Make all risk score decimal places consistent #7
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
**Epic:** elastic/security-team#9401 (internal) ## Summary This PR adds Kibana OpenAPI bundling documentation. The functionality includes multiple scripts and automation scattered throughout the vast Kibana repo. The goal is to document the whole chain and make it transparent for the readers.
…196275) ## Summary Closes #174561 Show fullscreen mode when url has fullScreenMode param `&_a=(fullScreenMode:!t)` ### Screenshot  --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Hannah Mudge <[email protected]>
This PR recreates [@aakash742's PR](#196497) to add a note about Elastic not providing support for community plugins --------- Co-authored-by: akashsingh <[email protected]>
…7543) ## Summary Updated visuals in Dashboard docs for chart switch redesign and related changes. Closes: [#538](elastic/platform-docs-team#538) Rel: #187475
…ecovered alerts. (#195946)
…o 9734313 (main) (#197712) This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.elastic.co/wolfi/chainguard-base | digest | `277ebb4` -> `9734313` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
…97385) ## Summary Handles #197295 This PR removes the obselete timeline tour which was introduced in `8.12` and may not be relevant now in `8.16`. From the perspective of users directly to `8.16` from `8.11`. I guess it might be okay for users to expect considerable changes that may have happened between `8.11` and `8.16` and a tour might not be necessary 🤷
- Closes #197195 ## Summary This PR fixes the search highlights for saved search panels on Dashboard. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Update the test subjects of the feedback buttons. Closes #196297 Co-authored-by: Elastic Machine <[email protected]>
## Summary add `sideEffects: false` to shared packages for better tree shaking, see [docs](https://webpack.js.org/guides/tree-shaking/#mark-the-file-as-side-effect-free) and [related discussion](https://elastic.slack.com/archives/C5TQ33ND8/p1724317421954709?thread_ts=1724314732.061379&cid=C5TQ33ND8)
Improve the autogenerated connector names by - Re-generating names when changing connector source - Preventing editing of names after connector is created
…es file (#197208) ## Summary Reference 8.16 values file branch + bump kube-stack Helm Chart version ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Joe Reuter <[email protected]>
## Summary Closes - #190330 This PR implements the logic to support - One click increasing of Field Limit for Field Limit Issues (applicable on for Integrations). For Non Integrations, only text is displayed as to how they can do it. - The One click increase updates the linked custom component template as well as the last backing Index - If Last Backing Index update fails due to any reason, it provides user an option to trigger a Rollover manually. ## Demo Not possible, to many things to display 😆 ## What's Pending ? Tests - [x] API tests - [x] Settings API - [x] Rollover API - [x] Apply New limit API - [x] FTR tests - [x] Displaying of various issues for integrations and non integrations - [x] Fix it Flow Good case, without Rollover - [x] Fix it Flow Good case, with Rollover - [x] Manual Mitigation - Click on Component Template shold navigate to proper logic based on Integration / Non - [x] Manual Mitigation - Ingest Pipeline - [x] Link for official Documentation ## How to setup a local environment We will be setting up 2 different data streams, one with integration and one without. Please follow the steps in the exact order 1. Start Local ES and Local Kibana 2. Install Nginx Integration 1st 3. Ingest data as per script here - https://gist.github.com/achyutjhunjhunwala/03ea29190c6594544f584d2f0efa71e5 4. Set the Limit for the 2 datasets ``` PUT logs-synth.3-default/_settings { "mapping.total_fields.limit": 36 } // Set the limit for Nginx PUT logs-nginx.access-default/_settings { "mapping.total_fields.limit": 52 } ``` 5. Now uncomment line number 59 from the synthtrace script to enable cloud.project.id field and run the scenario again 6. Do a Rollover ``` POST logs-synth.3-default/_rollover POST logs-nginx.access-default/_rollover ``` 7. Get last backing index for both dataset ``` GET _data_stream/logs-synth.3-default/ GET _data_stream/logs-nginx.access-default ``` 8. Increase the Limit by 1 but for last backing index ``` PUT .ds-logs-synth.3-default-2024.10.10-000002/_settings { "mapping.total_fields.limit": 37 } PUT .ds-logs-nginx.access-default-2024.10.10-000002/_settings { "mapping.total_fields.limit": 53 } ``` 9. Run the same Synthtrace scenario again. This setup will give you 3 fields for testings 1. cloud.availability_zone - Which will show the character limit isue 2. cloud.project - Which will show an obsolete error which happened in the past and now does not exists due to field limit 3. cloud.project.id - A current field limit issue --------- Co-authored-by: Marco Antonio Ghiani <[email protected]> Co-authored-by: kibanamachine <[email protected]>
…es' issues (#197480) ## Summary In the scope of [Sustainable Kibana Architecture](elastic/kibana-team#1179), this PR fixes invalid dependencies from `security solution` code towards packages that are categorised as `group: 'platform', visibility: 'private'`. --------- Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: kibanamachine <[email protected]>
## Summary This adds the AI assistant to Serverless Elasticsearch. It also disables the knowledge base, and disables a few config values we don't want users to be able to set in that context. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elena Shostak <[email protected]>
…197760) ## Summary Follow up to #189863 and #196585. Related to #176387. This updates asserting the url state for log rate analysis with a query and reenables the functional tests. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)
…7046) ## Summary Fixes handling of `schema.nullable(schema.object({..}))` to params and query inputs. [Example in the wild](https://github.com/jloleysens/kibana/blob/83e76cb4d854a3c3f9ffdaad8c6ee29d66d56710/x-pack/plugins/reporting/server/routes/common/generate/request_handler.ts#L33). ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
I noticed some scenarios we see error logs from the task poller like `Failed to poll for work: undefined` making me think `err.message` is empty in some situations. I'm modifying the code to handle string situations if ever they occur by performing `err.message || err` and to also include a stack trace when strings are passed-in. --------- Co-authored-by: Patrick Mueller <[email protected]>
## Summary Upgrades `@elastic/node-crypto` from v1.2.1 to v1.2.3, upgrades `@elastic/request-crypto` from v2.0.2 to v2.0.3
## Summary Functional tests for `memory usage` page in ML.
- Fix [Object object] in retrieval documents when semantic text is used <img width="825" alt="image" src="https://github.com/user-attachments/assets/39b154ac-727b-40c2-8262-4ff6f892a634">
## Summary This PR modifies the code owners check to allow "file" matches for "directory" entries. ### Details Taking the code owner entry `/x-pack/test_serverless/**/test_suites/**/ml/ @elastic/ml-ui` as an example. Note the trailing slash in the path, indicating a directory. Before this PR, if we asked the script for the code owner of `x-pack/test_serverless/functional/test_suites/security/ml`, it would not match, because this requested path doesn't have the trailing slash, thus asking for the file `ml` and not the directory. While this is technically correct, it's just too easy to overlook this detail and get a false negative as a result. This PR is removing trailing slashes from the code owners entries when adding them to the lookup table, so they now match both, directory and file requests (and requests for everything within the directory). So going back to the example, all these owner requests would be matched and return `@elastic/ml-ui` as the owner: * `x-pack/test_serverless/functional/test_suites/security/ml` * `x-pack/test_serverless/functional/test_suites/security/ml/` * `x-pack/test_serverless/functional/test_suites/security/ml/index.ts`
…egory parameter (#197780) ## Summary Closes #197590. This PR addresses an issue with the onboarding link used by the `addApmData` constant, where the "Application" option fails to preselect. The issue is caused by the URL being incorrectly formed, with the category parameter set to `apm` instead of `application`. To resolve this, the PR introduces two main changes: - Update to use the correct locator - Modify the category parameter to use `application` instead of `apm` |Before|After| |-|-| |||
Fixes [https://github.com/elastic/kibana/security/code-scanning/365](https://github.com/elastic/kibana/security/code-scanning/365) ## Summary To fix the problem, we need to ensure that both double quotes and backslashes are properly escaped in the `escapeValue` function. This can be achieved by using a regular expression that replaces both characters globally. Specifically, we should replace backslashes with double backslashes (`\\`) and double quotes with escaped double quotes (`\"`). - Update the `escapeValue` function to use a regular expression that handles both double quotes and backslashes. - Ensure that the regular expression has the global flag (`g`) to replace all occurrences of the characters. Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
## Summary Moved the base set of sidenav items from being statically defined in useEnterpriseSearchNav to using a function that can be shared with the plugin. Additionally wrapped this generation in a `useMemo` to improve performance. This will support the ability to share the classic navigation items for Search to other plugins so that they can render their own UIs without sharing components with enterprise_search just to have access to the side nav defined by enterprise_search. ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed --------- Co-authored-by: Elastic Machine <[email protected]>
…8207) ## Summary This PR re-enables test reports that have been consistently failing in the serverless test environment. Investigation shows the reason for flakiness _may_ be due to the fact that the reports are exporting a large amount of data, which causes timeouts, including authentication tokens to time out. To speed up the tests, date range filters and field selections have been added to the report job parameters, which leads to a lower amount of data being exported. The tests that are updated in this PR now generate an export with 2 documents, where previously they were exporting up to 4675 documents.
## Summary Fixes a regression introduced in #194614, where the content of expanded rows in the Trained Model table stopped being updated on refresh. Co-authored-by: Elastic Machine <[email protected]>
## Summary This PR adds `tabIndex` to [markdown_vis_controller.tsx](https://github.com/elastic/kibana/compare/main...kowalczyk-krzysztof:kibana:fix/dashboard-markdown-panel?expand=1#diff-47267cf2f7d8f9e72e157ddb40292226a88ad5e51f9c92486799d381c5085e5f). Closes: #186559 ## Visuals: https://github.com/user-attachments/assets/8264c584-e7ca-4647-946a-7b9bd9f7aa8f This video demonstrates the markdown panel being tabbable and the scrollbar in being controlled with keyboard.
…revent resource exists error (#198268) ## Summary This PR fixes an issue where running init for both `user` and `host` entity engines in parallel would cause a race condition while enabling the risk engine, resulting in a `Resource already exists` error. --------- Co-authored-by: kibanamachine <[email protected]>
Fixes an issue where Playground occasionally crashed because a connector model is undefined.
## Summary Fixes #198298 Overview embeddable chart use proper theme !! ### After <img width="1728" alt="image" src="https://github.com/user-attachments/assets/9fa22277-31ba-41f0-b08a-1ed4d801daff"> ### Before <img width="1728" alt="image" src="https://github.com/user-attachments/assets/98102df8-6881-4672-9791-9e85f9201c6a">
Closes #184214 ## Summary ### Problem The Observability AI Assistant doesn't work on the Alerts page - errors out with a 400 status code from OpenAI. The reason for this is that the description for the function `get_data_on_screen` is too long, and there is a token limit for function descriptions by OpenAI. **Note:** This error does not occur with Gemini or Bedrock because simulated function calling is enabled by default for them. With simulated function calling, all functions and their descriptions are appended to the system message, therefore doesn't run into a token limit error as opposed to OpenAI. ### Solution Append the function description to the system message instead of sending it with the function. The implementation includes: - Registering an AdHoc instruction - Retrieving AdHoc instructions - Combine the retrieved AdHoc instructions with the other adHoc instructions passed to the chat and pass all AdHoc instructions to the `getSystemMessageFromInstructions` function. This correctly orders the description for the `get_data_on_screen` function at the end of the system message _OpenAI request object **before** the above update:_ <details> <summary>Click to expand JSON</summary> ```json { "messages": [ { "role": "system", "content": "You are a helpful assistant for Elastic Observability. Your goal is to help the Elastic Observability users to quickly assess what is happening in their observed systems. You can help them visualise and analyze data, investigate their systems, perform root cause analysis or identify optimisation opportunities.\n\n It's very important to not assume what the user is meaning. Ask them for clarification if needed.\n\n If you are unsure about which function should be used and with what arguments, ask the user for clarification or confirmation.\n\n In KQL (\"kqlFilter\")) escaping happens with double quotes, not single quotes. Some characters that need escaping are: ':()\\ /\". Always put a field value in double quotes. Best: service.name:\"opbeans-go\". Wrong: service.name:opbeans-go. This is very important!\n\n You can use Github-flavored Markdown in your responses. If a function returns an array, consider using a Markdown table to format the response.\n\n Note that ES|QL (the Elasticsearch Query Language which is a new piped language) is the preferred query language.\n\n If you want to call a function or tool, only call it a single time per message. Wait until the function has been executed and its results\n returned to you, before executing the same tool or another tool again if needed.\n\n DO NOT UNDER ANY CIRCUMSTANCES USE ES|QL syntax (`service.name == \"foo\"`) with \"kqlFilter\" (`service.name:\"foo\"`).\n\n The user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability, which can be found in the Stack Management app under the option AI Assistants.\n If the user asks how to change the language, reply in the same language the user asked in.\n\nYou MUST use the \"query\" function when the user wants to:\n - visualize data\n - run any arbitrary query\n - breakdown or filter ES|QL queries that are displayed on the current page\n - convert queries from another language to ES|QL\n - asks general questions about ES|QL\n\n DO NOT UNDER ANY CIRCUMSTANCES generate ES|QL queries or explain anything about the ES|QL query language yourself.\n DO NOT UNDER ANY CIRCUMSTANCES try to correct an ES|QL query yourself - always use the \"query\" function for this.\n\n If the user asks for a query, and one of the dataset info functions was called and returned no results, you should still call the query function to generate an example query.\n\n Even if the \"query\" function was used before that, follow it up with the \"query\" function. If a query fails, do not attempt to correct it yourself. Again you should call the \"query\" function,\n even if it has been called before.\n\n When the \"visualize_query\" function has been called, a visualization has been displayed to the user. DO NOT UNDER ANY CIRCUMSTANCES follow up a \"visualize_query\" function call with your own visualization attempt.\n If the \"execute_query\" function has been called, summarize these results for the user. The user does not see a visualization in this case.\n\nYou MUST use the \"get_dataset_info\" function before calling the \"query\" or the \"changes\" functions.\n\nIf a function requires an index, you MUST use the results from the dataset info functions.\n\nYou have access to data on the screen by calling the \"get_data_on_screen\" function.\nUse it to help the user understand what they are looking at. A short summary of what they are looking at is available in the return of the \"context\" function.\nData that is compact enough automatically gets included in the response for the \"context\" function.\n\nYou can use the \"summarize\" function to store new information you have learned in a knowledge database.\nOnly use this function when the user asks for it.\nAll summaries MUST be created in English, even if the conversation was carried out in a different language." }, { "role": "user", "content": "Can you explain this page?" }, { "role": "assistant", "content": "", "function_call": { "name": "context", "arguments": "{}" } }, { "role": "user", "content": "{\"screen_description\":\"The user is looking at http://localhost:5601/phq/app/observability/alerts?_a=(filters:!(),kuery:%27%27,rangeFrom:now-24h,rangeTo:now,status:all). The current time range is 2024-10-21T18:23:54.539Z - 2024-10-21T18:38:54.539Z.\",\"learnings\":[],\"data_on_screen\":[{\"name\":\".es-query\",\"value\":\"Elasticsearch query Alert when matches are found during the latest query run.\",\"description\":\"An available rule is Elasticsearch query.\"},{\"name\":\"observability.rules.custom_threshold\",\"value\":\"Custom threshold Alert when any Observability data type reaches or exceeds a given value.\",\"description\":\"An available rule is Custom threshold.\"},{\"name\":\"xpack.ml.anomaly_detection_alert\",\"value\":\"Anomaly detection Alert when anomaly detection jobs results match the condition.\",\"description\":\"An available rule is Anomaly detection.\"},{\"name\":\"slo.rules.burnRate\",\"value\":\"SLO burn rate Alert when your SLO burn rate is too high over a defined period of time.\",\"description\":\"An available rule is SLO burn rate.\"},{\"name\":\"metrics.alert.threshold\",\"value\":\"Metric threshold Alert when the metrics aggregation exceeds the threshold.\",\"description\":\"An available rule is Metric threshold.\"},{\"name\":\"metrics.alert.inventory.threshold\",\"value\":\"Inventory Alert when the inventory exceeds a defined threshold.\",\"description\":\"An available rule is Inventory.\"},{\"name\":\"logs.alert.document.count\",\"value\":\"Log threshold Alert when the log aggregation exceeds the threshold.\",\"description\":\"An available rule is Log threshold.\"},{\"name\":\"xpack.uptime.alerts.tlsCertificate\",\"value\":\"Uptime TLS Alert when the TLS certificate of an Uptime monitor is about to expire.\",\"description\":\"An available rule is Uptime TLS.\"},{\"name\":\"xpack.uptime.alerts.monitorStatus\",\"value\":\"Uptime monitor status Alert when a monitor is down or an availability threshold is breached.\",\"description\":\"An available rule is Uptime monitor status.\"},{\"name\":\"xpack.uptime.alerts.durationAnomaly\",\"value\":\"Uptime Duration Anomaly Alert when the Uptime monitor duration is anomalous.\",\"description\":\"An available rule is Uptime Duration Anomaly.\"},{\"name\":\"xpack.synthetics.alerts.monitorStatus\",\"value\":\"Synthetics monitor status Alert when a monitor is down.\",\"description\":\"An available rule is Synthetics monitor status.\"},{\"name\":\"xpack.synthetics.alerts.tls\",\"value\":\"Synthetics TLS certificate Alert when the TLS certificate of a Synthetics monitor is about to expire.\",\"description\":\"An available rule is Synthetics TLS certificate.\"},{\"name\":\"apm.error_rate\",\"value\":\"Error count threshold Alert when the number of errors in a service exceeds a defined threshold.\",\"description\":\"An available rule is Error count threshold.\"},{\"name\":\"apm.transaction_error_rate\",\"value\":\"Failed transaction rate threshold Alert when the rate of transaction errors in a service exceeds a defined threshold.\",\"description\":\"An available rule is Failed transaction rate threshold.\"},{\"name\":\"apm.transaction_duration\",\"value\":\"Latency threshold Alert when the latency of a specific transaction type in a service exceeds a defined threshold.\",\"description\":\"An available rule is Latency threshold.\"},{\"name\":\"apm.anomaly\",\"value\":\"APM Anomaly Alert when either the latency, throughput, or failed transaction rate of a service is anomalous.\",\"description\":\"An available rule is APM Anomaly.\"}]}", "name": "context" } ], "stream": true, "tools": [ { "function": { "name": "get_data_on_screen", "description": "Get data that is on the screen:\n.es-query: An available rule is Elasticsearch query.\nobservability.rules.custom_threshold: An available rule is Custom threshold.\nxpack.ml.anomaly_detection_alert: An available rule is Anomaly detection.\nslo.rules.burnRate: An available rule is SLO burn rate.\nmetrics.alert.threshold: An available rule is Metric threshold.\nmetrics.alert.inventory.threshold: An available rule is Inventory.\nlogs.alert.document.count: An available rule is Log threshold.\nxpack.uptime.alerts.tlsCertificate: An available rule is Uptime TLS.\nxpack.uptime.alerts.monitorStatus: An available rule is Uptime monitor status.\nxpack.uptime.alerts.durationAnomaly: An available rule is Uptime Duration Anomaly.\nxpack.synthetics.alerts.monitorStatus: An available rule is Synthetics monitor status.\nxpack.synthetics.alerts.tls: An available rule is Synthetics TLS certificate.\napm.error_rate: An available rule is Error count threshold.\napm.transaction_error_rate: An available rule is Failed transaction rate threshold.\napm.transaction_duration: An available rule is Latency threshold.\napm.anomaly: An available rule is APM Anomaly.", "parameters": { "type": "object", "properties": { "data": { "type": "array", "description": "The pieces of data you want to look at it. You can request one, or multiple", "items": { "type": "string", "enum": [ ".es-query", "observability.rules.custom_threshold", "xpack.ml.anomaly_detection_alert", "slo.rules.burnRate", "metrics.alert.threshold", "metrics.alert.inventory.threshold", "logs.alert.document.count", "xpack.uptime.alerts.tlsCertificate", "xpack.uptime.alerts.monitorStatus", "xpack.uptime.alerts.durationAnomaly", "xpack.synthetics.alerts.monitorStatus", "xpack.synthetics.alerts.tls", "apm.error_rate", "apm.transaction_error_rate", "apm.transaction_duration", "apm.anomaly" ] } } }, "required": ["data"] } }, "type": "function" }, { "function": { "name": "query", "description": "This function generates, executes and/or visualizes a query\n based on the user's request. It also explains how ES|QL works and how to\n convert queries from one language to another. Make sure you call one of\n the get_dataset functions first if you need index or field names. This\n function takes no input.", "parameters": { "type": "object", "properties": {} } }, "type": "function" }, { "function": { "name": "get_alerts_dataset_info", "description": "Use this function to get information about alerts data.", "parameters": { "type": "object", "properties": { "start": { "type": "string", "description": "The start of the current time range, in datemath, like now-24h or an ISO timestamp" }, "end": { "type": "string", "description": "The end of the current time range, in datemath, like now-24h or an ISO timestamp" } } } }, "type": "function" }, { "function": { "name": "alerts", "description": "Get alerts for Observability. Make sure get_alerts_dataset_info was called before.\n Use this to get open (and optionally recovered) alerts for Observability assets, like services,\n hosts or containers.\n Display the response in tabular format if appropriate.\n ", "parameters": { "type": "object", "properties": { "start": { "type": "string", "description": "The start of the time range, in Elasticsearch date math, like `now`." }, "end": { "type": "string", "description": "The end of the time range, in Elasticsearch date math, like `now-24h`." }, "kqlFilter": { "type": "string", "description": "Filter alerts by field:value pairs" }, "includeRecovered": { "type": "boolean", "description": "Whether to include recovered/closed alerts. Defaults to false, which means only active alerts will be returned" } }, "required": ["start", "end"] } }, "type": "function" }, { "function": { "name": "changes", "description": "Returns change points like spikes and dips for logs and metrics.", "parameters": { "type": "object", "properties": { "start": { "type": "string", "description": "The beginning of the time range, in datemath, like now-24h, or an ISO timestamp" }, "end": { "type": "string", "description": "The end of the time range, in datemath, like now, or an ISO timestamp" }, "logs": { "description": "Analyze changes in log patterns. If no index is given, the default logs index pattern will be used", "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of this set of logs" }, "index": { "type": "string", "description": "The index or index pattern where to find the logs" }, "kqlFilter": { "type": "string", "description": "A KQL filter to filter the log documents by, e.g. my_field:foo" }, "field": { "type": "string", "description": "The text field that contains the message to be analyzed, usually `message`. ONLY use field names from the conversation." } }, "required": ["name"] } }, "metrics": { "description": "Analyze changes in metrics. DO NOT UNDER ANY CIRCUMSTANCES use date or metric fields for groupBy, leave empty unless needed.", "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of this set of metrics" }, "index": { "type": "string", "description": "The index or index pattern where to find the metrics" }, "kqlFilter": { "type": "string", "description": "A KQL filter to filter the log documents by, e.g. my_field:foo" }, "field": { "type": "string", "description": "Metric field that contains the metric. Only use if the metric aggregation type is not count." }, "type": { "type": "string", "description": "The type of metric aggregation to perform. Defaults to count", "enum": ["count", "avg", "sum", "min", "max", "p95", "p99"] }, "groupBy": { "type": "array", "description": "Optional keyword fields to group metrics by.", "items": { "type": "string" } } }, "required": ["index", "name"] } } }, "required": ["start", "end"] } }, "type": "function" }, { "function": { "name": "summarize", "description": "Use this function to store facts in the knowledge database if the user requests it.\n You can score the learnings with a confidence metric, whether it is a correction on a previous learning.\n An embedding will be created that you can recall later with a semantic search.\n When you create this summarisation, make sure you craft it in a way that can be recalled with a semantic\n search later, and that it would have answered the user's original request.", "parameters": { "type": "object", "properties": { "id": { "type": "string", "description": "An id for the document. This should be a short human-readable keyword field with only alphabetic characters and underscores, that allow you to update it later." }, "text": { "type": "string", "description": "A human-readable summary of what you have learned, described in such a way that you can recall it later with semantic search, and that it would have answered the user's original request." }, "is_correction": { "type": "boolean", "description": "Whether this is a correction for a previous learning." }, "confidence": { "type": "string", "description": "How confident you are about this being a correct and useful learning", "enum": ["low", "medium", "high"] }, "public": { "type": "boolean", "description": "Whether this information is specific to the user, or generally applicable to any user of the product" } }, "required": ["id", "text", "is_correction", "confidence", "public"] } }, "type": "function" }, { "function": { "name": "elasticsearch", "description": "Call Elasticsearch APIs on behalf of the user. Make sure the request body is valid for the API that you are using. Only call this function when the user has explicitly requested it.", "parameters": { "type": "object", "properties": { "method": { "type": "string", "description": "The HTTP method of the Elasticsearch endpoint", "enum": ["GET", "PUT", "POST", "DELETE", "PATCH"] }, "path": { "type": "string", "description": "The path of the Elasticsearch endpoint, including query parameters" }, "body": { "type": "object", "description": "The body of the request" } }, "required": ["method", "path"] } }, "type": "function" }, { "function": { "name": "kibana", "description": "Call Kibana APIs on behalf of the user. Only call this function when the user has explicitly requested it, and you know how to call it, for example by querying the knowledge base or having the user explain it to you. Assume that pathnames, bodies and query parameters may have changed since your knowledge cut off date.", "parameters": { "type": "object", "properties": { "method": { "type": "string", "description": "The HTTP method of the Kibana endpoint", "enum": ["GET", "PUT", "POST", "DELETE", "PATCH"] }, "pathname": { "type": "string", "description": "The pathname of the Kibana endpoint, excluding query parameters" }, "query": { "type": "object", "description": "The query parameters, as an object" }, "body": { "type": "object", "description": "The body of the request" } }, "required": ["method", "pathname"] } }, "type": "function" }, { "function": { "name": "get_dataset_info", "description": "Use this function to get information about indices/datasets available and the fields available on them.\n\n providing empty string as index name will retrieve all indices\n else list of all fields for the given index will be given. if no fields are returned this means no indices were matched by provided index pattern.\n wildcards can be part of index name.", "parameters": { "type": "object", "properties": { "index": { "type": "string", "description": "index pattern the user is interested in or empty string to get information about all available indices" } }, "required": ["index"] } }, "type": "function" }, { "function": { "name": "execute_connector", "description": "Use this function when user explicitly asks to call a kibana connector.", "parameters": { "type": "object", "properties": { "id": { "type": "string", "description": "The id of the connector" }, "params": { "type": "object", "description": "The connector parameters" } }, "required": ["id", "params"] } }, "type": "function" } ], "temperature": 0 } ``` </details> _OpenAI request object **after** the above update:_ <details> <summary>Click to expand JSON</summary> ```json { "messages": [ { "role": "system", "content": "You are a helpful assistant for Elastic Observability. Your goal is to help the Elastic Observability users to quickly assess what is happening in their observed systems. You can help them visualise and analyze data, investigate their systems, perform root cause analysis or identify optimisation opportunities.\n\n It's very important to not assume what the user is meaning. Ask them for clarification if needed.\n\n If you are unsure about which function should be used and with what arguments, ask the user for clarification or confirmation.\n\n In KQL (\"kqlFilter\")) escaping happens with double quotes, not single quotes. Some characters that need escaping are: ':()\\ /\". Always put a field value in double quotes. Best: service.name:\"opbeans-go\". Wrong: service.name:opbeans-go. This is very important!\n\n You can use Github-flavored Markdown in your responses. If a function returns an array, consider using a Markdown table to format the response.\n\n Note that ES|QL (the Elasticsearch Query Language which is a new piped language) is the preferred query language.\n\n If you want to call a function or tool, only call it a single time per message. Wait until the function has been executed and its results\n returned to you, before executing the same tool or another tool again if needed.\n\n DO NOT UNDER ANY CIRCUMSTANCES USE ES|QL syntax (`service.name == \"foo\"`) with \"kqlFilter\" (`service.name:\"foo\"`).\n\n The user is able to change the language which they want you to reply in on the settings page of the AI Assistant for Observability, which can be found in the Stack Management app under the option AI Assistants.\n If the user asks how to change the language, reply in the same language the user asked in.\n\nYou MUST use the \"query\" function when the user wants to:\n - visualize data\n - run any arbitrary query\n - breakdown or filter ES|QL queries that are displayed on the current page\n - convert queries from another language to ES|QL\n - asks general questions about ES|QL\n\n DO NOT UNDER ANY CIRCUMSTANCES generate ES|QL queries or explain anything about the ES|QL query language yourself.\n DO NOT UNDER ANY CIRCUMSTANCES try to correct an ES|QL query yourself - always use the \"query\" function for this.\n\n If the user asks for a query, and one of the dataset info functions was called and returned no results, you should still call the query function to generate an example query.\n\n Even if the \"query\" function was used before that, follow it up with the \"query\" function. If a query fails, do not attempt to correct it yourself. Again you should call the \"query\" function,\n even if it has been called before.\n\n When the \"visualize_query\" function has been called, a visualization has been displayed to the user. DO NOT UNDER ANY CIRCUMSTANCES follow up a \"visualize_query\" function call with your own visualization attempt.\n If the \"execute_query\" function has been called, summarize these results for the user. The user does not see a visualization in this case.\n\nYou MUST use the \"get_dataset_info\" function before calling the \"query\" or the \"changes\" functions.\n\nIf a function requires an index, you MUST use the results from the dataset info functions.\n\nYou have access to data on the screen by calling the \"get_data_on_screen\" function.\nUse it to help the user understand what they are looking at. A short summary of what they are looking at is available in the return of the \"context\" function.\nData that is compact enough automatically gets included in the response for the \"context\" function.\n\nYou can use the \"summarize\" function to store new information you have learned in a knowledge database.\nOnly use this function when the user asks for it.\nAll summaries MUST be created in English, even if the conversation was carried out in a different language.\nThe \"get_data_on_screen\" function will Get data that is on the screen:\n.es-query: An available rule is Elasticsearch query.\nobservability.rules.custom_threshold: An available rule is Custom threshold.\nxpack.ml.anomaly_detection_alert: An available rule is Anomaly detection.\nslo.rules.burnRate: An available rule is SLO burn rate.\nmetrics.alert.threshold: An available rule is Metric threshold.\nmetrics.alert.inventory.threshold: An available rule is Inventory.\nlogs.alert.document.count: An available rule is Log threshold.\nxpack.uptime.alerts.tlsCertificate: An available rule is Uptime TLS.\nxpack.uptime.alerts.monitorStatus: An available rule is Uptime monitor status.\nxpack.uptime.alerts.durationAnomaly: An available rule is Uptime Duration Anomaly.\nxpack.synthetics.alerts.monitorStatus: An available rule is Synthetics monitor status.\nxpack.synthetics.alerts.tls: An available rule is Synthetics TLS certificate.\napm.error_rate: An available rule is Error count threshold.\napm.transaction_error_rate: An available rule is Failed transaction rate threshold.\napm.transaction_duration: An available rule is Latency threshold.\napm.anomaly: An available rule is APM Anomaly." }, { "role": "user", "content": "Can you explain this page?" }, { "role": "assistant", "content": "", "function_call": { "name": "context", "arguments": "{}" } }, { "role": "user", "content": "{\"screen_description\":\"The user is looking at http://localhost:5601/phq/app/observability/alerts?_a=(filters:!(),kuery:%27%27,rangeFrom:now-24h,rangeTo:now,status:all). The current time range is 2024-10-21T18:23:54.539Z - 2024-10-21T18:38:54.539Z.\",\"learnings\":[],\"data_on_screen\":[{\"name\":\".es-query\",\"value\":\"Elasticsearch query Alert when matches are found during the latest query run.\",\"description\":\"An available rule is Elasticsearch query.\"},{\"name\":\"observability.rules.custom_threshold\",\"value\":\"Custom threshold Alert when any Observability data type reaches or exceeds a given value.\",\"description\":\"An available rule is Custom threshold.\"},{\"name\":\"xpack.ml.anomaly_detection_alert\",\"value\":\"Anomaly detection Alert when anomaly detection jobs results match the condition.\",\"description\":\"An available rule is Anomaly detection.\"},{\"name\":\"slo.rules.burnRate\",\"value\":\"SLO burn rate Alert when your SLO burn rate is too high over a defined period of time.\",\"description\":\"An available rule is SLO burn rate.\"},{\"name\":\"metrics.alert.threshold\",\"value\":\"Metric threshold Alert when the metrics aggregation exceeds the threshold.\",\"description\":\"An available rule is Metric threshold.\"},{\"name\":\"metrics.alert.inventory.threshold\",\"value\":\"Inventory Alert when the inventory exceeds a defined threshold.\",\"description\":\"An available rule is Inventory.\"},{\"name\":\"logs.alert.document.count\",\"value\":\"Log threshold Alert when the log aggregation exceeds the threshold.\",\"description\":\"An available rule is Log threshold.\"},{\"name\":\"xpack.uptime.alerts.tlsCertificate\",\"value\":\"Uptime TLS Alert when the TLS certificate of an Uptime monitor is about to expire.\",\"description\":\"An available rule is Uptime TLS.\"},{\"name\":\"xpack.uptime.alerts.monitorStatus\",\"value\":\"Uptime monitor status Alert when a monitor is down or an availability threshold is breached.\",\"description\":\"An available rule is Uptime monitor status.\"},{\"name\":\"xpack.uptime.alerts.durationAnomaly\",\"value\":\"Uptime Duration Anomaly Alert when the Uptime monitor duration is anomalous.\",\"description\":\"An available rule is Uptime Duration Anomaly.\"},{\"name\":\"xpack.synthetics.alerts.monitorStatus\",\"value\":\"Synthetics monitor status Alert when a monitor is down.\",\"description\":\"An available rule is Synthetics monitor status.\"},{\"name\":\"xpack.synthetics.alerts.tls\",\"value\":\"Synthetics TLS certificate Alert when the TLS certificate of a Synthetics monitor is about to expire.\",\"description\":\"An available rule is Synthetics TLS certificate.\"},{\"name\":\"apm.error_rate\",\"value\":\"Error count threshold Alert when the number of errors in a service exceeds a defined threshold.\",\"description\":\"An available rule is Error count threshold.\"},{\"name\":\"apm.transaction_error_rate\",\"value\":\"Failed transaction rate threshold Alert when the rate of transaction errors in a service exceeds a defined threshold.\",\"description\":\"An available rule is Failed transaction rate threshold.\"},{\"name\":\"apm.transaction_duration\",\"value\":\"Latency threshold Alert when the latency of a specific transaction type in a service exceeds a defined threshold.\",\"description\":\"An available rule is Latency threshold.\"},{\"name\":\"apm.anomaly\",\"value\":\"APM Anomaly Alert when either the latency, throughput, or failed transaction rate of a service is anomalous.\",\"description\":\"An available rule is APM Anomaly.\"}]}", "name": "context" } ], "stream": true, "tools": [ { "function": { "name": "get_data_on_screen", "parameters": { "type": "object", "properties": { "data": { "type": "array", "description": "The pieces of data you want to look at it. You can request one, or multiple", "items": { "type": "string", "enum": [ ".es-query", "observability.rules.custom_threshold", "xpack.ml.anomaly_detection_alert", "slo.rules.burnRate", "metrics.alert.threshold", "metrics.alert.inventory.threshold", "logs.alert.document.count", "xpack.uptime.alerts.tlsCertificate", "xpack.uptime.alerts.monitorStatus", "xpack.uptime.alerts.durationAnomaly", "xpack.synthetics.alerts.monitorStatus", "xpack.synthetics.alerts.tls", "apm.error_rate", "apm.transaction_error_rate", "apm.transaction_duration", "apm.anomaly" ] } } }, "required": ["data"] } }, "type": "function" }, { "function": { "name": "query", "description": "This function generates, executes and/or visualizes a query\n based on the user's request. It also explains how ES|QL works and how to\n convert queries from one language to another. Make sure you call one of\n the get_dataset functions first if you need index or field names. This\n function takes no input.", "parameters": { "type": "object", "properties": {} } }, "type": "function" }, { "function": { "name": "get_alerts_dataset_info", "description": "Use this function to get information about alerts data.", "parameters": { "type": "object", "properties": { "start": { "type": "string", "description": "The start of the current time range, in datemath, like now-24h or an ISO timestamp" }, "end": { "type": "string", "description": "The end of the current time range, in datemath, like now-24h or an ISO timestamp" } } } }, "type": "function" }, { "function": { "name": "alerts", "description": "Get alerts for Observability. Make sure get_alerts_dataset_info was called before.\n Use this to get open (and optionally recovered) alerts for Observability assets, like services,\n hosts or containers.\n Display the response in tabular format if appropriate.\n ", "parameters": { "type": "object", "properties": { "start": { "type": "string", "description": "The start of the time range, in Elasticsearch date math, like `now`." }, "end": { "type": "string", "description": "The end of the time range, in Elasticsearch date math, like `now-24h`." }, "kqlFilter": { "type": "string", "description": "Filter alerts by field:value pairs" }, "includeRecovered": { "type": "boolean", "description": "Whether to include recovered/closed alerts. Defaults to false, which means only active alerts will be returned" } }, "required": ["start", "end"] } }, "type": "function" }, { "function": { "name": "changes", "description": "Returns change points like spikes and dips for logs and metrics.", "parameters": { "type": "object", "properties": { "start": { "type": "string", "description": "The beginning of the time range, in datemath, like now-24h, or an ISO timestamp" }, "end": { "type": "string", "description": "The end of the time range, in datemath, like now, or an ISO timestamp" }, "logs": { "description": "Analyze changes in log patterns. If no index is given, the default logs index pattern will be used", "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of this set of logs" }, "index": { "type": "string", "description": "The index or index pattern where to find the logs" }, "kqlFilter": { "type": "string", "description": "A KQL filter to filter the log documents by, e.g. my_field:foo" }, "field": { "type": "string", "description": "The text field that contains the message to be analyzed, usually `message`. ONLY use field names from the conversation." } }, "required": ["name"] } }, "metrics": { "description": "Analyze changes in metrics. DO NOT UNDER ANY CIRCUMSTANCES use date or metric fields for groupBy, leave empty unless needed.", "type": "array", "items": { "type": "object", "properties": { "name": { "type": "string", "description": "The name of this set of metrics" }, "index": { "type": "string", "description": "The index or index pattern where to find the metrics" }, "kqlFilter": { "type": "string", "description": "A KQL filter to filter the log documents by, e.g. my_field:foo" }, "field": { "type": "string", "description": "Metric field that contains the metric. Only use if the metric aggregation type is not count." }, "type": { "type": "string", "description": "The type of metric aggregation to perform. Defaults to count", "enum": ["count", "avg", "sum", "min", "max", "p95", "p99"] }, "groupBy": { "type": "array", "description": "Optional keyword fields to group metrics by.", "items": { "type": "string" } } }, "required": ["index", "name"] } } }, "required": ["start", "end"] } }, "type": "function" }, { "function": { "name": "summarize", "description": "Use this function to store facts in the knowledge database if the user requests it.\n You can score the learnings with a confidence metric, whether it is a correction on a previous learning.\n An embedding will be created that you can recall later with a semantic search.\n When you create this summarisation, make sure you craft it in a way that can be recalled with a semantic\n search later, and that it would have answered the user's original request.", "parameters": { "type": "object", "properties": { "id": { "type": "string", "description": "An id for the document. This should be a short human-readable keyword field with only alphabetic characters and underscores, that allow you to update it later." }, "text": { "type": "string", "description": "A human-readable summary of what you have learned, described in such a way that you can recall it later with semantic search, and that it would have answered the user's original request." }, "is_correction": { "type": "boolean", "description": "Whether this is a correction for a previous learning." }, "confidence": { "type": "string", "description": "How confident you are about this being a correct and useful learning", "enum": ["low", "medium", "high"] }, "public": { "type": "boolean", "description": "Whether this information is specific to the user, or generally applicable to any user of the product" } }, "required": ["id", "text", "is_correction", "confidence", "public"] } }, "type": "function" }, { "function": { "name": "elasticsearch", "description": "Call Elasticsearch APIs on behalf of the user. Make sure the request body is valid for the API that you are using. Only call this function when the user has explicitly requested it.", "parameters": { "type": "object", "properties": { "method": { "type": "string", "description": "The HTTP method of the Elasticsearch endpoint", "enum": ["GET", "PUT", "POST", "DELETE", "PATCH"] }, "path": { "type": "string", "description": "The path of the Elasticsearch endpoint, including query parameters" }, "body": { "type": "object", "description": "The body of the request" } }, "required": ["method", "path"] } }, "type": "function" }, { "function": { "name": "kibana", "description": "Call Kibana APIs on behalf of the user. Only call this function when the user has explicitly requested it, and you know how to call it, for example by querying the knowledge base or having the user explain it to you. Assume that pathnames, bodies and query parameters may have changed since your knowledge cut off date.", "parameters": { "type": "object", "properties": { "method": { "type": "string", "description": "The HTTP method of the Kibana endpoint", "enum": ["GET", "PUT", "POST", "DELETE", "PATCH"] }, "pathname": { "type": "string", "description": "The pathname of the Kibana endpoint, excluding query parameters" }, "query": { "type": "object", "description": "The query parameters, as an object" }, "body": { "type": "object", "description": "The body of the request" } }, "required": ["method", "pathname"] } }, "type": "function" }, { "function": { "name": "get_dataset_info", "description": "Use this function to get information about indices/datasets available and the fields available on them.\n\n providing empty string as index name will retrieve all indices\n else list of all fields for the given index will be given. if no fields are returned this means no indices were matched by provided index pattern.\n wildcards can be part of index name.", "parameters": { "type": "object", "properties": { "index": { "type": "string", "description": "index pattern the user is interested in or empty string to get information about all available indices" } }, "required": ["index"] } }, "type": "function" }, { "function": { "name": "execute_connector", "description": "Use this function when user explicitly asks to call a kibana connector.", "parameters": { "type": "object", "properties": { "id": { "type": "string", "description": "The id of the connector" }, "params": { "type": "object", "description": "The connector parameters" } }, "required": ["id", "params"] } }, "type": "function" } ], "temperature": 0 } ``` </details> --------- Co-authored-by: Søren Louv-Jansen <[email protected]>
* Remove duplicated “File service” entry from nav * Move Screenshotting to main Tutorials section in nav * Add “Updating Puppeteer and Chromium” to nav as a sub-item of screenshotting * Move files for Screenshotting/Chromium out of the SharedUX space to `dev_docs/tutorials/screenshotting`
…o 8cff240 (main) (#198271) This PR contains the following updates: | Package | Update | Change | |---|---|---| | docker.elastic.co/wolfi/chainguard-base | digest | `1815394` -> `8cff240` | --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://togithub.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjUuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyNS4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJUZWFtOk9wZXJhdGlvbnMiLCJyZWxlYXNlX25vdGU6c2tpcCJdfQ==--> Co-authored-by: elastic-renovate-prod[bot] <174716857+elastic-renovate-prod[bot]@users.noreply.github.com>
## Summary Fixes #190591 Adds chunking for `over_buckets` request to prevent exceeding the request length URL. ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
## Summary This PR refactors the Insights section of the expandable flyout for alerts and events. The changes are applied to the following section: - Threat Intelligence: when the user clicks on the number, we open the left section to the Insights Threat Intelligence tab - Correlations: when the user clicks on the number, we open the left section to the Insights Correlations tab - Prevalence: no user interactions When in preview mode, none of the number are clickable and the buttons are disabled. #### New UI | Normal flyout | Preview flyout | | ------------- | ------------- | |  |  | #### UX flows to expand the flyout https://github.com/user-attachments/assets/30031a12-c2f3-47e6-a783-5b9482359ee5 elastic/security-team#7033 ### Checklist - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios
Resolves #195573 In this PR, I'm un-skipping the alerts as data flapping tests. The flaky test runners weren't able to reproduce the flakiness. I believe it's because we needed to wait longer after changing the flapping settings for the cache to clear. This is already done in https://github.com/elastic/kibana/pull/197070/files#diff-3d57bae0b495bddd934b87ca29e2f43fa21bab9bf304b5d359d7e230284415c0 but it was merged after the test was skipped. Flaky test runners: - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7286 - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7293 - https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/7306
…hreshold preview bug (#197368) ## Summary This PR breaks down long running FTR groups into smaller chunks that now run in <~15 min. - Addresses #192109 - There is no existing ticket but rule_execution group tests are taking ~55m to run and will soon be a bottle neck for us. - No edits made to any existing tests. - Purely just a reshuffle of the tests. See #198209 for details on bug.
Fixes #197592 ## Summary This PR fixes the bug where the index Mappings details page crashes if the index has a mapping field with a type that is not recognized in Kibana. We fix this by using `getTypeLabelFromField` instead of directly fetching the `label` property of an object that might be `undefined` - `getTypeLabelFromField` takes care of this case. **How to test:** 1. Create the following index in Console (it has the unsupported `counted_keyword` field type): ``` PUT test { "mappings": { "properties": { "@timestamp": { "type": "date" }, "log": { "type": "text" }, "ids": { "type": "counted_keyword" } } } } ``` 2. Go to Index Management and click on the index that we just created 3. Go to Mappings tab 4. Verify that the page loads correctly 5. Check that the opening filter and selecting an option doesn't make the page crash. https://github.com/user-attachments/assets/4a595968-7cd8-4d36-9a53-264a0d5db50f
#198401) ## Summary - Added section for migrating routes created by utility function. - Added `patch` method to route methods in eslint rule. ### Checklist - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials
## Summary Assigned health_gateway due to https://github.com/elastic/kibana/blob/main/test/health_gateway/plugins/status/kibana.jsonc#L4 Assigned interpreter_functional due to https://github.com/elastic/kibana/blob/main/test/interpreter_functional/plugins/kbn_tp_run_pipeline/kibana.jsonc#L4 - But it is an educated guess - same with "...saved_objects*" Assigned home due to https://github.com/elastic/kibana/blob/main/src/plugins/home/kibana.jsonc#L5 Assigned otel_metrics due to https://github.com/elastic/kibana/blob/main/test/common/plugins/otel_metrics/kibana.jsonc#L4 Assigned content_management due to https://github.com/elastic/kibana/blob/main/api_docs/content_management.mdx#L18 - It says "Contact @elastic/appex-sharedux for questions regarding this plugin." Assigned kibana_overview due to https://github.com/elastic/kibana/blob/main/api_docs/kibana_overview.mdx#L14 - Says the same as above Assigned node_roles_functional due to https://github.com/elastic/kibana/blob/main/test/node_roles_functional/plugins/core_plugin_initializer_context/kibana.jsonc#L4 Assigned app_link_test due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/app_link_test/kibana.jsonc#L4 Assigned data_search due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/data_search/kibana.jsonc#L4 Assigned elasticsearch_client_plugin due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/elasticsearch_client_plugin/kibana.jsonc#L4 Assigned eui_provider_dev_warning due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/eui_provider_dev_warning/kibana.jsonc#L4 Assigned index_patterns due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/index_patterns/kibana.jsonc#L4 Assigned kbn_sample_panel_action due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/kbn_sample_panel_action/kibana.jsonc#L3-L4 Assigned kbn_top_nav due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/kbn_top_nav/kibana.jsonc#L4 Assigned management_test_plugin due to https://github.com/elastic/kibana/blob/main/test/plugin_functional/plugins/management_test_plugin/kibana.jsonc#L4 Contributes to: #192979 --------- Co-authored-by: Robert Oskamp <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
## Summary In kubectl annotate commands, we should use an equals sign (=) instead of a colon when setting the annotation value. ``` $ kubectl annotate namespace java instrumentation.opentelemetry.io/inject-java: "opentelemetry-operator-system/elastic-instrumentation" error: at least one annotation update is required $ kubectl annotate namespace java instrumentation.opentelemetry.io/inject-java="opentelemetry-operator-system/elastic-instrumentation" namespace/java annotated ``` ### Checklist Delete any items that are not applicable to this PR. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/packages/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] Any UI touched in this PR is usable by keyboard only (learn more about [keyboard accessibility](https://webaim.org/techniques/keyboard/)) - [ ] Any UI touched in this PR does not create any new axe failures (run axe in browser: [FF](https://addons.mozilla.org/en-US/firefox/addon/axe-devtools/), [Chrome](https://chrome.google.com/webstore/detail/axe-web-accessibility-tes/lhdoppojpmngadmnindnejefpokejbdd?hl=en-US)) - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This renders correctly on smaller devices using a responsive layout. (You can test this [in your browser](https://www.browserstack.com/guide/responsive-testing-on-local-server)) - [ ] This was checked for [cross-browser compatibility](https://www.elastic.co/support/matrix#matrix_browsers) ### Risk Matrix Delete this section if it is not applicable to this PR. Before closing this PR, invite QA, stakeholders, and other developers to identify risks that should be tested prior to the change/feature release. When forming the risk matrix, consider some of the following examples and how they may potentially impact the change: | Risk | Probability | Severity | Mitigation/Notes | |---------------------------|-------------|----------|-------------------------| | Multiple Spaces—unexpected behavior in non-default Kibana Space. | Low | High | Integration tests will verify that all features are still supported in non-default Kibana Space and when user switches between spaces. | | Multiple nodes—Elasticsearch polling might have race conditions when multiple Kibana nodes are polling for the same tasks. | High | Low | Tasks are idempotent, so executing them multiple times will not result in logical error, but will degrade performance. To test for this case we add plenty of unit tests around this logic and document manual testing procedure. | | Code should gracefully handle cases when feature X or plugin Y are disabled. | Medium | High | Unit tests will verify that any feature flag or plugin combination still results in our service operational. | | [See more potential risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) | ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
This step doesn't have enough CPU/memory for the number of processes running.
…97007) ## Summary - `text_expansion` is deprecated, use `semantic_text` instead - fix KB index entry form field options - explicitly create inference endpoint on KB setup if `assistantKnowledgeBaseByDefault` is true - when upgrade from v1 update KB ingest pipeline and remove unnecessary processor, but keep the pipeline for the backward compatibility - switch to use `doc` update for KB entries due to the limitations od `semantic_text` https://www.elastic.co/guide/en/elasticsearch/reference/current/semantic-text.html#update-script - split loading Security labs content into smaller chunks --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Pedro Jaramillo <[email protected]>
Resolves elastic/response-ops-team#250 ## Summary This PR eliminates the alerting RBAC exemption code. It removes all references to `getAuthorizationModeBySource` and `bulkGetAuthorizationModeBySource`, along with the corresponding legacy RBAC usage counters. Additionally, downstream code paths that rely on RBAC for authorization have been updated, and all related test cases have been removed.
## Summary Partially addresses #191812 - Adds traversal and manipulation APIs for `SORT` command. - `commands.sort.listCommands()` - `commands.sort.getCommand()` - `commands.sort.list()` - `commands.sort.findByPredicate()` - `commands.sort.find()` - `commands.sort.remove()` - `commands.sort.insertIntoCommand()` - `commands.sort.insertExpression()` - `commands.sort.insertCommand()` - Refactors "generic" AST manipulation routines into (1) `commands`, (2) `commands.args`, (3) `commands.options`. - `generic.commands.*` - `generic.commands.args.*` - `generic.commands.options.*` ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios ### For maintainers - [x] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) --------- Co-authored-by: Stratoula Kalafateli <[email protected]>
Closes #189619 Telemetry events created: - Infra Anomaly Detection Job Setup ``` { "event_type":"Infra Anomaly Detection Job Setup", "context":{...} "properties": { "job_type":"host", "configured_fields":{"start_date":"2024-09-24T16:11:41.446Z","partition_field":"cloud.instance.id","filter_field": "host.name:\"gke-edge-lite-oblt-edge-lite-oblt-poo-f77db573-2249\"} } } ``` - Infra Anomaly Detection Job Date Field Change ``` { "event_type":" Infra Anomaly Detection Job Date Field Change", "context":{...} "properties": { "job_type":"host", "start_date":"2024-09-24T16:11:41.446Z" } } ``` - Infra Anomaly Detection Job Partition Field Change ``` { "event_type":" Infra Anomaly Detection Job Date Field Change", "context":{...} "properties": { "job_type":"host", "partition_field":"cloud.instance.id" } } ``` - Infra Anomaly Detection Job Filter Field Change ``` { "event_type":" Infra Anomaly Detection Job Date Field Change", "context":{...} "properties": { "job_type":"host", "filter_field": "host.name:\"gke-edge-lite-oblt-edge-lite-oblt-poo-f77db573-2249\" } } ```
…ces initialization (#198239)
…nfig setting (#198172) ## Summary This PR removes `xpack.fleet.internal.registry.kibanaVersionCheckEnabled: false` from `kibana.yml` in favor of changing the default value that Fleet populates, so that we do not apply the Kibana version constraint to EPR requests for >= 9.0 deployments. Prior to this change, this setting was not applied to ESS deployments as `kibana.yml` is overridden there. I updated the related task in #192624 to reflect this change.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR updates all risk scores to use formatter to 2DP instead of rounding, for consistency and accuracy.
TODO: updating alerts page currently