 100644 --- a/api_docs/kbn_core_saved_objects_api_browser.mdx +++ b/api_docs/kbn_core_saved_objects_api_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-browser title: "@kbn/core-saved-objects-api-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-browser'] --- import kbnCoreSavedObjectsApiBrowserObj from './kbn_core_saved_objects_api_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server.mdx b/api_docs/kbn_core_saved_objects_api_server.mdx index 6e0acbec6b85f..50f69840d6595 100644 --- a/api_docs/kbn_core_saved_objects_api_server.mdx +++ b/api_docs/kbn_core_saved_objects_api_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server title: "@kbn/core-saved-objects-api-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server'] --- import kbnCoreSavedObjectsApiServerObj from './kbn_core_saved_objects_api_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx index baf5fa1b3c012..1de78b7a10488 100644 --- a/api_docs/kbn_core_saved_objects_api_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_api_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-api-server-mocks title: "@kbn/core-saved-objects-api-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-api-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-api-server-mocks'] --- import kbnCoreSavedObjectsApiServerMocksObj from './kbn_core_saved_objects_api_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_internal.mdx b/api_docs/kbn_core_saved_objects_base_server_internal.mdx index cdd5aa9c2012f..9fdb3f23ed250 100644 --- a/api_docs/kbn_core_saved_objects_base_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-internal title: "@kbn/core-saved-objects-base-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-internal'] --- import kbnCoreSavedObjectsBaseServerInternalObj from './kbn_core_saved_objects_base_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx index b3f47b74192a0..7b9e79b6ff359 100644 --- a/api_docs/kbn_core_saved_objects_base_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_base_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-base-server-mocks title: "@kbn/core-saved-objects-base-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-base-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-base-server-mocks'] --- import kbnCoreSavedObjectsBaseServerMocksObj from './kbn_core_saved_objects_base_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser.mdx b/api_docs/kbn_core_saved_objects_browser.mdx index ad0c6561409e5..113598d0cce62 100644 --- a/api_docs/kbn_core_saved_objects_browser.mdx +++ b/api_docs/kbn_core_saved_objects_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser title: "@kbn/core-saved-objects-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser'] --- import kbnCoreSavedObjectsBrowserObj from './kbn_core_saved_objects_browser.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_internal.mdx b/api_docs/kbn_core_saved_objects_browser_internal.mdx index fcb23d250cb68..ad7018f0925a1 100644 --- a/api_docs/kbn_core_saved_objects_browser_internal.mdx +++ b/api_docs/kbn_core_saved_objects_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-internal title: "@kbn/core-saved-objects-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-internal'] --- import kbnCoreSavedObjectsBrowserInternalObj from './kbn_core_saved_objects_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_browser_mocks.mdx b/api_docs/kbn_core_saved_objects_browser_mocks.mdx index a7febcbf41a4b..b265190a58015 100644 --- a/api_docs/kbn_core_saved_objects_browser_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-browser-mocks title: "@kbn/core-saved-objects-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-browser-mocks'] --- import kbnCoreSavedObjectsBrowserMocksObj from './kbn_core_saved_objects_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_common.mdx b/api_docs/kbn_core_saved_objects_common.mdx index 85ea8df422479..b1a6ea2f55cfa 100644 --- a/api_docs/kbn_core_saved_objects_common.mdx +++ b/api_docs/kbn_core_saved_objects_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-common title: "@kbn/core-saved-objects-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-common'] --- import kbnCoreSavedObjectsCommonObj from './kbn_core_saved_objects_common.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx index 183db1bf3bc09..0e9fbb6164f8c 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-internal title: "@kbn/core-saved-objects-import-export-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-internal'] --- import kbnCoreSavedObjectsImportExportServerInternalObj from './kbn_core_saved_objects_import_export_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx index a0d0f3383026a..d29d87fd91bae 100644 --- a/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_import_export_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-import-export-server-mocks title: "@kbn/core-saved-objects-import-export-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-import-export-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-import-export-server-mocks'] --- import kbnCoreSavedObjectsImportExportServerMocksObj from './kbn_core_saved_objects_import_export_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx index 79b2f88a87ceb..068a045258233 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-internal title: "@kbn/core-saved-objects-migration-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-internal'] --- import kbnCoreSavedObjectsMigrationServerInternalObj from './kbn_core_saved_objects_migration_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx index 3cac016901f49..a3f59f852bd1e 100644 --- a/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_migration_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-migration-server-mocks title: "@kbn/core-saved-objects-migration-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-migration-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-migration-server-mocks'] --- import kbnCoreSavedObjectsMigrationServerMocksObj from './kbn_core_saved_objects_migration_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server.mdx b/api_docs/kbn_core_saved_objects_server.mdx index 3222ed47c2a67..41e0f0ff877d7 100644 --- a/api_docs/kbn_core_saved_objects_server.mdx +++ b/api_docs/kbn_core_saved_objects_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server title: "@kbn/core-saved-objects-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server'] --- import kbnCoreSavedObjectsServerObj from './kbn_core_saved_objects_server.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_internal.mdx b/api_docs/kbn_core_saved_objects_server_internal.mdx index ac9bac4acd090..182ac9ef9ff42 100644 --- a/api_docs/kbn_core_saved_objects_server_internal.mdx +++ b/api_docs/kbn_core_saved_objects_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-internal title: "@kbn/core-saved-objects-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-internal'] --- import kbnCoreSavedObjectsServerInternalObj from './kbn_core_saved_objects_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_server_mocks.mdx b/api_docs/kbn_core_saved_objects_server_mocks.mdx index f6db8b2f291af..05478dd57cd3f 100644 --- a/api_docs/kbn_core_saved_objects_server_mocks.mdx +++ b/api_docs/kbn_core_saved_objects_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-server-mocks title: "@kbn/core-saved-objects-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-server-mocks'] --- import kbnCoreSavedObjectsServerMocksObj from './kbn_core_saved_objects_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_saved_objects_utils_server.mdx b/api_docs/kbn_core_saved_objects_utils_server.mdx index c8ae50e55ecb2..88804661dee3e 100644 --- a/api_docs/kbn_core_saved_objects_utils_server.mdx +++ b/api_docs/kbn_core_saved_objects_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-saved-objects-utils-server title: "@kbn/core-saved-objects-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-saved-objects-utils-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-saved-objects-utils-server'] --- import kbnCoreSavedObjectsUtilsServerObj from './kbn_core_saved_objects_utils_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser.mdx b/api_docs/kbn_core_security_browser.mdx index 9c4e71a7025e8..2b07674a841ff 100644 --- a/api_docs/kbn_core_security_browser.mdx +++ b/api_docs/kbn_core_security_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser title: "@kbn/core-security-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser'] --- import kbnCoreSecurityBrowserObj from './kbn_core_security_browser.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_internal.mdx b/api_docs/kbn_core_security_browser_internal.mdx index 0ab0ee9c212c1..404934cb202e4 100644 --- a/api_docs/kbn_core_security_browser_internal.mdx +++ b/api_docs/kbn_core_security_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-internal title: "@kbn/core-security-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-internal'] --- import kbnCoreSecurityBrowserInternalObj from './kbn_core_security_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_browser_mocks.mdx b/api_docs/kbn_core_security_browser_mocks.mdx index afd04a105f1db..370b685a57c70 100644 --- a/api_docs/kbn_core_security_browser_mocks.mdx +++ b/api_docs/kbn_core_security_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-browser-mocks title: "@kbn/core-security-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-browser-mocks'] --- import kbnCoreSecurityBrowserMocksObj from './kbn_core_security_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_security_common.mdx b/api_docs/kbn_core_security_common.mdx index d353a9c2b523b..fca01cc52a684 100644 --- a/api_docs/kbn_core_security_common.mdx +++ b/api_docs/kbn_core_security_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-common title: "@kbn/core-security-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-common'] --- import kbnCoreSecurityCommonObj from './kbn_core_security_common.devdocs.json'; diff --git a/api_docs/kbn_core_security_server.mdx b/api_docs/kbn_core_security_server.mdx index 24b5bcfc91c68..1d05dc4eda100 100644 --- a/api_docs/kbn_core_security_server.mdx +++ b/api_docs/kbn_core_security_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server title: "@kbn/core-security-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server'] --- import kbnCoreSecurityServerObj from './kbn_core_security_server.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_internal.mdx b/api_docs/kbn_core_security_server_internal.mdx index 31ac9a9c160d4..0b31c9f906cca 100644 --- a/api_docs/kbn_core_security_server_internal.mdx +++ b/api_docs/kbn_core_security_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-internal title: "@kbn/core-security-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-internal'] --- import kbnCoreSecurityServerInternalObj from './kbn_core_security_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_security_server_mocks.mdx b/api_docs/kbn_core_security_server_mocks.mdx index 813c10bea560b..6dea71309d750 100644 --- a/api_docs/kbn_core_security_server_mocks.mdx +++ b/api_docs/kbn_core_security_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-security-server-mocks title: "@kbn/core-security-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-security-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-security-server-mocks'] --- import kbnCoreSecurityServerMocksObj from './kbn_core_security_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_status_common.mdx b/api_docs/kbn_core_status_common.mdx index 74afc99042dd7..27c3150dfa9e8 100644 --- a/api_docs/kbn_core_status_common.mdx +++ b/api_docs/kbn_core_status_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common title: "@kbn/core-status-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common'] --- import kbnCoreStatusCommonObj from './kbn_core_status_common.devdocs.json'; diff --git a/api_docs/kbn_core_status_common_internal.mdx b/api_docs/kbn_core_status_common_internal.mdx index d6fa421bd715d..2938d7935e408 100644 --- a/api_docs/kbn_core_status_common_internal.mdx +++ b/api_docs/kbn_core_status_common_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-common-internal title: "@kbn/core-status-common-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-common-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-common-internal'] --- import kbnCoreStatusCommonInternalObj from './kbn_core_status_common_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server.mdx b/api_docs/kbn_core_status_server.mdx index 838543bb56e4a..167264cf6968a 100644 --- a/api_docs/kbn_core_status_server.mdx +++ b/api_docs/kbn_core_status_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server title: "@kbn/core-status-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server'] --- import kbnCoreStatusServerObj from './kbn_core_status_server.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_internal.mdx b/api_docs/kbn_core_status_server_internal.mdx index c5b80b2fc4937..e328391fdfccb 100644 --- a/api_docs/kbn_core_status_server_internal.mdx +++ b/api_docs/kbn_core_status_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-internal title: "@kbn/core-status-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-internal'] --- import kbnCoreStatusServerInternalObj from './kbn_core_status_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_status_server_mocks.mdx b/api_docs/kbn_core_status_server_mocks.mdx index 43a04efe19a16..0a749cde2d3fe 100644 --- a/api_docs/kbn_core_status_server_mocks.mdx +++ b/api_docs/kbn_core_status_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-status-server-mocks title: "@kbn/core-status-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-status-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-status-server-mocks'] --- import kbnCoreStatusServerMocksObj from './kbn_core_status_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx index a27bfd67a5878..b2447ca543b20 100644 --- a/api_docs/kbn_core_test_helpers_deprecations_getters.mdx +++ b/api_docs/kbn_core_test_helpers_deprecations_getters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-deprecations-getters title: "@kbn/core-test-helpers-deprecations-getters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-deprecations-getters plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-deprecations-getters'] --- import kbnCoreTestHelpersDeprecationsGettersObj from './kbn_core_test_helpers_deprecations_getters.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx index 9797e8efd6441..8a32872c2f4f3 100644 --- a/api_docs/kbn_core_test_helpers_http_setup_browser.mdx +++ b/api_docs/kbn_core_test_helpers_http_setup_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-http-setup-browser title: "@kbn/core-test-helpers-http-setup-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-http-setup-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-http-setup-browser'] --- import kbnCoreTestHelpersHttpSetupBrowserObj from './kbn_core_test_helpers_http_setup_browser.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_kbn_server.mdx b/api_docs/kbn_core_test_helpers_kbn_server.mdx index 488ab75c77f46..22e77d7c7f3f1 100644 --- a/api_docs/kbn_core_test_helpers_kbn_server.mdx +++ b/api_docs/kbn_core_test_helpers_kbn_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-kbn-server title: "@kbn/core-test-helpers-kbn-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-kbn-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-kbn-server'] --- import kbnCoreTestHelpersKbnServerObj from './kbn_core_test_helpers_kbn_server.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_model_versions.mdx b/api_docs/kbn_core_test_helpers_model_versions.mdx index a3cc6ea4fad3c..85ea3227f70f6 100644 --- a/api_docs/kbn_core_test_helpers_model_versions.mdx +++ b/api_docs/kbn_core_test_helpers_model_versions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-model-versions title: "@kbn/core-test-helpers-model-versions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-model-versions plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-model-versions'] --- import kbnCoreTestHelpersModelVersionsObj from './kbn_core_test_helpers_model_versions.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx index f8874ce76e1b7..8084cd7052ff6 100644 --- a/api_docs/kbn_core_test_helpers_so_type_serializer.mdx +++ b/api_docs/kbn_core_test_helpers_so_type_serializer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-so-type-serializer title: "@kbn/core-test-helpers-so-type-serializer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-so-type-serializer plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-so-type-serializer'] --- import kbnCoreTestHelpersSoTypeSerializerObj from './kbn_core_test_helpers_so_type_serializer.devdocs.json'; diff --git a/api_docs/kbn_core_test_helpers_test_utils.mdx b/api_docs/kbn_core_test_helpers_test_utils.mdx index 2319a612e64e5..ddf102f4269cf 100644 --- a/api_docs/kbn_core_test_helpers_test_utils.mdx +++ b/api_docs/kbn_core_test_helpers_test_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-test-helpers-test-utils title: "@kbn/core-test-helpers-test-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-test-helpers-test-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-test-helpers-test-utils'] --- import kbnCoreTestHelpersTestUtilsObj from './kbn_core_test_helpers_test_utils.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser.mdx b/api_docs/kbn_core_theme_browser.mdx index 59f15638d97b2..08e292b39c766 100644 --- a/api_docs/kbn_core_theme_browser.mdx +++ b/api_docs/kbn_core_theme_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser title: "@kbn/core-theme-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser'] --- import kbnCoreThemeBrowserObj from './kbn_core_theme_browser.devdocs.json'; diff --git a/api_docs/kbn_core_theme_browser_mocks.mdx b/api_docs/kbn_core_theme_browser_mocks.mdx index 8639a38de2794..3f09d8540b65e 100644 --- a/api_docs/kbn_core_theme_browser_mocks.mdx +++ b/api_docs/kbn_core_theme_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-theme-browser-mocks title: "@kbn/core-theme-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-theme-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-theme-browser-mocks'] --- import kbnCoreThemeBrowserMocksObj from './kbn_core_theme_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser.mdx b/api_docs/kbn_core_ui_settings_browser.mdx index a98c7c5327526..33ce5b9b9046c 100644 --- a/api_docs/kbn_core_ui_settings_browser.mdx +++ b/api_docs/kbn_core_ui_settings_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser title: "@kbn/core-ui-settings-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser'] --- import kbnCoreUiSettingsBrowserObj from './kbn_core_ui_settings_browser.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_internal.mdx b/api_docs/kbn_core_ui_settings_browser_internal.mdx index 1c6733f6168d8..e3a7d3448de4b 100644 --- a/api_docs/kbn_core_ui_settings_browser_internal.mdx +++ b/api_docs/kbn_core_ui_settings_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-internal title: "@kbn/core-ui-settings-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-internal'] --- import kbnCoreUiSettingsBrowserInternalObj from './kbn_core_ui_settings_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_browser_mocks.mdx b/api_docs/kbn_core_ui_settings_browser_mocks.mdx index dc28783a5a3b8..244ace3d1d5a4 100644 --- a/api_docs/kbn_core_ui_settings_browser_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-browser-mocks title: "@kbn/core-ui-settings-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-browser-mocks'] --- import kbnCoreUiSettingsBrowserMocksObj from './kbn_core_ui_settings_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_common.mdx b/api_docs/kbn_core_ui_settings_common.mdx index ae084b9ccaba1..f04725ac0f4a2 100644 --- a/api_docs/kbn_core_ui_settings_common.mdx +++ b/api_docs/kbn_core_ui_settings_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-common title: "@kbn/core-ui-settings-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-common'] --- import kbnCoreUiSettingsCommonObj from './kbn_core_ui_settings_common.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server.mdx b/api_docs/kbn_core_ui_settings_server.mdx index 267e0e4e4bfc8..fa0cedc6cc5bc 100644 --- a/api_docs/kbn_core_ui_settings_server.mdx +++ b/api_docs/kbn_core_ui_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server title: "@kbn/core-ui-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server'] --- import kbnCoreUiSettingsServerObj from './kbn_core_ui_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_internal.mdx b/api_docs/kbn_core_ui_settings_server_internal.mdx index b2f3c4053e77a..afa4b334e2ca7 100644 --- a/api_docs/kbn_core_ui_settings_server_internal.mdx +++ b/api_docs/kbn_core_ui_settings_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-internal title: "@kbn/core-ui-settings-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-internal'] --- import kbnCoreUiSettingsServerInternalObj from './kbn_core_ui_settings_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_ui_settings_server_mocks.mdx b/api_docs/kbn_core_ui_settings_server_mocks.mdx index 0138052aface8..f841888198821 100644 --- a/api_docs/kbn_core_ui_settings_server_mocks.mdx +++ b/api_docs/kbn_core_ui_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-ui-settings-server-mocks title: "@kbn/core-ui-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-ui-settings-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-ui-settings-server-mocks'] --- import kbnCoreUiSettingsServerMocksObj from './kbn_core_ui_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server.mdx b/api_docs/kbn_core_usage_data_server.mdx index 23e208f2e7f89..416271b709016 100644 --- a/api_docs/kbn_core_usage_data_server.mdx +++ b/api_docs/kbn_core_usage_data_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server title: "@kbn/core-usage-data-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server'] --- import kbnCoreUsageDataServerObj from './kbn_core_usage_data_server.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_internal.mdx b/api_docs/kbn_core_usage_data_server_internal.mdx index 03b49ca093c2c..2250c920259d8 100644 --- a/api_docs/kbn_core_usage_data_server_internal.mdx +++ b/api_docs/kbn_core_usage_data_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-internal title: "@kbn/core-usage-data-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-internal'] --- import kbnCoreUsageDataServerInternalObj from './kbn_core_usage_data_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_usage_data_server_mocks.mdx b/api_docs/kbn_core_usage_data_server_mocks.mdx index 2ab7bd0f61d84..ef6d57ac016a0 100644 --- a/api_docs/kbn_core_usage_data_server_mocks.mdx +++ b/api_docs/kbn_core_usage_data_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-usage-data-server-mocks title: "@kbn/core-usage-data-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-usage-data-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-usage-data-server-mocks'] --- import kbnCoreUsageDataServerMocksObj from './kbn_core_usage_data_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser.mdx b/api_docs/kbn_core_user_profile_browser.mdx index f91a24a336c01..b00ee8f92391a 100644 --- a/api_docs/kbn_core_user_profile_browser.mdx +++ b/api_docs/kbn_core_user_profile_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser title: "@kbn/core-user-profile-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser'] --- import kbnCoreUserProfileBrowserObj from './kbn_core_user_profile_browser.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_internal.mdx b/api_docs/kbn_core_user_profile_browser_internal.mdx index ff826573a9684..dcda0d2da190d 100644 --- a/api_docs/kbn_core_user_profile_browser_internal.mdx +++ b/api_docs/kbn_core_user_profile_browser_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-internal title: "@kbn/core-user-profile-browser-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-internal'] --- import kbnCoreUserProfileBrowserInternalObj from './kbn_core_user_profile_browser_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_browser_mocks.mdx b/api_docs/kbn_core_user_profile_browser_mocks.mdx index 348819d00a654..b641b8aab8423 100644 --- a/api_docs/kbn_core_user_profile_browser_mocks.mdx +++ b/api_docs/kbn_core_user_profile_browser_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-browser-mocks title: "@kbn/core-user-profile-browser-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-browser-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-browser-mocks'] --- import kbnCoreUserProfileBrowserMocksObj from './kbn_core_user_profile_browser_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_common.mdx b/api_docs/kbn_core_user_profile_common.mdx index dc800b585b00f..e88c9817c8bd6 100644 --- a/api_docs/kbn_core_user_profile_common.mdx +++ b/api_docs/kbn_core_user_profile_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-common title: "@kbn/core-user-profile-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-common'] --- import kbnCoreUserProfileCommonObj from './kbn_core_user_profile_common.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server.mdx b/api_docs/kbn_core_user_profile_server.mdx index e374be651f4b5..6757aa3cbbbde 100644 --- a/api_docs/kbn_core_user_profile_server.mdx +++ b/api_docs/kbn_core_user_profile_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server title: "@kbn/core-user-profile-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server'] --- import kbnCoreUserProfileServerObj from './kbn_core_user_profile_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_internal.mdx b/api_docs/kbn_core_user_profile_server_internal.mdx index 43b0071abf07c..b485c8d65ee70 100644 --- a/api_docs/kbn_core_user_profile_server_internal.mdx +++ b/api_docs/kbn_core_user_profile_server_internal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-internal title: "@kbn/core-user-profile-server-internal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-internal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-internal'] --- import kbnCoreUserProfileServerInternalObj from './kbn_core_user_profile_server_internal.devdocs.json'; diff --git a/api_docs/kbn_core_user_profile_server_mocks.mdx b/api_docs/kbn_core_user_profile_server_mocks.mdx index 2764d8ba5fc96..09f2e8d0aa38f 100644 --- a/api_docs/kbn_core_user_profile_server_mocks.mdx +++ b/api_docs/kbn_core_user_profile_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-profile-server-mocks title: "@kbn/core-user-profile-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-profile-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-profile-server-mocks'] --- import kbnCoreUserProfileServerMocksObj from './kbn_core_user_profile_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server.mdx b/api_docs/kbn_core_user_settings_server.mdx index 35c2ee31fa934..789b890f63a8a 100644 --- a/api_docs/kbn_core_user_settings_server.mdx +++ b/api_docs/kbn_core_user_settings_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server title: "@kbn/core-user-settings-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server'] --- import kbnCoreUserSettingsServerObj from './kbn_core_user_settings_server.devdocs.json'; diff --git a/api_docs/kbn_core_user_settings_server_mocks.mdx b/api_docs/kbn_core_user_settings_server_mocks.mdx index a732a9fbedef4..92bea164a66b6 100644 --- a/api_docs/kbn_core_user_settings_server_mocks.mdx +++ b/api_docs/kbn_core_user_settings_server_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-core-user-settings-server-mocks title: "@kbn/core-user-settings-server-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/core-user-settings-server-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/core-user-settings-server-mocks'] --- import kbnCoreUserSettingsServerMocksObj from './kbn_core_user_settings_server_mocks.devdocs.json'; diff --git a/api_docs/kbn_crypto.mdx b/api_docs/kbn_crypto.mdx index ef96ea8134557..4da22952fe0b1 100644 --- a/api_docs/kbn_crypto.mdx +++ b/api_docs/kbn_crypto.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto title: "@kbn/crypto" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto'] --- import kbnCryptoObj from './kbn_crypto.devdocs.json'; diff --git a/api_docs/kbn_crypto_browser.mdx b/api_docs/kbn_crypto_browser.mdx index 2c14b8dcfabd2..40d3518592a6a 100644 --- a/api_docs/kbn_crypto_browser.mdx +++ b/api_docs/kbn_crypto_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-crypto-browser title: "@kbn/crypto-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/crypto-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/crypto-browser'] --- import kbnCryptoBrowserObj from './kbn_crypto_browser.devdocs.json'; diff --git a/api_docs/kbn_custom_icons.mdx b/api_docs/kbn_custom_icons.mdx index e224835db716b..677203ee949f2 100644 --- a/api_docs/kbn_custom_icons.mdx +++ b/api_docs/kbn_custom_icons.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-icons title: "@kbn/custom-icons" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-icons plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-icons'] --- import kbnCustomIconsObj from './kbn_custom_icons.devdocs.json'; diff --git a/api_docs/kbn_custom_integrations.mdx b/api_docs/kbn_custom_integrations.mdx index 7e0766f0b7f6d..789df75ad4612 100644 --- a/api_docs/kbn_custom_integrations.mdx +++ b/api_docs/kbn_custom_integrations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-custom-integrations title: "@kbn/custom-integrations" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/custom-integrations plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/custom-integrations'] --- import kbnCustomIntegrationsObj from './kbn_custom_integrations.devdocs.json'; diff --git a/api_docs/kbn_cypress_config.mdx b/api_docs/kbn_cypress_config.mdx index 5d73c513b34d8..6b13bbb320acf 100644 --- a/api_docs/kbn_cypress_config.mdx +++ b/api_docs/kbn_cypress_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-cypress-config title: "@kbn/cypress-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/cypress-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/cypress-config'] --- import kbnCypressConfigObj from './kbn_cypress_config.devdocs.json'; diff --git a/api_docs/kbn_data_forge.mdx b/api_docs/kbn_data_forge.mdx index 9fe39337f0d2e..7c3643b70bf25 100644 --- a/api_docs/kbn_data_forge.mdx +++ b/api_docs/kbn_data_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-forge title: "@kbn/data-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-forge plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-forge'] --- import kbnDataForgeObj from './kbn_data_forge.devdocs.json'; diff --git a/api_docs/kbn_data_service.mdx b/api_docs/kbn_data_service.mdx index 01cb913d8e2f1..796a710bcf2ec 100644 --- a/api_docs/kbn_data_service.mdx +++ b/api_docs/kbn_data_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-service title: "@kbn/data-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-service plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-service'] --- import kbnDataServiceObj from './kbn_data_service.devdocs.json'; diff --git a/api_docs/kbn_data_stream_adapter.mdx b/api_docs/kbn_data_stream_adapter.mdx index 820f980a44b5f..5f9c0221fb775 100644 --- a/api_docs/kbn_data_stream_adapter.mdx +++ b/api_docs/kbn_data_stream_adapter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-stream-adapter title: "@kbn/data-stream-adapter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-stream-adapter plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-stream-adapter'] --- import kbnDataStreamAdapterObj from './kbn_data_stream_adapter.devdocs.json'; diff --git a/api_docs/kbn_data_view_utils.mdx b/api_docs/kbn_data_view_utils.mdx index cfbe27366c0bb..ff65b6aa2b1c3 100644 --- a/api_docs/kbn_data_view_utils.mdx +++ b/api_docs/kbn_data_view_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-data-view-utils title: "@kbn/data-view-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/data-view-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/data-view-utils'] --- import kbnDataViewUtilsObj from './kbn_data_view_utils.devdocs.json'; diff --git a/api_docs/kbn_datemath.mdx b/api_docs/kbn_datemath.mdx index ac8083f8a15c0..90801531cfb7d 100644 --- a/api_docs/kbn_datemath.mdx +++ b/api_docs/kbn_datemath.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-datemath title: "@kbn/datemath" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/datemath plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/datemath'] --- import kbnDatemathObj from './kbn_datemath.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_analytics.mdx b/api_docs/kbn_deeplinks_analytics.mdx index 50311c9db5306..8a0af7518fac0 100644 --- a/api_docs/kbn_deeplinks_analytics.mdx +++ b/api_docs/kbn_deeplinks_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-analytics title: "@kbn/deeplinks-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-analytics plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-analytics'] --- import kbnDeeplinksAnalyticsObj from './kbn_deeplinks_analytics.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_devtools.mdx b/api_docs/kbn_deeplinks_devtools.mdx index 337c676120115..584d52922b71b 100644 --- a/api_docs/kbn_deeplinks_devtools.mdx +++ b/api_docs/kbn_deeplinks_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-devtools title: "@kbn/deeplinks-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-devtools plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-devtools'] --- import kbnDeeplinksDevtoolsObj from './kbn_deeplinks_devtools.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_fleet.mdx b/api_docs/kbn_deeplinks_fleet.mdx index 8b3373aca1ad5..66f41a3165955 100644 --- a/api_docs/kbn_deeplinks_fleet.mdx +++ b/api_docs/kbn_deeplinks_fleet.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-fleet title: "@kbn/deeplinks-fleet" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-fleet plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-fleet'] --- import kbnDeeplinksFleetObj from './kbn_deeplinks_fleet.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_management.mdx b/api_docs/kbn_deeplinks_management.mdx index 3bf7efc8b1594..60ef86014accb 100644 --- a/api_docs/kbn_deeplinks_management.mdx +++ b/api_docs/kbn_deeplinks_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-management title: "@kbn/deeplinks-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-management plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-management'] --- import kbnDeeplinksManagementObj from './kbn_deeplinks_management.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_ml.mdx b/api_docs/kbn_deeplinks_ml.mdx index bcf0ef4b1c7f2..da561029a8f40 100644 --- a/api_docs/kbn_deeplinks_ml.mdx +++ b/api_docs/kbn_deeplinks_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-ml title: "@kbn/deeplinks-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-ml plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-ml'] --- import kbnDeeplinksMlObj from './kbn_deeplinks_ml.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_observability.mdx b/api_docs/kbn_deeplinks_observability.mdx index fd80b8d4ce088..66424a2fa8250 100644 --- a/api_docs/kbn_deeplinks_observability.mdx +++ b/api_docs/kbn_deeplinks_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-observability title: "@kbn/deeplinks-observability" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-observability plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-observability'] --- import kbnDeeplinksObservabilityObj from './kbn_deeplinks_observability.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_search.mdx b/api_docs/kbn_deeplinks_search.mdx index 41d8058035c8b..8d84d81c1579c 100644 --- a/api_docs/kbn_deeplinks_search.mdx +++ b/api_docs/kbn_deeplinks_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-search title: "@kbn/deeplinks-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-search plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-search'] --- import kbnDeeplinksSearchObj from './kbn_deeplinks_search.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_security.mdx b/api_docs/kbn_deeplinks_security.mdx index 359cfe71e10f1..eef7d14f86dd2 100644 --- a/api_docs/kbn_deeplinks_security.mdx +++ b/api_docs/kbn_deeplinks_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-security title: "@kbn/deeplinks-security" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-security plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-security'] --- import kbnDeeplinksSecurityObj from './kbn_deeplinks_security.devdocs.json'; diff --git a/api_docs/kbn_deeplinks_shared.mdx b/api_docs/kbn_deeplinks_shared.mdx index 7e8ef2ed9adc4..66f4832448278 100644 --- a/api_docs/kbn_deeplinks_shared.mdx +++ b/api_docs/kbn_deeplinks_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-deeplinks-shared title: "@kbn/deeplinks-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/deeplinks-shared plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/deeplinks-shared'] --- import kbnDeeplinksSharedObj from './kbn_deeplinks_shared.devdocs.json'; diff --git a/api_docs/kbn_default_nav_analytics.mdx b/api_docs/kbn_default_nav_analytics.mdx index ab5f28a816b76..0d48002909fae 100644 --- a/api_docs/kbn_default_nav_analytics.mdx +++ b/api_docs/kbn_default_nav_analytics.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-analytics title: "@kbn/default-nav-analytics" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-analytics plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-analytics'] --- import kbnDefaultNavAnalyticsObj from './kbn_default_nav_analytics.devdocs.json'; diff --git a/api_docs/kbn_default_nav_devtools.mdx b/api_docs/kbn_default_nav_devtools.mdx index ad47e1d6bcf58..ad535738555a3 100644 --- a/api_docs/kbn_default_nav_devtools.mdx +++ b/api_docs/kbn_default_nav_devtools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-devtools title: "@kbn/default-nav-devtools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-devtools plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-devtools'] --- import kbnDefaultNavDevtoolsObj from './kbn_default_nav_devtools.devdocs.json'; diff --git a/api_docs/kbn_default_nav_management.mdx b/api_docs/kbn_default_nav_management.mdx index 2a8ea904d3602..8a33ad62975ad 100644 --- a/api_docs/kbn_default_nav_management.mdx +++ b/api_docs/kbn_default_nav_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-management title: "@kbn/default-nav-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-management plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-management'] --- import kbnDefaultNavManagementObj from './kbn_default_nav_management.devdocs.json'; diff --git a/api_docs/kbn_default_nav_ml.mdx b/api_docs/kbn_default_nav_ml.mdx index 31165b24f57cf..f5fbf86e24dd3 100644 --- a/api_docs/kbn_default_nav_ml.mdx +++ b/api_docs/kbn_default_nav_ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-default-nav-ml title: "@kbn/default-nav-ml" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/default-nav-ml plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/default-nav-ml'] --- import kbnDefaultNavMlObj from './kbn_default_nav_ml.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_errors.mdx b/api_docs/kbn_dev_cli_errors.mdx index fbcc7bb468bb5..7f1d898208b48 100644 --- a/api_docs/kbn_dev_cli_errors.mdx +++ b/api_docs/kbn_dev_cli_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-errors title: "@kbn/dev-cli-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-errors plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-errors'] --- import kbnDevCliErrorsObj from './kbn_dev_cli_errors.devdocs.json'; diff --git a/api_docs/kbn_dev_cli_runner.mdx b/api_docs/kbn_dev_cli_runner.mdx index 7edfd59066feb..b4ad7477793bf 100644 --- a/api_docs/kbn_dev_cli_runner.mdx +++ b/api_docs/kbn_dev_cli_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-cli-runner title: "@kbn/dev-cli-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-cli-runner plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-cli-runner'] --- import kbnDevCliRunnerObj from './kbn_dev_cli_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_proc_runner.mdx b/api_docs/kbn_dev_proc_runner.mdx index 6cf6c88cad2bb..09e1c35b118a8 100644 --- a/api_docs/kbn_dev_proc_runner.mdx +++ b/api_docs/kbn_dev_proc_runner.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-proc-runner title: "@kbn/dev-proc-runner" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-proc-runner plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-proc-runner'] --- import kbnDevProcRunnerObj from './kbn_dev_proc_runner.devdocs.json'; diff --git a/api_docs/kbn_dev_utils.mdx b/api_docs/kbn_dev_utils.mdx index 649e987b58713..5db1a2647c1bc 100644 --- a/api_docs/kbn_dev_utils.mdx +++ b/api_docs/kbn_dev_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dev-utils title: "@kbn/dev-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dev-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dev-utils'] --- import kbnDevUtilsObj from './kbn_dev_utils.devdocs.json'; diff --git a/api_docs/kbn_discover_utils.mdx b/api_docs/kbn_discover_utils.mdx index 9f1346266fb64..eebff70b8f9f3 100644 --- a/api_docs/kbn_discover_utils.mdx +++ b/api_docs/kbn_discover_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-discover-utils title: "@kbn/discover-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/discover-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/discover-utils'] --- import kbnDiscoverUtilsObj from './kbn_discover_utils.devdocs.json'; diff --git a/api_docs/kbn_doc_links.mdx b/api_docs/kbn_doc_links.mdx index d8243d8286aba..efe0a25c3b0b0 100644 --- a/api_docs/kbn_doc_links.mdx +++ b/api_docs/kbn_doc_links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-doc-links title: "@kbn/doc-links" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/doc-links plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/doc-links'] --- import kbnDocLinksObj from './kbn_doc_links.devdocs.json'; diff --git a/api_docs/kbn_docs_utils.mdx b/api_docs/kbn_docs_utils.mdx index 3e62d92cd92bc..a745964ef37d5 100644 --- a/api_docs/kbn_docs_utils.mdx +++ b/api_docs/kbn_docs_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-docs-utils title: "@kbn/docs-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/docs-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/docs-utils'] --- import kbnDocsUtilsObj from './kbn_docs_utils.devdocs.json'; diff --git a/api_docs/kbn_dom_drag_drop.mdx b/api_docs/kbn_dom_drag_drop.mdx index 2345eefb548d3..e97a65b5c8c13 100644 --- a/api_docs/kbn_dom_drag_drop.mdx +++ b/api_docs/kbn_dom_drag_drop.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-dom-drag-drop title: "@kbn/dom-drag-drop" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/dom-drag-drop plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/dom-drag-drop'] --- import kbnDomDragDropObj from './kbn_dom_drag_drop.devdocs.json'; diff --git a/api_docs/kbn_ebt_tools.mdx b/api_docs/kbn_ebt_tools.mdx index dbbaad44b5e51..792b97e37518d 100644 --- a/api_docs/kbn_ebt_tools.mdx +++ b/api_docs/kbn_ebt_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ebt-tools title: "@kbn/ebt-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ebt-tools plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ebt-tools'] --- import kbnEbtToolsObj from './kbn_ebt_tools.devdocs.json'; diff --git a/api_docs/kbn_ecs_data_quality_dashboard.mdx b/api_docs/kbn_ecs_data_quality_dashboard.mdx index 9da40daa5c0bb..5b289f4b80912 100644 --- a/api_docs/kbn_ecs_data_quality_dashboard.mdx +++ b/api_docs/kbn_ecs_data_quality_dashboard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ecs-data-quality-dashboard title: "@kbn/ecs-data-quality-dashboard" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ecs-data-quality-dashboard plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ecs-data-quality-dashboard'] --- import kbnEcsDataQualityDashboardObj from './kbn_ecs_data_quality_dashboard.devdocs.json'; diff --git a/api_docs/kbn_elastic_agent_utils.mdx b/api_docs/kbn_elastic_agent_utils.mdx index 3ac851678ad60..797f3745f6a69 100644 --- a/api_docs/kbn_elastic_agent_utils.mdx +++ b/api_docs/kbn_elastic_agent_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-agent-utils title: "@kbn/elastic-agent-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-agent-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-agent-utils'] --- import kbnElasticAgentUtilsObj from './kbn_elastic_agent_utils.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant.mdx b/api_docs/kbn_elastic_assistant.mdx index 4e31c4b484b2d..679005170ac10 100644 --- a/api_docs/kbn_elastic_assistant.mdx +++ b/api_docs/kbn_elastic_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant title: "@kbn/elastic-assistant" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant'] --- import kbnElasticAssistantObj from './kbn_elastic_assistant.devdocs.json'; diff --git a/api_docs/kbn_elastic_assistant_common.mdx b/api_docs/kbn_elastic_assistant_common.mdx index 874acc40f8edd..4729092a13544 100644 --- a/api_docs/kbn_elastic_assistant_common.mdx +++ b/api_docs/kbn_elastic_assistant_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-elastic-assistant-common title: "@kbn/elastic-assistant-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/elastic-assistant-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/elastic-assistant-common'] --- import kbnElasticAssistantCommonObj from './kbn_elastic_assistant_common.devdocs.json'; diff --git a/api_docs/kbn_entities_schema.mdx b/api_docs/kbn_entities_schema.mdx index 57b45c4fb933c..ce1da334c670d 100644 --- a/api_docs/kbn_entities_schema.mdx +++ b/api_docs/kbn_entities_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-entities-schema title: "@kbn/entities-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/entities-schema plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/entities-schema'] --- import kbnEntitiesSchemaObj from './kbn_entities_schema.devdocs.json'; diff --git a/api_docs/kbn_es.devdocs.json b/api_docs/kbn_es.devdocs.json index 96bcb65c45764..d0ca58d30e501 100644 --- a/api_docs/kbn_es.devdocs.json +++ b/api_docs/kbn_es.devdocs.json @@ -711,7 +711,7 @@ "label": "readRolesDescriptorsFromResource", "description": [], "signature": [ - "(resourcePath: string) => any" + "(resourcePath: string) => object" ], "path": "packages/kbn-es/src/utils/read_roles_from_resource.ts", "deprecated": false, diff --git a/api_docs/kbn_es.mdx b/api_docs/kbn_es.mdx index 70789ac234832..28ab82dba3e33 100644 --- a/api_docs/kbn_es.mdx +++ b/api_docs/kbn_es.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es title: "@kbn/es" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es'] --- import kbnEsObj from './kbn_es.devdocs.json'; diff --git a/api_docs/kbn_es_archiver.mdx b/api_docs/kbn_es_archiver.mdx index 5696356c6033b..db276dba48429 100644 --- a/api_docs/kbn_es_archiver.mdx +++ b/api_docs/kbn_es_archiver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-archiver title: "@kbn/es-archiver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-archiver plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-archiver'] --- import kbnEsArchiverObj from './kbn_es_archiver.devdocs.json'; diff --git a/api_docs/kbn_es_errors.mdx b/api_docs/kbn_es_errors.mdx index a5d3e4508c5a1..957662c642073 100644 --- a/api_docs/kbn_es_errors.mdx +++ b/api_docs/kbn_es_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-errors title: "@kbn/es-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-errors plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-errors'] --- import kbnEsErrorsObj from './kbn_es_errors.devdocs.json'; diff --git a/api_docs/kbn_es_query.mdx b/api_docs/kbn_es_query.mdx index 8a195619692c9..4e90ec80de74c 100644 --- a/api_docs/kbn_es_query.mdx +++ b/api_docs/kbn_es_query.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-query title: "@kbn/es-query" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-query plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-query'] --- import kbnEsQueryObj from './kbn_es_query.devdocs.json'; diff --git a/api_docs/kbn_es_types.mdx b/api_docs/kbn_es_types.mdx index df6ccae0c8fc1..ff22bc77e10ba 100644 --- a/api_docs/kbn_es_types.mdx +++ b/api_docs/kbn_es_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-es-types title: "@kbn/es-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/es-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/es-types'] --- import kbnEsTypesObj from './kbn_es_types.devdocs.json'; diff --git a/api_docs/kbn_eslint_plugin_imports.mdx b/api_docs/kbn_eslint_plugin_imports.mdx index 2a1820d7c7ede..c3aef3fcce106 100644 --- a/api_docs/kbn_eslint_plugin_imports.mdx +++ b/api_docs/kbn_eslint_plugin_imports.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-eslint-plugin-imports title: "@kbn/eslint-plugin-imports" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/eslint-plugin-imports plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/eslint-plugin-imports'] --- import kbnEslintPluginImportsObj from './kbn_eslint_plugin_imports.devdocs.json'; diff --git a/api_docs/kbn_esql_ast.mdx b/api_docs/kbn_esql_ast.mdx index f70e3a5792f5a..a164098a6b106 100644 --- a/api_docs/kbn_esql_ast.mdx +++ b/api_docs/kbn_esql_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-ast title: "@kbn/esql-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-ast plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-ast'] --- import kbnEsqlAstObj from './kbn_esql_ast.devdocs.json'; diff --git a/api_docs/kbn_esql_utils.mdx b/api_docs/kbn_esql_utils.mdx index 6ce298f16de46..966dc25175aed 100644 --- a/api_docs/kbn_esql_utils.mdx +++ b/api_docs/kbn_esql_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-utils title: "@kbn/esql-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-utils'] --- import kbnEsqlUtilsObj from './kbn_esql_utils.devdocs.json'; diff --git a/api_docs/kbn_esql_validation_autocomplete.mdx b/api_docs/kbn_esql_validation_autocomplete.mdx index bdbe2d6d0de92..7cca498f2779d 100644 --- a/api_docs/kbn_esql_validation_autocomplete.mdx +++ b/api_docs/kbn_esql_validation_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-esql-validation-autocomplete title: "@kbn/esql-validation-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/esql-validation-autocomplete plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/esql-validation-autocomplete'] --- import kbnEsqlValidationAutocompleteObj from './kbn_esql_validation_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_common.mdx b/api_docs/kbn_event_annotation_common.mdx index 30065fd74aee8..a634376f82e95 100644 --- a/api_docs/kbn_event_annotation_common.mdx +++ b/api_docs/kbn_event_annotation_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-common title: "@kbn/event-annotation-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-common'] --- import kbnEventAnnotationCommonObj from './kbn_event_annotation_common.devdocs.json'; diff --git a/api_docs/kbn_event_annotation_components.mdx b/api_docs/kbn_event_annotation_components.mdx index 62e7de9b1962a..a6e907c960e2c 100644 --- a/api_docs/kbn_event_annotation_components.mdx +++ b/api_docs/kbn_event_annotation_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-event-annotation-components title: "@kbn/event-annotation-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/event-annotation-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/event-annotation-components'] --- import kbnEventAnnotationComponentsObj from './kbn_event_annotation_components.devdocs.json'; diff --git a/api_docs/kbn_expandable_flyout.mdx b/api_docs/kbn_expandable_flyout.mdx index a7c614cede2b8..a44c5ffc0f51b 100644 --- a/api_docs/kbn_expandable_flyout.mdx +++ b/api_docs/kbn_expandable_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-expandable-flyout title: "@kbn/expandable-flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/expandable-flyout plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/expandable-flyout'] --- import kbnExpandableFlyoutObj from './kbn_expandable_flyout.devdocs.json'; diff --git a/api_docs/kbn_field_types.mdx b/api_docs/kbn_field_types.mdx index 1b52ed4b9a7fb..a6e50ec4fbf1d 100644 --- a/api_docs/kbn_field_types.mdx +++ b/api_docs/kbn_field_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-types title: "@kbn/field-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-types'] --- import kbnFieldTypesObj from './kbn_field_types.devdocs.json'; diff --git a/api_docs/kbn_field_utils.mdx b/api_docs/kbn_field_utils.mdx index dbe7d3299fcf5..b322ed05c6427 100644 --- a/api_docs/kbn_field_utils.mdx +++ b/api_docs/kbn_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-field-utils title: "@kbn/field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/field-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/field-utils'] --- import kbnFieldUtilsObj from './kbn_field_utils.devdocs.json'; diff --git a/api_docs/kbn_find_used_node_modules.mdx b/api_docs/kbn_find_used_node_modules.mdx index a86a471289d1d..b93d2866e0355 100644 --- a/api_docs/kbn_find_used_node_modules.mdx +++ b/api_docs/kbn_find_used_node_modules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-find-used-node-modules title: "@kbn/find-used-node-modules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/find-used-node-modules plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/find-used-node-modules'] --- import kbnFindUsedNodeModulesObj from './kbn_find_used_node_modules.devdocs.json'; diff --git a/api_docs/kbn_formatters.mdx b/api_docs/kbn_formatters.mdx index 916f196fb1f42..315a23e03ed37 100644 --- a/api_docs/kbn_formatters.mdx +++ b/api_docs/kbn_formatters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-formatters title: "@kbn/formatters" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/formatters plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/formatters'] --- import kbnFormattersObj from './kbn_formatters.devdocs.json'; diff --git a/api_docs/kbn_ftr_common_functional_services.devdocs.json b/api_docs/kbn_ftr_common_functional_services.devdocs.json index b24cbd1852db8..fcc33a262b892 100644 --- a/api_docs/kbn_ftr_common_functional_services.devdocs.json +++ b/api_docs/kbn_ftr_common_functional_services.devdocs.json @@ -1206,10 +1206,10 @@ "interfaces": [ { "parentPluginId": "@kbn/ftr-common-functional-services", - "id": "def-common.RoleCredentials", + "id": "def-common.CookieCredentials", "type": "Interface", "tags": [], - "label": "RoleCredentials", + "label": "CookieCredentials", "description": [], "path": "packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts", "deprecated": false, @@ -1217,27 +1217,52 @@ "children": [ { "parentPluginId": "@kbn/ftr-common-functional-services", - "id": "def-common.RoleCredentials.apiKey", - "type": "Object", + "id": "def-common.CookieCredentials.Cookie", + "type": "string", "tags": [], - "label": "apiKey", + "label": "Cookie", + "description": [], + "path": "packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts", + "deprecated": false, + "trackAdoption": false + }, + { + "parentPluginId": "@kbn/ftr-common-functional-services", + "id": "def-common.CookieCredentials.Unnamed", + "type": "IndexSignature", + "tags": [], + "label": "[header: string]: string", "description": [], "signature": [ - "{ id: string; name: string; }" + "[header: string]: string" ], "path": "packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts", "deprecated": false, "trackAdoption": false - }, + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/ftr-common-functional-services", + "id": "def-common.RoleCredentials", + "type": "Interface", + "tags": [], + "label": "RoleCredentials", + "description": [], + "path": "packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts", + "deprecated": false, + "trackAdoption": false, + "children": [ { "parentPluginId": "@kbn/ftr-common-functional-services", - "id": "def-common.RoleCredentials.apiKeyHeader", + "id": "def-common.RoleCredentials.apiKey", "type": "Object", "tags": [], - "label": "apiKeyHeader", + "label": "apiKey", "description": [], "signature": [ - "{ Authorization: string; }" + "{ id: string; name: string; }" ], "path": "packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts", "deprecated": false, @@ -1245,13 +1270,13 @@ }, { "parentPluginId": "@kbn/ftr-common-functional-services", - "id": "def-common.RoleCredentials.cookieHeader", + "id": "def-common.RoleCredentials.apiKeyHeader", "type": "Object", "tags": [], - "label": "cookieHeader", + "label": "apiKeyHeader", "description": [], "signature": [ - "{ Cookie: string; }" + "{ Authorization: string; }" ], "path": "packages/kbn-ftr-common-functional-services/services/saml_auth/saml_auth_provider.ts", "deprecated": false, @@ -1541,7 +1566,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -1721,7 +1754,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -1838,7 +1879,15 @@ "label": "SamlAuthProviderType", "description": [], "signature": [ - "{ getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + "{ getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -2063,7 +2112,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -2243,7 +2300,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -2476,7 +2541,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -2656,7 +2729,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -2889,7 +2970,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -3069,7 +3158,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -3337,7 +3434,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -3517,7 +3622,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -3764,7 +3877,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -3944,7 +4065,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -4097,7 +4226,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -4267,7 +4404,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -4447,7 +4592,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -4674,7 +4827,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -4854,7 +5015,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -5081,7 +5250,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -5261,7 +5438,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -5491,7 +5676,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { @@ -5671,7 +5864,15 @@ "section": "def-common.FtrProviderContext", "text": "FtrProviderContext" }, - ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCredentialsWithRoleScope(role: string): Promise<{ Cookie: string; }>; getEmail(role: string): Promise; getUserData(role: string): Promise<", + ") => { getInteractiveUserSessionCookieWithRoleScope(role: string): Promise; getM2MApiCookieCredentialsWithRoleScope(role: string): Promise<", + { + "pluginId": "@kbn/ftr-common-functional-services", + "scope": "common", + "docId": "kibKbnFtrCommonFunctionalServicesPluginApi", + "section": "def-common.CookieCredentials", + "text": "CookieCredentials" + }, + ">; getEmail(role: string): Promise; getUserData(role: string): Promise<", "UserProfile", ">; createM2mApiKeyWithDefaultRoleScope(): Promise<", { diff --git a/api_docs/kbn_ftr_common_functional_services.mdx b/api_docs/kbn_ftr_common_functional_services.mdx index 6b95407b28d3f..daf0412d28e6f 100644 --- a/api_docs/kbn_ftr_common_functional_services.mdx +++ b/api_docs/kbn_ftr_common_functional_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-services title: "@kbn/ftr-common-functional-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-services plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-services'] --- import kbnFtrCommonFunctionalServicesObj from './kbn_ftr_common_functional_services.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kiban | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 106 | 0 | 81 | 1 | +| 108 | 0 | 83 | 1 | ## Common diff --git a/api_docs/kbn_ftr_common_functional_ui_services.mdx b/api_docs/kbn_ftr_common_functional_ui_services.mdx index 687166a4e0cb0..1ab9ba69595df 100644 --- a/api_docs/kbn_ftr_common_functional_ui_services.mdx +++ b/api_docs/kbn_ftr_common_functional_ui_services.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ftr-common-functional-ui-services title: "@kbn/ftr-common-functional-ui-services" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ftr-common-functional-ui-services plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ftr-common-functional-ui-services'] --- import kbnFtrCommonFunctionalUiServicesObj from './kbn_ftr_common_functional_ui_services.devdocs.json'; diff --git a/api_docs/kbn_generate.mdx b/api_docs/kbn_generate.mdx index d9ec516ff16c4..aba010d95af77 100644 --- a/api_docs/kbn_generate.mdx +++ b/api_docs/kbn_generate.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate title: "@kbn/generate" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate'] --- import kbnGenerateObj from './kbn_generate.devdocs.json'; diff --git a/api_docs/kbn_generate_console_definitions.mdx b/api_docs/kbn_generate_console_definitions.mdx index 937e8d30f73d2..ba64e2099d669 100644 --- a/api_docs/kbn_generate_console_definitions.mdx +++ b/api_docs/kbn_generate_console_definitions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-console-definitions title: "@kbn/generate-console-definitions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-console-definitions plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-console-definitions'] --- import kbnGenerateConsoleDefinitionsObj from './kbn_generate_console_definitions.devdocs.json'; diff --git a/api_docs/kbn_generate_csv.mdx b/api_docs/kbn_generate_csv.mdx index b239913fb3ad6..0d0c62011a2e3 100644 --- a/api_docs/kbn_generate_csv.mdx +++ b/api_docs/kbn_generate_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-generate-csv title: "@kbn/generate-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/generate-csv plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/generate-csv'] --- import kbnGenerateCsvObj from './kbn_generate_csv.devdocs.json'; diff --git a/api_docs/kbn_grid_layout.mdx b/api_docs/kbn_grid_layout.mdx index a37e9b6b037ad..d242768a20acf 100644 --- a/api_docs/kbn_grid_layout.mdx +++ b/api_docs/kbn_grid_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grid-layout title: "@kbn/grid-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/grid-layout plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grid-layout'] --- import kbnGridLayoutObj from './kbn_grid_layout.devdocs.json'; diff --git a/api_docs/kbn_grouping.mdx b/api_docs/kbn_grouping.mdx index de7750f2e5a81..3caa2db3ff44d 100644 --- a/api_docs/kbn_grouping.mdx +++ b/api_docs/kbn_grouping.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-grouping title: "@kbn/grouping" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/grouping plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/grouping'] --- import kbnGroupingObj from './kbn_grouping.devdocs.json'; diff --git a/api_docs/kbn_guided_onboarding.mdx b/api_docs/kbn_guided_onboarding.mdx index 26f5ddf150569..c44c5aa852de3 100644 --- a/api_docs/kbn_guided_onboarding.mdx +++ b/api_docs/kbn_guided_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-guided-onboarding title: "@kbn/guided-onboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/guided-onboarding plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/guided-onboarding'] --- import kbnGuidedOnboardingObj from './kbn_guided_onboarding.devdocs.json'; diff --git a/api_docs/kbn_handlebars.mdx b/api_docs/kbn_handlebars.mdx index 05221ecf699d5..e682e48c58fb5 100644 --- a/api_docs/kbn_handlebars.mdx +++ b/api_docs/kbn_handlebars.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-handlebars title: "@kbn/handlebars" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/handlebars plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/handlebars'] --- import kbnHandlebarsObj from './kbn_handlebars.devdocs.json'; diff --git a/api_docs/kbn_hapi_mocks.mdx b/api_docs/kbn_hapi_mocks.mdx index e379fbd0044c1..8028edfaf3251 100644 --- a/api_docs/kbn_hapi_mocks.mdx +++ b/api_docs/kbn_hapi_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-hapi-mocks title: "@kbn/hapi-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/hapi-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/hapi-mocks'] --- import kbnHapiMocksObj from './kbn_hapi_mocks.devdocs.json'; diff --git a/api_docs/kbn_health_gateway_server.mdx b/api_docs/kbn_health_gateway_server.mdx index 293518f142221..a2f84076f89d6 100644 --- a/api_docs/kbn_health_gateway_server.mdx +++ b/api_docs/kbn_health_gateway_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-health-gateway-server title: "@kbn/health-gateway-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/health-gateway-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/health-gateway-server'] --- import kbnHealthGatewayServerObj from './kbn_health_gateway_server.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_card.mdx b/api_docs/kbn_home_sample_data_card.mdx index 9a3fd60ab58e4..3a326beb2bdeb 100644 --- a/api_docs/kbn_home_sample_data_card.mdx +++ b/api_docs/kbn_home_sample_data_card.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-card title: "@kbn/home-sample-data-card" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-card plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-card'] --- import kbnHomeSampleDataCardObj from './kbn_home_sample_data_card.devdocs.json'; diff --git a/api_docs/kbn_home_sample_data_tab.mdx b/api_docs/kbn_home_sample_data_tab.mdx index 43121374d49b4..5046b3e9dc596 100644 --- a/api_docs/kbn_home_sample_data_tab.mdx +++ b/api_docs/kbn_home_sample_data_tab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-home-sample-data-tab title: "@kbn/home-sample-data-tab" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/home-sample-data-tab plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/home-sample-data-tab'] --- import kbnHomeSampleDataTabObj from './kbn_home_sample_data_tab.devdocs.json'; diff --git a/api_docs/kbn_i18n.mdx b/api_docs/kbn_i18n.mdx index 0f1199d5c9582..16fd88427570a 100644 --- a/api_docs/kbn_i18n.mdx +++ b/api_docs/kbn_i18n.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n title: "@kbn/i18n" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n'] --- import kbnI18nObj from './kbn_i18n.devdocs.json'; diff --git a/api_docs/kbn_i18n_react.mdx b/api_docs/kbn_i18n_react.mdx index f528e5b6b1f8e..f89a28597b675 100644 --- a/api_docs/kbn_i18n_react.mdx +++ b/api_docs/kbn_i18n_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-i18n-react title: "@kbn/i18n-react" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/i18n-react plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/i18n-react'] --- import kbnI18nReactObj from './kbn_i18n_react.devdocs.json'; diff --git a/api_docs/kbn_import_resolver.mdx b/api_docs/kbn_import_resolver.mdx index 21d43ffea7ce7..67c22ca313f8b 100644 --- a/api_docs/kbn_import_resolver.mdx +++ b/api_docs/kbn_import_resolver.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-import-resolver title: "@kbn/import-resolver" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/import-resolver plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/import-resolver'] --- import kbnImportResolverObj from './kbn_import_resolver.devdocs.json'; diff --git a/api_docs/kbn_index_management_shared_types.mdx b/api_docs/kbn_index_management_shared_types.mdx index 5b3bec7a0e1f1..458a60ff3ecfb 100644 --- a/api_docs/kbn_index_management_shared_types.mdx +++ b/api_docs/kbn_index_management_shared_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-index-management-shared-types title: "@kbn/index-management-shared-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/index-management-shared-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/index-management-shared-types'] --- import kbnIndexManagementSharedTypesObj from './kbn_index_management_shared_types.devdocs.json'; diff --git a/api_docs/kbn_inference_integration_flyout.mdx b/api_docs/kbn_inference_integration_flyout.mdx index 22e64a3f5e6b1..e030d463c90be 100644 --- a/api_docs/kbn_inference_integration_flyout.mdx +++ b/api_docs/kbn_inference_integration_flyout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-inference_integration_flyout title: "@kbn/inference_integration_flyout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/inference_integration_flyout plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/inference_integration_flyout'] --- import kbnInferenceIntegrationFlyoutObj from './kbn_inference_integration_flyout.devdocs.json'; diff --git a/api_docs/kbn_infra_forge.mdx b/api_docs/kbn_infra_forge.mdx index 17d84eab72cb2..a8d07f35ac089 100644 --- a/api_docs/kbn_infra_forge.mdx +++ b/api_docs/kbn_infra_forge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-infra-forge title: "@kbn/infra-forge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/infra-forge plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/infra-forge'] --- import kbnInfraForgeObj from './kbn_infra_forge.devdocs.json'; diff --git a/api_docs/kbn_interpreter.mdx b/api_docs/kbn_interpreter.mdx index 6998285ce622c..a6c58fb00d1ac 100644 --- a/api_docs/kbn_interpreter.mdx +++ b/api_docs/kbn_interpreter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-interpreter title: "@kbn/interpreter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/interpreter plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/interpreter'] --- import kbnInterpreterObj from './kbn_interpreter.devdocs.json'; diff --git a/api_docs/kbn_investigation_shared.mdx b/api_docs/kbn_investigation_shared.mdx index df103d3cef020..2e6194ad7ea9e 100644 --- a/api_docs/kbn_investigation_shared.mdx +++ b/api_docs/kbn_investigation_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-investigation-shared title: "@kbn/investigation-shared" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/investigation-shared plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/investigation-shared'] --- import kbnInvestigationSharedObj from './kbn_investigation_shared.devdocs.json'; diff --git a/api_docs/kbn_io_ts_utils.mdx b/api_docs/kbn_io_ts_utils.mdx index ac4c95e21537e..128cef03539c0 100644 --- a/api_docs/kbn_io_ts_utils.mdx +++ b/api_docs/kbn_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-io-ts-utils title: "@kbn/io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/io-ts-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/io-ts-utils'] --- import kbnIoTsUtilsObj from './kbn_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_ipynb.mdx b/api_docs/kbn_ipynb.mdx index 40faf789d32ac..8204aad358b33 100644 --- a/api_docs/kbn_ipynb.mdx +++ b/api_docs/kbn_ipynb.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ipynb title: "@kbn/ipynb" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ipynb plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ipynb'] --- import kbnIpynbObj from './kbn_ipynb.devdocs.json'; diff --git a/api_docs/kbn_jest_serializers.mdx b/api_docs/kbn_jest_serializers.mdx index d9f7baf1d03e1..b8ac260d701bc 100644 --- a/api_docs/kbn_jest_serializers.mdx +++ b/api_docs/kbn_jest_serializers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-jest-serializers title: "@kbn/jest-serializers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/jest-serializers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/jest-serializers'] --- import kbnJestSerializersObj from './kbn_jest_serializers.devdocs.json'; diff --git a/api_docs/kbn_journeys.mdx b/api_docs/kbn_journeys.mdx index 50a292dabcb53..d1272cf0ef0f7 100644 --- a/api_docs/kbn_journeys.mdx +++ b/api_docs/kbn_journeys.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-journeys title: "@kbn/journeys" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/journeys plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/journeys'] --- import kbnJourneysObj from './kbn_journeys.devdocs.json'; diff --git a/api_docs/kbn_json_ast.mdx b/api_docs/kbn_json_ast.mdx index 18123fb4bb3fd..4f8a72df46c77 100644 --- a/api_docs/kbn_json_ast.mdx +++ b/api_docs/kbn_json_ast.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-ast title: "@kbn/json-ast" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-ast plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-ast'] --- import kbnJsonAstObj from './kbn_json_ast.devdocs.json'; diff --git a/api_docs/kbn_json_schemas.mdx b/api_docs/kbn_json_schemas.mdx index f2ad03b489f1f..7ccb7dd52c7a4 100644 --- a/api_docs/kbn_json_schemas.mdx +++ b/api_docs/kbn_json_schemas.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-json-schemas title: "@kbn/json-schemas" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/json-schemas plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/json-schemas'] --- import kbnJsonSchemasObj from './kbn_json_schemas.devdocs.json'; diff --git a/api_docs/kbn_kibana_manifest_schema.mdx b/api_docs/kbn_kibana_manifest_schema.mdx index 647aa16197929..345f1394e77dd 100644 --- a/api_docs/kbn_kibana_manifest_schema.mdx +++ b/api_docs/kbn_kibana_manifest_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-kibana-manifest-schema title: "@kbn/kibana-manifest-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/kibana-manifest-schema plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/kibana-manifest-schema'] --- import kbnKibanaManifestSchemaObj from './kbn_kibana_manifest_schema.devdocs.json'; diff --git a/api_docs/kbn_language_documentation_popover.devdocs.json b/api_docs/kbn_language_documentation_popover.devdocs.json index 63df68fdd2a7c..a3879146da8f3 100644 --- a/api_docs/kbn_language_documentation_popover.devdocs.json +++ b/api_docs/kbn_language_documentation_popover.devdocs.json @@ -19,6 +19,70 @@ "common": { "classes": [], "functions": [ + { + "parentPluginId": "@kbn/language-documentation-popover", + "id": "def-common.LanguageDocumentationFlyout", + "type": "Function", + "tags": [], + "label": "LanguageDocumentationFlyout", + "description": [], + "signature": [ + "React.NamedExoticComponent & { readonly type: ({ searchInDescription, linkToDocumentation, isHelpMenuOpen, onHelpMenuVisibilityChange, }: DocumentationFlyoutProps) => JSX.Element; }" + ], + "path": "packages/kbn-language-documentation-popover/src/components/as_flyout/index.tsx", + "deprecated": false, + "trackAdoption": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "@kbn/language-documentation-popover", + "id": "def-common.LanguageDocumentationFlyout.$1", + "type": "Uncategorized", + "tags": [], + "label": "props", + "description": [], + "signature": [ + "P" + ], + "path": "node_modules/@types/react/index.d.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, + { + "parentPluginId": "@kbn/language-documentation-popover", + "id": "def-common.LanguageDocumentationInline", + "type": "Function", + "tags": [], + "label": "LanguageDocumentationInline", + "description": [], + "signature": [ + "React.NamedExoticComponent & { readonly type: ({ searchInDescription }: DocumentationInlineProps) => JSX.Element; }" + ], + "path": "packages/kbn-language-documentation-popover/src/components/as_inline/index.tsx", + "deprecated": false, + "trackAdoption": false, + "returnComment": [], + "children": [ + { + "parentPluginId": "@kbn/language-documentation-popover", + "id": "def-common.LanguageDocumentationInline.$1", + "type": "Uncategorized", + "tags": [], + "label": "props", + "description": [], + "signature": [ + "P" + ], + "path": "node_modules/@types/react/index.d.ts", + "deprecated": false, + "trackAdoption": false + } + ], + "initialIsOpen": false + }, { "parentPluginId": "@kbn/language-documentation-popover", "id": "def-common.LanguageDocumentationPopover", @@ -29,7 +93,7 @@ "signature": [ "React.NamedExoticComponent & { readonly type: ({ language, sections, buttonProps, searchInDescription, linkToDocumentation, isHelpMenuOpen, onHelpMenuVisibilityChange, }: DocumentationPopoverProps) => JSX.Element; }" ], - "path": "packages/kbn-language-documentation-popover/src/components/documentation_popover.tsx", + "path": "packages/kbn-language-documentation-popover/src/components/as_popover/index.tsx", "deprecated": false, "trackAdoption": false, "returnComment": [], @@ -61,7 +125,7 @@ "signature": [ "React.NamedExoticComponent & { readonly type: ({ language, sections, searchInDescription, linkToDocumentation, }: DocumentationProps) => JSX.Element; }" ], - "path": "packages/kbn-language-documentation-popover/src/components/documentation_content.tsx", + "path": "packages/kbn-language-documentation-popover/src/components/as_popover/popover_content.tsx", "deprecated": false, "trackAdoption": false, "returnComment": [], @@ -92,7 +156,7 @@ "tags": [], "label": "LanguageDocumentationSections", "description": [], - "path": "packages/kbn-language-documentation-popover/src/components/documentation_content.tsx", + "path": "packages/kbn-language-documentation-popover/src/types.ts", "deprecated": false, "trackAdoption": false, "children": [ @@ -106,7 +170,7 @@ "signature": [ "{ label: string; description?: string | undefined; items: { label: string; description?: JSX.Element | undefined; }[]; }[]" ], - "path": "packages/kbn-language-documentation-popover/src/components/documentation_content.tsx", + "path": "packages/kbn-language-documentation-popover/src/types.ts", "deprecated": false, "trackAdoption": false }, @@ -120,7 +184,7 @@ "signature": [ "JSX.Element" ], - "path": "packages/kbn-language-documentation-popover/src/components/documentation_content.tsx", + "path": "packages/kbn-language-documentation-popover/src/types.ts", "deprecated": false, "trackAdoption": false } diff --git a/api_docs/kbn_language_documentation_popover.mdx b/api_docs/kbn_language_documentation_popover.mdx index 151b9254e58ae..0b06d1748fd06 100644 --- a/api_docs/kbn_language_documentation_popover.mdx +++ b/api_docs/kbn_language_documentation_popover.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-language-documentation-popover title: "@kbn/language-documentation-popover" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/language-documentation-popover plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/language-documentation-popover'] --- import kbnLanguageDocumentationPopoverObj from './kbn_language_documentation_popover.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 7 | 0 | 5 | 0 | +| 11 | 0 | 7 | 0 | ## Common diff --git a/api_docs/kbn_lens_embeddable_utils.mdx b/api_docs/kbn_lens_embeddable_utils.mdx index c2630ff7d984c..d706b4d0a80fe 100644 --- a/api_docs/kbn_lens_embeddable_utils.mdx +++ b/api_docs/kbn_lens_embeddable_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-embeddable-utils title: "@kbn/lens-embeddable-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-embeddable-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-embeddable-utils'] --- import kbnLensEmbeddableUtilsObj from './kbn_lens_embeddable_utils.devdocs.json'; diff --git a/api_docs/kbn_lens_formula_docs.mdx b/api_docs/kbn_lens_formula_docs.mdx index 03f4e936557c3..9367be4134855 100644 --- a/api_docs/kbn_lens_formula_docs.mdx +++ b/api_docs/kbn_lens_formula_docs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-lens-formula-docs title: "@kbn/lens-formula-docs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/lens-formula-docs plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/lens-formula-docs'] --- import kbnLensFormulaDocsObj from './kbn_lens_formula_docs.devdocs.json'; diff --git a/api_docs/kbn_logging.mdx b/api_docs/kbn_logging.mdx index 4c8645025da80..936376faf2149 100644 --- a/api_docs/kbn_logging.mdx +++ b/api_docs/kbn_logging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging title: "@kbn/logging" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging'] --- import kbnLoggingObj from './kbn_logging.devdocs.json'; diff --git a/api_docs/kbn_logging_mocks.mdx b/api_docs/kbn_logging_mocks.mdx index 8b1aad0c0a7c9..c5f229b02a167 100644 --- a/api_docs/kbn_logging_mocks.mdx +++ b/api_docs/kbn_logging_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-logging-mocks title: "@kbn/logging-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/logging-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/logging-mocks'] --- import kbnLoggingMocksObj from './kbn_logging_mocks.devdocs.json'; diff --git a/api_docs/kbn_managed_content_badge.mdx b/api_docs/kbn_managed_content_badge.mdx index a23110409d23d..3f69ae9060b6c 100644 --- a/api_docs/kbn_managed_content_badge.mdx +++ b/api_docs/kbn_managed_content_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-content-badge title: "@kbn/managed-content-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-content-badge plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-content-badge'] --- import kbnManagedContentBadgeObj from './kbn_managed_content_badge.devdocs.json'; diff --git a/api_docs/kbn_managed_vscode_config.mdx b/api_docs/kbn_managed_vscode_config.mdx index f8761f2ab1f48..60d972aa72823 100644 --- a/api_docs/kbn_managed_vscode_config.mdx +++ b/api_docs/kbn_managed_vscode_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-managed-vscode-config title: "@kbn/managed-vscode-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/managed-vscode-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/managed-vscode-config'] --- import kbnManagedVscodeConfigObj from './kbn_managed_vscode_config.devdocs.json'; diff --git a/api_docs/kbn_management_cards_navigation.mdx b/api_docs/kbn_management_cards_navigation.mdx index a7e4fd3f37455..80e1fcde1a2f8 100644 --- a/api_docs/kbn_management_cards_navigation.mdx +++ b/api_docs/kbn_management_cards_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-cards-navigation title: "@kbn/management-cards-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-cards-navigation plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-cards-navigation'] --- import kbnManagementCardsNavigationObj from './kbn_management_cards_navigation.devdocs.json'; diff --git a/api_docs/kbn_management_settings_application.mdx b/api_docs/kbn_management_settings_application.mdx index 3d4d7f1f111bd..79d565f48f33a 100644 --- a/api_docs/kbn_management_settings_application.mdx +++ b/api_docs/kbn_management_settings_application.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-application title: "@kbn/management-settings-application" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-application plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-application'] --- import kbnManagementSettingsApplicationObj from './kbn_management_settings_application.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_category.mdx b/api_docs/kbn_management_settings_components_field_category.mdx index d94fe5872054a..c69c42b420edf 100644 --- a/api_docs/kbn_management_settings_components_field_category.mdx +++ b/api_docs/kbn_management_settings_components_field_category.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-category title: "@kbn/management-settings-components-field-category" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-category plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-category'] --- import kbnManagementSettingsComponentsFieldCategoryObj from './kbn_management_settings_components_field_category.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_input.mdx b/api_docs/kbn_management_settings_components_field_input.mdx index 35cc0b9d03752..b3369c57bd9a3 100644 --- a/api_docs/kbn_management_settings_components_field_input.mdx +++ b/api_docs/kbn_management_settings_components_field_input.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-input title: "@kbn/management-settings-components-field-input" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-input plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-input'] --- import kbnManagementSettingsComponentsFieldInputObj from './kbn_management_settings_components_field_input.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_field_row.mdx b/api_docs/kbn_management_settings_components_field_row.mdx index 34d940d0f248b..d6ef1a355fd59 100644 --- a/api_docs/kbn_management_settings_components_field_row.mdx +++ b/api_docs/kbn_management_settings_components_field_row.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-field-row title: "@kbn/management-settings-components-field-row" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-field-row plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-field-row'] --- import kbnManagementSettingsComponentsFieldRowObj from './kbn_management_settings_components_field_row.devdocs.json'; diff --git a/api_docs/kbn_management_settings_components_form.mdx b/api_docs/kbn_management_settings_components_form.mdx index 720572b115752..cd9fed3c971e2 100644 --- a/api_docs/kbn_management_settings_components_form.mdx +++ b/api_docs/kbn_management_settings_components_form.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-components-form title: "@kbn/management-settings-components-form" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-components-form plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-components-form'] --- import kbnManagementSettingsComponentsFormObj from './kbn_management_settings_components_form.devdocs.json'; diff --git a/api_docs/kbn_management_settings_field_definition.mdx b/api_docs/kbn_management_settings_field_definition.mdx index 8070715df2aff..5baac64dc8810 100644 --- a/api_docs/kbn_management_settings_field_definition.mdx +++ b/api_docs/kbn_management_settings_field_definition.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-field-definition title: "@kbn/management-settings-field-definition" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-field-definition plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-field-definition'] --- import kbnManagementSettingsFieldDefinitionObj from './kbn_management_settings_field_definition.devdocs.json'; diff --git a/api_docs/kbn_management_settings_ids.mdx b/api_docs/kbn_management_settings_ids.mdx index 7e264c7764225..cbe76833a7126 100644 --- a/api_docs/kbn_management_settings_ids.mdx +++ b/api_docs/kbn_management_settings_ids.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-ids title: "@kbn/management-settings-ids" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-ids plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-ids'] --- import kbnManagementSettingsIdsObj from './kbn_management_settings_ids.devdocs.json'; diff --git a/api_docs/kbn_management_settings_section_registry.mdx b/api_docs/kbn_management_settings_section_registry.mdx index ba91a364224dc..cf1f13590015a 100644 --- a/api_docs/kbn_management_settings_section_registry.mdx +++ b/api_docs/kbn_management_settings_section_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-section-registry title: "@kbn/management-settings-section-registry" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-section-registry plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-section-registry'] --- import kbnManagementSettingsSectionRegistryObj from './kbn_management_settings_section_registry.devdocs.json'; diff --git a/api_docs/kbn_management_settings_types.mdx b/api_docs/kbn_management_settings_types.mdx index 87b690f7cf430..8c1930a20a4dd 100644 --- a/api_docs/kbn_management_settings_types.mdx +++ b/api_docs/kbn_management_settings_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-types title: "@kbn/management-settings-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-types'] --- import kbnManagementSettingsTypesObj from './kbn_management_settings_types.devdocs.json'; diff --git a/api_docs/kbn_management_settings_utilities.mdx b/api_docs/kbn_management_settings_utilities.mdx index 735129fc1e9f9..9086184f6b4bf 100644 --- a/api_docs/kbn_management_settings_utilities.mdx +++ b/api_docs/kbn_management_settings_utilities.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-settings-utilities title: "@kbn/management-settings-utilities" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-settings-utilities plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-settings-utilities'] --- import kbnManagementSettingsUtilitiesObj from './kbn_management_settings_utilities.devdocs.json'; diff --git a/api_docs/kbn_management_storybook_config.mdx b/api_docs/kbn_management_storybook_config.mdx index a0dfbe92bf1d6..da24aae81f4fb 100644 --- a/api_docs/kbn_management_storybook_config.mdx +++ b/api_docs/kbn_management_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-management-storybook-config title: "@kbn/management-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/management-storybook-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/management-storybook-config'] --- import kbnManagementStorybookConfigObj from './kbn_management_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_mapbox_gl.mdx b/api_docs/kbn_mapbox_gl.mdx index 9483667fe3101..642196c7d3673 100644 --- a/api_docs/kbn_mapbox_gl.mdx +++ b/api_docs/kbn_mapbox_gl.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mapbox-gl title: "@kbn/mapbox-gl" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mapbox-gl plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mapbox-gl'] --- import kbnMapboxGlObj from './kbn_mapbox_gl.devdocs.json'; diff --git a/api_docs/kbn_maps_vector_tile_utils.mdx b/api_docs/kbn_maps_vector_tile_utils.mdx index b43df2f5eb337..eb136dce3e2e4 100644 --- a/api_docs/kbn_maps_vector_tile_utils.mdx +++ b/api_docs/kbn_maps_vector_tile_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-maps-vector-tile-utils title: "@kbn/maps-vector-tile-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/maps-vector-tile-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/maps-vector-tile-utils'] --- import kbnMapsVectorTileUtilsObj from './kbn_maps_vector_tile_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_agg_utils.mdx b/api_docs/kbn_ml_agg_utils.mdx index 5f1b4655137a8..558638e7e781c 100644 --- a/api_docs/kbn_ml_agg_utils.mdx +++ b/api_docs/kbn_ml_agg_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-agg-utils title: "@kbn/ml-agg-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-agg-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-agg-utils'] --- import kbnMlAggUtilsObj from './kbn_ml_agg_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_anomaly_utils.devdocs.json b/api_docs/kbn_ml_anomaly_utils.devdocs.json index 3374b3309e786..90796eb0b5e84 100644 --- a/api_docs/kbn_ml_anomaly_utils.devdocs.json +++ b/api_docs/kbn_ml_anomaly_utils.devdocs.json @@ -1554,12 +1554,15 @@ { "parentPluginId": "@kbn/ml-anomaly-utils", "id": "def-common.MlAnomaliesTableRecord.modelPlotEnabled", - "type": "boolean", + "type": "CompoundType", "tags": [], "label": "modelPlotEnabled", "description": [ "\nReturns true if the job has the model plot enabled" ], + "signature": [ + "boolean | undefined" + ], "path": "x-pack/packages/ml/anomaly_utils/types.ts", "deprecated": false, "trackAdoption": false diff --git a/api_docs/kbn_ml_anomaly_utils.mdx b/api_docs/kbn_ml_anomaly_utils.mdx index 1e3b2a4bfe07c..0adac52f79354 100644 --- a/api_docs/kbn_ml_anomaly_utils.mdx +++ b/api_docs/kbn_ml_anomaly_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-anomaly-utils title: "@kbn/ml-anomaly-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-anomaly-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-anomaly-utils'] --- import kbnMlAnomalyUtilsObj from './kbn_ml_anomaly_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_cancellable_search.mdx b/api_docs/kbn_ml_cancellable_search.mdx index 85c7fda88959e..733d6d21221e9 100644 --- a/api_docs/kbn_ml_cancellable_search.mdx +++ b/api_docs/kbn_ml_cancellable_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-cancellable-search title: "@kbn/ml-cancellable-search" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-cancellable-search plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-cancellable-search'] --- import kbnMlCancellableSearchObj from './kbn_ml_cancellable_search.devdocs.json'; diff --git a/api_docs/kbn_ml_category_validator.mdx b/api_docs/kbn_ml_category_validator.mdx index 047405f255340..927bfe887d6c3 100644 --- a/api_docs/kbn_ml_category_validator.mdx +++ b/api_docs/kbn_ml_category_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-category-validator title: "@kbn/ml-category-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-category-validator plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-category-validator'] --- import kbnMlCategoryValidatorObj from './kbn_ml_category_validator.devdocs.json'; diff --git a/api_docs/kbn_ml_chi2test.mdx b/api_docs/kbn_ml_chi2test.mdx index c6265b02671f8..d33c68e7abddb 100644 --- a/api_docs/kbn_ml_chi2test.mdx +++ b/api_docs/kbn_ml_chi2test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-chi2test title: "@kbn/ml-chi2test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-chi2test plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-chi2test'] --- import kbnMlChi2testObj from './kbn_ml_chi2test.devdocs.json'; diff --git a/api_docs/kbn_ml_data_frame_analytics_utils.mdx b/api_docs/kbn_ml_data_frame_analytics_utils.mdx index d6edb38e108d2..f4b884dd5870c 100644 --- a/api_docs/kbn_ml_data_frame_analytics_utils.mdx +++ b/api_docs/kbn_ml_data_frame_analytics_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-frame-analytics-utils title: "@kbn/ml-data-frame-analytics-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-frame-analytics-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-frame-analytics-utils'] --- import kbnMlDataFrameAnalyticsUtilsObj from './kbn_ml_data_frame_analytics_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_data_grid.mdx b/api_docs/kbn_ml_data_grid.mdx index ba6e47aded661..b45f594bc0aee 100644 --- a/api_docs/kbn_ml_data_grid.mdx +++ b/api_docs/kbn_ml_data_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-data-grid title: "@kbn/ml-data-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-data-grid plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-data-grid'] --- import kbnMlDataGridObj from './kbn_ml_data_grid.devdocs.json'; diff --git a/api_docs/kbn_ml_date_picker.mdx b/api_docs/kbn_ml_date_picker.mdx index ff2c617e6c3a8..f1a14b5f023ea 100644 --- a/api_docs/kbn_ml_date_picker.mdx +++ b/api_docs/kbn_ml_date_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-picker title: "@kbn/ml-date-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-picker plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-picker'] --- import kbnMlDatePickerObj from './kbn_ml_date_picker.devdocs.json'; diff --git a/api_docs/kbn_ml_date_utils.mdx b/api_docs/kbn_ml_date_utils.mdx index 5986e3f00e985..39fcbdcb8f8d4 100644 --- a/api_docs/kbn_ml_date_utils.mdx +++ b/api_docs/kbn_ml_date_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-date-utils title: "@kbn/ml-date-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-date-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-date-utils'] --- import kbnMlDateUtilsObj from './kbn_ml_date_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_error_utils.mdx b/api_docs/kbn_ml_error_utils.mdx index bd7b6e83e9c54..186e3e12be604 100644 --- a/api_docs/kbn_ml_error_utils.mdx +++ b/api_docs/kbn_ml_error_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-error-utils title: "@kbn/ml-error-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-error-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-error-utils'] --- import kbnMlErrorUtilsObj from './kbn_ml_error_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_in_memory_table.mdx b/api_docs/kbn_ml_in_memory_table.mdx index 9b03481dc0477..5f23961e8f191 100644 --- a/api_docs/kbn_ml_in_memory_table.mdx +++ b/api_docs/kbn_ml_in_memory_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-in-memory-table title: "@kbn/ml-in-memory-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-in-memory-table plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-in-memory-table'] --- import kbnMlInMemoryTableObj from './kbn_ml_in_memory_table.devdocs.json'; diff --git a/api_docs/kbn_ml_is_defined.mdx b/api_docs/kbn_ml_is_defined.mdx index 0cde7c37492c9..fe1628cac7bee 100644 --- a/api_docs/kbn_ml_is_defined.mdx +++ b/api_docs/kbn_ml_is_defined.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-defined title: "@kbn/ml-is-defined" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-defined plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-defined'] --- import kbnMlIsDefinedObj from './kbn_ml_is_defined.devdocs.json'; diff --git a/api_docs/kbn_ml_is_populated_object.mdx b/api_docs/kbn_ml_is_populated_object.mdx index e7a95a6a2d0ae..1c2db63f660d1 100644 --- a/api_docs/kbn_ml_is_populated_object.mdx +++ b/api_docs/kbn_ml_is_populated_object.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-is-populated-object title: "@kbn/ml-is-populated-object" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-is-populated-object plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-is-populated-object'] --- import kbnMlIsPopulatedObjectObj from './kbn_ml_is_populated_object.devdocs.json'; diff --git a/api_docs/kbn_ml_kibana_theme.mdx b/api_docs/kbn_ml_kibana_theme.mdx index 2490828d20033..7605c416504a2 100644 --- a/api_docs/kbn_ml_kibana_theme.mdx +++ b/api_docs/kbn_ml_kibana_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-kibana-theme title: "@kbn/ml-kibana-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-kibana-theme plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-kibana-theme'] --- import kbnMlKibanaThemeObj from './kbn_ml_kibana_theme.devdocs.json'; diff --git a/api_docs/kbn_ml_local_storage.mdx b/api_docs/kbn_ml_local_storage.mdx index a632b84b050ac..cf4dcdae6d300 100644 --- a/api_docs/kbn_ml_local_storage.mdx +++ b/api_docs/kbn_ml_local_storage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-local-storage title: "@kbn/ml-local-storage" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-local-storage plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-local-storage'] --- import kbnMlLocalStorageObj from './kbn_ml_local_storage.devdocs.json'; diff --git a/api_docs/kbn_ml_nested_property.mdx b/api_docs/kbn_ml_nested_property.mdx index d1f06b6a1b213..33e5fc2f318f4 100644 --- a/api_docs/kbn_ml_nested_property.mdx +++ b/api_docs/kbn_ml_nested_property.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-nested-property title: "@kbn/ml-nested-property" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-nested-property plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-nested-property'] --- import kbnMlNestedPropertyObj from './kbn_ml_nested_property.devdocs.json'; diff --git a/api_docs/kbn_ml_number_utils.mdx b/api_docs/kbn_ml_number_utils.mdx index e9ff9bd2f8f6f..ed18d5de8ffa9 100644 --- a/api_docs/kbn_ml_number_utils.mdx +++ b/api_docs/kbn_ml_number_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-number-utils title: "@kbn/ml-number-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-number-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-number-utils'] --- import kbnMlNumberUtilsObj from './kbn_ml_number_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_query_utils.mdx b/api_docs/kbn_ml_query_utils.mdx index 9451ac2817c18..adcdab37beb98 100644 --- a/api_docs/kbn_ml_query_utils.mdx +++ b/api_docs/kbn_ml_query_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-query-utils title: "@kbn/ml-query-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-query-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-query-utils'] --- import kbnMlQueryUtilsObj from './kbn_ml_query_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_random_sampler_utils.mdx b/api_docs/kbn_ml_random_sampler_utils.mdx index c3d347da0a4c0..577808927d805 100644 --- a/api_docs/kbn_ml_random_sampler_utils.mdx +++ b/api_docs/kbn_ml_random_sampler_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-random-sampler-utils title: "@kbn/ml-random-sampler-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-random-sampler-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-random-sampler-utils'] --- import kbnMlRandomSamplerUtilsObj from './kbn_ml_random_sampler_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_route_utils.mdx b/api_docs/kbn_ml_route_utils.mdx index f038206904ddc..923266c043ff4 100644 --- a/api_docs/kbn_ml_route_utils.mdx +++ b/api_docs/kbn_ml_route_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-route-utils title: "@kbn/ml-route-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-route-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-route-utils'] --- import kbnMlRouteUtilsObj from './kbn_ml_route_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_runtime_field_utils.mdx b/api_docs/kbn_ml_runtime_field_utils.mdx index d5a7bad532934..82e4b64689ae4 100644 --- a/api_docs/kbn_ml_runtime_field_utils.mdx +++ b/api_docs/kbn_ml_runtime_field_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-runtime-field-utils title: "@kbn/ml-runtime-field-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-runtime-field-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-runtime-field-utils'] --- import kbnMlRuntimeFieldUtilsObj from './kbn_ml_runtime_field_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_string_hash.mdx b/api_docs/kbn_ml_string_hash.mdx index c4c4cd53f5f1b..d592d60b040d8 100644 --- a/api_docs/kbn_ml_string_hash.mdx +++ b/api_docs/kbn_ml_string_hash.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-string-hash title: "@kbn/ml-string-hash" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-string-hash plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-string-hash'] --- import kbnMlStringHashObj from './kbn_ml_string_hash.devdocs.json'; diff --git a/api_docs/kbn_ml_time_buckets.mdx b/api_docs/kbn_ml_time_buckets.mdx index 07b58f68d8d94..767952ccd817d 100644 --- a/api_docs/kbn_ml_time_buckets.mdx +++ b/api_docs/kbn_ml_time_buckets.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-time-buckets title: "@kbn/ml-time-buckets" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-time-buckets plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-time-buckets'] --- import kbnMlTimeBucketsObj from './kbn_ml_time_buckets.devdocs.json'; diff --git a/api_docs/kbn_ml_trained_models_utils.mdx b/api_docs/kbn_ml_trained_models_utils.mdx index 0ab5f2feb2727..5b38e9620f08c 100644 --- a/api_docs/kbn_ml_trained_models_utils.mdx +++ b/api_docs/kbn_ml_trained_models_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-trained-models-utils title: "@kbn/ml-trained-models-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-trained-models-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-trained-models-utils'] --- import kbnMlTrainedModelsUtilsObj from './kbn_ml_trained_models_utils.devdocs.json'; diff --git a/api_docs/kbn_ml_ui_actions.mdx b/api_docs/kbn_ml_ui_actions.mdx index eb24b73ebd288..81160cda55931 100644 --- a/api_docs/kbn_ml_ui_actions.mdx +++ b/api_docs/kbn_ml_ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-ui-actions title: "@kbn/ml-ui-actions" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-ui-actions plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-ui-actions'] --- import kbnMlUiActionsObj from './kbn_ml_ui_actions.devdocs.json'; diff --git a/api_docs/kbn_ml_url_state.mdx b/api_docs/kbn_ml_url_state.mdx index 099c21bf7f115..920f89ff44ba2 100644 --- a/api_docs/kbn_ml_url_state.mdx +++ b/api_docs/kbn_ml_url_state.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ml-url-state title: "@kbn/ml-url-state" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ml-url-state plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ml-url-state'] --- import kbnMlUrlStateObj from './kbn_ml_url_state.devdocs.json'; diff --git a/api_docs/kbn_mock_idp_utils.mdx b/api_docs/kbn_mock_idp_utils.mdx index 69c040cbe7954..c6b25105d30ed 100644 --- a/api_docs/kbn_mock_idp_utils.mdx +++ b/api_docs/kbn_mock_idp_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-mock-idp-utils title: "@kbn/mock-idp-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/mock-idp-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/mock-idp-utils'] --- import kbnMockIdpUtilsObj from './kbn_mock_idp_utils.devdocs.json'; diff --git a/api_docs/kbn_monaco.mdx b/api_docs/kbn_monaco.mdx index eb3e55d42600a..809f1382c71c0 100644 --- a/api_docs/kbn_monaco.mdx +++ b/api_docs/kbn_monaco.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-monaco title: "@kbn/monaco" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/monaco plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/monaco'] --- import kbnMonacoObj from './kbn_monaco.devdocs.json'; diff --git a/api_docs/kbn_object_versioning.mdx b/api_docs/kbn_object_versioning.mdx index 1d2b5ff137dce..a0c7a18f0a5c1 100644 --- a/api_docs/kbn_object_versioning.mdx +++ b/api_docs/kbn_object_versioning.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning title: "@kbn/object-versioning" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning'] --- import kbnObjectVersioningObj from './kbn_object_versioning.devdocs.json'; diff --git a/api_docs/kbn_object_versioning_utils.mdx b/api_docs/kbn_object_versioning_utils.mdx index 7c44879563ee7..4deb4ddc5aa27 100644 --- a/api_docs/kbn_object_versioning_utils.mdx +++ b/api_docs/kbn_object_versioning_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-object-versioning-utils title: "@kbn/object-versioning-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/object-versioning-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/object-versioning-utils'] --- import kbnObjectVersioningUtilsObj from './kbn_object_versioning_utils.devdocs.json'; diff --git a/api_docs/kbn_observability_alert_details.mdx b/api_docs/kbn_observability_alert_details.mdx index 1ee2401efa911..f1d85461ba167 100644 --- a/api_docs/kbn_observability_alert_details.mdx +++ b/api_docs/kbn_observability_alert_details.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alert-details title: "@kbn/observability-alert-details" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alert-details plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alert-details'] --- import kbnObservabilityAlertDetailsObj from './kbn_observability_alert_details.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_rule_utils.mdx b/api_docs/kbn_observability_alerting_rule_utils.mdx index f4e368a53b240..629b672985969 100644 --- a/api_docs/kbn_observability_alerting_rule_utils.mdx +++ b/api_docs/kbn_observability_alerting_rule_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-rule-utils title: "@kbn/observability-alerting-rule-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-rule-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-rule-utils'] --- import kbnObservabilityAlertingRuleUtilsObj from './kbn_observability_alerting_rule_utils.devdocs.json'; diff --git a/api_docs/kbn_observability_alerting_test_data.mdx b/api_docs/kbn_observability_alerting_test_data.mdx index 4692f9939e316..ffd5717b8e270 100644 --- a/api_docs/kbn_observability_alerting_test_data.mdx +++ b/api_docs/kbn_observability_alerting_test_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-alerting-test-data title: "@kbn/observability-alerting-test-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-alerting-test-data plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-alerting-test-data'] --- import kbnObservabilityAlertingTestDataObj from './kbn_observability_alerting_test_data.devdocs.json'; diff --git a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx index d7698f6c5b2af..5a82a3f0e8efe 100644 --- a/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx +++ b/api_docs/kbn_observability_get_padded_alert_time_range_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-observability-get-padded-alert-time-range-util title: "@kbn/observability-get-padded-alert-time-range-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/observability-get-padded-alert-time-range-util plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/observability-get-padded-alert-time-range-util'] --- import kbnObservabilityGetPaddedAlertTimeRangeUtilObj from './kbn_observability_get_padded_alert_time_range_util.devdocs.json'; diff --git a/api_docs/kbn_openapi_bundler.mdx b/api_docs/kbn_openapi_bundler.mdx index 76442e7b0aaee..cd77861744f97 100644 --- a/api_docs/kbn_openapi_bundler.mdx +++ b/api_docs/kbn_openapi_bundler.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-bundler title: "@kbn/openapi-bundler" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-bundler plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-bundler'] --- import kbnOpenapiBundlerObj from './kbn_openapi_bundler.devdocs.json'; diff --git a/api_docs/kbn_openapi_generator.mdx b/api_docs/kbn_openapi_generator.mdx index cb486705d2908..9bd38f08ce5b5 100644 --- a/api_docs/kbn_openapi_generator.mdx +++ b/api_docs/kbn_openapi_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-openapi-generator title: "@kbn/openapi-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/openapi-generator plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/openapi-generator'] --- import kbnOpenapiGeneratorObj from './kbn_openapi_generator.devdocs.json'; diff --git a/api_docs/kbn_optimizer.mdx b/api_docs/kbn_optimizer.mdx index fae9dd763fdce..2093b286ae2d8 100644 --- a/api_docs/kbn_optimizer.mdx +++ b/api_docs/kbn_optimizer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer title: "@kbn/optimizer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer'] --- import kbnOptimizerObj from './kbn_optimizer.devdocs.json'; diff --git a/api_docs/kbn_optimizer_webpack_helpers.mdx b/api_docs/kbn_optimizer_webpack_helpers.mdx index bb3bb9ae70c52..7d45db1a0a08b 100644 --- a/api_docs/kbn_optimizer_webpack_helpers.mdx +++ b/api_docs/kbn_optimizer_webpack_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-optimizer-webpack-helpers title: "@kbn/optimizer-webpack-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/optimizer-webpack-helpers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/optimizer-webpack-helpers'] --- import kbnOptimizerWebpackHelpersObj from './kbn_optimizer_webpack_helpers.devdocs.json'; diff --git a/api_docs/kbn_osquery_io_ts_types.mdx b/api_docs/kbn_osquery_io_ts_types.mdx index cf778264c7d26..bfebd00974ec0 100644 --- a/api_docs/kbn_osquery_io_ts_types.mdx +++ b/api_docs/kbn_osquery_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-osquery-io-ts-types title: "@kbn/osquery-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/osquery-io-ts-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/osquery-io-ts-types'] --- import kbnOsqueryIoTsTypesObj from './kbn_osquery_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_panel_loader.mdx b/api_docs/kbn_panel_loader.mdx index 0292c537db889..45002bca53498 100644 --- a/api_docs/kbn_panel_loader.mdx +++ b/api_docs/kbn_panel_loader.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-panel-loader title: "@kbn/panel-loader" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/panel-loader plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/panel-loader'] --- import kbnPanelLoaderObj from './kbn_panel_loader.devdocs.json'; diff --git a/api_docs/kbn_performance_testing_dataset_extractor.mdx b/api_docs/kbn_performance_testing_dataset_extractor.mdx index 36688269f3c51..b8cfa2885df7f 100644 --- a/api_docs/kbn_performance_testing_dataset_extractor.mdx +++ b/api_docs/kbn_performance_testing_dataset_extractor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-performance-testing-dataset-extractor title: "@kbn/performance-testing-dataset-extractor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/performance-testing-dataset-extractor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/performance-testing-dataset-extractor'] --- import kbnPerformanceTestingDatasetExtractorObj from './kbn_performance_testing_dataset_extractor.devdocs.json'; diff --git a/api_docs/kbn_plugin_check.mdx b/api_docs/kbn_plugin_check.mdx index 58b546bf539a5..b1854ebe274a9 100644 --- a/api_docs/kbn_plugin_check.mdx +++ b/api_docs/kbn_plugin_check.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-check title: "@kbn/plugin-check" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-check plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-check'] --- import kbnPluginCheckObj from './kbn_plugin_check.devdocs.json'; diff --git a/api_docs/kbn_plugin_generator.mdx b/api_docs/kbn_plugin_generator.mdx index c37253ad7c969..6d0f28469f641 100644 --- a/api_docs/kbn_plugin_generator.mdx +++ b/api_docs/kbn_plugin_generator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-generator title: "@kbn/plugin-generator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-generator plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-generator'] --- import kbnPluginGeneratorObj from './kbn_plugin_generator.devdocs.json'; diff --git a/api_docs/kbn_plugin_helpers.mdx b/api_docs/kbn_plugin_helpers.mdx index cfc1786625795..90d73e90f26d0 100644 --- a/api_docs/kbn_plugin_helpers.mdx +++ b/api_docs/kbn_plugin_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-plugin-helpers title: "@kbn/plugin-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/plugin-helpers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/plugin-helpers'] --- import kbnPluginHelpersObj from './kbn_plugin_helpers.devdocs.json'; diff --git a/api_docs/kbn_presentation_containers.mdx b/api_docs/kbn_presentation_containers.mdx index 76d24aca00b17..fc2b7652fd7ec 100644 --- a/api_docs/kbn_presentation_containers.mdx +++ b/api_docs/kbn_presentation_containers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-containers title: "@kbn/presentation-containers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-containers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-containers'] --- import kbnPresentationContainersObj from './kbn_presentation_containers.devdocs.json'; diff --git a/api_docs/kbn_presentation_publishing.mdx b/api_docs/kbn_presentation_publishing.mdx index 53976516fda7e..5c969f8d4da73 100644 --- a/api_docs/kbn_presentation_publishing.mdx +++ b/api_docs/kbn_presentation_publishing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-presentation-publishing title: "@kbn/presentation-publishing" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/presentation-publishing plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/presentation-publishing'] --- import kbnPresentationPublishingObj from './kbn_presentation_publishing.devdocs.json'; diff --git a/api_docs/kbn_profiling_utils.mdx b/api_docs/kbn_profiling_utils.mdx index ba1f228fb1281..2daa1c5964f0a 100644 --- a/api_docs/kbn_profiling_utils.mdx +++ b/api_docs/kbn_profiling_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-profiling-utils title: "@kbn/profiling-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/profiling-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/profiling-utils'] --- import kbnProfilingUtilsObj from './kbn_profiling_utils.devdocs.json'; diff --git a/api_docs/kbn_random_sampling.mdx b/api_docs/kbn_random_sampling.mdx index c9660f9140afe..5f624393e584b 100644 --- a/api_docs/kbn_random_sampling.mdx +++ b/api_docs/kbn_random_sampling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-random-sampling title: "@kbn/random-sampling" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/random-sampling plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/random-sampling'] --- import kbnRandomSamplingObj from './kbn_random_sampling.devdocs.json'; diff --git a/api_docs/kbn_react_field.mdx b/api_docs/kbn_react_field.mdx index 17462fc445c23..e66a6cc5f24f5 100644 --- a/api_docs/kbn_react_field.mdx +++ b/api_docs/kbn_react_field.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-field title: "@kbn/react-field" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-field plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-field'] --- import kbnReactFieldObj from './kbn_react_field.devdocs.json'; diff --git a/api_docs/kbn_react_hooks.mdx b/api_docs/kbn_react_hooks.mdx index 0422570a0f427..dc26801aa4696 100644 --- a/api_docs/kbn_react_hooks.mdx +++ b/api_docs/kbn_react_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-hooks title: "@kbn/react-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-hooks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-hooks'] --- import kbnReactHooksObj from './kbn_react_hooks.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_common.mdx b/api_docs/kbn_react_kibana_context_common.mdx index afa3073154cd8..3c971288d0de6 100644 --- a/api_docs/kbn_react_kibana_context_common.mdx +++ b/api_docs/kbn_react_kibana_context_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-common title: "@kbn/react-kibana-context-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-common'] --- import kbnReactKibanaContextCommonObj from './kbn_react_kibana_context_common.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_render.mdx b/api_docs/kbn_react_kibana_context_render.mdx index f2f25f3fc9e91..76bee416ffdb6 100644 --- a/api_docs/kbn_react_kibana_context_render.mdx +++ b/api_docs/kbn_react_kibana_context_render.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-render title: "@kbn/react-kibana-context-render" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-render plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-render'] --- import kbnReactKibanaContextRenderObj from './kbn_react_kibana_context_render.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_root.mdx b/api_docs/kbn_react_kibana_context_root.mdx index a5a11e5fe40e8..0887653680695 100644 --- a/api_docs/kbn_react_kibana_context_root.mdx +++ b/api_docs/kbn_react_kibana_context_root.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-root title: "@kbn/react-kibana-context-root" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-root plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-root'] --- import kbnReactKibanaContextRootObj from './kbn_react_kibana_context_root.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_styled.mdx b/api_docs/kbn_react_kibana_context_styled.mdx index 8ff8414a65a6e..d39775c4ec781 100644 --- a/api_docs/kbn_react_kibana_context_styled.mdx +++ b/api_docs/kbn_react_kibana_context_styled.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-styled title: "@kbn/react-kibana-context-styled" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-styled plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-styled'] --- import kbnReactKibanaContextStyledObj from './kbn_react_kibana_context_styled.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_context_theme.mdx b/api_docs/kbn_react_kibana_context_theme.mdx index b7651bc7efb6c..0a37e0f587f1e 100644 --- a/api_docs/kbn_react_kibana_context_theme.mdx +++ b/api_docs/kbn_react_kibana_context_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-context-theme title: "@kbn/react-kibana-context-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-context-theme plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-context-theme'] --- import kbnReactKibanaContextThemeObj from './kbn_react_kibana_context_theme.devdocs.json'; diff --git a/api_docs/kbn_react_kibana_mount.mdx b/api_docs/kbn_react_kibana_mount.mdx index de6bdd9ea4828..4d9a1433cfde7 100644 --- a/api_docs/kbn_react_kibana_mount.mdx +++ b/api_docs/kbn_react_kibana_mount.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-react-kibana-mount title: "@kbn/react-kibana-mount" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/react-kibana-mount plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/react-kibana-mount'] --- import kbnReactKibanaMountObj from './kbn_react_kibana_mount.devdocs.json'; diff --git a/api_docs/kbn_recently_accessed.mdx b/api_docs/kbn_recently_accessed.mdx index 6cbb7cf414131..9be84259120c0 100644 --- a/api_docs/kbn_recently_accessed.mdx +++ b/api_docs/kbn_recently_accessed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-recently-accessed title: "@kbn/recently-accessed" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/recently-accessed plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/recently-accessed'] --- import kbnRecentlyAccessedObj from './kbn_recently_accessed.devdocs.json'; diff --git a/api_docs/kbn_repo_file_maps.mdx b/api_docs/kbn_repo_file_maps.mdx index b2742d985a2a5..e654411b64f1b 100644 --- a/api_docs/kbn_repo_file_maps.mdx +++ b/api_docs/kbn_repo_file_maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-file-maps title: "@kbn/repo-file-maps" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-file-maps plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-file-maps'] --- import kbnRepoFileMapsObj from './kbn_repo_file_maps.devdocs.json'; diff --git a/api_docs/kbn_repo_linter.mdx b/api_docs/kbn_repo_linter.mdx index b35db8d9a9f46..080d277171a1d 100644 --- a/api_docs/kbn_repo_linter.mdx +++ b/api_docs/kbn_repo_linter.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-linter title: "@kbn/repo-linter" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-linter plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-linter'] --- import kbnRepoLinterObj from './kbn_repo_linter.devdocs.json'; diff --git a/api_docs/kbn_repo_path.mdx b/api_docs/kbn_repo_path.mdx index d3711b02973b1..64e3668e0e0a6 100644 --- a/api_docs/kbn_repo_path.mdx +++ b/api_docs/kbn_repo_path.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-path title: "@kbn/repo-path" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-path plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-path'] --- import kbnRepoPathObj from './kbn_repo_path.devdocs.json'; diff --git a/api_docs/kbn_repo_source_classifier.mdx b/api_docs/kbn_repo_source_classifier.mdx index d68396bb4a45c..21168823a7adf 100644 --- a/api_docs/kbn_repo_source_classifier.mdx +++ b/api_docs/kbn_repo_source_classifier.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-repo-source-classifier title: "@kbn/repo-source-classifier" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/repo-source-classifier plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/repo-source-classifier'] --- import kbnRepoSourceClassifierObj from './kbn_repo_source_classifier.devdocs.json'; diff --git a/api_docs/kbn_reporting_common.mdx b/api_docs/kbn_reporting_common.mdx index 4b684a8e7292e..3a681dd16dae2 100644 --- a/api_docs/kbn_reporting_common.mdx +++ b/api_docs/kbn_reporting_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-common title: "@kbn/reporting-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-common'] --- import kbnReportingCommonObj from './kbn_reporting_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_csv_share_panel.mdx b/api_docs/kbn_reporting_csv_share_panel.mdx index 8eaa9d0bac620..60ee428cb0f93 100644 --- a/api_docs/kbn_reporting_csv_share_panel.mdx +++ b/api_docs/kbn_reporting_csv_share_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-csv-share-panel title: "@kbn/reporting-csv-share-panel" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-csv-share-panel plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-csv-share-panel'] --- import kbnReportingCsvSharePanelObj from './kbn_reporting_csv_share_panel.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv.mdx b/api_docs/kbn_reporting_export_types_csv.mdx index ced241558dfd0..8f69660e42540 100644 --- a/api_docs/kbn_reporting_export_types_csv.mdx +++ b/api_docs/kbn_reporting_export_types_csv.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv title: "@kbn/reporting-export-types-csv" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv'] --- import kbnReportingExportTypesCsvObj from './kbn_reporting_export_types_csv.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_csv_common.mdx b/api_docs/kbn_reporting_export_types_csv_common.mdx index bb630394d6664..91862c9a49684 100644 --- a/api_docs/kbn_reporting_export_types_csv_common.mdx +++ b/api_docs/kbn_reporting_export_types_csv_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-csv-common title: "@kbn/reporting-export-types-csv-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-csv-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-csv-common'] --- import kbnReportingExportTypesCsvCommonObj from './kbn_reporting_export_types_csv_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf.mdx b/api_docs/kbn_reporting_export_types_pdf.mdx index 338107ce91112..6ac6e415b192e 100644 --- a/api_docs/kbn_reporting_export_types_pdf.mdx +++ b/api_docs/kbn_reporting_export_types_pdf.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf title: "@kbn/reporting-export-types-pdf" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf'] --- import kbnReportingExportTypesPdfObj from './kbn_reporting_export_types_pdf.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_pdf_common.mdx b/api_docs/kbn_reporting_export_types_pdf_common.mdx index 50cadcd9f3283..1479041704c9a 100644 --- a/api_docs/kbn_reporting_export_types_pdf_common.mdx +++ b/api_docs/kbn_reporting_export_types_pdf_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-pdf-common title: "@kbn/reporting-export-types-pdf-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-pdf-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-pdf-common'] --- import kbnReportingExportTypesPdfCommonObj from './kbn_reporting_export_types_pdf_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png.mdx b/api_docs/kbn_reporting_export_types_png.mdx index 950ebfb1e3e6f..daf68624e2598 100644 --- a/api_docs/kbn_reporting_export_types_png.mdx +++ b/api_docs/kbn_reporting_export_types_png.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png title: "@kbn/reporting-export-types-png" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png'] --- import kbnReportingExportTypesPngObj from './kbn_reporting_export_types_png.devdocs.json'; diff --git a/api_docs/kbn_reporting_export_types_png_common.mdx b/api_docs/kbn_reporting_export_types_png_common.mdx index b0f2e3c95e09a..d602247154bb3 100644 --- a/api_docs/kbn_reporting_export_types_png_common.mdx +++ b/api_docs/kbn_reporting_export_types_png_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-export-types-png-common title: "@kbn/reporting-export-types-png-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-export-types-png-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-export-types-png-common'] --- import kbnReportingExportTypesPngCommonObj from './kbn_reporting_export_types_png_common.devdocs.json'; diff --git a/api_docs/kbn_reporting_mocks_server.mdx b/api_docs/kbn_reporting_mocks_server.mdx index be42131a1b948..29b488d041146 100644 --- a/api_docs/kbn_reporting_mocks_server.mdx +++ b/api_docs/kbn_reporting_mocks_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-mocks-server title: "@kbn/reporting-mocks-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-mocks-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-mocks-server'] --- import kbnReportingMocksServerObj from './kbn_reporting_mocks_server.devdocs.json'; diff --git a/api_docs/kbn_reporting_public.mdx b/api_docs/kbn_reporting_public.mdx index f3e33b8083ae6..8cc954e92dc2b 100644 --- a/api_docs/kbn_reporting_public.mdx +++ b/api_docs/kbn_reporting_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-public title: "@kbn/reporting-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-public plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-public'] --- import kbnReportingPublicObj from './kbn_reporting_public.devdocs.json'; diff --git a/api_docs/kbn_reporting_server.mdx b/api_docs/kbn_reporting_server.mdx index 117662414b87c..e804939c51c7e 100644 --- a/api_docs/kbn_reporting_server.mdx +++ b/api_docs/kbn_reporting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-reporting-server title: "@kbn/reporting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/reporting-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/reporting-server'] --- import kbnReportingServerObj from './kbn_reporting_server.devdocs.json'; diff --git a/api_docs/kbn_resizable_layout.mdx b/api_docs/kbn_resizable_layout.mdx index 5ef3bafc51881..f33cf4c30b5a7 100644 --- a/api_docs/kbn_resizable_layout.mdx +++ b/api_docs/kbn_resizable_layout.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-resizable-layout title: "@kbn/resizable-layout" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/resizable-layout plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/resizable-layout'] --- import kbnResizableLayoutObj from './kbn_resizable_layout.devdocs.json'; diff --git a/api_docs/kbn_response_ops_feature_flag_service.mdx b/api_docs/kbn_response_ops_feature_flag_service.mdx index 572cb6c28b6a6..e196eec66a1b5 100644 --- a/api_docs/kbn_response_ops_feature_flag_service.mdx +++ b/api_docs/kbn_response_ops_feature_flag_service.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-response-ops-feature-flag-service title: "@kbn/response-ops-feature-flag-service" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/response-ops-feature-flag-service plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/response-ops-feature-flag-service'] --- import kbnResponseOpsFeatureFlagServiceObj from './kbn_response_ops_feature_flag_service.devdocs.json'; diff --git a/api_docs/kbn_rison.mdx b/api_docs/kbn_rison.mdx index 88e200383af97..ead9529b4ba59 100644 --- a/api_docs/kbn_rison.mdx +++ b/api_docs/kbn_rison.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rison title: "@kbn/rison" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rison plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rison'] --- import kbnRisonObj from './kbn_rison.devdocs.json'; diff --git a/api_docs/kbn_rollup.mdx b/api_docs/kbn_rollup.mdx index 306db3bb7f5d1..e605dfee260b1 100644 --- a/api_docs/kbn_rollup.mdx +++ b/api_docs/kbn_rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rollup title: "@kbn/rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rollup plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rollup'] --- import kbnRollupObj from './kbn_rollup.devdocs.json'; diff --git a/api_docs/kbn_router_to_openapispec.mdx b/api_docs/kbn_router_to_openapispec.mdx index 2ddb636339998..f8adece51b31b 100644 --- a/api_docs/kbn_router_to_openapispec.mdx +++ b/api_docs/kbn_router_to_openapispec.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-to-openapispec title: "@kbn/router-to-openapispec" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-to-openapispec plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-to-openapispec'] --- import kbnRouterToOpenapispecObj from './kbn_router_to_openapispec.devdocs.json'; diff --git a/api_docs/kbn_router_utils.mdx b/api_docs/kbn_router_utils.mdx index d85f6c0e8c91d..7b893aed83916 100644 --- a/api_docs/kbn_router_utils.mdx +++ b/api_docs/kbn_router_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-router-utils title: "@kbn/router-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/router-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/router-utils'] --- import kbnRouterUtilsObj from './kbn_router_utils.devdocs.json'; diff --git a/api_docs/kbn_rrule.mdx b/api_docs/kbn_rrule.mdx index 4480546482f67..341dec247157e 100644 --- a/api_docs/kbn_rrule.mdx +++ b/api_docs/kbn_rrule.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rrule title: "@kbn/rrule" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rrule plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rrule'] --- import kbnRruleObj from './kbn_rrule.devdocs.json'; diff --git a/api_docs/kbn_rule_data_utils.mdx b/api_docs/kbn_rule_data_utils.mdx index e7fdad85a145e..8232e3281a48c 100644 --- a/api_docs/kbn_rule_data_utils.mdx +++ b/api_docs/kbn_rule_data_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-rule-data-utils title: "@kbn/rule-data-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/rule-data-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/rule-data-utils'] --- import kbnRuleDataUtilsObj from './kbn_rule_data_utils.devdocs.json'; diff --git a/api_docs/kbn_saved_objects_settings.mdx b/api_docs/kbn_saved_objects_settings.mdx index 9129945aa7a87..5a542afd9f358 100644 --- a/api_docs/kbn_saved_objects_settings.mdx +++ b/api_docs/kbn_saved_objects_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-saved-objects-settings title: "@kbn/saved-objects-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/saved-objects-settings plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/saved-objects-settings'] --- import kbnSavedObjectsSettingsObj from './kbn_saved_objects_settings.devdocs.json'; diff --git a/api_docs/kbn_screenshotting_server.mdx b/api_docs/kbn_screenshotting_server.mdx index 55f3a250eb3a6..a9cb18405f240 100644 --- a/api_docs/kbn_screenshotting_server.mdx +++ b/api_docs/kbn_screenshotting_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-screenshotting-server title: "@kbn/screenshotting-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/screenshotting-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/screenshotting-server'] --- import kbnScreenshottingServerObj from './kbn_screenshotting_server.devdocs.json'; diff --git a/api_docs/kbn_search_api_panels.mdx b/api_docs/kbn_search_api_panels.mdx index 52a19b42aef18..51f55a7ec8bf7 100644 --- a/api_docs/kbn_search_api_panels.mdx +++ b/api_docs/kbn_search_api_panels.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-api-panels title: "@kbn/search-api-panels" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-api-panels plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-api-panels'] --- import kbnSearchApiPanelsObj from './kbn_search_api_panels.devdocs.json'; diff --git a/api_docs/kbn_search_connectors.mdx b/api_docs/kbn_search_connectors.mdx index 5fc123c2a5ead..94bbbf3d14e8e 100644 --- a/api_docs/kbn_search_connectors.mdx +++ b/api_docs/kbn_search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-connectors title: "@kbn/search-connectors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-connectors plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-connectors'] --- import kbnSearchConnectorsObj from './kbn_search_connectors.devdocs.json'; diff --git a/api_docs/kbn_search_errors.mdx b/api_docs/kbn_search_errors.mdx index 6b1ffc26edc90..3230977d0fc05 100644 --- a/api_docs/kbn_search_errors.mdx +++ b/api_docs/kbn_search_errors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-errors title: "@kbn/search-errors" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-errors plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-errors'] --- import kbnSearchErrorsObj from './kbn_search_errors.devdocs.json'; diff --git a/api_docs/kbn_search_index_documents.mdx b/api_docs/kbn_search_index_documents.mdx index 85fd3e79f0c2e..f2af436edc445 100644 --- a/api_docs/kbn_search_index_documents.mdx +++ b/api_docs/kbn_search_index_documents.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-index-documents title: "@kbn/search-index-documents" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-index-documents plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-index-documents'] --- import kbnSearchIndexDocumentsObj from './kbn_search_index_documents.devdocs.json'; diff --git a/api_docs/kbn_search_response_warnings.mdx b/api_docs/kbn_search_response_warnings.mdx index 9571ac22fc124..e5ee1f8360c9c 100644 --- a/api_docs/kbn_search_response_warnings.mdx +++ b/api_docs/kbn_search_response_warnings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-response-warnings title: "@kbn/search-response-warnings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-response-warnings plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-response-warnings'] --- import kbnSearchResponseWarningsObj from './kbn_search_response_warnings.devdocs.json'; diff --git a/api_docs/kbn_search_types.mdx b/api_docs/kbn_search_types.mdx index 19bcc3cdf68a2..7f7a7dda202af 100644 --- a/api_docs/kbn_search_types.mdx +++ b/api_docs/kbn_search_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-search-types title: "@kbn/search-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/search-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/search-types'] --- import kbnSearchTypesObj from './kbn_search_types.devdocs.json'; diff --git a/api_docs/kbn_security_api_key_management.mdx b/api_docs/kbn_security_api_key_management.mdx index 006a96d735b4e..92695e3dbcc32 100644 --- a/api_docs/kbn_security_api_key_management.mdx +++ b/api_docs/kbn_security_api_key_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-api-key-management title: "@kbn/security-api-key-management" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-api-key-management plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-api-key-management'] --- import kbnSecurityApiKeyManagementObj from './kbn_security_api_key_management.devdocs.json'; diff --git a/api_docs/kbn_security_authorization_core.mdx b/api_docs/kbn_security_authorization_core.mdx index b1a92fb35375c..413d042526365 100644 --- a/api_docs/kbn_security_authorization_core.mdx +++ b/api_docs/kbn_security_authorization_core.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-authorization-core title: "@kbn/security-authorization-core" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-authorization-core plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-authorization-core'] --- import kbnSecurityAuthorizationCoreObj from './kbn_security_authorization_core.devdocs.json'; diff --git a/api_docs/kbn_security_form_components.mdx b/api_docs/kbn_security_form_components.mdx index 7938628ce8d28..9c7281fe566ca 100644 --- a/api_docs/kbn_security_form_components.mdx +++ b/api_docs/kbn_security_form_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-form-components title: "@kbn/security-form-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-form-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-form-components'] --- import kbnSecurityFormComponentsObj from './kbn_security_form_components.devdocs.json'; diff --git a/api_docs/kbn_security_hardening.mdx b/api_docs/kbn_security_hardening.mdx index 6a18814f3b9b5..ea0a3d3d0b584 100644 --- a/api_docs/kbn_security_hardening.mdx +++ b/api_docs/kbn_security_hardening.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-hardening title: "@kbn/security-hardening" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-hardening plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-hardening'] --- import kbnSecurityHardeningObj from './kbn_security_hardening.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_common.mdx b/api_docs/kbn_security_plugin_types_common.mdx index 59ce720467e9a..a90fa7dc26c0a 100644 --- a/api_docs/kbn_security_plugin_types_common.mdx +++ b/api_docs/kbn_security_plugin_types_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-common title: "@kbn/security-plugin-types-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-common'] --- import kbnSecurityPluginTypesCommonObj from './kbn_security_plugin_types_common.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_public.mdx b/api_docs/kbn_security_plugin_types_public.mdx index 3198428b41f88..270ede9fb339c 100644 --- a/api_docs/kbn_security_plugin_types_public.mdx +++ b/api_docs/kbn_security_plugin_types_public.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-public title: "@kbn/security-plugin-types-public" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-public plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-public'] --- import kbnSecurityPluginTypesPublicObj from './kbn_security_plugin_types_public.devdocs.json'; diff --git a/api_docs/kbn_security_plugin_types_server.mdx b/api_docs/kbn_security_plugin_types_server.mdx index db5ea76d21d26..a6f52d29800bc 100644 --- a/api_docs/kbn_security_plugin_types_server.mdx +++ b/api_docs/kbn_security_plugin_types_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-plugin-types-server title: "@kbn/security-plugin-types-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-plugin-types-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-plugin-types-server'] --- import kbnSecurityPluginTypesServerObj from './kbn_security_plugin_types_server.devdocs.json'; diff --git a/api_docs/kbn_security_role_management_model.mdx b/api_docs/kbn_security_role_management_model.mdx index 6384582ce2d8e..ab26dca7dc575 100644 --- a/api_docs/kbn_security_role_management_model.mdx +++ b/api_docs/kbn_security_role_management_model.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-role-management-model title: "@kbn/security-role-management-model" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-role-management-model plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-role-management-model'] --- import kbnSecurityRoleManagementModelObj from './kbn_security_role_management_model.devdocs.json'; diff --git a/api_docs/kbn_security_solution_common.mdx b/api_docs/kbn_security_solution_common.mdx index 96441f1ce1a84..3505a4aeefee4 100644 --- a/api_docs/kbn_security_solution_common.mdx +++ b/api_docs/kbn_security_solution_common.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-common title: "@kbn/security-solution-common" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-common plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-common'] --- import kbnSecuritySolutionCommonObj from './kbn_security_solution_common.devdocs.json'; diff --git a/api_docs/kbn_security_solution_distribution_bar.mdx b/api_docs/kbn_security_solution_distribution_bar.mdx index 60bedea60d714..fec855eda7cc4 100644 --- a/api_docs/kbn_security_solution_distribution_bar.mdx +++ b/api_docs/kbn_security_solution_distribution_bar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-distribution-bar title: "@kbn/security-solution-distribution-bar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-distribution-bar plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-distribution-bar'] --- import kbnSecuritySolutionDistributionBarObj from './kbn_security_solution_distribution_bar.devdocs.json'; diff --git a/api_docs/kbn_security_solution_features.mdx b/api_docs/kbn_security_solution_features.mdx index 72d270b61837a..6ff5159907f45 100644 --- a/api_docs/kbn_security_solution_features.mdx +++ b/api_docs/kbn_security_solution_features.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-features title: "@kbn/security-solution-features" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-features plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-features'] --- import kbnSecuritySolutionFeaturesObj from './kbn_security_solution_features.devdocs.json'; diff --git a/api_docs/kbn_security_solution_navigation.mdx b/api_docs/kbn_security_solution_navigation.mdx index 72d1ea8d681b4..1641d58dcc155 100644 --- a/api_docs/kbn_security_solution_navigation.mdx +++ b/api_docs/kbn_security_solution_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-navigation title: "@kbn/security-solution-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-navigation plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-navigation'] --- import kbnSecuritySolutionNavigationObj from './kbn_security_solution_navigation.devdocs.json'; diff --git a/api_docs/kbn_security_solution_side_nav.mdx b/api_docs/kbn_security_solution_side_nav.mdx index d3201cc3a4a51..646d422fb505e 100644 --- a/api_docs/kbn_security_solution_side_nav.mdx +++ b/api_docs/kbn_security_solution_side_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-side-nav title: "@kbn/security-solution-side-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-side-nav plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-side-nav'] --- import kbnSecuritySolutionSideNavObj from './kbn_security_solution_side_nav.devdocs.json'; diff --git a/api_docs/kbn_security_solution_storybook_config.mdx b/api_docs/kbn_security_solution_storybook_config.mdx index abc8b792757aa..0236b4d0ac413 100644 --- a/api_docs/kbn_security_solution_storybook_config.mdx +++ b/api_docs/kbn_security_solution_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-solution-storybook-config title: "@kbn/security-solution-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-solution-storybook-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-solution-storybook-config'] --- import kbnSecuritySolutionStorybookConfigObj from './kbn_security_solution_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_security_ui_components.mdx b/api_docs/kbn_security_ui_components.mdx index baa9faa186cf6..81f05a44ed97e 100644 --- a/api_docs/kbn_security_ui_components.mdx +++ b/api_docs/kbn_security_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-security-ui-components title: "@kbn/security-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/security-ui-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/security-ui-components'] --- import kbnSecurityUiComponentsObj from './kbn_security_ui_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_autocomplete.mdx b/api_docs/kbn_securitysolution_autocomplete.mdx index 7b2d532d1a2e8..b3306687e8afe 100644 --- a/api_docs/kbn_securitysolution_autocomplete.mdx +++ b/api_docs/kbn_securitysolution_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-autocomplete title: "@kbn/securitysolution-autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-autocomplete plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-autocomplete'] --- import kbnSecuritysolutionAutocompleteObj from './kbn_securitysolution_autocomplete.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_data_table.mdx b/api_docs/kbn_securitysolution_data_table.mdx index b2ba3bce1e743..011bba76a789f 100644 --- a/api_docs/kbn_securitysolution_data_table.mdx +++ b/api_docs/kbn_securitysolution_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-data-table title: "@kbn/securitysolution-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-data-table plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-data-table'] --- import kbnSecuritysolutionDataTableObj from './kbn_securitysolution_data_table.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_ecs.mdx b/api_docs/kbn_securitysolution_ecs.mdx index 13c8ce4879833..2b859ed1b67c4 100644 --- a/api_docs/kbn_securitysolution_ecs.mdx +++ b/api_docs/kbn_securitysolution_ecs.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-ecs title: "@kbn/securitysolution-ecs" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-ecs plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-ecs'] --- import kbnSecuritysolutionEcsObj from './kbn_securitysolution_ecs.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_es_utils.mdx b/api_docs/kbn_securitysolution_es_utils.mdx index f045f8a89fd1c..85dfba0cf4a66 100644 --- a/api_docs/kbn_securitysolution_es_utils.mdx +++ b/api_docs/kbn_securitysolution_es_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-es-utils title: "@kbn/securitysolution-es-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-es-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-es-utils'] --- import kbnSecuritysolutionEsUtilsObj from './kbn_securitysolution_es_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_exception_list_components.mdx b/api_docs/kbn_securitysolution_exception_list_components.mdx index 0f133c4b78be9..d763635c84bbe 100644 --- a/api_docs/kbn_securitysolution_exception_list_components.mdx +++ b/api_docs/kbn_securitysolution_exception_list_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-exception-list-components title: "@kbn/securitysolution-exception-list-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-exception-list-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-exception-list-components'] --- import kbnSecuritysolutionExceptionListComponentsObj from './kbn_securitysolution_exception_list_components.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_hook_utils.mdx b/api_docs/kbn_securitysolution_hook_utils.mdx index c52762ae29916..d455d4e24a3d4 100644 --- a/api_docs/kbn_securitysolution_hook_utils.mdx +++ b/api_docs/kbn_securitysolution_hook_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-hook-utils title: "@kbn/securitysolution-hook-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-hook-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-hook-utils'] --- import kbnSecuritysolutionHookUtilsObj from './kbn_securitysolution_hook_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx index f6ecb50139980..33035ce22702f 100644 --- a/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_alerting_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-alerting-types title: "@kbn/securitysolution-io-ts-alerting-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-alerting-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-alerting-types'] --- import kbnSecuritysolutionIoTsAlertingTypesObj from './kbn_securitysolution_io_ts_alerting_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_list_types.mdx b/api_docs/kbn_securitysolution_io_ts_list_types.mdx index 50f3718b74331..929932fcdbc70 100644 --- a/api_docs/kbn_securitysolution_io_ts_list_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_list_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-list-types title: "@kbn/securitysolution-io-ts-list-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-list-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-list-types'] --- import kbnSecuritysolutionIoTsListTypesObj from './kbn_securitysolution_io_ts_list_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_types.mdx b/api_docs/kbn_securitysolution_io_ts_types.mdx index 7c2d3528a6b1c..4c04805eb9360 100644 --- a/api_docs/kbn_securitysolution_io_ts_types.mdx +++ b/api_docs/kbn_securitysolution_io_ts_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-types title: "@kbn/securitysolution-io-ts-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-types'] --- import kbnSecuritysolutionIoTsTypesObj from './kbn_securitysolution_io_ts_types.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_io_ts_utils.mdx b/api_docs/kbn_securitysolution_io_ts_utils.mdx index 2f93471f61239..812791dd92afb 100644 --- a/api_docs/kbn_securitysolution_io_ts_utils.mdx +++ b/api_docs/kbn_securitysolution_io_ts_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-io-ts-utils title: "@kbn/securitysolution-io-ts-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-io-ts-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-io-ts-utils'] --- import kbnSecuritysolutionIoTsUtilsObj from './kbn_securitysolution_io_ts_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_api.mdx b/api_docs/kbn_securitysolution_list_api.mdx index e75f70c47bd99..4a578aa1bb469 100644 --- a/api_docs/kbn_securitysolution_list_api.mdx +++ b/api_docs/kbn_securitysolution_list_api.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-api title: "@kbn/securitysolution-list-api" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-api plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-api'] --- import kbnSecuritysolutionListApiObj from './kbn_securitysolution_list_api.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_constants.mdx b/api_docs/kbn_securitysolution_list_constants.mdx index e9bf3761a2b3f..5df37673da35a 100644 --- a/api_docs/kbn_securitysolution_list_constants.mdx +++ b/api_docs/kbn_securitysolution_list_constants.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-constants title: "@kbn/securitysolution-list-constants" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-constants plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-constants'] --- import kbnSecuritysolutionListConstantsObj from './kbn_securitysolution_list_constants.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_hooks.mdx b/api_docs/kbn_securitysolution_list_hooks.mdx index 58f900a9b46f4..ed92ca600219d 100644 --- a/api_docs/kbn_securitysolution_list_hooks.mdx +++ b/api_docs/kbn_securitysolution_list_hooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-hooks title: "@kbn/securitysolution-list-hooks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-hooks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-hooks'] --- import kbnSecuritysolutionListHooksObj from './kbn_securitysolution_list_hooks.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_list_utils.mdx b/api_docs/kbn_securitysolution_list_utils.mdx index 54ced479d3d4b..1bef7008b3ff2 100644 --- a/api_docs/kbn_securitysolution_list_utils.mdx +++ b/api_docs/kbn_securitysolution_list_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-list-utils title: "@kbn/securitysolution-list-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-list-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-list-utils'] --- import kbnSecuritysolutionListUtilsObj from './kbn_securitysolution_list_utils.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_rules.mdx b/api_docs/kbn_securitysolution_rules.mdx index 128802154c6f7..be25ebc02ff48 100644 --- a/api_docs/kbn_securitysolution_rules.mdx +++ b/api_docs/kbn_securitysolution_rules.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-rules title: "@kbn/securitysolution-rules" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-rules plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-rules'] --- import kbnSecuritysolutionRulesObj from './kbn_securitysolution_rules.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_t_grid.mdx b/api_docs/kbn_securitysolution_t_grid.mdx index 258062397ba83..a685035a277d7 100644 --- a/api_docs/kbn_securitysolution_t_grid.mdx +++ b/api_docs/kbn_securitysolution_t_grid.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-t-grid title: "@kbn/securitysolution-t-grid" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-t-grid plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-t-grid'] --- import kbnSecuritysolutionTGridObj from './kbn_securitysolution_t_grid.devdocs.json'; diff --git a/api_docs/kbn_securitysolution_utils.mdx b/api_docs/kbn_securitysolution_utils.mdx index 046c0343919bc..4cedb9bbb9eeb 100644 --- a/api_docs/kbn_securitysolution_utils.mdx +++ b/api_docs/kbn_securitysolution_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-securitysolution-utils title: "@kbn/securitysolution-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/securitysolution-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/securitysolution-utils'] --- import kbnSecuritysolutionUtilsObj from './kbn_securitysolution_utils.devdocs.json'; diff --git a/api_docs/kbn_server_http_tools.mdx b/api_docs/kbn_server_http_tools.mdx index ce7b09f044fe9..ba130463c1dff 100644 --- a/api_docs/kbn_server_http_tools.mdx +++ b/api_docs/kbn_server_http_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-http-tools title: "@kbn/server-http-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-http-tools plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-http-tools'] --- import kbnServerHttpToolsObj from './kbn_server_http_tools.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository.mdx b/api_docs/kbn_server_route_repository.mdx index 47d04b3dad68a..d6a676035a2a0 100644 --- a/api_docs/kbn_server_route_repository.mdx +++ b/api_docs/kbn_server_route_repository.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository title: "@kbn/server-route-repository" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository'] --- import kbnServerRouteRepositoryObj from './kbn_server_route_repository.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository_client.mdx b/api_docs/kbn_server_route_repository_client.mdx index 480dffd2da99c..0fa6b225f6a4a 100644 --- a/api_docs/kbn_server_route_repository_client.mdx +++ b/api_docs/kbn_server_route_repository_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-client title: "@kbn/server-route-repository-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository-client plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-client'] --- import kbnServerRouteRepositoryClientObj from './kbn_server_route_repository_client.devdocs.json'; diff --git a/api_docs/kbn_server_route_repository_utils.mdx b/api_docs/kbn_server_route_repository_utils.mdx index 6ab29bcf5c365..e06d1622a64a9 100644 --- a/api_docs/kbn_server_route_repository_utils.mdx +++ b/api_docs/kbn_server_route_repository_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-server-route-repository-utils title: "@kbn/server-route-repository-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/server-route-repository-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/server-route-repository-utils'] --- import kbnServerRouteRepositoryUtilsObj from './kbn_server_route_repository_utils.devdocs.json'; diff --git a/api_docs/kbn_serverless_common_settings.mdx b/api_docs/kbn_serverless_common_settings.mdx index 6d77c28eb58fe..271dab1599c51 100644 --- a/api_docs/kbn_serverless_common_settings.mdx +++ b/api_docs/kbn_serverless_common_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-common-settings title: "@kbn/serverless-common-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-common-settings plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-common-settings'] --- import kbnServerlessCommonSettingsObj from './kbn_serverless_common_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_observability_settings.mdx b/api_docs/kbn_serverless_observability_settings.mdx index 7aa552803667b..feb8df175e579 100644 --- a/api_docs/kbn_serverless_observability_settings.mdx +++ b/api_docs/kbn_serverless_observability_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-observability-settings title: "@kbn/serverless-observability-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-observability-settings plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-observability-settings'] --- import kbnServerlessObservabilitySettingsObj from './kbn_serverless_observability_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_project_switcher.mdx b/api_docs/kbn_serverless_project_switcher.mdx index 6783e9c61d43d..523ca2f2e811b 100644 --- a/api_docs/kbn_serverless_project_switcher.mdx +++ b/api_docs/kbn_serverless_project_switcher.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-project-switcher title: "@kbn/serverless-project-switcher" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-project-switcher plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-project-switcher'] --- import kbnServerlessProjectSwitcherObj from './kbn_serverless_project_switcher.devdocs.json'; diff --git a/api_docs/kbn_serverless_search_settings.mdx b/api_docs/kbn_serverless_search_settings.mdx index c98ea770ebc77..eecb38ba755fe 100644 --- a/api_docs/kbn_serverless_search_settings.mdx +++ b/api_docs/kbn_serverless_search_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-search-settings title: "@kbn/serverless-search-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-search-settings plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-search-settings'] --- import kbnServerlessSearchSettingsObj from './kbn_serverless_search_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_security_settings.mdx b/api_docs/kbn_serverless_security_settings.mdx index 17d91c23691f0..295316decb231 100644 --- a/api_docs/kbn_serverless_security_settings.mdx +++ b/api_docs/kbn_serverless_security_settings.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-security-settings title: "@kbn/serverless-security-settings" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-security-settings plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-security-settings'] --- import kbnServerlessSecuritySettingsObj from './kbn_serverless_security_settings.devdocs.json'; diff --git a/api_docs/kbn_serverless_storybook_config.mdx b/api_docs/kbn_serverless_storybook_config.mdx index 1b6f3f3b59e2a..729371645fe97 100644 --- a/api_docs/kbn_serverless_storybook_config.mdx +++ b/api_docs/kbn_serverless_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-serverless-storybook-config title: "@kbn/serverless-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/serverless-storybook-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/serverless-storybook-config'] --- import kbnServerlessStorybookConfigObj from './kbn_serverless_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_svg.mdx b/api_docs/kbn_shared_svg.mdx index d981958348228..53c4a81a26e27 100644 --- a/api_docs/kbn_shared_svg.mdx +++ b/api_docs/kbn_shared_svg.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-svg title: "@kbn/shared-svg" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-svg plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-svg'] --- import kbnSharedSvgObj from './kbn_shared_svg.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_avatar_solution.mdx b/api_docs/kbn_shared_ux_avatar_solution.mdx index f7f2ce9ea8a0a..7fbef4f6c25d7 100644 --- a/api_docs/kbn_shared_ux_avatar_solution.mdx +++ b/api_docs/kbn_shared_ux_avatar_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-avatar-solution title: "@kbn/shared-ux-avatar-solution" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-avatar-solution plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-avatar-solution'] --- import kbnSharedUxAvatarSolutionObj from './kbn_shared_ux_avatar_solution.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx index ac67d13cb2317..df90476f5a8f6 100644 --- a/api_docs/kbn_shared_ux_button_exit_full_screen.mdx +++ b/api_docs/kbn_shared_ux_button_exit_full_screen.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-exit-full-screen title: "@kbn/shared-ux-button-exit-full-screen" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-exit-full-screen plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-exit-full-screen'] --- import kbnSharedUxButtonExitFullScreenObj from './kbn_shared_ux_button_exit_full_screen.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_button_toolbar.mdx b/api_docs/kbn_shared_ux_button_toolbar.mdx index 1c93664d81b7e..3d48e22302d57 100644 --- a/api_docs/kbn_shared_ux_button_toolbar.mdx +++ b/api_docs/kbn_shared_ux_button_toolbar.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-button-toolbar title: "@kbn/shared-ux-button-toolbar" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-button-toolbar plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-button-toolbar'] --- import kbnSharedUxButtonToolbarObj from './kbn_shared_ux_button_toolbar.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data.mdx b/api_docs/kbn_shared_ux_card_no_data.mdx index 37f87f2c0f709..701935138e930 100644 --- a/api_docs/kbn_shared_ux_card_no_data.mdx +++ b/api_docs/kbn_shared_ux_card_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data title: "@kbn/shared-ux-card-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data'] --- import kbnSharedUxCardNoDataObj from './kbn_shared_ux_card_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx index 4bef06f610198..e3f8e84ba06ff 100644 --- a/api_docs/kbn_shared_ux_card_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_card_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-card-no-data-mocks title: "@kbn/shared-ux-card-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-card-no-data-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-card-no-data-mocks'] --- import kbnSharedUxCardNoDataMocksObj from './kbn_shared_ux_card_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_chrome_navigation.mdx b/api_docs/kbn_shared_ux_chrome_navigation.mdx index 9171277f5ac32..e37803c834a07 100644 --- a/api_docs/kbn_shared_ux_chrome_navigation.mdx +++ b/api_docs/kbn_shared_ux_chrome_navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-chrome-navigation title: "@kbn/shared-ux-chrome-navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-chrome-navigation plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-chrome-navigation'] --- import kbnSharedUxChromeNavigationObj from './kbn_shared_ux_chrome_navigation.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_error_boundary.mdx b/api_docs/kbn_shared_ux_error_boundary.mdx index 190e4fbbbc7aa..21be7de649ccf 100644 --- a/api_docs/kbn_shared_ux_error_boundary.mdx +++ b/api_docs/kbn_shared_ux_error_boundary.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-error-boundary title: "@kbn/shared-ux-error-boundary" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-error-boundary plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-error-boundary'] --- import kbnSharedUxErrorBoundaryObj from './kbn_shared_ux_error_boundary.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_context.mdx b/api_docs/kbn_shared_ux_file_context.mdx index 87aee4cc2d8f4..007b7568fb3a0 100644 --- a/api_docs/kbn_shared_ux_file_context.mdx +++ b/api_docs/kbn_shared_ux_file_context.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-context title: "@kbn/shared-ux-file-context" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-context plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-context'] --- import kbnSharedUxFileContextObj from './kbn_shared_ux_file_context.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image.mdx b/api_docs/kbn_shared_ux_file_image.mdx index cff0527d84169..dc43f751de5ca 100644 --- a/api_docs/kbn_shared_ux_file_image.mdx +++ b/api_docs/kbn_shared_ux_file_image.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image title: "@kbn/shared-ux-file-image" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image'] --- import kbnSharedUxFileImageObj from './kbn_shared_ux_file_image.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_image_mocks.mdx b/api_docs/kbn_shared_ux_file_image_mocks.mdx index f6fb4fa262770..50e4fb7dd29d7 100644 --- a/api_docs/kbn_shared_ux_file_image_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_image_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-image-mocks title: "@kbn/shared-ux-file-image-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-image-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-image-mocks'] --- import kbnSharedUxFileImageMocksObj from './kbn_shared_ux_file_image_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_mocks.mdx b/api_docs/kbn_shared_ux_file_mocks.mdx index b1bd2e467f08b..975a05e0cd82f 100644 --- a/api_docs/kbn_shared_ux_file_mocks.mdx +++ b/api_docs/kbn_shared_ux_file_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-mocks title: "@kbn/shared-ux-file-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-mocks'] --- import kbnSharedUxFileMocksObj from './kbn_shared_ux_file_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_picker.mdx b/api_docs/kbn_shared_ux_file_picker.mdx index a387d90e06596..f0c0e71be76c4 100644 --- a/api_docs/kbn_shared_ux_file_picker.mdx +++ b/api_docs/kbn_shared_ux_file_picker.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-picker title: "@kbn/shared-ux-file-picker" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-picker plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-picker'] --- import kbnSharedUxFilePickerObj from './kbn_shared_ux_file_picker.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_types.mdx b/api_docs/kbn_shared_ux_file_types.mdx index a53952c52a767..e3cb28e7e7954 100644 --- a/api_docs/kbn_shared_ux_file_types.mdx +++ b/api_docs/kbn_shared_ux_file_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-types title: "@kbn/shared-ux-file-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-types'] --- import kbnSharedUxFileTypesObj from './kbn_shared_ux_file_types.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_upload.mdx b/api_docs/kbn_shared_ux_file_upload.mdx index cd3b674ec0938..0396f46c61cab 100644 --- a/api_docs/kbn_shared_ux_file_upload.mdx +++ b/api_docs/kbn_shared_ux_file_upload.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-upload title: "@kbn/shared-ux-file-upload" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-upload plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-upload'] --- import kbnSharedUxFileUploadObj from './kbn_shared_ux_file_upload.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_file_util.mdx b/api_docs/kbn_shared_ux_file_util.mdx index b3e65d9ef7606..76fd8f4be9ebb 100644 --- a/api_docs/kbn_shared_ux_file_util.mdx +++ b/api_docs/kbn_shared_ux_file_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-file-util title: "@kbn/shared-ux-file-util" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-file-util plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-file-util'] --- import kbnSharedUxFileUtilObj from './kbn_shared_ux_file_util.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app.mdx b/api_docs/kbn_shared_ux_link_redirect_app.mdx index caebf9395fedc..f71ddfd24ea4e 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app title: "@kbn/shared-ux-link-redirect-app" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app'] --- import kbnSharedUxLinkRedirectAppObj from './kbn_shared_ux_link_redirect_app.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx index 1235397985595..e91d3c318dfec 100644 --- a/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx +++ b/api_docs/kbn_shared_ux_link_redirect_app_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-link-redirect-app-mocks title: "@kbn/shared-ux-link-redirect-app-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-link-redirect-app-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-link-redirect-app-mocks'] --- import kbnSharedUxLinkRedirectAppMocksObj from './kbn_shared_ux_link_redirect_app_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown.mdx b/api_docs/kbn_shared_ux_markdown.mdx index 2f28b139d3ed9..e72b57d29afd5 100644 --- a/api_docs/kbn_shared_ux_markdown.mdx +++ b/api_docs/kbn_shared_ux_markdown.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown title: "@kbn/shared-ux-markdown" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown'] --- import kbnSharedUxMarkdownObj from './kbn_shared_ux_markdown.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_markdown_mocks.mdx b/api_docs/kbn_shared_ux_markdown_mocks.mdx index eca75c00b2de9..d4cc827963fc8 100644 --- a/api_docs/kbn_shared_ux_markdown_mocks.mdx +++ b/api_docs/kbn_shared_ux_markdown_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-markdown-mocks title: "@kbn/shared-ux-markdown-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-markdown-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-markdown-mocks'] --- import kbnSharedUxMarkdownMocksObj from './kbn_shared_ux_markdown_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx index e5e0a75ccc259..14cb1a8d1b3d8 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data title: "@kbn/shared-ux-page-analytics-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data'] --- import kbnSharedUxPageAnalyticsNoDataObj from './kbn_shared_ux_page_analytics_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx index 41dbf025c083f..19d5015975745 100644 --- a/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_analytics_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-analytics-no-data-mocks title: "@kbn/shared-ux-page-analytics-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-analytics-no-data-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-analytics-no-data-mocks'] --- import kbnSharedUxPageAnalyticsNoDataMocksObj from './kbn_shared_ux_page_analytics_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx index d3434cf5aaf85..ebe8ff13bbc9e 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data title: "@kbn/shared-ux-page-kibana-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data'] --- import kbnSharedUxPageKibanaNoDataObj from './kbn_shared_ux_page_kibana_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx index 653c4ae035748..01b48e5a9694d 100644 --- a/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-no-data-mocks title: "@kbn/shared-ux-page-kibana-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-no-data-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-no-data-mocks'] --- import kbnSharedUxPageKibanaNoDataMocksObj from './kbn_shared_ux_page_kibana_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template.mdx b/api_docs/kbn_shared_ux_page_kibana_template.mdx index e0b0186b16a64..697687200f773 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template title: "@kbn/shared-ux-page-kibana-template" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template'] --- import kbnSharedUxPageKibanaTemplateObj from './kbn_shared_ux_page_kibana_template.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx index 1c8337c173817..cb6e428301dc9 100644 --- a/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_kibana_template_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-kibana-template-mocks title: "@kbn/shared-ux-page-kibana-template-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-kibana-template-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-kibana-template-mocks'] --- import kbnSharedUxPageKibanaTemplateMocksObj from './kbn_shared_ux_page_kibana_template_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data.mdx b/api_docs/kbn_shared_ux_page_no_data.mdx index 8495d47f914bc..a017be7f2249b 100644 --- a/api_docs/kbn_shared_ux_page_no_data.mdx +++ b/api_docs/kbn_shared_ux_page_no_data.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data title: "@kbn/shared-ux-page-no-data" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data'] --- import kbnSharedUxPageNoDataObj from './kbn_shared_ux_page_no_data.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config.mdx b/api_docs/kbn_shared_ux_page_no_data_config.mdx index 5b7588c110621..cb37da25542af 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config title: "@kbn/shared-ux-page-no-data-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config'] --- import kbnSharedUxPageNoDataConfigObj from './kbn_shared_ux_page_no_data_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx index d020903accff5..8a761597f9901 100644 --- a/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_config_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-config-mocks title: "@kbn/shared-ux-page-no-data-config-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-config-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-config-mocks'] --- import kbnSharedUxPageNoDataConfigMocksObj from './kbn_shared_ux_page_no_data_config_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx index 2d05f399289e2..3b9db8f6a1157 100644 --- a/api_docs/kbn_shared_ux_page_no_data_mocks.mdx +++ b/api_docs/kbn_shared_ux_page_no_data_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-no-data-mocks title: "@kbn/shared-ux-page-no-data-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-no-data-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-no-data-mocks'] --- import kbnSharedUxPageNoDataMocksObj from './kbn_shared_ux_page_no_data_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_page_solution_nav.mdx b/api_docs/kbn_shared_ux_page_solution_nav.mdx index f52c714b7680d..153dbfb0cd7c0 100644 --- a/api_docs/kbn_shared_ux_page_solution_nav.mdx +++ b/api_docs/kbn_shared_ux_page_solution_nav.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-page-solution-nav title: "@kbn/shared-ux-page-solution-nav" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-page-solution-nav plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-page-solution-nav'] --- import kbnSharedUxPageSolutionNavObj from './kbn_shared_ux_page_solution_nav.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx index dd44dc1f48854..eff10e8e11be5 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views title: "@kbn/shared-ux-prompt-no-data-views" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views'] --- import kbnSharedUxPromptNoDataViewsObj from './kbn_shared_ux_prompt_no_data_views.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx index 9c8e17b814489..21a1c9b164e9b 100644 --- a/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx +++ b/api_docs/kbn_shared_ux_prompt_no_data_views_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-no-data-views-mocks title: "@kbn/shared-ux-prompt-no-data-views-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-no-data-views-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-no-data-views-mocks'] --- import kbnSharedUxPromptNoDataViewsMocksObj from './kbn_shared_ux_prompt_no_data_views_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_prompt_not_found.mdx b/api_docs/kbn_shared_ux_prompt_not_found.mdx index a46fa56326bef..57de91af9e911 100644 --- a/api_docs/kbn_shared_ux_prompt_not_found.mdx +++ b/api_docs/kbn_shared_ux_prompt_not_found.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-prompt-not-found title: "@kbn/shared-ux-prompt-not-found" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-prompt-not-found plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-prompt-not-found'] --- import kbnSharedUxPromptNotFoundObj from './kbn_shared_ux_prompt_not_found.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router.mdx b/api_docs/kbn_shared_ux_router.mdx index 16808df4326fc..1fb3cc57e16c0 100644 --- a/api_docs/kbn_shared_ux_router.mdx +++ b/api_docs/kbn_shared_ux_router.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router title: "@kbn/shared-ux-router" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router'] --- import kbnSharedUxRouterObj from './kbn_shared_ux_router.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_router_mocks.mdx b/api_docs/kbn_shared_ux_router_mocks.mdx index d12d26c6cf6fe..fc7fa4b4f47aa 100644 --- a/api_docs/kbn_shared_ux_router_mocks.mdx +++ b/api_docs/kbn_shared_ux_router_mocks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-router-mocks title: "@kbn/shared-ux-router-mocks" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-router-mocks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-router-mocks'] --- import kbnSharedUxRouterMocksObj from './kbn_shared_ux_router_mocks.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_config.mdx b/api_docs/kbn_shared_ux_storybook_config.mdx index 7cbb31fb55451..8c2097a9c1860 100644 --- a/api_docs/kbn_shared_ux_storybook_config.mdx +++ b/api_docs/kbn_shared_ux_storybook_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-config title: "@kbn/shared-ux-storybook-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-config'] --- import kbnSharedUxStorybookConfigObj from './kbn_shared_ux_storybook_config.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_storybook_mock.mdx b/api_docs/kbn_shared_ux_storybook_mock.mdx index 27f111fff1881..79b28b91ee3b0 100644 --- a/api_docs/kbn_shared_ux_storybook_mock.mdx +++ b/api_docs/kbn_shared_ux_storybook_mock.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-storybook-mock title: "@kbn/shared-ux-storybook-mock" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-storybook-mock plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-storybook-mock'] --- import kbnSharedUxStorybookMockObj from './kbn_shared_ux_storybook_mock.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_tabbed_modal.mdx b/api_docs/kbn_shared_ux_tabbed_modal.mdx index 67b59c1a1ed9c..1ae713c676c30 100644 --- a/api_docs/kbn_shared_ux_tabbed_modal.mdx +++ b/api_docs/kbn_shared_ux_tabbed_modal.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-tabbed-modal title: "@kbn/shared-ux-tabbed-modal" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-tabbed-modal plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-tabbed-modal'] --- import kbnSharedUxTabbedModalObj from './kbn_shared_ux_tabbed_modal.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_table_persist.mdx b/api_docs/kbn_shared_ux_table_persist.mdx index 87dc1ffeb45fb..fa4970d4feac9 100644 --- a/api_docs/kbn_shared_ux_table_persist.mdx +++ b/api_docs/kbn_shared_ux_table_persist.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-table-persist title: "@kbn/shared-ux-table-persist" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-table-persist plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-table-persist'] --- import kbnSharedUxTablePersistObj from './kbn_shared_ux_table_persist.devdocs.json'; diff --git a/api_docs/kbn_shared_ux_utility.mdx b/api_docs/kbn_shared_ux_utility.mdx index ce260b5f2c5ee..12e48dc7a27d2 100644 --- a/api_docs/kbn_shared_ux_utility.mdx +++ b/api_docs/kbn_shared_ux_utility.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-shared-ux-utility title: "@kbn/shared-ux-utility" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/shared-ux-utility plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/shared-ux-utility'] --- import kbnSharedUxUtilityObj from './kbn_shared_ux_utility.devdocs.json'; diff --git a/api_docs/kbn_slo_schema.devdocs.json b/api_docs/kbn_slo_schema.devdocs.json index dad426dd249e5..d83e3fa5fc3d5 100644 --- a/api_docs/kbn_slo_schema.devdocs.json +++ b/api_docs/kbn_slo_schema.devdocs.json @@ -918,7 +918,7 @@ "section": "def-common.Duration", "text": "Duration" }, - " | undefined; }) | undefined; instanceId?: string | undefined; groupBy?: string | undefined; remoteName?: string | undefined; groupings?: { [x: string]: unknown; } | undefined; }" + " | undefined; }) | undefined; instanceId?: string | undefined; groupBy?: string | string[] | undefined; remoteName?: string | undefined; groupings?: { [x: string]: unknown; } | undefined; }" ], "path": "x-pack/packages/kbn-slo-schema/src/rest_specs/routes/get_preview_data.ts", "deprecated": false, @@ -8315,8 +8315,20 @@ ", string, unknown>; }>]>; instanceId: ", "StringC", "; groupBy: ", + "UnionC", + "<[", + "LiteralC", + "<\"*\">, ", + "StringC", + ", ", + "ArrayC", + "<", + "UnionC", + "<[", + "LiteralC", + "<\"*\">, ", "StringC", - "; remoteName: ", + "]>>]>; remoteName: ", "StringC", "; groupings: ", "RecordC", @@ -8477,12 +8489,18 @@ "<{ groupBy: ", "UnionC", "<[", + "LiteralC", + "<\"*\">, ", "StringC", ", ", "ArrayC", "<", + "UnionC", + "<[", + "LiteralC", + "<\"*\">, ", "StringC", - ">]>; instances: ", + "]>>]>; instances: ", "ArrayC", "<", "StringC", diff --git a/api_docs/kbn_slo_schema.mdx b/api_docs/kbn_slo_schema.mdx index c88e51f2f04f3..2c363a37c7aaf 100644 --- a/api_docs/kbn_slo_schema.mdx +++ b/api_docs/kbn_slo_schema.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-slo-schema title: "@kbn/slo-schema" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/slo-schema plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/slo-schema'] --- import kbnSloSchemaObj from './kbn_slo_schema.devdocs.json'; diff --git a/api_docs/kbn_some_dev_log.mdx b/api_docs/kbn_some_dev_log.mdx index 84d4f37d45f26..3ca3982207ea6 100644 --- a/api_docs/kbn_some_dev_log.mdx +++ b/api_docs/kbn_some_dev_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-some-dev-log title: "@kbn/some-dev-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/some-dev-log plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/some-dev-log'] --- import kbnSomeDevLogObj from './kbn_some_dev_log.devdocs.json'; diff --git a/api_docs/kbn_sort_predicates.mdx b/api_docs/kbn_sort_predicates.mdx index 17c7b88b00c29..eaaf9ffcec851 100644 --- a/api_docs/kbn_sort_predicates.mdx +++ b/api_docs/kbn_sort_predicates.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sort-predicates title: "@kbn/sort-predicates" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sort-predicates plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sort-predicates'] --- import kbnSortPredicatesObj from './kbn_sort_predicates.devdocs.json'; diff --git a/api_docs/kbn_sse_utils.mdx b/api_docs/kbn_sse_utils.mdx index 0d8e5a387a518..e533e597db704 100644 --- a/api_docs/kbn_sse_utils.mdx +++ b/api_docs/kbn_sse_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils title: "@kbn/sse-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils'] --- import kbnSseUtilsObj from './kbn_sse_utils.devdocs.json'; diff --git a/api_docs/kbn_sse_utils_client.mdx b/api_docs/kbn_sse_utils_client.mdx index a1659192b7415..3831cf4394983 100644 --- a/api_docs/kbn_sse_utils_client.mdx +++ b/api_docs/kbn_sse_utils_client.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-client title: "@kbn/sse-utils-client" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils-client plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-client'] --- import kbnSseUtilsClientObj from './kbn_sse_utils_client.devdocs.json'; diff --git a/api_docs/kbn_sse_utils_server.mdx b/api_docs/kbn_sse_utils_server.mdx index 2dd435f02a2f7..dc85fd7d7fe42 100644 --- a/api_docs/kbn_sse_utils_server.mdx +++ b/api_docs/kbn_sse_utils_server.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-sse-utils-server title: "@kbn/sse-utils-server" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/sse-utils-server plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/sse-utils-server'] --- import kbnSseUtilsServerObj from './kbn_sse_utils_server.devdocs.json'; diff --git a/api_docs/kbn_std.mdx b/api_docs/kbn_std.mdx index b928fa9db82d9..6acb972535f66 100644 --- a/api_docs/kbn_std.mdx +++ b/api_docs/kbn_std.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-std title: "@kbn/std" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/std plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/std'] --- import kbnStdObj from './kbn_std.devdocs.json'; diff --git a/api_docs/kbn_stdio_dev_helpers.mdx b/api_docs/kbn_stdio_dev_helpers.mdx index 84f1fb9bfc311..c8e9f140d38b9 100644 --- a/api_docs/kbn_stdio_dev_helpers.mdx +++ b/api_docs/kbn_stdio_dev_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-stdio-dev-helpers title: "@kbn/stdio-dev-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/stdio-dev-helpers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/stdio-dev-helpers'] --- import kbnStdioDevHelpersObj from './kbn_stdio_dev_helpers.devdocs.json'; diff --git a/api_docs/kbn_storybook.mdx b/api_docs/kbn_storybook.mdx index 5453e3403f17e..31bc005036fe5 100644 --- a/api_docs/kbn_storybook.mdx +++ b/api_docs/kbn_storybook.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-storybook title: "@kbn/storybook" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/storybook plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/storybook'] --- import kbnStorybookObj from './kbn_storybook.devdocs.json'; diff --git a/api_docs/kbn_synthetics_e2e.mdx b/api_docs/kbn_synthetics_e2e.mdx index 801fbdc55033d..adb6a133de45c 100644 --- a/api_docs/kbn_synthetics_e2e.mdx +++ b/api_docs/kbn_synthetics_e2e.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-e2e title: "@kbn/synthetics-e2e" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/synthetics-e2e plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-e2e'] --- import kbnSyntheticsE2eObj from './kbn_synthetics_e2e.devdocs.json'; diff --git a/api_docs/kbn_synthetics_private_location.mdx b/api_docs/kbn_synthetics_private_location.mdx index 52a083a6a376b..a96da877d07a7 100644 --- a/api_docs/kbn_synthetics_private_location.mdx +++ b/api_docs/kbn_synthetics_private_location.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-synthetics-private-location title: "@kbn/synthetics-private-location" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/synthetics-private-location plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/synthetics-private-location'] --- import kbnSyntheticsPrivateLocationObj from './kbn_synthetics_private_location.devdocs.json'; diff --git a/api_docs/kbn_telemetry_tools.mdx b/api_docs/kbn_telemetry_tools.mdx index 95df013dd9e11..4b4219cacdf46 100644 --- a/api_docs/kbn_telemetry_tools.mdx +++ b/api_docs/kbn_telemetry_tools.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-telemetry-tools title: "@kbn/telemetry-tools" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/telemetry-tools plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/telemetry-tools'] --- import kbnTelemetryToolsObj from './kbn_telemetry_tools.devdocs.json'; diff --git a/api_docs/kbn_test.mdx b/api_docs/kbn_test.mdx index c66cddc5344ef..164bbb82ffcb8 100644 --- a/api_docs/kbn_test.mdx +++ b/api_docs/kbn_test.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test title: "@kbn/test" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test'] --- import kbnTestObj from './kbn_test.devdocs.json'; diff --git a/api_docs/kbn_test_eui_helpers.mdx b/api_docs/kbn_test_eui_helpers.mdx index 33d97c97444b9..468942b99f6ce 100644 --- a/api_docs/kbn_test_eui_helpers.mdx +++ b/api_docs/kbn_test_eui_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-eui-helpers title: "@kbn/test-eui-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-eui-helpers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-eui-helpers'] --- import kbnTestEuiHelpersObj from './kbn_test_eui_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_jest_helpers.mdx b/api_docs/kbn_test_jest_helpers.mdx index c586c3e35b760..a4ffed02e5b81 100644 --- a/api_docs/kbn_test_jest_helpers.mdx +++ b/api_docs/kbn_test_jest_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-jest-helpers title: "@kbn/test-jest-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-jest-helpers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-jest-helpers'] --- import kbnTestJestHelpersObj from './kbn_test_jest_helpers.devdocs.json'; diff --git a/api_docs/kbn_test_subj_selector.mdx b/api_docs/kbn_test_subj_selector.mdx index 219f226c4f981..edfdb435c4753 100644 --- a/api_docs/kbn_test_subj_selector.mdx +++ b/api_docs/kbn_test_subj_selector.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-test-subj-selector title: "@kbn/test-subj-selector" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/test-subj-selector plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/test-subj-selector'] --- import kbnTestSubjSelectorObj from './kbn_test_subj_selector.devdocs.json'; diff --git a/api_docs/kbn_text_based_editor.devdocs.json b/api_docs/kbn_text_based_editor.devdocs.json index 70a51ba17fe67..514d684d04469 100644 --- a/api_docs/kbn_text_based_editor.devdocs.json +++ b/api_docs/kbn_text_based_editor.devdocs.json @@ -564,6 +564,22 @@ "path": "packages/kbn-text-based-editor/src/types.ts", "deprecated": false, "trackAdoption": false + }, + { + "parentPluginId": "@kbn/text-based-editor", + "id": "def-public.TextBasedLanguagesEditorProps.displayDocumentationAsFlyout", + "type": "CompoundType", + "tags": [], + "label": "displayDocumentationAsFlyout", + "description": [ + "adds a documentation icon in the footer which opens the inline docs as a flyout" + ], + "signature": [ + "boolean | undefined" + ], + "path": "packages/kbn-text-based-editor/src/types.ts", + "deprecated": false, + "trackAdoption": false } ], "initialIsOpen": false diff --git a/api_docs/kbn_text_based_editor.mdx b/api_docs/kbn_text_based_editor.mdx index 25aab2a1c3f9a..d3835c6b27c27 100644 --- a/api_docs/kbn_text_based_editor.mdx +++ b/api_docs/kbn_text_based_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-text-based-editor title: "@kbn/text-based-editor" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/text-based-editor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/text-based-editor'] --- import kbnTextBasedEditorObj from './kbn_text_based_editor.devdocs.json'; @@ -21,7 +21,7 @@ Contact [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql | Public API count | Any count | Items lacking comments | Missing exports | |-------------------|-----------|------------------------|-----------------| -| 28 | 0 | 12 | 0 | +| 29 | 0 | 12 | 0 | ## Client diff --git a/api_docs/kbn_timerange.mdx b/api_docs/kbn_timerange.mdx index cf943f158fd20..cfe129861406b 100644 --- a/api_docs/kbn_timerange.mdx +++ b/api_docs/kbn_timerange.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-timerange title: "@kbn/timerange" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/timerange plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/timerange'] --- import kbnTimerangeObj from './kbn_timerange.devdocs.json'; diff --git a/api_docs/kbn_tooling_log.mdx b/api_docs/kbn_tooling_log.mdx index ffa4fbdd7b720..cf451921a663a 100644 --- a/api_docs/kbn_tooling_log.mdx +++ b/api_docs/kbn_tooling_log.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-tooling-log title: "@kbn/tooling-log" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/tooling-log plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/tooling-log'] --- import kbnToolingLogObj from './kbn_tooling_log.devdocs.json'; diff --git a/api_docs/kbn_triggers_actions_ui_types.mdx b/api_docs/kbn_triggers_actions_ui_types.mdx index ad2bc69c0a2bb..73ab2db8265da 100644 --- a/api_docs/kbn_triggers_actions_ui_types.mdx +++ b/api_docs/kbn_triggers_actions_ui_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-triggers-actions-ui-types title: "@kbn/triggers-actions-ui-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/triggers-actions-ui-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/triggers-actions-ui-types'] --- import kbnTriggersActionsUiTypesObj from './kbn_triggers_actions_ui_types.devdocs.json'; diff --git a/api_docs/kbn_try_in_console.mdx b/api_docs/kbn_try_in_console.mdx index 4d29baf0e531e..c28331d513129 100644 --- a/api_docs/kbn_try_in_console.mdx +++ b/api_docs/kbn_try_in_console.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-try-in-console title: "@kbn/try-in-console" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/try-in-console plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/try-in-console'] --- import kbnTryInConsoleObj from './kbn_try_in_console.devdocs.json'; diff --git a/api_docs/kbn_ts_projects.mdx b/api_docs/kbn_ts_projects.mdx index a08084a49411d..0baed0d4973de 100644 --- a/api_docs/kbn_ts_projects.mdx +++ b/api_docs/kbn_ts_projects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ts-projects title: "@kbn/ts-projects" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ts-projects plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ts-projects'] --- import kbnTsProjectsObj from './kbn_ts_projects.devdocs.json'; diff --git a/api_docs/kbn_typed_react_router_config.mdx b/api_docs/kbn_typed_react_router_config.mdx index 5ad824398a1fc..fa888d99adf38 100644 --- a/api_docs/kbn_typed_react_router_config.mdx +++ b/api_docs/kbn_typed_react_router_config.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-typed-react-router-config title: "@kbn/typed-react-router-config" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/typed-react-router-config plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/typed-react-router-config'] --- import kbnTypedReactRouterConfigObj from './kbn_typed_react_router_config.devdocs.json'; diff --git a/api_docs/kbn_ui_actions_browser.mdx b/api_docs/kbn_ui_actions_browser.mdx index 59589984956da..5a4940104bc25 100644 --- a/api_docs/kbn_ui_actions_browser.mdx +++ b/api_docs/kbn_ui_actions_browser.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-actions-browser title: "@kbn/ui-actions-browser" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-actions-browser plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-actions-browser'] --- import kbnUiActionsBrowserObj from './kbn_ui_actions_browser.devdocs.json'; diff --git a/api_docs/kbn_ui_shared_deps_src.mdx b/api_docs/kbn_ui_shared_deps_src.mdx index 728d30672c29b..e85dac8fda8a4 100644 --- a/api_docs/kbn_ui_shared_deps_src.mdx +++ b/api_docs/kbn_ui_shared_deps_src.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-shared-deps-src title: "@kbn/ui-shared-deps-src" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-shared-deps-src plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-shared-deps-src'] --- import kbnUiSharedDepsSrcObj from './kbn_ui_shared_deps_src.devdocs.json'; diff --git a/api_docs/kbn_ui_theme.mdx b/api_docs/kbn_ui_theme.mdx index 52ff58aed0223..b4db58ac5e143 100644 --- a/api_docs/kbn_ui_theme.mdx +++ b/api_docs/kbn_ui_theme.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-ui-theme title: "@kbn/ui-theme" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/ui-theme plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/ui-theme'] --- import kbnUiThemeObj from './kbn_ui_theme.devdocs.json'; diff --git a/api_docs/kbn_unified_data_table.mdx b/api_docs/kbn_unified_data_table.mdx index 13bfdf4cc2f60..376365b4aaac3 100644 --- a/api_docs/kbn_unified_data_table.mdx +++ b/api_docs/kbn_unified_data_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-data-table title: "@kbn/unified-data-table" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-data-table plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-data-table'] --- import kbnUnifiedDataTableObj from './kbn_unified_data_table.devdocs.json'; diff --git a/api_docs/kbn_unified_doc_viewer.mdx b/api_docs/kbn_unified_doc_viewer.mdx index 3f18343c30ddd..9956162d3ddd5 100644 --- a/api_docs/kbn_unified_doc_viewer.mdx +++ b/api_docs/kbn_unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-doc-viewer title: "@kbn/unified-doc-viewer" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-doc-viewer plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-doc-viewer'] --- import kbnUnifiedDocViewerObj from './kbn_unified_doc_viewer.devdocs.json'; diff --git a/api_docs/kbn_unified_field_list.mdx b/api_docs/kbn_unified_field_list.mdx index 0478402b03845..4bb2d56a83777 100644 --- a/api_docs/kbn_unified_field_list.mdx +++ b/api_docs/kbn_unified_field_list.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unified-field-list title: "@kbn/unified-field-list" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unified-field-list plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unified-field-list'] --- import kbnUnifiedFieldListObj from './kbn_unified_field_list.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_badge.mdx b/api_docs/kbn_unsaved_changes_badge.mdx index 0d82326a631b2..86c235924b08a 100644 --- a/api_docs/kbn_unsaved_changes_badge.mdx +++ b/api_docs/kbn_unsaved_changes_badge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-badge title: "@kbn/unsaved-changes-badge" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-badge plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-badge'] --- import kbnUnsavedChangesBadgeObj from './kbn_unsaved_changes_badge.devdocs.json'; diff --git a/api_docs/kbn_unsaved_changes_prompt.mdx b/api_docs/kbn_unsaved_changes_prompt.mdx index 26b26ae3e9d9b..b1019abcf3a7f 100644 --- a/api_docs/kbn_unsaved_changes_prompt.mdx +++ b/api_docs/kbn_unsaved_changes_prompt.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-unsaved-changes-prompt title: "@kbn/unsaved-changes-prompt" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/unsaved-changes-prompt plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/unsaved-changes-prompt'] --- import kbnUnsavedChangesPromptObj from './kbn_unsaved_changes_prompt.devdocs.json'; diff --git a/api_docs/kbn_use_tracked_promise.mdx b/api_docs/kbn_use_tracked_promise.mdx index e3074c1af1bc7..f7d5d9802dd3a 100644 --- a/api_docs/kbn_use_tracked_promise.mdx +++ b/api_docs/kbn_use_tracked_promise.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-use-tracked-promise title: "@kbn/use-tracked-promise" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/use-tracked-promise plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/use-tracked-promise'] --- import kbnUseTrackedPromiseObj from './kbn_use_tracked_promise.devdocs.json'; diff --git a/api_docs/kbn_user_profile_components.mdx b/api_docs/kbn_user_profile_components.mdx index b012ed26e5c91..3d93e17085d0b 100644 --- a/api_docs/kbn_user_profile_components.mdx +++ b/api_docs/kbn_user_profile_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-user-profile-components title: "@kbn/user-profile-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/user-profile-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/user-profile-components'] --- import kbnUserProfileComponentsObj from './kbn_user_profile_components.devdocs.json'; diff --git a/api_docs/kbn_utility_types.mdx b/api_docs/kbn_utility_types.mdx index 3a7328118bafc..1b8a2e6e4c015 100644 --- a/api_docs/kbn_utility_types.mdx +++ b/api_docs/kbn_utility_types.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types title: "@kbn/utility-types" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types'] --- import kbnUtilityTypesObj from './kbn_utility_types.devdocs.json'; diff --git a/api_docs/kbn_utility_types_jest.mdx b/api_docs/kbn_utility_types_jest.mdx index a602af088fa1c..d97f361d571e7 100644 --- a/api_docs/kbn_utility_types_jest.mdx +++ b/api_docs/kbn_utility_types_jest.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utility-types-jest title: "@kbn/utility-types-jest" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utility-types-jest plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utility-types-jest'] --- import kbnUtilityTypesJestObj from './kbn_utility_types_jest.devdocs.json'; diff --git a/api_docs/kbn_utils.mdx b/api_docs/kbn_utils.mdx index f8f5c57263d6c..b470ecd37a67e 100644 --- a/api_docs/kbn_utils.mdx +++ b/api_docs/kbn_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-utils title: "@kbn/utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/utils'] --- import kbnUtilsObj from './kbn_utils.devdocs.json'; diff --git a/api_docs/kbn_visualization_ui_components.mdx b/api_docs/kbn_visualization_ui_components.mdx index bfff8db3d4d8b..3ec389e690a40 100644 --- a/api_docs/kbn_visualization_ui_components.mdx +++ b/api_docs/kbn_visualization_ui_components.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-ui-components title: "@kbn/visualization-ui-components" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-ui-components plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-ui-components'] --- import kbnVisualizationUiComponentsObj from './kbn_visualization_ui_components.devdocs.json'; diff --git a/api_docs/kbn_visualization_utils.mdx b/api_docs/kbn_visualization_utils.mdx index 9877d754d624a..edde6552e6e48 100644 --- a/api_docs/kbn_visualization_utils.mdx +++ b/api_docs/kbn_visualization_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-visualization-utils title: "@kbn/visualization-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/visualization-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/visualization-utils'] --- import kbnVisualizationUtilsObj from './kbn_visualization_utils.devdocs.json'; diff --git a/api_docs/kbn_xstate_utils.mdx b/api_docs/kbn_xstate_utils.mdx index ea85cfeabb8fb..6b89317a24e24 100644 --- a/api_docs/kbn_xstate_utils.mdx +++ b/api_docs/kbn_xstate_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-xstate-utils title: "@kbn/xstate-utils" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/xstate-utils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/xstate-utils'] --- import kbnXstateUtilsObj from './kbn_xstate_utils.devdocs.json'; diff --git a/api_docs/kbn_yarn_lock_validator.mdx b/api_docs/kbn_yarn_lock_validator.mdx index 80a7064e20161..6daed9b370f76 100644 --- a/api_docs/kbn_yarn_lock_validator.mdx +++ b/api_docs/kbn_yarn_lock_validator.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-yarn-lock-validator title: "@kbn/yarn-lock-validator" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/yarn-lock-validator plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/yarn-lock-validator'] --- import kbnYarnLockValidatorObj from './kbn_yarn_lock_validator.devdocs.json'; diff --git a/api_docs/kbn_zod.mdx b/api_docs/kbn_zod.mdx index 0e946f38fd650..3c2e859097c8f 100644 --- a/api_docs/kbn_zod.mdx +++ b/api_docs/kbn_zod.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod title: "@kbn/zod" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod'] --- import kbnZodObj from './kbn_zod.devdocs.json'; diff --git a/api_docs/kbn_zod_helpers.mdx b/api_docs/kbn_zod_helpers.mdx index 1e1ab9cf94995..cdff0021aacd7 100644 --- a/api_docs/kbn_zod_helpers.mdx +++ b/api_docs/kbn_zod_helpers.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kbn-zod-helpers title: "@kbn/zod-helpers" image: https://source.unsplash.com/400x175/?github description: API docs for the @kbn/zod-helpers plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', '@kbn/zod-helpers'] --- import kbnZodHelpersObj from './kbn_zod_helpers.devdocs.json'; diff --git a/api_docs/kibana_overview.mdx b/api_docs/kibana_overview.mdx index 9cb8dd2e7031f..74ef38b08ec3f 100644 --- a/api_docs/kibana_overview.mdx +++ b/api_docs/kibana_overview.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaOverview title: "kibanaOverview" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaOverview plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaOverview'] --- import kibanaOverviewObj from './kibana_overview.devdocs.json'; diff --git a/api_docs/kibana_react.mdx b/api_docs/kibana_react.mdx index 58f13f075de76..62d77d33dcf5f 100644 --- a/api_docs/kibana_react.mdx +++ b/api_docs/kibana_react.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaReact title: "kibanaReact" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaReact plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaReact'] --- import kibanaReactObj from './kibana_react.devdocs.json'; diff --git a/api_docs/kibana_utils.mdx b/api_docs/kibana_utils.mdx index 81d8f6ddd4648..0e97569a1b519 100644 --- a/api_docs/kibana_utils.mdx +++ b/api_docs/kibana_utils.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kibanaUtils title: "kibanaUtils" image: https://source.unsplash.com/400x175/?github description: API docs for the kibanaUtils plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kibanaUtils'] --- import kibanaUtilsObj from './kibana_utils.devdocs.json'; diff --git a/api_docs/kubernetes_security.mdx b/api_docs/kubernetes_security.mdx index 0829a0ac795d5..b0104c8adc19f 100644 --- a/api_docs/kubernetes_security.mdx +++ b/api_docs/kubernetes_security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/kubernetesSecurity title: "kubernetesSecurity" image: https://source.unsplash.com/400x175/?github description: API docs for the kubernetesSecurity plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'kubernetesSecurity'] --- import kubernetesSecurityObj from './kubernetes_security.devdocs.json'; diff --git a/api_docs/lens.mdx b/api_docs/lens.mdx index c710047ba6b6e..aeee722227a5d 100644 --- a/api_docs/lens.mdx +++ b/api_docs/lens.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lens title: "lens" image: https://source.unsplash.com/400x175/?github description: API docs for the lens plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lens'] --- import lensObj from './lens.devdocs.json'; diff --git a/api_docs/license_api_guard.mdx b/api_docs/license_api_guard.mdx index 76332e67cef29..30b723b877656 100644 --- a/api_docs/license_api_guard.mdx +++ b/api_docs/license_api_guard.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseApiGuard title: "licenseApiGuard" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseApiGuard plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseApiGuard'] --- import licenseApiGuardObj from './license_api_guard.devdocs.json'; diff --git a/api_docs/license_management.mdx b/api_docs/license_management.mdx index eee1100c17031..34cdf278e17a9 100644 --- a/api_docs/license_management.mdx +++ b/api_docs/license_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licenseManagement title: "licenseManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the licenseManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licenseManagement'] --- import licenseManagementObj from './license_management.devdocs.json'; diff --git a/api_docs/licensing.mdx b/api_docs/licensing.mdx index 298e6be6ca152..38904bd0d174b 100644 --- a/api_docs/licensing.mdx +++ b/api_docs/licensing.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/licensing title: "licensing" image: https://source.unsplash.com/400x175/?github description: API docs for the licensing plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'licensing'] --- import licensingObj from './licensing.devdocs.json'; diff --git a/api_docs/links.mdx b/api_docs/links.mdx index d220eae67492d..a923fd523bda3 100644 --- a/api_docs/links.mdx +++ b/api_docs/links.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/links title: "links" image: https://source.unsplash.com/400x175/?github description: API docs for the links plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'links'] --- import linksObj from './links.devdocs.json'; diff --git a/api_docs/lists.mdx b/api_docs/lists.mdx index dc2318e4f9c8e..4ff724794f2da 100644 --- a/api_docs/lists.mdx +++ b/api_docs/lists.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/lists title: "lists" image: https://source.unsplash.com/400x175/?github description: API docs for the lists plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'lists'] --- import listsObj from './lists.devdocs.json'; diff --git a/api_docs/logs_data_access.mdx b/api_docs/logs_data_access.mdx index 7d1c393c9717b..feaab610c69f4 100644 --- a/api_docs/logs_data_access.mdx +++ b/api_docs/logs_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsDataAccess title: "logsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the logsDataAccess plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsDataAccess'] --- import logsDataAccessObj from './logs_data_access.devdocs.json'; diff --git a/api_docs/logs_explorer.mdx b/api_docs/logs_explorer.mdx index 67ac3b6ca4f02..30acf5f93d793 100644 --- a/api_docs/logs_explorer.mdx +++ b/api_docs/logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsExplorer title: "logsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the logsExplorer plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsExplorer'] --- import logsExplorerObj from './logs_explorer.devdocs.json'; diff --git a/api_docs/logs_shared.mdx b/api_docs/logs_shared.mdx index 22f844d28cfb5..6c2d6ab32a622 100644 --- a/api_docs/logs_shared.mdx +++ b/api_docs/logs_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/logsShared title: "logsShared" image: https://source.unsplash.com/400x175/?github description: API docs for the logsShared plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'logsShared'] --- import logsSharedObj from './logs_shared.devdocs.json'; diff --git a/api_docs/management.mdx b/api_docs/management.mdx index 9b6df22e1c3ef..7f474a4e0b610 100644 --- a/api_docs/management.mdx +++ b/api_docs/management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/management title: "management" image: https://source.unsplash.com/400x175/?github description: API docs for the management plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'management'] --- import managementObj from './management.devdocs.json'; diff --git a/api_docs/maps.mdx b/api_docs/maps.mdx index 80c0baf510a60..4d781d8a25877 100644 --- a/api_docs/maps.mdx +++ b/api_docs/maps.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/maps title: "maps" image: https://source.unsplash.com/400x175/?github description: API docs for the maps plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'maps'] --- import mapsObj from './maps.devdocs.json'; diff --git a/api_docs/maps_ems.mdx b/api_docs/maps_ems.mdx index 6a39921ec4b24..7b723a3e7fe88 100644 --- a/api_docs/maps_ems.mdx +++ b/api_docs/maps_ems.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mapsEms title: "mapsEms" image: https://source.unsplash.com/400x175/?github description: API docs for the mapsEms plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mapsEms'] --- import mapsEmsObj from './maps_ems.devdocs.json'; diff --git a/api_docs/metrics_data_access.mdx b/api_docs/metrics_data_access.mdx index 0a4ac38f88dbc..e302251c22646 100644 --- a/api_docs/metrics_data_access.mdx +++ b/api_docs/metrics_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/metricsDataAccess title: "metricsDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the metricsDataAccess plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'metricsDataAccess'] --- import metricsDataAccessObj from './metrics_data_access.devdocs.json'; diff --git a/api_docs/ml.mdx b/api_docs/ml.mdx index 1dab75c111c56..86e6c2f09b519 100644 --- a/api_docs/ml.mdx +++ b/api_docs/ml.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ml title: "ml" image: https://source.unsplash.com/400x175/?github description: API docs for the ml plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ml'] --- import mlObj from './ml.devdocs.json'; diff --git a/api_docs/mock_idp_plugin.mdx b/api_docs/mock_idp_plugin.mdx index 2911dee7b1c6d..e1aad0582f50e 100644 --- a/api_docs/mock_idp_plugin.mdx +++ b/api_docs/mock_idp_plugin.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/mockIdpPlugin title: "mockIdpPlugin" image: https://source.unsplash.com/400x175/?github description: API docs for the mockIdpPlugin plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'mockIdpPlugin'] --- import mockIdpPluginObj from './mock_idp_plugin.devdocs.json'; diff --git a/api_docs/monitoring.mdx b/api_docs/monitoring.mdx index a3f8188c30996..9536583f55b81 100644 --- a/api_docs/monitoring.mdx +++ b/api_docs/monitoring.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoring title: "monitoring" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoring plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoring'] --- import monitoringObj from './monitoring.devdocs.json'; diff --git a/api_docs/monitoring_collection.mdx b/api_docs/monitoring_collection.mdx index 1ee8bf8379e10..2913597ba9cfc 100644 --- a/api_docs/monitoring_collection.mdx +++ b/api_docs/monitoring_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/monitoringCollection title: "monitoringCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the monitoringCollection plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'monitoringCollection'] --- import monitoringCollectionObj from './monitoring_collection.devdocs.json'; diff --git a/api_docs/navigation.mdx b/api_docs/navigation.mdx index 9dcd98217c0d0..c1a73ac787e5c 100644 --- a/api_docs/navigation.mdx +++ b/api_docs/navigation.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/navigation title: "navigation" image: https://source.unsplash.com/400x175/?github description: API docs for the navigation plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'navigation'] --- import navigationObj from './navigation.devdocs.json'; diff --git a/api_docs/newsfeed.mdx b/api_docs/newsfeed.mdx index 4e812756c97bf..5341799db70a1 100644 --- a/api_docs/newsfeed.mdx +++ b/api_docs/newsfeed.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/newsfeed title: "newsfeed" image: https://source.unsplash.com/400x175/?github description: API docs for the newsfeed plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'newsfeed'] --- import newsfeedObj from './newsfeed.devdocs.json'; diff --git a/api_docs/no_data_page.mdx b/api_docs/no_data_page.mdx index 1aeeca81cbaa6..92843f066694d 100644 --- a/api_docs/no_data_page.mdx +++ b/api_docs/no_data_page.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/noDataPage title: "noDataPage" image: https://source.unsplash.com/400x175/?github description: API docs for the noDataPage plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'noDataPage'] --- import noDataPageObj from './no_data_page.devdocs.json'; diff --git a/api_docs/notifications.mdx b/api_docs/notifications.mdx index f3ff1211a9c4a..7cc7ece9e6921 100644 --- a/api_docs/notifications.mdx +++ b/api_docs/notifications.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/notifications title: "notifications" image: https://source.unsplash.com/400x175/?github description: API docs for the notifications plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'notifications'] --- import notificationsObj from './notifications.devdocs.json'; diff --git a/api_docs/observability.mdx b/api_docs/observability.mdx index 50fa55a3a656c..0a541bf579906 100644 --- a/api_docs/observability.mdx +++ b/api_docs/observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observability title: "observability" image: https://source.unsplash.com/400x175/?github description: API docs for the observability plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observability'] --- import observabilityObj from './observability.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant.mdx b/api_docs/observability_a_i_assistant.mdx index 1fcc33dfd65e3..6d25526cc86ef 100644 --- a/api_docs/observability_a_i_assistant.mdx +++ b/api_docs/observability_a_i_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistant title: "observabilityAIAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistant plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistant'] --- import observabilityAIAssistantObj from './observability_a_i_assistant.devdocs.json'; diff --git a/api_docs/observability_a_i_assistant_app.mdx b/api_docs/observability_a_i_assistant_app.mdx index 9a78da55b3900..2ce562381b219 100644 --- a/api_docs/observability_a_i_assistant_app.mdx +++ b/api_docs/observability_a_i_assistant_app.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAIAssistantApp title: "observabilityAIAssistantApp" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAIAssistantApp plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAIAssistantApp'] --- import observabilityAIAssistantAppObj from './observability_a_i_assistant_app.devdocs.json'; diff --git a/api_docs/observability_ai_assistant_management.mdx b/api_docs/observability_ai_assistant_management.mdx index 2c9d82f458998..8270811c74e7e 100644 --- a/api_docs/observability_ai_assistant_management.mdx +++ b/api_docs/observability_ai_assistant_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityAiAssistantManagement title: "observabilityAiAssistantManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityAiAssistantManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityAiAssistantManagement'] --- import observabilityAiAssistantManagementObj from './observability_ai_assistant_management.devdocs.json'; diff --git a/api_docs/observability_logs_explorer.mdx b/api_docs/observability_logs_explorer.mdx index 75bb69a167fb4..b2b0da30051e8 100644 --- a/api_docs/observability_logs_explorer.mdx +++ b/api_docs/observability_logs_explorer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityLogsExplorer title: "observabilityLogsExplorer" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityLogsExplorer plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityLogsExplorer'] --- import observabilityLogsExplorerObj from './observability_logs_explorer.devdocs.json'; diff --git a/api_docs/observability_onboarding.mdx b/api_docs/observability_onboarding.mdx index 5cb3b90bfcdd2..8172e97a40b95 100644 --- a/api_docs/observability_onboarding.mdx +++ b/api_docs/observability_onboarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityOnboarding title: "observabilityOnboarding" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityOnboarding plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityOnboarding'] --- import observabilityOnboardingObj from './observability_onboarding.devdocs.json'; diff --git a/api_docs/observability_shared.mdx b/api_docs/observability_shared.mdx index 3841f69b9dcdb..0d7b1d98ddd86 100644 --- a/api_docs/observability_shared.mdx +++ b/api_docs/observability_shared.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/observabilityShared title: "observabilityShared" image: https://source.unsplash.com/400x175/?github description: API docs for the observabilityShared plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'observabilityShared'] --- import observabilitySharedObj from './observability_shared.devdocs.json'; diff --git a/api_docs/osquery.mdx b/api_docs/osquery.mdx index 44d60b6bb2e3c..5e99fbf1f8c2b 100644 --- a/api_docs/osquery.mdx +++ b/api_docs/osquery.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/osquery title: "osquery" image: https://source.unsplash.com/400x175/?github description: API docs for the osquery plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'osquery'] --- import osqueryObj from './osquery.devdocs.json'; diff --git a/api_docs/painless_lab.mdx b/api_docs/painless_lab.mdx index 12a68cf4d47d1..71c5f2af71600 100644 --- a/api_docs/painless_lab.mdx +++ b/api_docs/painless_lab.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/painlessLab title: "painlessLab" image: https://source.unsplash.com/400x175/?github description: API docs for the painlessLab plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'painlessLab'] --- import painlessLabObj from './painless_lab.devdocs.json'; diff --git a/api_docs/plugin_directory.mdx b/api_docs/plugin_directory.mdx index 8b7d0fee618e1..dac5bf7072d72 100644 --- a/api_docs/plugin_directory.mdx +++ b/api_docs/plugin_directory.mdx @@ -7,7 +7,7 @@ id: kibDevDocsPluginDirectory slug: /kibana-dev-docs/api-meta/plugin-api-directory title: Directory description: Directory of public APIs available through plugins or packages. -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana'] --- @@ -21,7 +21,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | API Count | Any Count | Missing comments | Missing exports | |--------------|----------|-----------------|--------| -| 53176 | 245 | 39877 | 1962 | +| 53181 | 245 | 39877 | 1963 | ## Plugin Directory @@ -39,7 +39,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | Adds Canvas application to Kibana | 9 | 0 | 8 | 3 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | The Case management system in Kibana | 115 | 0 | 95 | 28 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 268 | 2 | 253 | 10 | -| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 84 | 0 | 21 | 0 | +| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 84 | 0 | 21 | 1 | | cloudChat | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | Chat available on Elastic Cloud deployments for quicker assistance. | 0 | 0 | 0 | 0 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | Static migration page where self-managed users can see text/copy about migrating to Elastic Cloud | 8 | 0 | 8 | 1 | | | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | Defend for containers (D4C) | 52 | 0 | 43 | 2 | @@ -49,7 +49,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-cloud-security-posture](https://github.com/orgs/elastic/teams/kibana-cloud-security-posture) | The cloud security posture plugin | 13 | 0 | 2 | 2 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 39 | 0 | 30 | 0 | | | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Content management app | 149 | 0 | 125 | 6 | -| | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | The Controls Plugin contains embeddable components intended to create a simple query interface for end users, and a powerful editing suite that allows dashboard authors to build controls | 138 | 0 | 134 | 14 | +| | [@elastic/kibana-presentation](https://github.com/orgs/elastic/teams/kibana-presentation) | The Controls Plugin contains embeddable components intended to create a simple query interface for end users, and a powerful editing suite that allows dashboard authors to build controls | 134 | 0 | 130 | 14 | | crossClusterReplication | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 0 | 0 | 0 | 0 | | customBranding | [@elastic/appex-sharedux](https://github.com/orgs/elastic/teams/appex-sharedux) | Enables customization of Kibana | 0 | 0 | 0 | 0 | | | [@elastic/fleet](https://github.com/orgs/elastic/teams/fleet) | Add custom data integrations so they can be displayed in the Fleet integrations app | 271 | 0 | 252 | 1 | @@ -76,7 +76,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entities) | - | 2 | 0 | 2 | 0 | | | [@elastic/obs-entities](https://github.com/orgs/elastic/teams/obs-entities) | Entity manager plugin for entity assets (inventory, topology, etc) | 20 | 0 | 20 | 3 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 99 | 3 | 97 | 3 | -| | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 24 | 0 | 9 | 0 | +| | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 25 | 0 | 9 | 0 | | | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 2 | 0 | 2 | 0 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | The Event Annotation service contains expressions for event annotations | 201 | 0 | 201 | 6 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | The listing page for event annotations. | 15 | 0 | 15 | 0 | @@ -339,7 +339,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 4 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 22 | 0 | 13 | 1 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 38 | 1 | 34 | 0 | -| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 117 | 0 | 56 | 0 | +| | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 118 | 0 | 56 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 43 | 0 | 38 | 3 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 13 | 1 | 13 | 0 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 4 | 0 | 4 | 1 | @@ -526,7 +526,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-data-discovery](https://github.com/orgs/elastic/teams/kibana-data-discovery) | - | 49 | 0 | 40 | 2 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 0 | 0 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 3 | 0 | 3 | 0 | -| | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 106 | 0 | 81 | 1 | +| | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 108 | 0 | 83 | 1 | | | [@elastic/appex-qa](https://github.com/orgs/elastic/teams/appex-qa) | - | 560 | 6 | 520 | 7 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 1 | 0 | 0 | 0 | | | [@elastic/kibana-management](https://github.com/orgs/elastic/teams/kibana-management) | - | 1 | 0 | 1 | 0 | @@ -554,7 +554,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 41 | 2 | 35 | 0 | | | [@elastic/ml-ui](https://github.com/orgs/elastic/teams/ml-ui) | - | 9 | 0 | 7 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 108 | 0 | 107 | 0 | -| | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 7 | 0 | 5 | 0 | +| | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 11 | 0 | 7 | 0 | | | [@elastic/obs-ux-infra_services-team](https://github.com/orgs/elastic/teams/obs-ux-infra_services-team) | - | 193 | 0 | 190 | 6 | | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 172 | 0 | 172 | 1 | | | [@elastic/kibana-core](https://github.com/orgs/elastic/teams/kibana-core) | - | 28 | 0 | 2 | 2 | @@ -762,7 +762,7 @@ tags: ['contributor', 'dev', 'apidocs', 'kibana'] | | [@elastic/kibana-visualizations](https://github.com/orgs/elastic/teams/kibana-visualizations) | - | 37 | 1 | 19 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 131 | 3 | 98 | 2 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 2 | 0 | 1 | 0 | -| | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 28 | 0 | 12 | 0 | +| | [@elastic/kibana-esql](https://github.com/orgs/elastic/teams/kibana-esql) | - | 29 | 0 | 12 | 0 | | | [@elastic/obs-ux-logs-team](https://github.com/orgs/elastic/teams/obs-ux-logs-team) | - | 8 | 0 | 8 | 0 | | | [@elastic/kibana-operations](https://github.com/orgs/elastic/teams/kibana-operations) | - | 74 | 0 | 55 | 0 | | | [@elastic/response-ops](https://github.com/orgs/elastic/teams/response-ops) | - | 15 | 0 | 15 | 0 | diff --git a/api_docs/presentation_panel.mdx b/api_docs/presentation_panel.mdx index 475a25bcecca0..d2b7230886f5d 100644 --- a/api_docs/presentation_panel.mdx +++ b/api_docs/presentation_panel.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationPanel title: "presentationPanel" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationPanel plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationPanel'] --- import presentationPanelObj from './presentation_panel.devdocs.json'; diff --git a/api_docs/presentation_util.mdx b/api_docs/presentation_util.mdx index 6a7cb962df0c4..67cc9a179b22d 100644 --- a/api_docs/presentation_util.mdx +++ b/api_docs/presentation_util.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/presentationUtil title: "presentationUtil" image: https://source.unsplash.com/400x175/?github description: API docs for the presentationUtil plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'presentationUtil'] --- import presentationUtilObj from './presentation_util.devdocs.json'; diff --git a/api_docs/profiling.mdx b/api_docs/profiling.mdx index 8d41fd935826c..a7794f056166a 100644 --- a/api_docs/profiling.mdx +++ b/api_docs/profiling.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profiling title: "profiling" image: https://source.unsplash.com/400x175/?github description: API docs for the profiling plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profiling'] --- import profilingObj from './profiling.devdocs.json'; diff --git a/api_docs/profiling_data_access.mdx b/api_docs/profiling_data_access.mdx index daf1548822c30..3d6e03ee2863a 100644 --- a/api_docs/profiling_data_access.mdx +++ b/api_docs/profiling_data_access.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/profilingDataAccess title: "profilingDataAccess" image: https://source.unsplash.com/400x175/?github description: API docs for the profilingDataAccess plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'profilingDataAccess'] --- import profilingDataAccessObj from './profiling_data_access.devdocs.json'; diff --git a/api_docs/remote_clusters.mdx b/api_docs/remote_clusters.mdx index 2133c43aae0bc..67d42e20b3b4f 100644 --- a/api_docs/remote_clusters.mdx +++ b/api_docs/remote_clusters.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/remoteClusters title: "remoteClusters" image: https://source.unsplash.com/400x175/?github description: API docs for the remoteClusters plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'remoteClusters'] --- import remoteClustersObj from './remote_clusters.devdocs.json'; diff --git a/api_docs/reporting.mdx b/api_docs/reporting.mdx index 9b10a13e37828..77c3d4977db30 100644 --- a/api_docs/reporting.mdx +++ b/api_docs/reporting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/reporting title: "reporting" image: https://source.unsplash.com/400x175/?github description: API docs for the reporting plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'reporting'] --- import reportingObj from './reporting.devdocs.json'; diff --git a/api_docs/rollup.mdx b/api_docs/rollup.mdx index 437c1b589d3a5..134c99c026dce 100644 --- a/api_docs/rollup.mdx +++ b/api_docs/rollup.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/rollup title: "rollup" image: https://source.unsplash.com/400x175/?github description: API docs for the rollup plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'rollup'] --- import rollupObj from './rollup.devdocs.json'; diff --git a/api_docs/rule_registry.mdx b/api_docs/rule_registry.mdx index c47ad40ca0294..7712d52205330 100644 --- a/api_docs/rule_registry.mdx +++ b/api_docs/rule_registry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ruleRegistry title: "ruleRegistry" image: https://source.unsplash.com/400x175/?github description: API docs for the ruleRegistry plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ruleRegistry'] --- import ruleRegistryObj from './rule_registry.devdocs.json'; diff --git a/api_docs/runtime_fields.mdx b/api_docs/runtime_fields.mdx index f78b57c27cf8f..499311440a8d9 100644 --- a/api_docs/runtime_fields.mdx +++ b/api_docs/runtime_fields.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/runtimeFields title: "runtimeFields" image: https://source.unsplash.com/400x175/?github description: API docs for the runtimeFields plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'runtimeFields'] --- import runtimeFieldsObj from './runtime_fields.devdocs.json'; diff --git a/api_docs/saved_objects.mdx b/api_docs/saved_objects.mdx index cc436a6a8c0d0..123244801f78b 100644 --- a/api_docs/saved_objects.mdx +++ b/api_docs/saved_objects.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjects title: "savedObjects" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjects plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjects'] --- import savedObjectsObj from './saved_objects.devdocs.json'; diff --git a/api_docs/saved_objects_finder.mdx b/api_docs/saved_objects_finder.mdx index 765fa84ab4b81..ab63292004fa9 100644 --- a/api_docs/saved_objects_finder.mdx +++ b/api_docs/saved_objects_finder.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsFinder title: "savedObjectsFinder" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsFinder plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsFinder'] --- import savedObjectsFinderObj from './saved_objects_finder.devdocs.json'; diff --git a/api_docs/saved_objects_management.mdx b/api_docs/saved_objects_management.mdx index bab2c2656ea2b..2521d0192d84f 100644 --- a/api_docs/saved_objects_management.mdx +++ b/api_docs/saved_objects_management.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsManagement title: "savedObjectsManagement" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsManagement plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsManagement'] --- import savedObjectsManagementObj from './saved_objects_management.devdocs.json'; diff --git a/api_docs/saved_objects_tagging.mdx b/api_docs/saved_objects_tagging.mdx index f3e853fe8fc9d..6e23a8de2f200 100644 --- a/api_docs/saved_objects_tagging.mdx +++ b/api_docs/saved_objects_tagging.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTagging title: "savedObjectsTagging" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTagging plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTagging'] --- import savedObjectsTaggingObj from './saved_objects_tagging.devdocs.json'; diff --git a/api_docs/saved_objects_tagging_oss.mdx b/api_docs/saved_objects_tagging_oss.mdx index e2d111ce10bd4..3ce9cb6625ae5 100644 --- a/api_docs/saved_objects_tagging_oss.mdx +++ b/api_docs/saved_objects_tagging_oss.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedObjectsTaggingOss title: "savedObjectsTaggingOss" image: https://source.unsplash.com/400x175/?github description: API docs for the savedObjectsTaggingOss plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedObjectsTaggingOss'] --- import savedObjectsTaggingOssObj from './saved_objects_tagging_oss.devdocs.json'; diff --git a/api_docs/saved_search.mdx b/api_docs/saved_search.mdx index 24c0b2e66bc74..9fadf64fbe533 100644 --- a/api_docs/saved_search.mdx +++ b/api_docs/saved_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/savedSearch title: "savedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the savedSearch plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'savedSearch'] --- import savedSearchObj from './saved_search.devdocs.json'; diff --git a/api_docs/screenshot_mode.mdx b/api_docs/screenshot_mode.mdx index 517d894c5d23d..344b2e46c49ed 100644 --- a/api_docs/screenshot_mode.mdx +++ b/api_docs/screenshot_mode.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotMode title: "screenshotMode" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotMode plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotMode'] --- import screenshotModeObj from './screenshot_mode.devdocs.json'; diff --git a/api_docs/screenshotting.mdx b/api_docs/screenshotting.mdx index 8376a73aae604..d35db0377a4e2 100644 --- a/api_docs/screenshotting.mdx +++ b/api_docs/screenshotting.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/screenshotting title: "screenshotting" image: https://source.unsplash.com/400x175/?github description: API docs for the screenshotting plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'screenshotting'] --- import screenshottingObj from './screenshotting.devdocs.json'; diff --git a/api_docs/search_assistant.mdx b/api_docs/search_assistant.mdx index a5a24f994be59..f1c8ac2b05a8b 100644 --- a/api_docs/search_assistant.mdx +++ b/api_docs/search_assistant.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchAssistant title: "searchAssistant" image: https://source.unsplash.com/400x175/?github description: API docs for the searchAssistant plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchAssistant'] --- import searchAssistantObj from './search_assistant.devdocs.json'; diff --git a/api_docs/search_connectors.mdx b/api_docs/search_connectors.mdx index 9406cb2724fd2..4ef0f25d53493 100644 --- a/api_docs/search_connectors.mdx +++ b/api_docs/search_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchConnectors title: "searchConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the searchConnectors plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchConnectors'] --- import searchConnectorsObj from './search_connectors.devdocs.json'; diff --git a/api_docs/search_homepage.mdx b/api_docs/search_homepage.mdx index 9b9ecdf965cb2..73adf90280461 100644 --- a/api_docs/search_homepage.mdx +++ b/api_docs/search_homepage.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchHomepage title: "searchHomepage" image: https://source.unsplash.com/400x175/?github description: API docs for the searchHomepage plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchHomepage'] --- import searchHomepageObj from './search_homepage.devdocs.json'; diff --git a/api_docs/search_indices.mdx b/api_docs/search_indices.mdx index 724d9bdc0093f..6d7438e0d5156 100644 --- a/api_docs/search_indices.mdx +++ b/api_docs/search_indices.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchIndices title: "searchIndices" image: https://source.unsplash.com/400x175/?github description: API docs for the searchIndices plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchIndices'] --- import searchIndicesObj from './search_indices.devdocs.json'; diff --git a/api_docs/search_inference_endpoints.mdx b/api_docs/search_inference_endpoints.mdx index c44f1e084d94b..0f7af49e73f64 100644 --- a/api_docs/search_inference_endpoints.mdx +++ b/api_docs/search_inference_endpoints.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchInferenceEndpoints title: "searchInferenceEndpoints" image: https://source.unsplash.com/400x175/?github description: API docs for the searchInferenceEndpoints plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchInferenceEndpoints'] --- import searchInferenceEndpointsObj from './search_inference_endpoints.devdocs.json'; diff --git a/api_docs/search_notebooks.mdx b/api_docs/search_notebooks.mdx index 5b3249d6453cb..e8490c57c16ed 100644 --- a/api_docs/search_notebooks.mdx +++ b/api_docs/search_notebooks.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchNotebooks title: "searchNotebooks" image: https://source.unsplash.com/400x175/?github description: API docs for the searchNotebooks plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchNotebooks'] --- import searchNotebooksObj from './search_notebooks.devdocs.json'; diff --git a/api_docs/search_playground.mdx b/api_docs/search_playground.mdx index 4b500f39b99c0..b728de94b270d 100644 --- a/api_docs/search_playground.mdx +++ b/api_docs/search_playground.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/searchPlayground title: "searchPlayground" image: https://source.unsplash.com/400x175/?github description: API docs for the searchPlayground plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'searchPlayground'] --- import searchPlaygroundObj from './search_playground.devdocs.json'; diff --git a/api_docs/security.mdx b/api_docs/security.mdx index 649ec1747823e..c26359db873ac 100644 --- a/api_docs/security.mdx +++ b/api_docs/security.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/security title: "security" image: https://source.unsplash.com/400x175/?github description: API docs for the security plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'security'] --- import securityObj from './security.devdocs.json'; diff --git a/api_docs/security_solution.devdocs.json b/api_docs/security_solution.devdocs.json index e92f1c1fc97d4..fb27b8fa4661f 100644 --- a/api_docs/security_solution.devdocs.json +++ b/api_docs/security_solution.devdocs.json @@ -485,7 +485,7 @@ "\nExperimental flag needed to enable the link" ], "signature": [ - "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"assistantBedrockChat\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"automatedResponseActionsForMoreRulesEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"assistantNaturalLanguageESQLTool\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreEnabled\" | undefined" + "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"assistantBedrockChat\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"automatedResponseActionsForMoreRulesEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"assistantNaturalLanguageESQLTool\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"loggingRequestsEnabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"visualizationInFlyoutEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreEnabled\" | undefined" ], "path": "x-pack/plugins/security_solution/public/common/links/types.ts", "deprecated": false, @@ -565,7 +565,7 @@ "\nExperimental flag needed to disable the link. Opposite of experimentalKey" ], "signature": [ - "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"assistantBedrockChat\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"automatedResponseActionsForMoreRulesEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"assistantNaturalLanguageESQLTool\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreEnabled\" | undefined" + "\"assistantKnowledgeBaseByDefault\" | \"assistantModelEvaluation\" | \"assistantBedrockChat\" | \"excludePoliciesInFilterEnabled\" | \"kubernetesEnabled\" | \"donutChartEmbeddablesEnabled\" | \"previewTelemetryUrlEnabled\" | \"extendedRuleExecutionLoggingEnabled\" | \"socTrendsEnabled\" | \"responseActionUploadEnabled\" | \"automatedProcessActionsEnabled\" | \"automatedResponseActionsForMoreRulesEnabled\" | \"responseActionsSentinelOneV1Enabled\" | \"responseActionsSentinelOneV2Enabled\" | \"responseActionsSentinelOneGetFileEnabled\" | \"responseActionsSentinelOneKillProcessEnabled\" | \"responseActionsSentinelOneProcessesEnabled\" | \"responseActionsCrowdstrikeManualHostIsolationEnabled\" | \"securitySolutionNotesEnabled\" | \"entityAlertPreviewDisabled\" | \"assistantNaturalLanguageESQLTool\" | \"newUserDetailsFlyoutManagedUser\" | \"riskScoringPersistence\" | \"riskScoringRoutesEnabled\" | \"esqlRulesDisabled\" | \"loggingRequestsEnabled\" | \"protectionUpdatesEnabled\" | \"disableTimelineSaveTour\" | \"riskEnginePrivilegesRouteEnabled\" | \"sentinelOneDataInAnalyzerEnabled\" | \"sentinelOneManualHostActionsEnabled\" | \"crowdstrikeDataInAnalyzerEnabled\" | \"jamfDataInAnalyzerEnabled\" | \"timelineEsqlTabDisabled\" | \"unifiedComponentsInTimelineDisabled\" | \"analyzerDatePickersAndSourcererDisabled\" | \"visualizationInFlyoutEnabled\" | \"prebuiltRulesCustomizationEnabled\" | \"malwareOnWriteScanOptionAvailable\" | \"unifiedManifestEnabled\" | \"valueListItemsModalEnabled\" | \"manualRuleRunEnabled\" | \"filterProcessDescendantsForEventFiltersEnabled\" | \"dataIngestionHubEnabled\" | \"entityStoreEnabled\" | undefined" ], "path": "x-pack/plugins/security_solution/public/common/links/types.ts", "deprecated": false, @@ -1931,7 +1931,7 @@ "label": "experimentalFeatures", "description": [], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly automatedResponseActionsForMoreRulesEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly assistantBedrockChat: boolean; readonly assistantNaturalLanguageESQLTool: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly automatedResponseActionsForMoreRulesEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly assistantBedrockChat: boolean; readonly assistantNaturalLanguageESQLTool: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly loggingRequestsEnabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly visualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/public/types.ts", "deprecated": false, @@ -3099,7 +3099,7 @@ "\nThe security solution generic experimental features" ], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly automatedResponseActionsForMoreRulesEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly assistantBedrockChat: boolean; readonly assistantNaturalLanguageESQLTool: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly automatedResponseActionsForMoreRulesEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly assistantBedrockChat: boolean; readonly assistantNaturalLanguageESQLTool: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly loggingRequestsEnabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly visualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/server/plugin_contract.ts", "deprecated": false, @@ -3275,7 +3275,7 @@ "label": "ExperimentalFeatures", "description": [], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly automatedResponseActionsForMoreRulesEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly assistantBedrockChat: boolean; readonly assistantNaturalLanguageESQLTool: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" + "{ readonly excludePoliciesInFilterEnabled: boolean; readonly kubernetesEnabled: boolean; readonly donutChartEmbeddablesEnabled: boolean; readonly previewTelemetryUrlEnabled: boolean; readonly extendedRuleExecutionLoggingEnabled: boolean; readonly socTrendsEnabled: boolean; readonly responseActionUploadEnabled: boolean; readonly automatedProcessActionsEnabled: boolean; readonly automatedResponseActionsForMoreRulesEnabled: boolean; readonly responseActionsSentinelOneV1Enabled: boolean; readonly responseActionsSentinelOneV2Enabled: boolean; readonly responseActionsSentinelOneGetFileEnabled: boolean; readonly responseActionsSentinelOneKillProcessEnabled: boolean; readonly responseActionsSentinelOneProcessesEnabled: boolean; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: boolean; readonly securitySolutionNotesEnabled: boolean; readonly entityAlertPreviewDisabled: boolean; readonly assistantModelEvaluation: boolean; readonly assistantKnowledgeBaseByDefault: boolean; readonly assistantBedrockChat: boolean; readonly assistantNaturalLanguageESQLTool: boolean; readonly newUserDetailsFlyoutManagedUser: boolean; readonly riskScoringPersistence: boolean; readonly riskScoringRoutesEnabled: boolean; readonly esqlRulesDisabled: boolean; readonly loggingRequestsEnabled: boolean; readonly protectionUpdatesEnabled: boolean; readonly disableTimelineSaveTour: boolean; readonly riskEnginePrivilegesRouteEnabled: boolean; readonly sentinelOneDataInAnalyzerEnabled: boolean; readonly sentinelOneManualHostActionsEnabled: boolean; readonly crowdstrikeDataInAnalyzerEnabled: boolean; readonly jamfDataInAnalyzerEnabled: boolean; readonly timelineEsqlTabDisabled: boolean; readonly unifiedComponentsInTimelineDisabled: boolean; readonly analyzerDatePickersAndSourcererDisabled: boolean; readonly visualizationInFlyoutEnabled: boolean; readonly prebuiltRulesCustomizationEnabled: boolean; readonly malwareOnWriteScanOptionAvailable: boolean; readonly unifiedManifestEnabled: boolean; readonly valueListItemsModalEnabled: boolean; readonly manualRuleRunEnabled: boolean; readonly filterProcessDescendantsForEventFiltersEnabled: boolean; readonly dataIngestionHubEnabled: boolean; readonly entityStoreEnabled: boolean; }" ], "path": "x-pack/plugins/security_solution/common/experimental_features.ts", "deprecated": false, @@ -3341,7 +3341,7 @@ "\nA list of allowed values that can be used in `xpack.securitySolution.enableExperimental`.\nThis object is then used to validate and parse the value entered." ], "signature": [ - "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly automatedResponseActionsForMoreRulesEnabled: false; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: true; readonly responseActionsSentinelOneKillProcessEnabled: true; readonly responseActionsSentinelOneProcessesEnabled: true; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: true; readonly securitySolutionNotesEnabled: false; readonly entityAlertPreviewDisabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly assistantBedrockChat: true; readonly assistantNaturalLanguageESQLTool: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: true; readonly jamfDataInAnalyzerEnabled: true; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineDisabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: true; readonly valueListItemsModalEnabled: true; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: true; readonly dataIngestionHubEnabled: false; readonly entityStoreEnabled: false; }" + "{ readonly excludePoliciesInFilterEnabled: false; readonly kubernetesEnabled: true; readonly donutChartEmbeddablesEnabled: false; readonly previewTelemetryUrlEnabled: false; readonly extendedRuleExecutionLoggingEnabled: false; readonly socTrendsEnabled: false; readonly responseActionUploadEnabled: true; readonly automatedProcessActionsEnabled: true; readonly automatedResponseActionsForMoreRulesEnabled: false; readonly responseActionsSentinelOneV1Enabled: true; readonly responseActionsSentinelOneV2Enabled: true; readonly responseActionsSentinelOneGetFileEnabled: true; readonly responseActionsSentinelOneKillProcessEnabled: true; readonly responseActionsSentinelOneProcessesEnabled: true; readonly responseActionsCrowdstrikeManualHostIsolationEnabled: true; readonly securitySolutionNotesEnabled: false; readonly entityAlertPreviewDisabled: false; readonly assistantModelEvaluation: false; readonly assistantKnowledgeBaseByDefault: false; readonly assistantBedrockChat: true; readonly assistantNaturalLanguageESQLTool: false; readonly newUserDetailsFlyoutManagedUser: false; readonly riskScoringPersistence: true; readonly riskScoringRoutesEnabled: true; readonly esqlRulesDisabled: false; readonly loggingRequestsEnabled: false; readonly protectionUpdatesEnabled: true; readonly disableTimelineSaveTour: false; readonly riskEnginePrivilegesRouteEnabled: true; readonly sentinelOneDataInAnalyzerEnabled: true; readonly sentinelOneManualHostActionsEnabled: true; readonly crowdstrikeDataInAnalyzerEnabled: true; readonly jamfDataInAnalyzerEnabled: true; readonly timelineEsqlTabDisabled: false; readonly unifiedComponentsInTimelineDisabled: false; readonly analyzerDatePickersAndSourcererDisabled: false; readonly visualizationInFlyoutEnabled: false; readonly prebuiltRulesCustomizationEnabled: false; readonly malwareOnWriteScanOptionAvailable: true; readonly unifiedManifestEnabled: true; readonly valueListItemsModalEnabled: true; readonly manualRuleRunEnabled: false; readonly filterProcessDescendantsForEventFiltersEnabled: true; readonly dataIngestionHubEnabled: false; readonly entityStoreEnabled: false; }" ], "path": "x-pack/plugins/security_solution/common/experimental_features.ts", "deprecated": false, diff --git a/api_docs/security_solution.mdx b/api_docs/security_solution.mdx index dd33b632b8d0a..11a454c2994d2 100644 --- a/api_docs/security_solution.mdx +++ b/api_docs/security_solution.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolution title: "securitySolution" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolution plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolution'] --- import securitySolutionObj from './security_solution.devdocs.json'; diff --git a/api_docs/security_solution_ess.mdx b/api_docs/security_solution_ess.mdx index 9801ba681ebfe..5293befda82a0 100644 --- a/api_docs/security_solution_ess.mdx +++ b/api_docs/security_solution_ess.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionEss title: "securitySolutionEss" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionEss plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionEss'] --- import securitySolutionEssObj from './security_solution_ess.devdocs.json'; diff --git a/api_docs/security_solution_serverless.mdx b/api_docs/security_solution_serverless.mdx index 9f044c4d13023..dd0bb7dfd2c34 100644 --- a/api_docs/security_solution_serverless.mdx +++ b/api_docs/security_solution_serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/securitySolutionServerless title: "securitySolutionServerless" image: https://source.unsplash.com/400x175/?github description: API docs for the securitySolutionServerless plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'securitySolutionServerless'] --- import securitySolutionServerlessObj from './security_solution_serverless.devdocs.json'; diff --git a/api_docs/serverless.mdx b/api_docs/serverless.mdx index afff3efda9ad9..9c40048428255 100644 --- a/api_docs/serverless.mdx +++ b/api_docs/serverless.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverless title: "serverless" image: https://source.unsplash.com/400x175/?github description: API docs for the serverless plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverless'] --- import serverlessObj from './serverless.devdocs.json'; diff --git a/api_docs/serverless_observability.mdx b/api_docs/serverless_observability.mdx index e6871a1543a4e..b43d7f63160d9 100644 --- a/api_docs/serverless_observability.mdx +++ b/api_docs/serverless_observability.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessObservability title: "serverlessObservability" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessObservability plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessObservability'] --- import serverlessObservabilityObj from './serverless_observability.devdocs.json'; diff --git a/api_docs/serverless_search.mdx b/api_docs/serverless_search.mdx index 83258dec5ca8e..4115374e5874d 100644 --- a/api_docs/serverless_search.mdx +++ b/api_docs/serverless_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/serverlessSearch title: "serverlessSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the serverlessSearch plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'serverlessSearch'] --- import serverlessSearchObj from './serverless_search.devdocs.json'; diff --git a/api_docs/session_view.mdx b/api_docs/session_view.mdx index 156d5cb010e00..84d1f469437a1 100644 --- a/api_docs/session_view.mdx +++ b/api_docs/session_view.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/sessionView title: "sessionView" image: https://source.unsplash.com/400x175/?github description: API docs for the sessionView plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'sessionView'] --- import sessionViewObj from './session_view.devdocs.json'; diff --git a/api_docs/share.mdx b/api_docs/share.mdx index 046c5756fc8ac..1b0734fd71683 100644 --- a/api_docs/share.mdx +++ b/api_docs/share.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/share title: "share" image: https://source.unsplash.com/400x175/?github description: API docs for the share plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'share'] --- import shareObj from './share.devdocs.json'; diff --git a/api_docs/slo.mdx b/api_docs/slo.mdx index 429b93bf87257..f6230e1152351 100644 --- a/api_docs/slo.mdx +++ b/api_docs/slo.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/slo title: "slo" image: https://source.unsplash.com/400x175/?github description: API docs for the slo plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'slo'] --- import sloObj from './slo.devdocs.json'; diff --git a/api_docs/snapshot_restore.mdx b/api_docs/snapshot_restore.mdx index 4a7647ee1aea5..4e6792fa493b0 100644 --- a/api_docs/snapshot_restore.mdx +++ b/api_docs/snapshot_restore.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/snapshotRestore title: "snapshotRestore" image: https://source.unsplash.com/400x175/?github description: API docs for the snapshotRestore plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'snapshotRestore'] --- import snapshotRestoreObj from './snapshot_restore.devdocs.json'; diff --git a/api_docs/spaces.mdx b/api_docs/spaces.mdx index b2bf462c7558f..d50c3b04bf105 100644 --- a/api_docs/spaces.mdx +++ b/api_docs/spaces.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/spaces title: "spaces" image: https://source.unsplash.com/400x175/?github description: API docs for the spaces plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'spaces'] --- import spacesObj from './spaces.devdocs.json'; diff --git a/api_docs/stack_alerts.mdx b/api_docs/stack_alerts.mdx index 746e80d55123a..58a6d62130a97 100644 --- a/api_docs/stack_alerts.mdx +++ b/api_docs/stack_alerts.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackAlerts title: "stackAlerts" image: https://source.unsplash.com/400x175/?github description: API docs for the stackAlerts plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackAlerts'] --- import stackAlertsObj from './stack_alerts.devdocs.json'; diff --git a/api_docs/stack_connectors.mdx b/api_docs/stack_connectors.mdx index 53f753faf7164..47e81d8f69e55 100644 --- a/api_docs/stack_connectors.mdx +++ b/api_docs/stack_connectors.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/stackConnectors title: "stackConnectors" image: https://source.unsplash.com/400x175/?github description: API docs for the stackConnectors plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'stackConnectors'] --- import stackConnectorsObj from './stack_connectors.devdocs.json'; diff --git a/api_docs/task_manager.mdx b/api_docs/task_manager.mdx index f96eb54d5b787..fdfa6a0c0b000 100644 --- a/api_docs/task_manager.mdx +++ b/api_docs/task_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/taskManager title: "taskManager" image: https://source.unsplash.com/400x175/?github description: API docs for the taskManager plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'taskManager'] --- import taskManagerObj from './task_manager.devdocs.json'; diff --git a/api_docs/telemetry.mdx b/api_docs/telemetry.mdx index cbb61979b9db6..22912018b6328 100644 --- a/api_docs/telemetry.mdx +++ b/api_docs/telemetry.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetry title: "telemetry" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetry plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetry'] --- import telemetryObj from './telemetry.devdocs.json'; diff --git a/api_docs/telemetry_collection_manager.mdx b/api_docs/telemetry_collection_manager.mdx index c454fb6f87a9e..fc741bfffddbf 100644 --- a/api_docs/telemetry_collection_manager.mdx +++ b/api_docs/telemetry_collection_manager.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionManager title: "telemetryCollectionManager" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionManager plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionManager'] --- import telemetryCollectionManagerObj from './telemetry_collection_manager.devdocs.json'; diff --git a/api_docs/telemetry_collection_xpack.mdx b/api_docs/telemetry_collection_xpack.mdx index a3f15638b1faf..671f3b0a2f4b6 100644 --- a/api_docs/telemetry_collection_xpack.mdx +++ b/api_docs/telemetry_collection_xpack.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryCollectionXpack title: "telemetryCollectionXpack" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryCollectionXpack plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryCollectionXpack'] --- import telemetryCollectionXpackObj from './telemetry_collection_xpack.devdocs.json'; diff --git a/api_docs/telemetry_management_section.mdx b/api_docs/telemetry_management_section.mdx index 86c536a6ea0ae..afc84e8e46d9f 100644 --- a/api_docs/telemetry_management_section.mdx +++ b/api_docs/telemetry_management_section.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/telemetryManagementSection title: "telemetryManagementSection" image: https://source.unsplash.com/400x175/?github description: API docs for the telemetryManagementSection plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'telemetryManagementSection'] --- import telemetryManagementSectionObj from './telemetry_management_section.devdocs.json'; diff --git a/api_docs/threat_intelligence.mdx b/api_docs/threat_intelligence.mdx index 0345d9b86b24e..82e352b70f517 100644 --- a/api_docs/threat_intelligence.mdx +++ b/api_docs/threat_intelligence.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/threatIntelligence title: "threatIntelligence" image: https://source.unsplash.com/400x175/?github description: API docs for the threatIntelligence plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'threatIntelligence'] --- import threatIntelligenceObj from './threat_intelligence.devdocs.json'; diff --git a/api_docs/timelines.mdx b/api_docs/timelines.mdx index be6441092a53a..a2701ab7a3ef2 100644 --- a/api_docs/timelines.mdx +++ b/api_docs/timelines.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/timelines title: "timelines" image: https://source.unsplash.com/400x175/?github description: API docs for the timelines plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'timelines'] --- import timelinesObj from './timelines.devdocs.json'; diff --git a/api_docs/transform.mdx b/api_docs/transform.mdx index ed1a6889a4a85..b4b21ba332c2c 100644 --- a/api_docs/transform.mdx +++ b/api_docs/transform.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/transform title: "transform" image: https://source.unsplash.com/400x175/?github description: API docs for the transform plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'transform'] --- import transformObj from './transform.devdocs.json'; diff --git a/api_docs/triggers_actions_ui.mdx b/api_docs/triggers_actions_ui.mdx index 7bd9c10a5316b..d9db7bbf6e0c5 100644 --- a/api_docs/triggers_actions_ui.mdx +++ b/api_docs/triggers_actions_ui.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/triggersActionsUi title: "triggersActionsUi" image: https://source.unsplash.com/400x175/?github description: API docs for the triggersActionsUi plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'triggersActionsUi'] --- import triggersActionsUiObj from './triggers_actions_ui.devdocs.json'; diff --git a/api_docs/ui_actions.mdx b/api_docs/ui_actions.mdx index c7c53fd3fec38..6695c33424017 100644 --- a/api_docs/ui_actions.mdx +++ b/api_docs/ui_actions.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActions title: "uiActions" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActions plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActions'] --- import uiActionsObj from './ui_actions.devdocs.json'; diff --git a/api_docs/ui_actions_enhanced.mdx b/api_docs/ui_actions_enhanced.mdx index 9b070a43c2c0f..207cd70dece1b 100644 --- a/api_docs/ui_actions_enhanced.mdx +++ b/api_docs/ui_actions_enhanced.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uiActionsEnhanced title: "uiActionsEnhanced" image: https://source.unsplash.com/400x175/?github description: API docs for the uiActionsEnhanced plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uiActionsEnhanced'] --- import uiActionsEnhancedObj from './ui_actions_enhanced.devdocs.json'; diff --git a/api_docs/unified_doc_viewer.mdx b/api_docs/unified_doc_viewer.mdx index 8c0aeb892fb08..7621ad2eb2f35 100644 --- a/api_docs/unified_doc_viewer.mdx +++ b/api_docs/unified_doc_viewer.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedDocViewer title: "unifiedDocViewer" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedDocViewer plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedDocViewer'] --- import unifiedDocViewerObj from './unified_doc_viewer.devdocs.json'; diff --git a/api_docs/unified_histogram.mdx b/api_docs/unified_histogram.mdx index f2b5f1b4f69a5..2506c32b28f40 100644 --- a/api_docs/unified_histogram.mdx +++ b/api_docs/unified_histogram.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedHistogram title: "unifiedHistogram" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedHistogram plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedHistogram'] --- import unifiedHistogramObj from './unified_histogram.devdocs.json'; diff --git a/api_docs/unified_search.mdx b/api_docs/unified_search.mdx index a5a9ddc4fbad9..c3b665f870b9d 100644 --- a/api_docs/unified_search.mdx +++ b/api_docs/unified_search.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch title: "unifiedSearch" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch'] --- import unifiedSearchObj from './unified_search.devdocs.json'; diff --git a/api_docs/unified_search_autocomplete.mdx b/api_docs/unified_search_autocomplete.mdx index 063b1145c64c0..6982131a3de7e 100644 --- a/api_docs/unified_search_autocomplete.mdx +++ b/api_docs/unified_search_autocomplete.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/unifiedSearch-autocomplete title: "unifiedSearch.autocomplete" image: https://source.unsplash.com/400x175/?github description: API docs for the unifiedSearch.autocomplete plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'unifiedSearch.autocomplete'] --- import unifiedSearchAutocompleteObj from './unified_search_autocomplete.devdocs.json'; diff --git a/api_docs/uptime.mdx b/api_docs/uptime.mdx index 9604fda7ba56e..edadd705fad0c 100644 --- a/api_docs/uptime.mdx +++ b/api_docs/uptime.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/uptime title: "uptime" image: https://source.unsplash.com/400x175/?github description: API docs for the uptime plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'uptime'] --- import uptimeObj from './uptime.devdocs.json'; diff --git a/api_docs/url_forwarding.mdx b/api_docs/url_forwarding.mdx index 411c8cd897007..aa8361f10920c 100644 --- a/api_docs/url_forwarding.mdx +++ b/api_docs/url_forwarding.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/urlForwarding title: "urlForwarding" image: https://source.unsplash.com/400x175/?github description: API docs for the urlForwarding plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'urlForwarding'] --- import urlForwardingObj from './url_forwarding.devdocs.json'; diff --git a/api_docs/usage_collection.mdx b/api_docs/usage_collection.mdx index b06b0978a5d7e..ba5a5ee1fc2dc 100644 --- a/api_docs/usage_collection.mdx +++ b/api_docs/usage_collection.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/usageCollection title: "usageCollection" image: https://source.unsplash.com/400x175/?github description: API docs for the usageCollection plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'usageCollection'] --- import usageCollectionObj from './usage_collection.devdocs.json'; diff --git a/api_docs/ux.mdx b/api_docs/ux.mdx index 0fa3933c116df..6f3cdd21ec8ce 100644 --- a/api_docs/ux.mdx +++ b/api_docs/ux.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/ux title: "ux" image: https://source.unsplash.com/400x175/?github description: API docs for the ux plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'ux'] --- import uxObj from './ux.devdocs.json'; diff --git a/api_docs/vis_default_editor.mdx b/api_docs/vis_default_editor.mdx index 50c6abcb515f9..c5dbcd9dc4cf7 100644 --- a/api_docs/vis_default_editor.mdx +++ b/api_docs/vis_default_editor.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visDefaultEditor title: "visDefaultEditor" image: https://source.unsplash.com/400x175/?github description: API docs for the visDefaultEditor plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visDefaultEditor'] --- import visDefaultEditorObj from './vis_default_editor.devdocs.json'; diff --git a/api_docs/vis_type_gauge.mdx b/api_docs/vis_type_gauge.mdx index c496196374271..8d252976fb262 100644 --- a/api_docs/vis_type_gauge.mdx +++ b/api_docs/vis_type_gauge.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeGauge title: "visTypeGauge" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeGauge plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeGauge'] --- import visTypeGaugeObj from './vis_type_gauge.devdocs.json'; diff --git a/api_docs/vis_type_heatmap.mdx b/api_docs/vis_type_heatmap.mdx index b29872f7d3045..1c2b7de4f13fa 100644 --- a/api_docs/vis_type_heatmap.mdx +++ b/api_docs/vis_type_heatmap.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeHeatmap title: "visTypeHeatmap" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeHeatmap plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeHeatmap'] --- import visTypeHeatmapObj from './vis_type_heatmap.devdocs.json'; diff --git a/api_docs/vis_type_pie.mdx b/api_docs/vis_type_pie.mdx index fd1dc05b2342e..c890f73c7b7fa 100644 --- a/api_docs/vis_type_pie.mdx +++ b/api_docs/vis_type_pie.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypePie title: "visTypePie" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypePie plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypePie'] --- import visTypePieObj from './vis_type_pie.devdocs.json'; diff --git a/api_docs/vis_type_table.mdx b/api_docs/vis_type_table.mdx index bd8202c5aba44..864baa1450597 100644 --- a/api_docs/vis_type_table.mdx +++ b/api_docs/vis_type_table.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTable title: "visTypeTable" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTable plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTable'] --- import visTypeTableObj from './vis_type_table.devdocs.json'; diff --git a/api_docs/vis_type_timelion.mdx b/api_docs/vis_type_timelion.mdx index 22021798f10c9..7b97d91233025 100644 --- a/api_docs/vis_type_timelion.mdx +++ b/api_docs/vis_type_timelion.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimelion title: "visTypeTimelion" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimelion plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimelion'] --- import visTypeTimelionObj from './vis_type_timelion.devdocs.json'; diff --git a/api_docs/vis_type_timeseries.mdx b/api_docs/vis_type_timeseries.mdx index 90284453cbedf..0af6bae95142d 100644 --- a/api_docs/vis_type_timeseries.mdx +++ b/api_docs/vis_type_timeseries.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeTimeseries title: "visTypeTimeseries" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeTimeseries plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeTimeseries'] --- import visTypeTimeseriesObj from './vis_type_timeseries.devdocs.json'; diff --git a/api_docs/vis_type_vega.mdx b/api_docs/vis_type_vega.mdx index d249bcf3d431e..c88a1a4187657 100644 --- a/api_docs/vis_type_vega.mdx +++ b/api_docs/vis_type_vega.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVega title: "visTypeVega" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVega plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVega'] --- import visTypeVegaObj from './vis_type_vega.devdocs.json'; diff --git a/api_docs/vis_type_vislib.mdx b/api_docs/vis_type_vislib.mdx index e39fb35c7ca7e..03814b3db83b3 100644 --- a/api_docs/vis_type_vislib.mdx +++ b/api_docs/vis_type_vislib.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeVislib title: "visTypeVislib" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeVislib plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeVislib'] --- import visTypeVislibObj from './vis_type_vislib.devdocs.json'; diff --git a/api_docs/vis_type_xy.mdx b/api_docs/vis_type_xy.mdx index bdd1dc74670f2..4e554f41ff013 100644 --- a/api_docs/vis_type_xy.mdx +++ b/api_docs/vis_type_xy.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visTypeXy title: "visTypeXy" image: https://source.unsplash.com/400x175/?github description: API docs for the visTypeXy plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visTypeXy'] --- import visTypeXyObj from './vis_type_xy.devdocs.json'; diff --git a/api_docs/visualizations.mdx b/api_docs/visualizations.mdx index 604c9238d8498..aaa0b47d2f530 100644 --- a/api_docs/visualizations.mdx +++ b/api_docs/visualizations.mdx @@ -8,7 +8,7 @@ slug: /kibana-dev-docs/api/visualizations title: "visualizations" image: https://source.unsplash.com/400x175/?github description: API docs for the visualizations plugin -date: 2024-09-19 +date: 2024-09-20 tags: ['contributor', 'dev', 'apidocs', 'kibana', 'visualizations'] --- import visualizationsObj from './visualizations.devdocs.json'; From 735e216a952670eb57eaea1229be16e89f9bf1cd Mon Sep 17 00:00:00 2001 From: Sergi Romeu Date: Fri, 20 Sep 2024 09:07:14 +0200 Subject: [PATCH 26/74] [APM UI] Fix OpenTelemetry agent names (#193134) ## Summary Fixes https://github.com/elastic/kibana/issues/180444 This PR fixes the agent names not being able to properly be retrieved by the APM UI, changing the way we map OpenTelemetry agent names. As the format changed from `(opentelemetry|otlp)/{agentName}` to `(opentelemetry|otlp)/{agentName}/{details}`, we now get the second part splitting by `/`. Added mappings for RUM, Android, and iOS OpenTelemetry client, also fixed `get_service_metadata_details` to get the correct OpenTelemetry details. |Before|After| |-|-| |![image](https://github.com/user-attachments/assets/28732018-511b-44e0-ac86-cdbe7ed0d1e0)|![image](https://github.com/user-attachments/assets/45a29cc6-f939-4c52-bcc7-54dc15b1a403)| ## How to test 1. Checkout to this branch 2. Run `node scripts/synthtrace many_otel_services.ts --live --clean` which will fill some APM Otel services. 3. Check that the icon is now rendering --- .../src/scenarios/many_otel_services.ts | 102 ++++++++++++++++++ .../agent_icon/get_agent_icon.test.ts | 10 ++ .../components/agent_icon/get_agent_icon.ts | 17 ++- packages/kbn-elastic-agent-utils/index.ts | 1 + .../src/agent_guards.test.ts | 40 ++++++- .../src/agent_guards.ts | 44 ++++++-- .../src/agent_names.ts | 63 +++++++++-- src/plugins/telemetry/schema/oss_plugins.json | 18 ++-- .../__snapshots__/apm_telemetry.test.ts.snap | 90 ++++++++++++++++ .../apm/common/agent_name.ts | 1 + .../components/shared/service_icons/index.tsx | 4 +- .../shared/service_icons/otel_details.tsx | 1 - .../apm/server/lib/apm_telemetry/schema.ts | 92 ++++++++++++++++ .../__snapshots__/queries.test.ts.snap | 9 ++ .../services/get_service_metadata_details.ts | 8 +- .../schema/xpack_plugins.json | 90 ++++++++++++++++ 16 files changed, 551 insertions(+), 39 deletions(-) create mode 100644 packages/kbn-apm-synthtrace/src/scenarios/many_otel_services.ts diff --git a/packages/kbn-apm-synthtrace/src/scenarios/many_otel_services.ts b/packages/kbn-apm-synthtrace/src/scenarios/many_otel_services.ts new file mode 100644 index 0000000000000..70825e7bf4338 --- /dev/null +++ b/packages/kbn-apm-synthtrace/src/scenarios/many_otel_services.ts @@ -0,0 +1,102 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { ApmFields, apm, Instance } from '@kbn/apm-synthtrace-client'; +import { flatten, random, times } from 'lodash'; +import { Scenario } from '../cli/scenario'; +import { getSynthtraceEnvironment } from '../lib/utils/get_synthtrace_environment'; +import { withClient } from '../lib/utils/with_client'; +import { getRandomNameForIndex } from './helpers/random_names'; + +const ENVIRONMENT = getSynthtraceEnvironment(__filename); + +const scenario: Scenario = async ({ logger, scenarioOpts = { services: 2000 } }) => { + const numServices = scenarioOpts.services; + const transactionName = 'GET /order/{id}'; + const languages = [ + 'go', + 'dotnet', + 'java', + 'python', + 'nodejs', + 'php', + 'webjs', + 'swift', + 'android', + ]; + const agentVersions: Record = { + go: ['2.1.0', '2.0.0', '1.15.0', '1.14.0', '1.13.1'], + dotnet: ['1.18.0', '1.17.0', '1.16.1', '1.16.0', '1.15.0'], + java: ['1.34.1', '1.34.0', '1.33.0', '1.32.0', '1.32.0'], + python: ['6.12.0', '6.11.0', '6.10.2', '6.10.1', '6.10.0'], + nodejs: ['1.34.1', '1.34.0', '1.33.0', '1.32.0', '1.32.0'], + php: ['1.34.1', '1.34.0', '1.33.0', '1.32.0', '1.32.0'], + webjs: ['6.12.0', '6.11.0', '6.10.2', '6.10.1', '6.10.0'], + swift: ['1.18.0', '1.17.0', '1.16.1', '1.16.0', '1.15.0'], + android: ['6.12.0', '6.11.0', '6.10.2', '6.10.1', '6.10.0'], + }; + + return { + generate: ({ range, clients: { apmEsClient } }) => { + const instances = flatten( + times(numServices).map((index) => { + const language = languages[index % languages.length]; + const agentLanguageVersions = agentVersions[language]; + const agentVersion = agentLanguageVersions[index % agentLanguageVersions.length]; + + const numOfInstances = (index % 3) + 1; + return times(numOfInstances).map((instanceIndex) => + apm + .service({ + name: `${getRandomNameForIndex(index)}-${language}-${index}`, + environment: ENVIRONMENT, + agentName: + index % 2 ? `opentelemetry/${language}/elastic` : `otlp/${language}/elastic`, + }) + .instance(`instance-${index}-${instanceIndex}`) + .defaults({ 'agent.version': agentVersion, 'service.language.name': language }) + ); + }) + ); + + const instanceSpans = (instance: Instance) => { + const hasHighDuration = Math.random() > 0.5; + const throughput = random(1, 10); + + return range.ratePerMinute(throughput).generator((timestamp) => { + const parentDuration = hasHighDuration ? random(1000, 5000) : random(100, 1000); + const generateError = random(1, 4) % 3 === 0; + const span = instance + .transaction({ transactionName }) + .timestamp(timestamp) + .duration(parentDuration); + + return !generateError + ? span.success() + : span.failure().errors( + instance + .error({ + message: `No handler for ${transactionName}`, + type: 'No handler', + culprit: 'request', + }) + .timestamp(timestamp + 50) + ); + }); + }; + + return withClient( + apmEsClient, + logger.perf('generating_apm_events', () => instances.map(instanceSpans)) + ); + }, + }; +}; + +export default scenario; diff --git a/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts index 3018605cb2c32..f0045b5a5a2e8 100644 --- a/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.test.ts @@ -25,6 +25,16 @@ const examples = { 'opentelemetry/python': 'python', 'opentelemetry/ruby': 'ruby', 'opentelemetry/rust': 'rust', + 'opentelemetry/cpp/elastic': 'cpp', // Tests for additional arguments on OpenTelemetry agents + 'opentelemetry/dotnet/elastic': 'dotnet', + 'opentelemetry/erlang/elastic': 'erlang', + 'opentelemetry/go/elastic': 'go', + 'opentelemetry/nodejs/elastic': 'nodejs', + 'opentelemetry/php/elastic': 'php', + 'opentelemetry/python/elastic': 'python', + 'opentelemetry/ruby/elastic': 'ruby', + 'opentelemetry/rust/elastic': 'rust', + opentelemetry: 'opentelemetry', otlp: 'opentelemetry', php: 'php', python: 'python', diff --git a/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts index 2e12d2d98aff0..8353495ac168c 100644 --- a/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts +++ b/packages/kbn-custom-icons/src/components/agent_icon/get_agent_icon.ts @@ -12,6 +12,7 @@ import { isIosAgentName, isJavaAgentName, isRumAgentName, + hasOpenTelemetryPrefix, OpenTelemetryAgentName, OPEN_TELEMETRY_AGENT_NAMES, } from '@kbn/elastic-agent-utils'; @@ -66,6 +67,15 @@ const darkAgentIcons: { [key: string]: string } = { rust: darkRustIcon, }; +const sanitizeAgentName = (agentName: string) => { + if (hasOpenTelemetryPrefix(agentName)) { + // for OpenTelemetry only split the agent name by `/` and take the second part, format is `(opentelemetry|otlp)/{agentName}/{details}` + return agentName.split('/')[1]; + } + + return agentName; +}; + // This only needs to be exported for testing purposes, since we stub the SVG // import values in test. export function getAgentIconKey(agentName: string) { @@ -90,11 +100,10 @@ export function getAgentIconKey(agentName: string) { return 'android'; } - // Remove "opentelemetry/" prefix - const agentNameWithoutPrefix = lowercasedAgentName.replace(/^opentelemetry\//, ''); + const cleanAgentName = sanitizeAgentName(lowercasedAgentName); - if (Object.keys(agentIcons).includes(agentNameWithoutPrefix)) { - return agentNameWithoutPrefix; + if (Object.keys(agentIcons).includes(cleanAgentName)) { + return cleanAgentName; } // OpenTelemetry-only agents diff --git a/packages/kbn-elastic-agent-utils/index.ts b/packages/kbn-elastic-agent-utils/index.ts index e4e4bf0fb9c07..d76095a44a0d3 100644 --- a/packages/kbn-elastic-agent-utils/index.ts +++ b/packages/kbn-elastic-agent-utils/index.ts @@ -9,6 +9,7 @@ export { isOpenTelemetryAgentName, + hasOpenTelemetryPrefix, isJavaAgentName, isRumAgentName, isMobileAgentName, diff --git a/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts b/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts index bd88d8dbbe7cd..655addbe73c35 100644 --- a/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts +++ b/packages/kbn-elastic-agent-utils/src/agent_guards.test.ts @@ -8,6 +8,7 @@ */ import { + hasOpenTelemetryPrefix, isAndroidAgentName, isAWSLambdaAgentName, isAzureFunctionsAgentName, @@ -22,23 +23,42 @@ import { } from './agent_guards'; describe('Agents guards', () => { + it('hasOpenTelemetryPrefix should guard if the passed agent has an OpenTelemetry prefix.', () => { + expect(hasOpenTelemetryPrefix('otlp')).toBe(false); + expect(hasOpenTelemetryPrefix('otlp/nodejs')).toBe(true); + expect(hasOpenTelemetryPrefix('otlp/nodejs/elastic')).toBe(true); + expect(hasOpenTelemetryPrefix('opentelemetry')).toBe(false); + expect(hasOpenTelemetryPrefix('opentelemetry/nodejs')).toBe(true); + expect(hasOpenTelemetryPrefix('opentelemetry/nodejs/elastic')).toBe(true); + expect(hasOpenTelemetryPrefix('not-an-agent')).toBe(false); + }); + it('isOpenTelemetryAgentName should guard if the passed agent is an OpenTelemetry one.', () => { expect(isOpenTelemetryAgentName('otlp')).toBe(true); - expect(isOpenTelemetryAgentName('opentelemetry/java')).toBe(true); - expect(isOpenTelemetryAgentName('opentelemetry/java/opentelemetry-java-instrumentation')).toBe( - true - ); + expect(isOpenTelemetryAgentName('otlp/nodejs')).toBe(true); + expect(isOpenTelemetryAgentName('otlp/nodejs/elastic')).toBe(true); + expect(isOpenTelemetryAgentName('opentelemetry')).toBe(true); + expect(isOpenTelemetryAgentName('opentelemetry/nodejs')).toBe(true); + expect(isOpenTelemetryAgentName('opentelemetry/nodejs/elastic')).toBe(true); expect(isOpenTelemetryAgentName('not-an-agent')).toBe(false); }); it('isJavaAgentName should guard if the passed agent is an Java one.', () => { expect(isJavaAgentName('java')).toBe(true); + expect(isJavaAgentName('otlp/java')).toBe(true); + expect(isJavaAgentName('otlp/java/opentelemetry-java-instrumentation')).toBe(true); expect(isJavaAgentName('opentelemetry/java')).toBe(true); expect(isJavaAgentName('opentelemetry/java/opentelemetry-java-instrumentation')).toBe(true); expect(isJavaAgentName('not-an-agent')).toBe(false); }); it('isRumAgentName should guard if the passed agent is an Rum one.', () => { + expect(isRumAgentName('otlp/webjs')).toBe(true); + expect(isRumAgentName('otlp/webjs/elastic')).toBe(true); + expect(isRumAgentName('otlp/fail')).toBe(false); + expect(isRumAgentName('opentelemetry/webjs')).toBe(true); + expect(isRumAgentName('opentelemetry/webjs/elastic')).toBe(true); + expect(isRumAgentName('opentelemetry/fail')).toBe(false); expect(isRumAgentName('rum-js')).toBe(true); expect(isRumAgentName('not-an-agent')).toBe(false); }); @@ -57,11 +77,23 @@ describe('Agents guards', () => { }); it('isIosAgentName should guard if the passed agent is an Ios one.', () => { + expect(isIosAgentName('otlp/swift/elastic')).toBe(true); + expect(isIosAgentName('otlp/swift')).toBe(true); + expect(isIosAgentName('otlp/fail')).toBe(false); + expect(isIosAgentName('opentelemetry/swift/elastic')).toBe(true); + expect(isIosAgentName('opentelemetry/swift')).toBe(true); + expect(isIosAgentName('opentelemetry/fail')).toBe(false); expect(isIosAgentName('ios/swift')).toBe(true); expect(isIosAgentName('not-an-agent')).toBe(false); }); it('isAndroidAgentName should guard if the passed agent is an Android one.', () => { + expect(isAndroidAgentName('otlp/android/elastic')).toBe(true); + expect(isAndroidAgentName('otlp/android')).toBe(true); + expect(isAndroidAgentName('otlp/fail')).toBe(false); + expect(isAndroidAgentName('opentelemetry/android/elastic')).toBe(true); + expect(isAndroidAgentName('opentelemetry/android')).toBe(true); + expect(isAndroidAgentName('opentelemetry/fail')).toBe(false); expect(isAndroidAgentName('android/java')).toBe(true); expect(isAndroidAgentName('not-an-agent')).toBe(false); }); diff --git a/packages/kbn-elastic-agent-utils/src/agent_guards.ts b/packages/kbn-elastic-agent-utils/src/agent_guards.ts index 4e50f15917b24..8402582f8d9a3 100644 --- a/packages/kbn-elastic-agent-utils/src/agent_guards.ts +++ b/packages/kbn-elastic-agent-utils/src/agent_guards.ts @@ -7,31 +7,52 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import { JAVA_AGENT_NAMES, OPEN_TELEMETRY_AGENT_NAMES, RUM_AGENT_NAMES } from './agent_names'; +import { + ANDROID_AGENT_NAMES, + IOS_AGENT_NAMES, + JAVA_AGENT_NAMES, + OPEN_TELEMETRY_AGENT_NAMES, + RUM_AGENT_NAMES, +} from './agent_names'; import type { + AndroidAgentName, + IOSAgentName, JavaAgentName, OpenTelemetryAgentName, RumAgentName, ServerlessType, } from './agent_names'; +export function hasOpenTelemetryPrefix(agentName?: string, language: string = '') { + if (!agentName) { + return false; + } + + return ( + agentName.startsWith(`opentelemetry/${language}`) || agentName.startsWith(`otlp/${language}`) + ); +} + export function isOpenTelemetryAgentName(agentName: string): agentName is OpenTelemetryAgentName { return ( - agentName?.startsWith('opentelemetry/') || + hasOpenTelemetryPrefix(agentName) || OPEN_TELEMETRY_AGENT_NAMES.includes(agentName as OpenTelemetryAgentName) ); } export function isJavaAgentName(agentName?: string): agentName is JavaAgentName { return ( - agentName?.startsWith('opentelemetry/java') || + hasOpenTelemetryPrefix(agentName, 'java') || JAVA_AGENT_NAMES.includes(agentName! as JavaAgentName) ); } export function isRumAgentName(agentName?: string): agentName is RumAgentName { - return RUM_AGENT_NAMES.includes(agentName! as RumAgentName); + return ( + hasOpenTelemetryPrefix(agentName, 'webjs') || + RUM_AGENT_NAMES.includes(agentName! as RumAgentName) + ); } export function isMobileAgentName(agentName?: string) { @@ -43,12 +64,21 @@ export function isRumOrMobileAgentName(agentName?: string) { } export function isIosAgentName(agentName?: string) { - return agentName?.toLowerCase() === 'ios/swift'; + const lowercasedAgentName = agentName && agentName.toLowerCase(); + + return ( + hasOpenTelemetryPrefix(lowercasedAgentName, 'swift') || + IOS_AGENT_NAMES.includes(lowercasedAgentName! as IOSAgentName) + ); } export function isAndroidAgentName(agentName?: string) { - const lowercased = agentName && agentName.toLowerCase(); - return lowercased === 'android/java'; + const lowercasedAgentName = agentName && agentName.toLowerCase(); + + return ( + hasOpenTelemetryPrefix(lowercasedAgentName, 'android') || + ANDROID_AGENT_NAMES.includes(lowercasedAgentName! as AndroidAgentName) + ); } export function isJRubyAgentName(agentName?: string, runtimeName?: string) { diff --git a/packages/kbn-elastic-agent-utils/src/agent_names.ts b/packages/kbn-elastic-agent-utils/src/agent_names.ts index a7553c61587f8..0405da9cf2193 100644 --- a/packages/kbn-elastic-agent-utils/src/agent_names.ts +++ b/packages/kbn-elastic-agent-utils/src/agent_names.ts @@ -39,6 +39,7 @@ export const ELASTIC_AGENT_NAMES: ElasticAgentName[] = [ export type OpenTelemetryAgentName = | 'otlp' + | 'opentelemetry' | 'opentelemetry/cpp' | 'opentelemetry/dotnet' | 'opentelemetry/erlang' @@ -51,9 +52,23 @@ export type OpenTelemetryAgentName = | 'opentelemetry/rust' | 'opentelemetry/swift' | 'opentelemetry/android' - | 'opentelemetry/webjs'; + | 'opentelemetry/webjs' + | 'otlp/cpp' + | 'otlp/dotnet' + | 'otlp/erlang' + | 'otlp/go' + | 'otlp/java' + | 'otlp/nodejs' + | 'otlp/php' + | 'otlp/python' + | 'otlp/ruby' + | 'otlp/rust' + | 'otlp/swift' + | 'otlp/android' + | 'otlp/webjs'; export const OPEN_TELEMETRY_AGENT_NAMES: OpenTelemetryAgentName[] = [ 'otlp', + 'opentelemetry', 'opentelemetry/cpp', 'opentelemetry/dotnet', 'opentelemetry/erlang', @@ -67,21 +82,57 @@ export const OPEN_TELEMETRY_AGENT_NAMES: OpenTelemetryAgentName[] = [ 'opentelemetry/swift', 'opentelemetry/android', 'opentelemetry/webjs', + 'otlp/cpp', + 'otlp/dotnet', + 'otlp/erlang', + 'otlp/go', + 'otlp/java', + 'otlp/nodejs', + 'otlp/php', + 'otlp/python', + 'otlp/ruby', + 'otlp/rust', + 'otlp/swift', + 'otlp/android', + 'otlp/webjs', ]; -export type JavaAgentName = 'java' | 'opentelemetry/java'; -export const JAVA_AGENT_NAMES: JavaAgentName[] = ['java', 'opentelemetry/java']; +export type JavaAgentName = 'java' | 'opentelemetry/java' | 'otlp/java'; +export const JAVA_AGENT_NAMES: JavaAgentName[] = ['java', 'opentelemetry/java', 'otlp/java']; -export type RumAgentName = 'js-base' | 'rum-js' | 'opentelemetry/webjs'; -export const RUM_AGENT_NAMES: RumAgentName[] = ['js-base', 'rum-js', 'opentelemetry/webjs']; +export type RumAgentName = 'js-base' | 'rum-js' | 'opentelemetry/webjs' | 'otlp/webjs'; +export const RUM_AGENT_NAMES: RumAgentName[] = [ + 'js-base', + 'rum-js', + 'opentelemetry/webjs', + 'otlp/webjs', +]; + +export type AndroidAgentName = 'android/java' | 'opentelemetry/android' | 'otlp/android'; +export const ANDROID_AGENT_NAMES: AndroidAgentName[] = [ + 'android/java', + 'opentelemetry/android', + 'otlp/android', +]; + +export type IOSAgentName = 'ios/swift' | 'opentelemetry/swift' | 'otlp/swift'; +export const IOS_AGENT_NAMES: IOSAgentName[] = ['ios/swift', 'opentelemetry/swift', 'otlp/swift']; export type ServerlessType = 'aws.lambda' | 'azure.functions'; export const SERVERLESS_TYPE: ServerlessType[] = ['aws.lambda', 'azure.functions']; -export type AgentName = ElasticAgentName | OpenTelemetryAgentName | JavaAgentName | RumAgentName; +export type AgentName = + | ElasticAgentName + | OpenTelemetryAgentName + | JavaAgentName + | RumAgentName + | AndroidAgentName + | IOSAgentName; export const AGENT_NAMES: AgentName[] = [ ...ELASTIC_AGENT_NAMES, ...OPEN_TELEMETRY_AGENT_NAMES, ...JAVA_AGENT_NAMES, ...RUM_AGENT_NAMES, + ...ANDROID_AGENT_NAMES, + ...IOS_AGENT_NAMES, ]; diff --git a/src/plugins/telemetry/schema/oss_plugins.json b/src/plugins/telemetry/schema/oss_plugins.json index ce626c90c2d82..37507c50e832c 100644 --- a/src/plugins/telemetry/schema/oss_plugins.json +++ b/src/plugins/telemetry/schema/oss_plugins.json @@ -10349,15 +10349,6 @@ } } }, - "observability:searchExcludedDataTiers": { - "type": "array", - "items": { - "type": "keyword", - "_meta": { - "description": "Non-default value of setting." - } - } - }, "banners:placement": { "type": "keyword", "_meta": { @@ -10633,6 +10624,15 @@ "_meta": { "description": "Non-default value of setting." } + }, + "observability:searchExcludedDataTiers": { + "type": "array", + "items": { + "type": "keyword", + "_meta": { + "description": "Non-default value of setting." + } + } } } }, diff --git a/x-pack/plugins/observability_solution/apm/common/__snapshots__/apm_telemetry.test.ts.snap b/x-pack/plugins/observability_solution/apm/common/__snapshots__/apm_telemetry.test.ts.snap index a372355d1db7c..d0aa75c2170f1 100644 --- a/x-pack/plugins/observability_solution/apm/common/__snapshots__/apm_telemetry.test.ts.snap +++ b/x-pack/plugins/observability_solution/apm/common/__snapshots__/apm_telemetry.test.ts.snap @@ -85,6 +85,90 @@ exports[`APM telemetry helpers getApmTelemetry generates a JSON object with the "description": "Total number of services utilizing the otlp agent within the last day" } }, + "otlp/cpp": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/cpp agent within the last day" + } + }, + "otlp/dotnet": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/dotnet agent within the last day" + } + }, + "otlp/erlang": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/erlang agent within the last day" + } + }, + "otlp/go": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/go agent within the last day" + } + }, + "otlp/java": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/java agent within the last day" + } + }, + "otlp/nodejs": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/nodejs agent within the last day" + } + }, + "otlp/php": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/php agent within the last day" + } + }, + "otlp/python": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/python agent within the last day" + } + }, + "otlp/ruby": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/ruby agent within the last day" + } + }, + "otlp/rust": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/rust agent within the last day" + } + }, + "otlp/swift": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/swift agent within the last day" + } + }, + "otlp/android": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/android agent within the last day" + } + }, + "otlp/webjs": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/webjs agent within the last day" + } + }, + "opentelemetry": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the opentelemetry agent within the last day" + } + }, "opentelemetry/cpp": { "type": "long", "_meta": { @@ -162,6 +246,12 @@ exports[`APM telemetry helpers getApmTelemetry generates a JSON object with the "_meta": { "description": "Total number of services utilizing the opentelemetry/webjs agent within the last day" } + }, + "ios/swift": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the ios/swift agent within the last day" + } } } }, diff --git a/x-pack/plugins/observability_solution/apm/common/agent_name.ts b/x-pack/plugins/observability_solution/apm/common/agent_name.ts index 608fdf4975353..66ff78e3cdbe4 100644 --- a/x-pack/plugins/observability_solution/apm/common/agent_name.ts +++ b/x-pack/plugins/observability_solution/apm/common/agent_name.ts @@ -8,6 +8,7 @@ export { OPEN_TELEMETRY_AGENT_NAMES, AGENT_NAMES, isOpenTelemetryAgentName, + hasOpenTelemetryPrefix, JAVA_AGENT_NAMES, isJavaAgentName, RUM_AGENT_NAMES, diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx index 0888c1a0f6c11..e6780927e755b 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/index.tsx @@ -139,9 +139,7 @@ export function ServiceIcons({ start, end, serviceName, environment }: Props) { title: i18n.translate('xpack.apm.serviceIcons.opentelemetry', { defaultMessage: 'OpenTelemetry', }), - component: ( - - ), + component: , }, { key: 'container', diff --git a/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/otel_details.tsx b/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/otel_details.tsx index 410d6a98f7644..04aa2b6f56838 100644 --- a/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/otel_details.tsx +++ b/x-pack/plugins/observability_solution/apm/public/components/shared/service_icons/otel_details.tsx @@ -15,7 +15,6 @@ type ServiceDetailsReturnType = interface Props { opentelemetry: ServiceDetailsReturnType['opentelemetry']; - agentName?: string; } export function OTelDetails({ opentelemetry }: Props) { diff --git a/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/schema.ts b/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/schema.ts index 32c869beb581f..917237963ef37 100644 --- a/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/schema.ts +++ b/x-pack/plugins/observability_solution/apm/server/lib/apm_telemetry/schema.ts @@ -264,6 +264,92 @@ const apmPerAgentSchema: Pick, 'services_per_agen description: 'Total number of services utilizing the otlp agent within the last day', }, }, + 'otlp/cpp': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/cpp agent within the last day', + }, + }, + 'otlp/dotnet': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/dotnet agent within the last day', + }, + }, + 'otlp/erlang': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/erlang agent within the last day', + }, + }, + 'otlp/go': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/go agent within the last day', + }, + }, + 'otlp/java': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/java agent within the last day', + }, + }, + 'otlp/nodejs': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/nodejs agent within the last day', + }, + }, + 'otlp/php': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/php agent within the last day', + }, + }, + 'otlp/python': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/python agent within the last day', + }, + }, + 'otlp/ruby': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/ruby agent within the last day', + }, + }, + 'otlp/rust': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/rust agent within the last day', + }, + }, + 'otlp/swift': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/swift agent within the last day', + }, + }, + 'otlp/android': { + type: 'long', + _meta: { + description: + 'Total number of services utilizing the otlp/android agent within the last day', + }, + }, + 'otlp/webjs': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the otlp/webjs agent within the last day', + }, + }, + opentelemetry: { + type: 'long', + _meta: { + description: + 'Total number of services utilizing the opentelemetry agent within the last day', + }, + }, 'opentelemetry/cpp': { type: 'long', _meta: { @@ -355,6 +441,12 @@ const apmPerAgentSchema: Pick, 'services_per_agen 'Total number of services utilizing the opentelemetry/webjs agent within the last day', }, }, + 'ios/swift': { + type: 'long', + _meta: { + description: 'Total number of services utilizing the ios/swift agent within the last day', + }, + }, }, agents: { 'android/java': agentSchema, diff --git a/x-pack/plugins/observability_solution/apm/server/routes/metrics/__snapshots__/queries.test.ts.snap b/x-pack/plugins/observability_solution/apm/server/routes/metrics/__snapshots__/queries.test.ts.snap index 3fac4d595a274..18dd1f4c9835a 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/metrics/__snapshots__/queries.test.ts.snap +++ b/x-pack/plugins/observability_solution/apm/server/routes/metrics/__snapshots__/queries.test.ts.snap @@ -174,6 +174,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -440,6 +441,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -522,6 +524,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -720,6 +723,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -998,6 +1002,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -1086,6 +1091,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -1262,6 +1268,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -1518,6 +1525,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, @@ -1595,6 +1603,7 @@ Object { "agent.name": Array [ "java", "opentelemetry/java", + "otlp/java", ], }, }, diff --git a/x-pack/plugins/observability_solution/apm/server/routes/services/get_service_metadata_details.ts b/x-pack/plugins/observability_solution/apm/server/routes/services/get_service_metadata_details.ts index d7a81a7902efb..fb44638d8a6b0 100644 --- a/x-pack/plugins/observability_solution/apm/server/routes/services/get_service_metadata_details.ts +++ b/x-pack/plugins/observability_solution/apm/server/routes/services/get_service_metadata_details.ts @@ -32,7 +32,7 @@ import { ContainerType } from '../../../common/service_metadata'; import { TransactionRaw } from '../../../typings/es_schemas/raw/transaction_raw'; import { APMEventClient } from '../../lib/helpers/create_es_client/create_apm_event_client'; import { should } from './get_service_metadata_icons'; -import { isOpenTelemetryAgentName } from '../../../common/agent_name'; +import { isOpenTelemetryAgentName, hasOpenTelemetryPrefix } from '../../../common/agent_name'; type ServiceMetadataDetailsRaw = Pick< TransactionRaw, @@ -190,11 +190,9 @@ export async function getServiceMetadataDetails({ }; const otelDetails = - !!agent?.name && isOpenTelemetryAgentName(agent.name) + Boolean(agent?.name) && isOpenTelemetryAgentName(agent.name) ? { - language: agent.name.startsWith('opentelemetry') - ? agent.name.replace(/^opentelemetry\//, '') - : undefined, + language: hasOpenTelemetryPrefix(agent.name) ? agent.name.split('/')[1] : undefined, sdkVersion: agent?.version, autoVersion: labels?.telemetry_auto_version as string, } diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index ff79fcf4632a3..c58018f20ebb6 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -2808,6 +2808,90 @@ "description": "Total number of services utilizing the otlp agent within the last day" } }, + "otlp/cpp": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/cpp agent within the last day" + } + }, + "otlp/dotnet": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/dotnet agent within the last day" + } + }, + "otlp/erlang": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/erlang agent within the last day" + } + }, + "otlp/go": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/go agent within the last day" + } + }, + "otlp/java": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/java agent within the last day" + } + }, + "otlp/nodejs": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/nodejs agent within the last day" + } + }, + "otlp/php": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/php agent within the last day" + } + }, + "otlp/python": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/python agent within the last day" + } + }, + "otlp/ruby": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/ruby agent within the last day" + } + }, + "otlp/rust": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/rust agent within the last day" + } + }, + "otlp/swift": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/swift agent within the last day" + } + }, + "otlp/android": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/android agent within the last day" + } + }, + "otlp/webjs": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the otlp/webjs agent within the last day" + } + }, + "opentelemetry": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the opentelemetry agent within the last day" + } + }, "opentelemetry/cpp": { "type": "long", "_meta": { @@ -2885,6 +2969,12 @@ "_meta": { "description": "Total number of services utilizing the opentelemetry/webjs agent within the last day" } + }, + "ios/swift": { + "type": "long", + "_meta": { + "description": "Total number of services utilizing the ios/swift agent within the last day" + } } } }, From 4d67db1ae04631d04f9825c27b97b242652fce01 Mon Sep 17 00:00:00 2001 From: Ryusuke Okura <68797550+mochi22@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:26:45 +0900 Subject: [PATCH 27/74] Fix the Upgrade Assistant Docs link to the Release doc page (#193269) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit fixed: #191849 ## Summary This PR fix the `Check the latest release highlights` links in the Upgrade Assistant to the correct latest release links. The fix is ​​below ``` diff // kibana/packages/kbn-doc-links/src/get_doc_links.ts - latestReleaseHighlights: `${ELASTIC_WEBSITE_URL}guide/en/elastic-stack/current/elastic-stack-highlights.html`, + latestReleaseHighlights: `${ELASTIC_WEBSITE_URL}guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/new.html`, ``` PS: This is my first time to contribute to kibana. If there is anything that needs to be modified, please give me some advice and I will try my best! ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: florent-leborgne --- packages/kbn-doc-links/src/get_doc_links.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packages/kbn-doc-links/src/get_doc_links.ts b/packages/kbn-doc-links/src/get_doc_links.ts index 84005ce3cf492..78ccec5d48efe 100644 --- a/packages/kbn-doc-links/src/get_doc_links.ts +++ b/packages/kbn-doc-links/src/get_doc_links.ts @@ -436,7 +436,7 @@ export const getDocLinks = ({ kibanaBranch, buildFlavor }: GetDocLinkOptions): D migrationApiDeprecation: `${ELASTICSEARCH_DOCS}migration-api-deprecation.html`, nodeRoles: `${ELASTICSEARCH_DOCS}modules-node.html#node-roles`, releaseHighlights: `${ELASTICSEARCH_DOCS}release-highlights.html`, - latestReleaseHighlights: `${ELASTIC_WEBSITE_URL}guide/en/elastic-stack/current/elastic-stack-highlights.html`, + latestReleaseHighlights: `${ELASTIC_WEBSITE_URL}guide/en/starting-with-the-elasticsearch-platform-and-its-solutions/current/new.html`, remoteClusters: `${ELASTICSEARCH_DOCS}remote-clusters.html`, remoteClustersProxy: `${ELASTICSEARCH_DOCS}remote-clusters.html#proxy-mode`, remoteClusersProxySettings: `${ELASTICSEARCH_DOCS}remote-clusters-settings.html#remote-cluster-proxy-settings`, From bb1899653f6fc077d443a600bce6c6f2fc775964 Mon Sep 17 00:00:00 2001 From: Jiawei Wu <74562234+JiaweiWu@users.noreply.github.com> Date: Fri, 20 Sep 2024 01:50:54 -0700 Subject: [PATCH 28/74] [Response Ops][Rules] Rule Model Version Forward Compat (#193233) ## Summary This PR implements the `forwardCompatibility` field for the rule model version in preparation for the flapping PR (https://github.com/elastic/kibana/pull/190019). We're doing this so we have the point to revert back to if we need to where the `forwardCompatibility` is defined. --------- Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> --- .../ci_checks/saved_objects/check_registered_types.test.ts | 2 +- .../server/saved_objects/model_versions/rule_model_versions.ts | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts index 170cfa5958782..f4500df51f205 100644 --- a/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts +++ b/src/core/server/integration_tests/ci_checks/saved_objects/check_registered_types.test.ts @@ -59,7 +59,7 @@ describe('checking migration metadata changes on all registered SO types', () => "action": "0e6fc0b74c7312a8c11ff6b14437b93a997358b8", "action_task_params": "b50cb5c8a493881474918e8d4985e61374ca4c30", "ad_hoc_run_params": "d4e3c5c794151d0a4f5c71e886b2aa638da73ad2", - "alert": "3a67d3f1db80af36bd57aaea47ecfef87e43c58f", + "alert": "e920b0583b1a32338d5dbbbfabb6ff2a511f5f6c", "api_key_pending_invalidation": "1399e87ca37b3d3a65d269c924eda70726cfe886", "apm-custom-dashboards": "b67128f78160c288bd7efe25b2da6e2afd5e82fc", "apm-indices": "8a2d68d415a4b542b26b0d292034a28ffac6fed4", diff --git a/x-pack/plugins/alerting/server/saved_objects/model_versions/rule_model_versions.ts b/x-pack/plugins/alerting/server/saved_objects/model_versions/rule_model_versions.ts index 2d778667d2b79..db792a1276983 100644 --- a/x-pack/plugins/alerting/server/saved_objects/model_versions/rule_model_versions.ts +++ b/x-pack/plugins/alerting/server/saved_objects/model_versions/rule_model_versions.ts @@ -12,6 +12,7 @@ export const ruleModelVersions: SavedObjectsModelVersionMap = { '1': { changes: [], schemas: { + forwardCompatibility: rawRuleSchemaV1.extends({}, { unknowns: 'ignore' }), create: rawRuleSchemaV1, }, }, From b1434a446fecd1feae4230e0e9a4fbe0fea4d8f1 Mon Sep 17 00:00:00 2001 From: Anton Dosov Date: Fri, 20 Sep 2024 11:26:47 +0200 Subject: [PATCH 29/74] [react@18] bump `styled-components` (#192368) ## Summary Prep for https://github.com/elastic/kibana/issues/138222 This PR updates `styled-components` package to the latest v5 version. I would like to do it for react@18 upgrade to suppress a noisy warning that is coming from `styled-components` when it is used with react@18. Here is that PR https://github.com/styled-components/styled-components/pull/3564/files Updates the failed snapshot tests. Dear reviewers, could you please smoke-check your apps visually? This is a minor upgrade, but I think it is worth to click around anyway. --- package.json | 2 +- .../screen_reader_a11y.test.tsx.snap | 2 +- .../__snapshots__/code_editor.test.tsx.snap | 2 +- .../__snapshots__/table_cell.test.tsx.snap | 8 +- .../__snapshots__/agent_marker.test.tsx.snap | 4 +- .../netflow/__snapshots__/index.test.tsx.snap | 344 ++++++++--------- .../netflow_row_renderer.test.tsx.snap | 352 +++++++++--------- yarn.lock | 23 +- 8 files changed, 365 insertions(+), 372 deletions(-) diff --git a/package.json b/package.json index 24bfc1f5fe2cc..c61fe9446a3b7 100644 --- a/package.json +++ b/package.json @@ -1241,7 +1241,7 @@ "source-map-support": "^0.5.19", "stats-lite": "^2.2.0", "strip-ansi": "^6.0.0", - "styled-components": "^5.1.0", + "styled-components": "^5.3.11", "suricata-sid-db": "^1.0.2", "swr": "^2.2.5", "symbol-observable": "^1.2.0", diff --git a/packages/core/chrome/core-chrome-browser-internal/src/ui/header/__snapshots__/screen_reader_a11y.test.tsx.snap b/packages/core/chrome/core-chrome-browser-internal/src/ui/header/__snapshots__/screen_reader_a11y.test.tsx.snap index af2a055abc376..617f4ae90272e 100644 --- a/packages/core/chrome/core-chrome-browser-internal/src/ui/header/__snapshots__/screen_reader_a11y.test.tsx.snap +++ b/packages/core/chrome/core-chrome-browser-internal/src/ui/header/__snapshots__/screen_reader_a11y.test.tsx.snap @@ -249,7 +249,7 @@ exports[`ScreenReaderRouteAnnouncements renders 1`] = `