diff --git a/.bazelrc.common b/.bazelrc.common index c401a90507982..0ad0c95fdcbbd 100644 --- a/.bazelrc.common +++ b/.bazelrc.common @@ -13,10 +13,10 @@ test --experimental_guard_against_concurrent_changes query --experimental_guard_against_concurrent_changes ## Cache action outputs on disk so they persist across output_base and bazel shutdown (eg. changing branches) -common --disk_cache=~/.bazel-cache/disk-cache +build --disk_cache=~/.bazel-cache/disk-cache ## Bazel repo cache settings -common --repository_cache=~/.bazel-cache/repository-cache +build --repository_cache=~/.bazel-cache/repository-cache # Bazel will create symlinks from the workspace directory to output artifacts. # Build results will be placed in a directory called "bazel-bin" diff --git a/.buildkite/pipelines/pull_request/fleet_cypress.yml b/.buildkite/pipelines/pull_request/fleet_cypress.yml new file mode 100644 index 0000000000000..bfaa3faae7783 --- /dev/null +++ b/.buildkite/pipelines/pull_request/fleet_cypress.yml @@ -0,0 +1,11 @@ +steps: + - command: .buildkite/scripts/steps/functional/fleet_cypress.sh + label: 'Fleet Cypress Tests' + agents: + queue: ci-group-6 + depends_on: build + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '*' + limit: 1 diff --git a/.buildkite/scripts/pipelines/pull_request/pipeline.js b/.buildkite/scripts/pipelines/pull_request/pipeline.js index c5ed216042b68..d0f38dc773357 100644 --- a/.buildkite/scripts/pipelines/pull_request/pipeline.js +++ b/.buildkite/scripts/pipelines/pull_request/pipeline.js @@ -76,6 +76,16 @@ const uploadPipeline = (pipelineContent) => { pipeline.push(getPipeline('.buildkite/pipelines/pull_request/apm_cypress.yml')); } + if ( + (await doAnyChangesMatch([ + /^x-pack\/plugins\/fleet/, + /^x-pack\/test\/fleet_cypress/, + ])) || + process.env.GITHUB_PR_LABELS.includes('ci:all-cypress-suites') + ) { + pipeline.push(getPipeline('.buildkite/pipelines/pull_request/fleet_cypress.yml')); + } + if (await doAnyChangesMatch([/^x-pack\/plugins\/uptime/])) { pipeline.push(getPipeline('.buildkite/pipelines/pull_request/uptime.yml')); } diff --git a/.buildkite/scripts/steps/functional/fleet_cypress.sh b/.buildkite/scripts/steps/functional/fleet_cypress.sh new file mode 100755 index 0000000000000..3847ffda08822 --- /dev/null +++ b/.buildkite/scripts/steps/functional/fleet_cypress.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -euo pipefail + +source .buildkite/scripts/common/util.sh + +.buildkite/scripts/bootstrap.sh +.buildkite/scripts/download_build_artifacts.sh + +export JOB=kibana-fleet-cypress + +echo "--- Fleet Cypress tests" + +cd "$XPACK_DIR" + +checks-reporter-with-killswitch "Fleet Cypress Tests" \ + node scripts/functional_tests \ + --debug --bail \ + --kibana-install-dir "$KIBANA_BUILD_LOCATION" \ + --config test/fleet_cypress/cli_config.ts diff --git a/.ci/Dockerfile b/.ci/Dockerfile index 29ed08c84b23e..8e0d2d4351965 100644 --- a/.ci/Dockerfile +++ b/.ci/Dockerfile @@ -1,7 +1,7 @@ # NOTE: This Dockerfile is ONLY used to run certain tasks in CI. It is not used to run Kibana or as a distributable. # If you're looking for the Kibana Docker image distributable, please see: src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts -ARG NODE_VERSION=16.11.1 +ARG NODE_VERSION=16.13.0 FROM node:${NODE_VERSION} AS base diff --git a/.gitignore b/.gitignore index 32c77b20ef204..c08ae529c2c36 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,8 @@ report.asciidoc /bazel /bazel-* .bazelrc.user + +elastic-agent-* +fleet-server-* +elastic-agent.yml +fleet-server.yml \ No newline at end of file diff --git a/.node-version b/.node-version index 141e9a2a2cef0..58a4133d910f4 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -16.11.1 +16.13.0 diff --git a/.nvmrc b/.nvmrc index 141e9a2a2cef0..5b0ad74a81023 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -16.11.1 +16.13.0 \ No newline at end of file diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index d3c44eab2a526..08c5bfa551437 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -27,14 +27,14 @@ check_rules_nodejs_version(minimum_version_string = "3.8.0") # we can update that rule. node_repositories( node_repositories = { - "16.11.1-darwin_amd64": ("node-v16.11.1-darwin-x64.tar.gz", "node-v16.11.1-darwin-x64", "ba54b8ed504bd934d03eb860fefe991419b4209824280d4274f6a911588b5e45"), - "16.11.1-darwin_arm64": ("node-v16.11.1-darwin-arm64.tar.gz", "node-v16.11.1-darwin-arm64", "5e772e478390fab3001b7148a923e4f22fca50170000f18b28475337d3a97248"), - "16.11.1-linux_arm64": ("node-v16.11.1-linux-arm64.tar.xz", "node-v16.11.1-linux-arm64", "083fc51f0ea26de9041aaf9821874651a9fd3b20d1cf57071ce6b523a0436f17"), - "16.11.1-linux_s390x": ("node-v16.11.1-linux-s390x.tar.xz", "node-v16.11.1-linux-s390x", "855b5c83c2ccb05273d50bb04376335c68d47df57f3187cdebe1f22b972d2825"), - "16.11.1-linux_amd64": ("node-v16.11.1-linux-x64.tar.xz", "node-v16.11.1-linux-x64", "493bcc9b660eff983a6de65a0f032eb2717f57207edf74c745bcb86e360310b3"), - "16.11.1-windows_amd64": ("node-v16.11.1-win-x64.zip", "node-v16.11.1-win-x64", "4d3c179b82d42e66e321c3948a4e332ed78592917a69d38b86e3a242d7e62fb7"), + "16.13.0-darwin_amd64": ("node-v16.13.0-darwin-x64.tar.gz", "node-v16.13.0-darwin-x64", "37e09a8cf2352f340d1204c6154058d81362fef4ec488b0197b2ce36b3f0367a"), + "16.13.0-darwin_arm64": ("node-v16.13.0-darwin-arm64.tar.gz", "node-v16.13.0-darwin-arm64", "46d83fc0bd971db5050ef1b15afc44a6665dee40bd6c1cbaec23e1b40fa49e6d"), + "16.13.0-linux_arm64": ("node-v16.13.0-linux-arm64.tar.xz", "node-v16.13.0-linux-arm64", "93a0d03f9f802353cb7052bc97a02cd9642b49fa985671cdc16c99936c86d7d2"), + "16.13.0-linux_s390x": ("node-v16.13.0-linux-s390x.tar.xz", "node-v16.13.0-linux-s390x", "49e972bf3e969d621157df4c8f2fa18ff748c167d5ebd0efc87e1b9f0c6541cc"), + "16.13.0-linux_amd64": ("node-v16.13.0-linux-x64.tar.xz", "node-v16.13.0-linux-x64", "a876ce787133149abd1696afa54b0b5bc5ce3d5ae359081d407ff776e39b7ba8"), + "16.13.0-windows_amd64": ("node-v16.13.0-win-x64.zip", "node-v16.13.0-win-x64", "5a39ec5d4786c2814a6c04488bebac6423c2aaa12832b24f0882456f2e4674e1"), }, - node_version = "16.11.1", + node_version = "16.13.0", node_urls = [ "https://nodejs.org/dist/v{version}/{filename}", ], diff --git a/api_docs/fleet.json b/api_docs/fleet.json index b951a5feea633..06c6bf2dbae32 100644 --- a/api_docs/fleet.json +++ b/api_docs/fleet.json @@ -19696,16 +19696,6 @@ "path": "x-pack/plugins/fleet/common/constants/routes.ts", "deprecated": false }, - { - "parentPluginId": "fleet", - "id": "def-common.AGENT_API_ROUTES.ENROLL_PATTERN", - "type": "string", - "tags": [], - "label": "ENROLL_PATTERN", - "description": [], - "path": "x-pack/plugins/fleet/common/constants/routes.ts", - "deprecated": false - }, { "parentPluginId": "fleet", "id": "def-common.AGENT_API_ROUTES.UNENROLL_PATTERN", @@ -21889,4 +21879,4 @@ } ] } -} \ No newline at end of file +} diff --git a/docs/concepts/index-patterns.asciidoc b/docs/concepts/data-views.asciidoc similarity index 55% rename from docs/concepts/index-patterns.asciidoc rename to docs/concepts/data-views.asciidoc index b8a10572fd8eb..7eb95405db6bc 100644 --- a/docs/concepts/index-patterns.asciidoc +++ b/docs/concepts/data-views.asciidoc @@ -1,45 +1,45 @@ -[[index-patterns]] -=== Create an index pattern +[[data-views]] +=== Create a data view -{kib} requires an index pattern to access the {es} data that you want to explore. -An index pattern selects the data to use and allows you to define properties of the fields. +{kib} requires a data view to access the {es} data that you want to explore. +A data view selects the data to use and allows you to define properties of the fields. -An index pattern can point to one or more indices, {ref}/data-streams.html[data stream], or {ref}/alias.html[index aliases]. -For example, an index pattern can point to your log data from yesterday, +A data view can point to one or more indices, {ref}/data-streams.html[data stream], or {ref}/alias.html[index aliases]. +For example, a data view can point to your log data from yesterday, or all indices that contain your data. [float] -[[index-patterns-read-only-access]] +[[data-views-read-only-access]] === Required permissions -* Access to *Index Patterns* requires the <> -`Index Pattern Management`. +* Access to *Data Views* requires the <> +`Data View Management`. -* To create an index pattern, you must have the <> +* To create a data view, you must have the <> `view_index_metadata`. * If a read-only indicator appears in {kib}, you have insufficient privileges -to create or save index patterns. The buttons to create new index patterns or -save existing index patterns are not visible. For more information, +to create or save data views. The buttons to create new data views or +save existing data views are not visible. For more information, refer to <>. [float] [[settings-create-pattern]] -=== Create an index pattern +=== Create a data view If you collected data using one of the {kib} <>, uploaded a file, or added sample data, -you get an index pattern for free, and can start exploring your data. -If you loaded your own data, follow these steps to create an index pattern. +you get a data view for free, and can start exploring your data. +If you loaded your own data, follow these steps to create a data view. -. Open the main menu, then click to *Stack Management > Index Patterns*. +. Open the main menu, then click to *Stack Management > Data Views*. + +. Click *Create data view*. -. Click *Create index pattern*. -+ [role="screenshot"] -image:management/index-patterns/images/create-index-pattern.png["Create index pattern"] +image:management/index-patterns/images/create-index-pattern.png["Create data view"] -. Start typing in the *Index pattern* field, and {kib} looks for the names of +. Start typing in the *name* field, and {kib} looks for the names of indices, data streams, and aliases that match your input. + ** To match multiple sources, use a wildcard (*). For example, `filebeat-*` matches @@ -61,21 +61,21 @@ global time filters on your dashboards. This is useful if you have multiple time fields and want to create dashboards that combine visualizations based on different timestamps. -. Click *Create index pattern*. +. Click *Create data view*. + [[reload-fields]] {kib} is now configured to use your {es} data. When a new field is added to an index, -the index pattern field list is updated -the next time the index pattern is loaded, for example, when you load the page or +the data view field list is updated +the next time the data view is loaded, for example, when you load the page or move between {kib} apps. -. Select this index pattern when you search and visualize your data. +. Select this data view when you search and visualize your data. [float] -[[rollup-index-pattern]] -==== Create an index pattern for rolled up data +[[rollup-data-view]] +==== Create a data view for rolled up data -An index pattern can match one rollup index. For a combination rollup -index pattern with both raw and rolled up data, use the standard notation: +A data view can match one rollup index. For a combination rollup +data view with both raw and rolled up data, use the standard notation: ```ts rollup_logstash,kibana_sample_data_logs @@ -84,7 +84,7 @@ For an example, refer to < Index Patterns*. +. Open the main menu, then click *Stack Management > Data Views*. -. Click the index pattern to delete. +. Click the data view to delete. -. Delete (image:management/index-patterns/images/delete.png[Delete icon]) the index pattern. +. Delete (image:management/index-patterns/images/delete.png[Delete icon]) the data view. diff --git a/docs/concepts/index.asciidoc b/docs/concepts/index.asciidoc index 20d7103f021cd..eac26beee1f9b 100644 --- a/docs/concepts/index.asciidoc +++ b/docs/concepts/index.asciidoc @@ -35,19 +35,19 @@ Open the search bar using the keyboard shortcut Ctrl+/ on Windows and Linux, Com image:concepts/images/global-search.png["Global search showing matches to apps and saved objects for the word visualize"] [float] -=== Accessing data with index patterns +=== Accessing data with data views -{kib} requires an index pattern to tell it which {es} data you want to access, -and whether the data is time-based. An index pattern can point to one or more {es} +{kib} requires a data view to tell it which {es} data you want to access, +and whether the data is time-based. A data view can point to one or more {es} data streams, indices, or index aliases by name. For example, `logs-elasticsearch-prod-*` is an index pattern, and it is time-based with a time field of `@timestamp`. The time field is not editable. -Index patterns are typically created by an administrator when sending data to {es}. -You can <> in *Stack Management*, or by using a script +Data views are typically created by an administrator when sending data to {es}. +You can <> in *Stack Management*, or by using a script that accesses the {kib} API. -{kib} uses the index pattern to show you a list of fields, such as +{kib} uses the data view to show you a list of fields, such as `event.duration`. You can customize the display name and format for each field. For example, you can tell {kib} to display `event.duration` in seconds. {kib} has <> for strings, @@ -75,7 +75,7 @@ and can optionally contain the time filter and extra filters. ==== Time filter The <> limits the time range of data displayed. -In most cases, the time filter applies to the time field in the index pattern, +In most cases, the time filter applies to the time field in the data view, but some apps allow you to use a different time field. Using the time filter, you can configure a refresh rate to periodically @@ -159,7 +159,7 @@ Use the global search to quickly open a saved object. * Go to <> for instructions on searching your data. -include::index-patterns.asciidoc[] +include::data-views.asciidoc[] include::set-time-filter.asciidoc[] diff --git a/docs/concepts/set-time-filter.asciidoc b/docs/concepts/set-time-filter.asciidoc index e4784a97e816b..116bcd6f91f77 100644 --- a/docs/concepts/set-time-filter.asciidoc +++ b/docs/concepts/set-time-filter.asciidoc @@ -2,7 +2,7 @@ === Set the time range Display data within a specified time range when your index contains time-based events, and a time-field is configured for the -selected <>. +selected <>. The default time range is 15 minutes, but you can customize it in <>. diff --git a/docs/discover/search.asciidoc b/docs/discover/search.asciidoc index 0306be3eb670d..4f4f8f5b48d10 100644 --- a/docs/discover/search.asciidoc +++ b/docs/discover/search.asciidoc @@ -3,7 +3,7 @@ You can search your data in any app that has a query bar, or by clicking on elements in a visualization. A search matches indices in the current -<> and in the current <>. +<> and in the current <>. [float] diff --git a/docs/maps/search.asciidoc b/docs/maps/search.asciidoc index 08624e4ddff57..a170bcc414d3b 100644 --- a/docs/maps/search.asciidoc +++ b/docs/maps/search.asciidoc @@ -43,7 +43,7 @@ To prevent the global search from applying to a layer, configure the following: [[maps-narrow-layer-by-global-time]] ==== Narrow layers by global time -Layers that request data from {es} using an <> with a configured time field are narrowed by the <>. +Layers that request data from {es} using a <> with a configured time field are narrowed by the <>. These layers contain the clock icon image:maps/images/clock_icon.png[clock icon] next to the layer name in the legend. Use the time slider to quickly select time slices within the global time range: diff --git a/docs/redirects.asciidoc b/docs/redirects.asciidoc index d5bc2ccd8ef7d..4010083d601b5 100644 --- a/docs/redirects.asciidoc +++ b/docs/redirects.asciidoc @@ -358,3 +358,8 @@ This content has moved. Refer to <>. == Rendering pre-captured profiler JSON This content has moved. Refer to <>. + +[role="exclude",id="index-patterns"] +== Index patterns has been renamed to data views. + +This content has moved. Refer to <>. diff --git a/docs/setup/connect-to-elasticsearch.asciidoc b/docs/setup/connect-to-elasticsearch.asciidoc index ad38ac1710fd5..b1d9d3ea2ea18 100644 --- a/docs/setup/connect-to-elasticsearch.asciidoc +++ b/docs/setup/connect-to-elasticsearch.asciidoc @@ -84,7 +84,7 @@ You can manage your roles, privileges, and spaces in **{stack-manage-app}** in If the {kib} ingest options don't work for you, you can index your data into Elasticsearch with {ref}/getting-started-index.html[REST APIs] or https://www.elastic.co/guide/en/elasticsearch/client/index.html[client libraries]. -After you add your data, you're required to create an <> to tell +After you add your data, you're required to create a <> to tell {kib} where to find the data. * To add data for Elastic Observability, refer to {observability-guide}/add-observability-data.html[Send data to Elasticsearch]. diff --git a/docs/user/canvas.asciidoc b/docs/user/canvas.asciidoc index 1cd8eacc456c7..1f469b697c218 100644 --- a/docs/user/canvas.asciidoc +++ b/docs/user/canvas.asciidoc @@ -43,7 +43,7 @@ To create workpads, you must meet the minimum requirements. * If you need to set up {kib}, use https://www.elastic.co/cloud/elasticsearch-service/signup?baymax=docs-body&elektra=docs[our free trial]. -* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and an <>. +* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and a <>. * Have an understanding of {ref}/documents-indices.html[{es} documents and indices]. diff --git a/docs/user/dashboard/dashboard.asciidoc b/docs/user/dashboard/dashboard.asciidoc index a2e0eb6bf92e9..474b45f4989fb 100644 --- a/docs/user/dashboard/dashboard.asciidoc +++ b/docs/user/dashboard/dashboard.asciidoc @@ -5,7 +5,7 @@ -- **_Visualize your data with dashboards._** -The best way to understand your data is to visualize it. With dashboards, you can turn your data from one or more <> into a collection of panels +The best way to understand your data is to visualize it. With dashboards, you can turn your data from one or more <> into a collection of panels that bring clarity to your data, tell a story about your data, and allow you to focus on only the data that's important to you. [role="screenshot"] @@ -53,7 +53,7 @@ To create dashboards, you must meet the minimum requirements. * If you need to set up {kib}, use https://www.elastic.co/cloud/elasticsearch-service/signup?baymax=docs-body&elektra=docs[our free trial]. -* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and an <>. +* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and a <>. * When the read-only indicator appears, you have insufficient privileges to create or save dashboards, and the options to create and save dashboards are not visible. For more information, diff --git a/docs/user/dashboard/lens-advanced.asciidoc b/docs/user/dashboard/lens-advanced.asciidoc index d5a52428cff36..02e0afd2c0311 100644 --- a/docs/user/dashboard/lens-advanced.asciidoc +++ b/docs/user/dashboard/lens-advanced.asciidoc @@ -33,7 +33,7 @@ Open *Lens*, then make sure the correct fields appear. . Make sure the *kibana_sample_data_ecommerce* index appears. + -If you are using your own data, select the <> that contains your data. +If you are using your own data, select the <> that contains your data. [discrete] [[custom-time-interval]] diff --git a/docs/user/dashboard/tsvb.asciidoc b/docs/user/dashboard/tsvb.asciidoc index 9fe6af2d3da6d..c944ec2c9e083 100644 --- a/docs/user/dashboard/tsvb.asciidoc +++ b/docs/user/dashboard/tsvb.asciidoc @@ -8,7 +8,7 @@ With *TSVB*, you can: * Combine an infinite number of <> to display your data. * Annotate time series data with timestamped events from an {es} index. * View the data in several types of visualizations, including charts, data tables, and markdown panels. -* Display multiple <> in each visualization. +* Display multiple <> in each visualization. * Use custom functions and some math on aggregations. * Customize the data with labels and colors. diff --git a/docs/user/discover.asciidoc b/docs/user/discover.asciidoc index e52531f9decdc..a485bb4c96efe 100644 --- a/docs/user/discover.asciidoc +++ b/docs/user/discover.asciidoc @@ -64,7 +64,7 @@ Tell {kib} where to find the data you want to explore, and then specify the time . Select the data you want to work with. + -{kib} uses an <> to tell it where to find +{kib} uses a <> to tell it where to find your {es} data. To view the ecommerce sample data, make sure the index pattern is set to **kibana_sample_data_ecommerce**. + diff --git a/docs/user/graph/getting-started.asciidoc b/docs/user/graph/getting-started.asciidoc index 086c0707b3c2c..5e87efc5e8aca 100644 --- a/docs/user/graph/getting-started.asciidoc +++ b/docs/user/graph/getting-started.asciidoc @@ -3,7 +3,7 @@ == Create a graph You must index data into {es} before you can create a graph. -<> or get started with a <>. +<> or get started with a <>. [float] [[exploring-connections]] diff --git a/package.json b/package.json index 1718c703ee7a7..f35800746095a 100644 --- a/package.json +++ b/package.json @@ -87,7 +87,7 @@ "**/underscore": "^1.13.1" }, "engines": { - "node": "16.11.1", + "node": "16.13.0", "yarn": "^1.21.1" }, "dependencies": { diff --git a/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap b/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap index 571b564f90329..a16c15555f5e5 100644 --- a/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap +++ b/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap @@ -425,7 +425,7 @@ exports[`CollapsibleNav renders links grouped by category 1`] = ` } > - diff --git a/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap b/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap index e73d5e8002a02..d2b1078641437 100644 --- a/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap +++ b/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap @@ -1272,45 +1272,7 @@ exports[`Header renders 1`] = ` "closed": false, "hasError": false, "isStopped": false, - "observers": Array [ - Subscriber { - "_parentOrParents": null, - "_subscriptions": Array [ - SubjectSubscription { - "_parentOrParents": [Circular], - "_subscriptions": null, - "closed": false, - "subject": [Circular], - "subscriber": [Circular], - }, - ], - "closed": false, - "destination": SafeSubscriber { - "_complete": undefined, - "_context": [Circular], - "_error": undefined, - "_next": [Function], - "_parentOrParents": null, - "_parentSubscriber": [Circular], - "_subscriptions": null, - "closed": false, - "destination": Object { - "closed": true, - "complete": [Function], - "error": [Function], - "next": [Function], - }, - "isStopped": false, - "syncErrorThrowable": false, - "syncErrorThrown": false, - "syncErrorValue": null, - }, - "isStopped": false, - "syncErrorThrowable": true, - "syncErrorThrown": false, - "syncErrorValue": null, - }, - ], + "observers": Array [], "thrownError": null, } } @@ -4338,7 +4300,6 @@ exports[`Header renders 1`] = ` } homeHref="/" id="generated-id" - isLocked={true} isNavOpen={false} navLinks$={ BehaviorSubject { diff --git a/src/core/public/chrome/ui/header/collapsible_nav.scss b/src/core/public/chrome/ui/header/collapsible_nav.scss index d72775d374d47..5f84863ad7309 100644 --- a/src/core/public/chrome/ui/header/collapsible_nav.scss +++ b/src/core/public/chrome/ui/header/collapsible_nav.scss @@ -3,3 +3,24 @@ max-height: $euiSize * 10; margin-right: -$euiSizeS; } + +/** + * 1. Increase the hit area of the link (anchor) + * 2. Only show the text underline when hovering on the text/anchor portion + */ + +.kbnCollapsibleNav__solutionGroupButton { + display: block; /* 1 */ + + &:hover { + text-decoration: none; /* 2 */ + } +} + +.kbnCollapsibleNav__solutionGroupLink { + display: block; /* 1 */ + + &:hover { + text-decoration: underline; /* 2 */ + } +} diff --git a/src/core/public/chrome/ui/header/collapsible_nav.tsx b/src/core/public/chrome/ui/header/collapsible_nav.tsx index ccc0e17b655b1..ef380ee47e235 100644 --- a/src/core/public/chrome/ui/header/collapsible_nav.tsx +++ b/src/core/public/chrome/ui/header/collapsible_nav.tsx @@ -14,13 +14,12 @@ import { EuiHorizontalRule, EuiListGroup, EuiListGroupItem, - EuiShowFor, EuiCollapsibleNavProps, EuiButton, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { groupBy, sortBy } from 'lodash'; -import React, { Fragment, useMemo, useRef } from 'react'; +import React, { Fragment, useMemo } from 'react'; import useObservable from 'react-use/lib/useObservable'; import * as Rx from 'rxjs'; import { ChromeNavLink, ChromeRecentlyAccessedHistoryItem } from '../..'; @@ -33,6 +32,7 @@ import { createRecentNavLink, isModifiedOrPrevented, createEuiButtonItem, + createOverviewLink, } from './nav_link'; function getAllCategories(allCategorizedLinks: Record) { const allCategories = {} as Record; @@ -72,7 +72,6 @@ interface Props { appId$: InternalApplicationStart['currentAppId$']; basePath: HttpStart['basePath']; id: string; - isLocked: boolean; isNavOpen: boolean; homeHref: string; navLinks$: Rx.Observable; @@ -86,10 +85,17 @@ interface Props { button: EuiCollapsibleNavProps['button']; } +const overviewIDsToHide = ['kibanaOverview', 'enterpriseSearch']; +const overviewIDs = [ + ...overviewIDsToHide, + 'observability-overview', + 'securitySolutionUI:overview', + 'management', +]; + export function CollapsibleNav({ basePath, id, - isLocked, isNavOpen, homeHref, storage = window.localStorage, @@ -104,23 +110,29 @@ export function CollapsibleNav({ const allowedLinks = useMemo( () => allLinks.filter( - // Filterting out hidden links and the integrations one in favor of a specific Add Data button at the bottom - (link) => !link.hidden && link.id !== 'integrations' + (link) => + // Filterting out hidden links, + !link.hidden && + // integrations link in favor of a specific Add Data button at the bottom, + link.id !== 'integrations' && + // and non-data overview pages + !overviewIDsToHide.includes(link.id) ), [allLinks] ); + // Find just the integrations link const integrationsLink = useMemo( - () => - allLinks.find( - // Find just the integrations link - (link) => link.id === 'integrations' - ), + () => allLinks.find((link) => link.id === 'integrations'), + [allLinks] + ); + // Find all the overview (landing page) links + const overviewLinks = useMemo( + () => allLinks.filter((link) => overviewIDs.includes(link.id)), [allLinks] ); const recentlyAccessed = useObservable(observables.recentlyAccessed$, []); const customNavLink = useObservable(observables.customNavLink$, undefined); const appId = useObservable(observables.appId$, ''); - const lockRef = useRef(null); const groupedNavLinks = groupBy(allowedLinks, (link) => link?.category?.id); const { undefined: unknowns = [], ...allCategorizedLinks } = groupedNavLinks; const categoryDictionary = getAllCategories(allCategorizedLinks); @@ -153,7 +165,7 @@ export function CollapsibleNav({ @@ -166,12 +178,13 @@ export function CollapsibleNav({ dataTestSubj: 'collapsibleNavCustomNavLink', onClick: closeNav, externalLink: true, + iconProps: { color: 'ghost' }, }), ]} maxWidth="none" - color="text" gutterSize="none" size="s" + color="ghost" /> @@ -270,13 +283,31 @@ export function CollapsibleNav({ {/* Kibana, Observability, Security, and Management sections */} {orderedCategories.map((categoryName) => { const category = categoryDictionary[categoryName]!; + const overviewLink = overviewLinks.find((link) => link.category === category); return ( + {category.label} + + ) : ( + category.label + ) + } isCollapsible={true} initialIsOpen={getIsCategoryOpen(category.id, storage)} onToggle={(isCategoryOpen) => setIsCategoryOpen(category.id, isCategoryOpen, storage)} @@ -305,45 +336,6 @@ export function CollapsibleNav({ ))} - - {/* Docking button only for larger screens that can support it*/} - - - - { - onIsLockedUpdate(!isLocked); - if (lockRef.current) { - lockRef.current.focus(); - } - }} - iconType={isLocked ? 'lock' : 'lockOpen'} - /> - - - {integrationsLink && ( @@ -355,7 +347,6 @@ export function CollapsibleNav({ link: integrationsLink, navigateToUrl, onClick: closeNav, - dataTestSubj: `collapsibleNavAppButton-${integrationsLink.id}`, })} fill fullWidth diff --git a/src/core/public/chrome/ui/header/header.tsx b/src/core/public/chrome/ui/header/header.tsx index 578c87411e543..40108760cc0be 100644 --- a/src/core/public/chrome/ui/header/header.tsx +++ b/src/core/public/chrome/ui/header/header.tsx @@ -84,7 +84,6 @@ export function Header({ ...observables }: HeaderProps) { const isVisible = useObservable(observables.isVisible$, false); - const isLocked = useObservable(observables.isLocked$, false); const [isNavOpen, setIsNavOpen] = useState(false); const [navId] = useState(htmlIdGenerator()()); const breadcrumbsAppendExtension = useObservable(breadcrumbsAppendExtension$); @@ -160,7 +159,6 @@ export function Header({ : undefined, }), @@ -77,7 +80,7 @@ export function createEuiButtonItem({ navigateToUrl, dataTestSubj, }: Omit) { - const { href, disabled, url } = link; + const { href, disabled, url, id } = link; return { href, @@ -90,7 +93,30 @@ export function createEuiButtonItem({ navigateToUrl(url); }, isDisabled: disabled, - 'data-test-subj': dataTestSubj, + dataTestSubj: `collapsibleNavAppButton-${id}`, + }; +} + +export function createOverviewLink({ + link, + onClick = () => {}, + navigateToUrl, +}: Omit) { + const { href, url } = link; + + return { + href, + /* Use href and onClick to support "open in new tab" and SPA navigation in the same link */ + onClick(event: React.MouseEvent) { + // Prevent the accordions from opening or closing when clicking just the link + event.stopPropagation(); + if (!isModifiedOrPrevented(event)) { + onClick(); + } + event.preventDefault(); + navigateToUrl(url); + }, + 'data-test-subj': `collapsibleNavAppLink-overview`, }; } diff --git a/src/dev/typescript/projects.ts b/src/dev/typescript/projects.ts index de432b51c0bbf..e5657dd4663a3 100644 --- a/src/dev/typescript/projects.ts +++ b/src/dev/typescript/projects.ts @@ -63,6 +63,9 @@ export const PROJECTS = [ name: 'apm/ftr_e2e', disableTypeCheck: true, }), + createProject('x-pack/plugins/fleet/cypress/tsconfig.json', { + name: 'fleet/cypress', + }), createProject('x-pack/plugins/uptime/e2e/tsconfig.json', { name: 'uptime/synthetics-e2e-tests', diff --git a/src/plugins/custom_integrations/common/index.ts b/src/plugins/custom_integrations/common/index.ts index 98148bb22c816..f00b4c39405d5 100755 --- a/src/plugins/custom_integrations/common/index.ts +++ b/src/plugins/custom_integrations/common/index.ts @@ -40,16 +40,11 @@ export const INTEGRATION_CATEGORY_DISPLAY = { web: 'Web', // Kibana added - communication: 'Communication', - customer_support: 'Customer Support', - document_storage: 'Document Storage', - enterprise_management: 'Enterprise Management', - knowledge_platform: 'Knowledge Platform', + communications: 'Communications', + file_storage: 'File storage', language_client: 'Language client', - project_management: 'Project Management', - software_development: 'Software Development', upload_file: 'Upload a file', - website_search: 'Website Search', + website_search: 'Website search', }; /** diff --git a/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx b/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx index f71a3d3b0686a..90db5abe418b7 100644 --- a/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx +++ b/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx @@ -231,6 +231,7 @@ export default function QueryBarTopRow(props: QueryBarTopRowProps) { isDisabled={isDateRangeInvalid} isLoading={props.isLoading} onClick={onClickSubmitButton} + fill={false} data-test-subj="querySubmitButton" /> ); diff --git a/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap b/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap index 155377e5ea335..570699aa0c0e2 100644 --- a/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap +++ b/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap @@ -2,6 +2,7 @@ exports[`TopNavMenu Should render emphasized item which should be clickable 1`] = ` + {upperFirst(props.label || props.id!)} ) : ( diff --git a/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx b/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx index c74c0f2ee6c2d..633f15a9824ea 100644 --- a/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx +++ b/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx @@ -45,8 +45,10 @@ export const getTimelionVisRenderer: ( timeFieldName: '*', filters: [ { - range: { - '*': rangeFilterParams, + query: { + range: { + '*': rangeFilterParams, + }, }, }, ], diff --git a/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx b/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx index 886b569671a6b..0916892cfda46 100644 --- a/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx +++ b/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx @@ -81,10 +81,12 @@ function TimeseriesVisualization({ timeFieldName: '*', filters: [ { - range: { - '*': { - gte, - lte, + query: { + range: { + '*': { + gte, + lte, + }, }, }, }, diff --git a/test/functional/page_objects/visual_builder_page.ts b/test/functional/page_objects/visual_builder_page.ts index 385d250fe761d..f6e6caf102004 100644 --- a/test/functional/page_objects/visual_builder_page.ts +++ b/test/functional/page_objects/visual_builder_page.ts @@ -506,12 +506,19 @@ export class VisualBuilderPageObject extends FtrService { } public async toggleIndexPatternSelectionModePopover(shouldOpen: boolean) { - const isPopoverOpened = await this.testSubjects.exists( - 'switchIndexPatternSelectionModePopoverContent' - ); - if ((shouldOpen && !isPopoverOpened) || (!shouldOpen && isPopoverOpened)) { - await this.testSubjects.click('switchIndexPatternSelectionModePopoverButton'); - } + await this.retry.try(async () => { + const isPopoverOpened = await this.testSubjects.exists( + 'switchIndexPatternSelectionModePopoverContent' + ); + if ((shouldOpen && !isPopoverOpened) || (!shouldOpen && isPopoverOpened)) { + await this.testSubjects.click('switchIndexPatternSelectionModePopoverButton'); + } + if (shouldOpen) { + await this.testSubjects.existOrFail('switchIndexPatternSelectionModePopoverContent'); + } else { + await this.testSubjects.missingOrFail('switchIndexPatternSelectionModePopoverContent'); + } + }); } public async switchIndexPatternSelectionMode(useKibanaIndices: boolean) { diff --git a/test/functional/services/combo_box.ts b/test/functional/services/combo_box.ts index 6706db82ce708..88201b0ec7e19 100644 --- a/test/functional/services/combo_box.ts +++ b/test/functional/services/combo_box.ts @@ -46,7 +46,9 @@ export class ComboBoxService extends FtrService { */ private async clickOption(isMouseClick: boolean, element: WebElementWrapper): Promise { // element.click causes scrollIntoView which causes combobox to close, using _webElement.click instead - return isMouseClick ? await element.clickMouseButton() : await element._webElement.click(); + await this.retry.try(async () => { + return isMouseClick ? await element.clickMouseButton() : await element._webElement.click(); + }); } /** diff --git a/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts b/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts index 244d07d2cfc82..adfd724f063b4 100644 --- a/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts +++ b/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts @@ -12,6 +12,10 @@ import { ExpectExpression, expectExpressionProvider } from './helpers'; import { FtrProviderContext } from '../../../functional/ftr_provider_context'; function getCell(esaggsResult: any, row: number, column: number): unknown | undefined { + if (esaggsResult && !esaggsResult.columns) { + throw new Error(`Unexpected esaggs result: ${JSON.stringify(esaggsResult, undefined, ' ')}`); + } + const columnId = esaggsResult?.columns[column]?.id; if (!columnId) { return; @@ -37,8 +41,7 @@ export default function ({ }: FtrProviderContext & { updateBaselines: boolean }) { let expectExpression: ExpectExpression; - // FLAKY https://github.com/elastic/kibana/issues/107028 - describe.skip('esaggs timeshift tests', () => { + describe('esaggs timeshift tests', () => { before(() => { expectExpression = expectExpressionProvider({ getService, updateBaselines }); }); @@ -98,6 +101,7 @@ export default function ({ 'esaggs_shift_single_percentile', expression ).getResponse(); + // percentile is not stable expect(getCell(result, 0, 0)).to.be.within(10000, 20000); expect(getCell(result, 0, 1)).to.be.within(10000, 20000); diff --git a/test/scripts/jenkins_fleet_cypress.sh b/test/scripts/jenkins_fleet_cypress.sh new file mode 100755 index 0000000000000..085c78cbf0a41 --- /dev/null +++ b/test/scripts/jenkins_fleet_cypress.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +source test/scripts/jenkins_test_setup_xpack.sh + +echo " -> Running fleet cypress tests" +cd "$XPACK_DIR" + +checks-reporter-with-killswitch "Fleet Cypress Tests" \ + node scripts/functional_tests \ + --debug --bail \ + --kibana-install-dir "$KIBANA_INSTALL_DIR" \ + --config test/fleet_cypress/cli_config.ts + +echo "" +echo "" diff --git a/vars/tasks.groovy b/vars/tasks.groovy index 050b62646fb3b..c6d926287750c 100644 --- a/vars/tasks.groovy +++ b/vars/tasks.groovy @@ -164,6 +164,14 @@ def functionalXpack(Map params = [:]) { task(kibanaPipeline.functionalTestProcess('xpack-UptimePlaywright', './test/scripts/jenkins_uptime_playwright.sh')) } } + + whenChanged([ + 'x-pack/plugins/fleet/', + ]) { + if (githubPr.isPr()) { + task(kibanaPipeline.functionalTestProcess('xpack-FleetCypress', './test/scripts/jenkins_fleet_cypress.sh')) + } + } } } diff --git a/x-pack/plugins/actions/server/index.test.ts b/x-pack/plugins/actions/server/index.test.ts index 9021879fa38aa..fe8cf98a48f43 100644 --- a/x-pack/plugins/actions/server/index.test.ts +++ b/x-pack/plugins/actions/server/index.test.ts @@ -51,10 +51,10 @@ describe('index', () => { '"xpack.actions.customHostSettings[].ssl.rejectUnauthorized" is deprecated.Use "xpack.actions.customHostSettings[].ssl.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' ); expect(messages[1]).toBe( - '"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' + '"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.ssl.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' ); expect(messages[2]).toBe( - '"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.proxyVerificationMode" instead, with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".' + '"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.ssl.proxyVerificationMode" instead, with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".' ); }); }); diff --git a/x-pack/plugins/actions/server/index.ts b/x-pack/plugins/actions/server/index.ts index e6c82969a0aa2..e1c60b9fd0491 100644 --- a/x-pack/plugins/actions/server/index.ts +++ b/x-pack/plugins/actions/server/index.ts @@ -103,13 +103,13 @@ export const config: PluginConfigDescriptor = { level: 'warning', configPath: `${fromPath}.rejectUnauthorized`, message: - `"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.verificationMode" instead, ` + + `"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.ssl.verificationMode" instead, ` + `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + `and "verificationMode:none" eql to "rejectUnauthorized:false".`, correctiveActions: { manualSteps: [ `Remove "xpack.actions.rejectUnauthorized" from your kibana configs.`, - `Use "xpack.actions.verificationMode" ` + + `Use "xpack.actions.ssl.verificationMode" ` + `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + `and "verificationMode:none" eql to "rejectUnauthorized:false".`, ], @@ -131,13 +131,13 @@ export const config: PluginConfigDescriptor = { level: 'warning', configPath: `${fromPath}.proxyRejectUnauthorizedCertificates`, message: - `"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.proxyVerificationMode" instead, ` + + `"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.ssl.proxyVerificationMode" instead, ` + `with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",` + `and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".`, correctiveActions: { manualSteps: [ `Remove "xpack.actions.proxyRejectUnauthorizedCertificates" from your kibana configs.`, - `Use "xpack.actions.proxyVerificationMode" ` + + `Use "xpack.actions.ssl.proxyVerificationMode" ` + `with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",` + `and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".`, ], diff --git a/x-pack/plugins/actions/server/plugin.ts b/x-pack/plugins/actions/server/plugin.ts index 8531f4a2bb706..bbf00572935fa 100644 --- a/x-pack/plugins/actions/server/plugin.ts +++ b/x-pack/plugins/actions/server/plugin.ts @@ -268,7 +268,8 @@ export class ActionsPlugin implements Plugin { test('getTotalCount should replace first symbol . to __ for action types names', async () => { @@ -604,4 +604,102 @@ Object { } `); }); + + test('getExecutionsTotalCount', async () => { + const mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser; + mockEsClient.search.mockReturnValueOnce( + // @ts-expect-error not full search response + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + totalExecutions: { + byConnectorTypeId: { + value: { + connectorTypes: { + '.slack': 100, + '.server-log': 20, + }, + total: 120, + }, + }, + }, + failedExecutions: { + refs: { + byConnectorTypeId: { + value: { + connectorTypes: { + '.slack': 7, + }, + total: 7, + }, + }, + }, + }, + avgDuration: { value: 10 }, + avgDurationByType: { + doc_count: 216, + actionSavedObjects: { + doc_count: 108, + byTypeId: { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets: [ + { + key: '.server-log', + doc_count: 99, + refs: { + doc_count: 99, + avgDuration: { + value: 919191.9191919192, + }, + }, + }, + { + key: '.email', + doc_count: 9, + refs: { + doc_count: 9, + avgDuration: { + value: 4.196666666666667e8, + }, + }, + }, + ], + }, + }, + }, + }, + }) + ); + + // for .slack connectors + mockEsClient.search.mockReturnValueOnce( + // @ts-expect-error not full search response + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + avgDuration: { value: 10 }, + }, + }) + ); + const telemetry = await getExecutionsPerDayCount(mockEsClient, 'test'); + + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(telemetry).toStrictEqual({ + avgExecutionTime: 0, + avgExecutionTimeByType: { + '__server-log': 919191.9191919192, + __email: 419666666.6666667, + }, + + countByType: { + __slack: 100, + + '__server-log': 20, + }, + countFailed: 7, + countFailedByType: { + __slack: 7, + }, + countTotal: 120, + }); + }); }); diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index ab72352d460e3..d288611af5e21 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -379,4 +379,184 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -// TODO: Implement executions count telemetry with eventLog, when it will write to index +export async function getExecutionsPerDayCount( + esClient: ElasticsearchClient, + eventLogIndex: string +): Promise<{ + countTotal: number; + countByType: Record; + countFailed: number; + countFailedByType: Record; + avgExecutionTime: number; + avgExecutionTimeByType: Record; +}> { + const scriptedMetric = { + scripted_metric: { + init_script: 'state.connectorTypes = [:]; state.total = 0;', + map_script: ` + if (doc['kibana.saved_objects.type'].value == 'action') { + String connectorType = doc['kibana.saved_objects.type_id'].value; + state.connectorTypes.put(connectorType, state.connectorTypes.containsKey(connectorType) ? state.connectorTypes.get(connectorType) + 1 : 1); + state.total++; + } + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map connectorTypes = [:]; + long total = 0; + for (state in states) { + if (state !== null) { + total += state.total; + for (String k : state.connectorTypes.keySet()) { + connectorTypes.put(k, connectorTypes.containsKey(k) ? connectorTypes.get(k) + state.connectorTypes.get(k) : state.connectorTypes.get(k)); + } + } + } + Map result = new HashMap(); + result.total = total; + result.connectorTypes = connectorTypes; + return result; + `, + }, + }; + + const { body: actionResults } = await esClient.search({ + index: eventLogIndex, + size: 0, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + term: { 'event.provider': 'actions' }, + }, + { + range: { + '@timestamp': { + gte: 'now-1d', + }, + }, + }, + ], + }, + }, + }, + }, + aggs: { + totalExecutions: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + byConnectorTypeId: scriptedMetric, + }, + }, + failedExecutions: { + filter: { + bool: { + filter: [ + { + term: { + 'event.outcome': 'failure', + }, + }, + ], + }, + }, + aggs: { + refs: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + byConnectorTypeId: scriptedMetric, + }, + }, + }, + }, + avgDuration: { avg: { field: 'event.duration' } }, + avgDurationByType: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + actionSavedObjects: { + filter: { term: { 'kibana.saved_objects.type': 'action' } }, + aggs: { + byTypeId: { + terms: { + field: 'kibana.saved_objects.type_id', + }, + aggs: { + refs: { + reverse_nested: {}, + aggs: { + avgDuration: { avg: { field: 'event.duration' } }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }); + + // @ts-expect-error aggegation type is not specified + const aggsExecutions = actionResults.aggregations.totalExecutions?.byConnectorTypeId.value; + // convert nanoseconds to milliseconds + const aggsAvgExecutionTime = Math.round( + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.avgDuration.value / (1000 * 1000) + ); + const aggsFailedExecutions = + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.failedExecutions?.refs?.byConnectorTypeId.value; + + const avgDurationByType = + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.avgDurationByType?.actionSavedObjects?.byTypeId?.buckets; + + const avgExecutionTimeByType: Record = avgDurationByType.reduce( + // @ts-expect-error aggegation type is not specified + (res: Record, bucket) => { + res[replaceFirstAndLastDotSymbols(bucket.key)] = bucket?.refs.avgDuration.value; + return res; + }, + {} + ); + + return { + countTotal: aggsExecutions.total, + countByType: Object.entries(aggsExecutions.connectorTypes).reduce( + (res: Record, [key, value]) => { + // @ts-expect-error aggegation type is not specified + res[replaceFirstAndLastDotSymbols(key)] = value; + return res; + }, + {} + ), + countFailed: aggsFailedExecutions.total, + countFailedByType: Object.entries(aggsFailedExecutions.connectorTypes).reduce( + (res: Record, [key, value]) => { + // @ts-expect-error aggegation type is not specified + res[replaceFirstAndLastDotSymbols(key)] = value; + return res; + }, + {} + ), + avgExecutionTime: aggsAvgExecutionTime, + avgExecutionTimeByType, + }; +} diff --git a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts index 9ba9d7390a7b6..3e690d18063d6 100644 --- a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts +++ b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts @@ -37,8 +37,14 @@ export function createActionsUsageCollector( }, }, count_active_by_type: byTypeSchema, + count_actions_executions_per_day: { type: 'long' }, + count_actions_executions_by_type_per_day: byTypeSchema, count_active_email_connectors_by_service_type: byServiceProviderTypeSchema, count_actions_namespaces: { type: 'long' }, + count_actions_executions_failed_per_day: { type: 'long' }, + count_actions_executions_failed_by_type_per_day: byTypeSchema, + avg_execution_time_per_day: { type: 'long' }, + avg_execution_time_by_type_per_day: byTypeSchema, }, fetch: async () => { try { @@ -60,6 +66,12 @@ export function createActionsUsageCollector( count_active_by_type: {}, count_active_email_connectors_by_service_type: {}, count_actions_namespaces: 0, + count_actions_executions_per_day: 0, + count_actions_executions_by_type_per_day: {}, + count_actions_executions_failed_per_day: 0, + count_actions_executions_failed_by_type_per_day: {}, + avg_execution_time_per_day: 0, + avg_execution_time_by_type_per_day: {}, }; } }, diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index bacb9e5f72571..5ddcbab4261d1 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -7,13 +7,14 @@ import { Logger, CoreSetup } from 'kibana/server'; import moment from 'moment'; +import { IEventLogService } from '../../../event_log/server'; import { RunContext, TaskManagerSetupContract, TaskManagerStartContract, } from '../../../task_manager/server'; import { PreConfiguredAction } from '../types'; -import { getTotalCount, getInUseTotalCount } from './actions_telemetry'; +import { getTotalCount, getInUseTotalCount, getExecutionsPerDayCount } from './actions_telemetry'; export const TELEMETRY_TASK_TYPE = 'actions_telemetry'; @@ -24,9 +25,17 @@ export function initializeActionsTelemetry( taskManager: TaskManagerSetupContract, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { - registerActionsTelemetryTask(logger, taskManager, core, kibanaIndex, preconfiguredActions); + registerActionsTelemetryTask( + logger, + taskManager, + core, + kibanaIndex, + preconfiguredActions, + eventLog + ); } export function scheduleActionsTelemetry(logger: Logger, taskManager: TaskManagerStartContract) { @@ -38,13 +47,20 @@ function registerActionsTelemetryTask( taskManager: TaskManagerSetupContract, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Actions usage fetch task', timeout: '5m', - createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, preconfiguredActions), + createTaskRunner: telemetryTaskRunner( + logger, + core, + kibanaIndex, + preconfiguredActions, + eventLog + ), }, }); } @@ -66,10 +82,12 @@ export function telemetryTaskRunner( logger: Logger, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; + const eventLogIndex = eventLog.getIndexPattern(); const getEsClient = () => core.getStartServices().then( ([ @@ -84,8 +102,9 @@ export function telemetryTaskRunner( return Promise.all([ getTotalCount(esClient, kibanaIndex, preconfiguredActions), getInUseTotalCount(esClient, kibanaIndex, undefined, preconfiguredActions), + getExecutionsPerDayCount(esClient, eventLogIndex), ]) - .then(([totalAggegations, totalInUse]) => { + .then(([totalAggegations, totalInUse, totalExecutionsPerDay]) => { return { state: { runs: (state.runs || 0) + 1, @@ -96,6 +115,13 @@ export function telemetryTaskRunner( count_active_alert_history_connectors: totalInUse.countByAlertHistoryConnectorType, count_active_email_connectors_by_service_type: totalInUse.countEmailByService, count_actions_namespaces: totalInUse.countNamespaces, + count_actions_executions_per_day: totalExecutionsPerDay.countTotal, + count_actions_executions_by_type_per_day: totalExecutionsPerDay.countByType, + count_actions_executions_failed_per_day: totalExecutionsPerDay.countFailed, + count_actions_executions_failed_by_type_per_day: + totalExecutionsPerDay.countFailedByType, + avg_execution_time_per_day: totalExecutionsPerDay.avgExecutionTime, + avg_execution_time_by_type_per_day: totalExecutionsPerDay.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/actions/server/usage/types.ts b/x-pack/plugins/actions/server/usage/types.ts index 52677b35ac75b..2d041b1ba0d0e 100644 --- a/x-pack/plugins/actions/server/usage/types.ts +++ b/x-pack/plugins/actions/server/usage/types.ts @@ -16,9 +16,12 @@ export interface ActionsUsage { count_active_by_type: Record; count_active_email_connectors_by_service_type: Record; count_actions_namespaces: number; - // TODO: Implement executions count telemetry with eventLog, when it will write to index - // executions_by_type: Record; - // executions_total: number; + count_actions_executions_per_day: number; + count_actions_executions_by_type_per_day: Record; + count_actions_executions_failed_per_day: number; + count_actions_executions_failed_by_type_per_day: Record; + avg_execution_time_per_day: number; + avg_execution_time_by_type_per_day: Record; } export const byTypeSchema: MakeSchemaFrom['count_by_type'] = { diff --git a/x-pack/plugins/alerting/server/plugin.ts b/x-pack/plugins/alerting/server/plugin.ts index 9834225e73723..f0703defbca3d 100644 --- a/x-pack/plugins/alerting/server/plugin.ts +++ b/x-pack/plugins/alerting/server/plugin.ts @@ -209,7 +209,13 @@ export class AlertingPlugin { usageCollection, core.getStartServices().then(([_, { taskManager }]) => taskManager) ); - initializeAlertingTelemetry(this.telemetryLogger, core, plugins.taskManager, kibanaIndex); + initializeAlertingTelemetry( + this.telemetryLogger, + core, + plugins.taskManager, + kibanaIndex, + this.eventLogService + ); } // Usage counter for telemetry diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts index 03a96d19b8e8a..af08c8c75c144 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts @@ -7,7 +7,11 @@ // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { elasticsearchClientMock } from '../../../../../src/core/server/elasticsearch/client/mocks'; -import { getTotalCountAggregations, getTotalCountInUse } from './alerts_telemetry'; +import { + getTotalCountAggregations, + getTotalCountInUse, + getExecutionsPerDayCount, +} from './alerts_telemetry'; describe('alerts telemetry', () => { test('getTotalCountInUse should replace first "." symbol to "__" in alert types names', async () => { @@ -114,4 +118,74 @@ Object { } `); }); + + test('getTotalExecutionsCount should return execution aggregations for total count, count by rule type and number of failed executions', async () => { + const mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser; + mockEsClient.search.mockReturnValue( + // @ts-expect-error @elastic/elasticsearch Aggregate only allows unknown values + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + byRuleTypeId: { + value: { + ruleTypes: { + '.index-threshold': 2, + 'logs.alert.document.count': 1, + 'document.test.': 1, + }, + ruleTypesDuration: { + '.index-threshold': 2087868, + 'logs.alert.document.count': 1675765, + 'document.test.': 17687687, + }, + }, + }, + failuresByReason: { + value: { + reasons: { + unknown: { + '.index-threshold': 2, + 'logs.alert.document.count': 1, + 'document.test.': 1, + }, + }, + }, + }, + avgDuration: { value: 10 }, + }, + hits: { + hits: [], + }, + }) + ); + + const telemetry = await getExecutionsPerDayCount(mockEsClient, 'test'); + + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + + expect(telemetry).toStrictEqual({ + avgExecutionTime: 0, + avgExecutionTimeByType: { + '__index-threshold': 1043934, + 'document.test__': 17687687, + 'logs.alert.document.count': 1675765, + }, + countByType: { + '__index-threshold': 2, + 'document.test__': 1, + 'logs.alert.document.count': 1, + }, + countFailuresByReason: { + unknown: 4, + }, + countFailuresByReasonByType: { + unknown: { + '.index-threshold': 2, + 'document.test.': 1, + 'logs.alert.document.count': 1, + }, + }, + countTotal: 4, + countTotalFailures: 4, + }); + }); }); diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts index 7ff9538c1aa26..180ee4300f18c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts @@ -38,6 +38,65 @@ const alertTypeMetric = { }, }; +const ruleTypeExecutionsMetric = { + scripted_metric: { + init_script: 'state.ruleTypes = [:]; state.ruleTypesDuration = [:];', + map_script: ` + String ruleType = doc['rule.category'].value; + long duration = doc['event.duration'].value / (1000 * 1000); + state.ruleTypes.put(ruleType, state.ruleTypes.containsKey(ruleType) ? state.ruleTypes.get(ruleType) + 1 : 1); + state.ruleTypesDuration.put(ruleType, state.ruleTypesDuration.containsKey(ruleType) ? state.ruleTypesDuration.get(ruleType) + duration : duration); + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map result = [:]; + for (Map m : states.toArray()) { + if (m !== null) { + for (String k : m.keySet()) { + result.put(k, result.containsKey(k) ? result.get(k) + m.get(k) : m.get(k)); + } + } + } + return result; + `, + }, +}; + +const ruleTypeFailureExecutionsMetric = { + scripted_metric: { + init_script: 'state.reasons = [:]', + map_script: ` + if (doc['event.outcome'].value == 'failure') { + String reason = doc['event.reason'].value; + String ruleType = doc['rule.category'].value; + Map ruleTypes = state.reasons.containsKey(reason) ? state.reasons.get(reason) : [:]; + ruleTypes.put(ruleType, ruleTypes.containsKey(ruleType) ? ruleTypes.get(ruleType) + 1 : 1); + state.reasons.put(reason, ruleTypes); + } + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map result = [:]; + for (Map m : states.toArray()) { + if (m !== null) { + for (String k : m.keySet()) { + result.put(k, result.containsKey(k) ? result.get(k) + m.get(k) : m.get(k)); + } + } + } + return result; + `, + }, +}; + export async function getTotalCountAggregations( esClient: ElasticsearchClient, kibanaInex: string @@ -260,4 +319,130 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -// TODO: Implement executions count telemetry with eventLog, when it will write to index +export async function getExecutionsPerDayCount( + esClient: ElasticsearchClient, + eventLogIndex: string +) { + const { body: searchResult } = await esClient.search({ + index: eventLogIndex, + size: 0, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + term: { 'event.provider': 'alerting' }, + }, + { + range: { + '@timestamp': { + gte: 'now-1d', + }, + }, + }, + ], + }, + }, + }, + }, + aggs: { + byRuleTypeId: ruleTypeExecutionsMetric, + failuresByReason: ruleTypeFailureExecutionsMetric, + avgDuration: { avg: { field: 'event.duration' } }, + }, + }, + }); + + const executionsAggregations = searchResult.aggregations as { + byRuleTypeId: { + value: { ruleTypes: Record; ruleTypesDuration: Record }; + }; + }; + + const aggsAvgExecutionTime = Math.round( + // @ts-expect-error aggegation type is not specified + // convert nanoseconds to milliseconds + searchResult.aggregations.avgDuration.value / (1000 * 1000) + ); + + const executionFailuresAggregations = searchResult.aggregations as { + failuresByReason: { value: { reasons: Record> } }; + }; + + return { + countTotal: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + (total: number, key: string) => + parseInt(executionsAggregations.byRuleTypeId.value.ruleTypes[key], 10) + total, + 0 + ), + countByType: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: + executionsAggregations.byRuleTypeId.value.ruleTypes[key], + }), + {} + ), + countTotalFailures: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce((total: number, reason: string) => { + const byRuleTypesRefs = executionFailuresAggregations.failuresByReason.value.reasons[reason]; + const countByRuleTypes = Object.keys(byRuleTypesRefs).reduce( + (totalByType, ruleType) => parseInt(byRuleTypesRefs[ruleType] + totalByType, 10), + 0 + ); + return countByRuleTypes + total; + }, 0), + countFailuresByReason: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, reason: string) => { + const byRuleTypesRefs = + executionFailuresAggregations.failuresByReason.value.reasons[reason]; + const countByRuleTypes = Object.keys(byRuleTypesRefs).reduce( + (totalByType, ruleType) => parseInt(byRuleTypesRefs[ruleType] + totalByType, 10), + 0 + ); + return { + ...obj, + [replaceFirstAndLastDotSymbols(reason)]: countByRuleTypes, + }; + }, + {} + ), + countFailuresByReasonByType: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: + executionFailuresAggregations.failuresByReason.value.reasons[key], + }), + {} + ), + avgExecutionTime: aggsAvgExecutionTime, + avgExecutionTimeByType: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: Math.round( + executionsAggregations.byRuleTypeId.value.ruleTypesDuration[key] / + parseInt(executionsAggregations.byRuleTypeId.value.ruleTypes[key], 10) + ), + }), + {} + ), + }; +} diff --git a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts index e9405c51dbf15..e5b25ea75fc1c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts @@ -50,6 +50,26 @@ const byTypeSchema: MakeSchemaFrom['count_by_type'] = { xpack__ml__anomaly_detection_jobs_health: { type: 'long' }, // eslint-disable-line @typescript-eslint/naming-convention }; +const byReasonSchema: MakeSchemaFrom['count_rules_executions_failured_by_reason_per_day'] = + { + // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) + DYNAMIC_KEY: { type: 'long' }, + read: { type: 'long' }, + decrypt: { type: 'long' }, + license: { type: 'long' }, + unknown: { type: 'long' }, + }; + +const byReasonSchemaByType: MakeSchemaFrom['count_rules_executions_failured_by_reason_by_type_per_day'] = + { + // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) + DYNAMIC_KEY: byTypeSchema, + read: byTypeSchema, + decrypt: byTypeSchema, + license: byTypeSchema, + unknown: byTypeSchema, + }; + export function createAlertsUsageCollector( usageCollection: UsageCollectionSetup, taskManager: Promise @@ -92,6 +112,13 @@ export function createAlertsUsageCollector( count_active_by_type: {}, count_by_type: {}, count_rules_namespaces: 0, + count_rules_executions_per_day: 0, + count_rules_executions_by_type_per_day: {}, + count_rules_executions_failured_per_day: 0, + count_rules_executions_failured_by_reason_per_day: {}, + count_rules_executions_failured_by_reason_by_type_per_day: {}, + avg_execution_time_per_day: 0, + avg_execution_time_by_type_per_day: {}, }; } }, @@ -117,6 +144,13 @@ export function createAlertsUsageCollector( count_active_by_type: byTypeSchema, count_by_type: byTypeSchema, count_rules_namespaces: { type: 'long' }, + count_rules_executions_per_day: { type: 'long' }, + count_rules_executions_by_type_per_day: byTypeSchema, + count_rules_executions_failured_per_day: { type: 'long' }, + count_rules_executions_failured_by_reason_per_day: byReasonSchema, + count_rules_executions_failured_by_reason_by_type_per_day: byReasonSchemaByType, + avg_execution_time_per_day: { type: 'long' }, + avg_execution_time_by_type_per_day: byTypeSchema, }, }); } diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 9d39b3765cb5d..2fbd56c105c31 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -7,13 +7,18 @@ import { Logger, CoreSetup } from 'kibana/server'; import moment from 'moment'; +import { IEventLogService } from '../../../event_log/server'; import { RunContext, TaskManagerSetupContract, TaskManagerStartContract, } from '../../../task_manager/server'; -import { getTotalCountAggregations, getTotalCountInUse } from './alerts_telemetry'; +import { + getTotalCountAggregations, + getTotalCountInUse, + getExecutionsPerDayCount, +} from './alerts_telemetry'; export const TELEMETRY_TASK_TYPE = 'alerting_telemetry'; @@ -23,9 +28,10 @@ export function initializeAlertingTelemetry( logger: Logger, core: CoreSetup, taskManager: TaskManagerSetupContract, - kibanaIndex: string + kibanaIndex: string, + eventLog: IEventLogService ) { - registerAlertingTelemetryTask(logger, core, taskManager, kibanaIndex); + registerAlertingTelemetryTask(logger, core, taskManager, kibanaIndex, eventLog); } export function scheduleAlertingTelemetry(logger: Logger, taskManager?: TaskManagerStartContract) { @@ -38,13 +44,14 @@ function registerAlertingTelemetryTask( logger: Logger, core: CoreSetup, taskManager: TaskManagerSetupContract, - kibanaIndex: string + kibanaIndex: string, + eventLog: IEventLogService ) { taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Alerting usage fetch task', timeout: '5m', - createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex), + createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, eventLog), }, }); } @@ -62,9 +69,15 @@ async function scheduleTasks(logger: Logger, taskManager: TaskManagerStartContra } } -export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex: string) { +export function telemetryTaskRunner( + logger: Logger, + core: CoreSetup, + kibanaIndex: string, + eventLog: IEventLogService +) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; + const eventLogIndex = eventLog.getIndexPattern(); const getEsClient = () => core.getStartServices().then( ([ @@ -80,8 +93,9 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex return Promise.all([ getTotalCountAggregations(esClient, kibanaIndex), getTotalCountInUse(esClient, kibanaIndex), + getExecutionsPerDayCount(esClient, eventLogIndex), ]) - .then(([totalCountAggregations, totalInUse]) => { + .then(([totalCountAggregations, totalInUse, totalExecutions]) => { return { state: { runs: (state.runs || 0) + 1, @@ -90,6 +104,15 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex count_active_total: totalInUse.countTotal, count_disabled_total: totalCountAggregations.count_total - totalInUse.countTotal, count_rules_namespaces: totalInUse.countNamespaces, + count_rules_executions_per_day: totalExecutions.countTotal, + count_rules_executions_by_type_per_day: totalExecutions.countByType, + count_rules_executions_failured_per_day: totalExecutions.countTotalFailures, + count_rules_executions_failured_by_reason_per_day: + totalExecutions.countFailuresByReason, + count_rules_executions_failured_by_reason_by_type_per_day: + totalExecutions.countFailuresByReasonByType, + avg_execution_time_per_day: totalExecutions.avgExecutionTime, + avg_execution_time_by_type_per_day: totalExecutions.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/alerting/server/usage/types.ts b/x-pack/plugins/alerting/server/usage/types.ts index 0e489893a1bbc..50d9b80c44b70 100644 --- a/x-pack/plugins/alerting/server/usage/types.ts +++ b/x-pack/plugins/alerting/server/usage/types.ts @@ -12,6 +12,13 @@ export interface AlertsUsage { count_by_type: Record; count_active_by_type: Record; count_rules_namespaces: number; + count_rules_executions_per_day: number; + count_rules_executions_by_type_per_day: Record; + count_rules_executions_failured_per_day: number; + count_rules_executions_failured_by_reason_per_day: Record; + count_rules_executions_failured_by_reason_by_type_per_day: Record>; + avg_execution_time_per_day: number; + avg_execution_time_by_type_per_day: Record; throttle_time: { min: number; avg: number; diff --git a/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx b/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx index 5e9095def6e55..9e113b37a1394 100644 --- a/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx +++ b/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx @@ -7,7 +7,6 @@ import { EuiFlexGroup, - EuiFlexGrid, EuiFlexItem, EuiPanel, EuiSpacer, @@ -73,28 +72,30 @@ export function ErrorGroupOverview() { return ( - - - - - + + + + + + + + + - - - - - - - + + + + diff --git a/x-pack/plugins/apm/server/deprecations/deprecations.test.ts b/x-pack/plugins/apm/server/deprecations/deprecations.test.ts index 43e8140fb9b3c..8ab632deec809 100644 --- a/x-pack/plugins/apm/server/deprecations/deprecations.test.ts +++ b/x-pack/plugins/apm/server/deprecations/deprecations.test.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { kibanaPackageJson } from '@kbn/dev-utils'; + import { GetDeprecationsContext } from '../../../../../src/core/server'; import { CloudSetup } from '../../../cloud/server'; import { getDeprecations } from './'; @@ -19,7 +21,7 @@ const deprecationContext = { describe('getDeprecations', () => { describe('when fleet is disabled', () => { it('returns no deprecations', async () => { - const deprecationsCallback = getDeprecations({ branch: 'master' }); + const deprecationsCallback = getDeprecations({ branch: 'main' }); const deprecations = await deprecationsCallback(deprecationContext); expect(deprecations).toEqual([]); }); @@ -28,7 +30,7 @@ describe('getDeprecations', () => { describe('when running on cloud with legacy apm-server', () => { it('returns deprecations', async () => { const deprecationsCallback = getDeprecations({ - branch: 'master', + branch: 'main', cloudSetup: { isCloudEnabled: true } as unknown as CloudSetup, fleet: { start: () => ({ @@ -38,13 +40,20 @@ describe('getDeprecations', () => { }); const deprecations = await deprecationsCallback(deprecationContext); expect(deprecations).not.toEqual([]); + // TODO: remove when docs support "main" + if (kibanaPackageJson.branch === 'main') { + for (const { documentationUrl } of deprecations) { + expect(documentationUrl).toMatch(/\/master\//); + expect(documentationUrl).not.toMatch(/\/main\//); + } + } }); }); describe('when running on cloud with fleet', () => { it('returns no deprecations', async () => { const deprecationsCallback = getDeprecations({ - branch: 'master', + branch: 'main', cloudSetup: { isCloudEnabled: true } as unknown as CloudSetup, fleet: { start: () => ({ @@ -60,7 +69,7 @@ describe('getDeprecations', () => { describe('when running on prem', () => { it('returns no deprecations', async () => { const deprecationsCallback = getDeprecations({ - branch: 'master', + branch: 'main', cloudSetup: { isCloudEnabled: false } as unknown as CloudSetup, fleet: { start: () => ({ agentPolicyService: { get: () => undefined } }), diff --git a/x-pack/plugins/apm/server/deprecations/index.ts b/x-pack/plugins/apm/server/deprecations/index.ts index 76c90270abb8f..39e282e76d9a6 100644 --- a/x-pack/plugins/apm/server/deprecations/index.ts +++ b/x-pack/plugins/apm/server/deprecations/index.ts @@ -38,6 +38,8 @@ export function getDeprecations({ const isCloudEnabled = !!cloudSetup?.isCloudEnabled; const hasCloudAgentPolicy = !isEmpty(cloudAgentPolicy); + // TODO: remove when docs support "main" + const docBranch = branch === 'main' ? 'master' : branch; if (isCloudEnabled && !hasCloudAgentPolicy) { deprecations.push({ @@ -48,7 +50,7 @@ export function getDeprecations({ defaultMessage: 'Running the APM Server binary directly is considered a legacy option and is deprecated since 7.16. Switch to APM Server managed by an Elastic Agent instead. Read our documentation to learn more.', }), - documentationUrl: `https://www.elastic.co/guide/en/apm/server/${branch}/apm-integration.html`, + documentationUrl: `https://www.elastic.co/guide/en/apm/server/${docBranch}/apm-integration.html`, level: 'warning', correctiveActions: { manualSteps: [ diff --git a/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts b/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts index a2d22a2c8f6ad..dce8a3f397eaa 100644 --- a/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts +++ b/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts @@ -84,8 +84,5 @@ export async function getBuckets({ y: bucket.doc_count, }) ); - - return { - buckets: resp.hits.total.value > 0 ? buckets : [], - }; + return { buckets }; } diff --git a/x-pack/plugins/canvas/public/application.tsx b/x-pack/plugins/canvas/public/application.tsx index 04d3958b68e36..937c9f56f948c 100644 --- a/x-pack/plugins/canvas/public/application.tsx +++ b/x-pack/plugins/canvas/public/application.tsx @@ -37,6 +37,7 @@ import { services, LegacyServicesProvider, CanvasPluginServices, + pluginServices as canvasServices, } from './services'; import { initFunctions } from './functions'; // @ts-expect-error untyped local @@ -151,7 +152,13 @@ export const initializeCanvas = async ( }, ], content: (domNode) => { - ReactDOM.render(, domNode); + ReactDOM.render( + , + domNode + ); return () => ReactDOM.unmountComponentAtNode(domNode); }, }); diff --git a/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx b/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx index b4d22d8e6e6db..49b5aaaf1b209 100644 --- a/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx +++ b/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx @@ -9,15 +9,16 @@ import React, { FC } from 'react'; import { ExpressionFunction } from 'src/plugins/expressions'; import { EuiButtonEmpty } from '@elastic/eui'; import copy from 'copy-to-clipboard'; -import { useNotifyService } from '../../services'; +import { CanvasPluginServices } from '../../services'; + import { generateFunctionReference } from './generate_function_reference'; interface Props { functionRegistry: Record; + notifyService: CanvasPluginServices['notify']; } -export const FunctionReferenceGenerator: FC = ({ functionRegistry }) => { - const notifyService = useNotifyService(); +export const FunctionReferenceGenerator: FC = ({ functionRegistry, notifyService }) => { const functionDefinitions = Object.values(functionRegistry); const copyDocs = () => { diff --git a/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx b/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx index af1850beb5290..9331de3fcad4b 100644 --- a/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx +++ b/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx @@ -11,6 +11,7 @@ import { i18n } from '@kbn/i18n'; import { ExpressionFunction } from 'src/plugins/expressions'; import { KeyboardShortcutsDoc } from '../keyboard_shortcuts_doc'; +import { CanvasPluginServices } from '../../services/'; let FunctionReferenceGenerator: null | React.LazyExoticComponent = null; @@ -31,9 +32,10 @@ const strings = { interface Props { functionRegistry: Record; + notifyService: CanvasPluginServices['notify']; } -export const HelpMenu: FC = ({ functionRegistry }) => { +export const HelpMenu: FC = ({ functionRegistry, notifyService }) => { const [isFlyoutVisible, setFlyoutVisible] = useState(false); const showFlyout = () => { @@ -53,7 +55,10 @@ export const HelpMenu: FC = ({ functionRegistry }) => { {FunctionReferenceGenerator ? ( - + ) : null} diff --git a/x-pack/plugins/canvas/public/lib/run_interpreter.ts b/x-pack/plugins/canvas/public/lib/run_interpreter.ts index 6c10b82fae3fd..9633d91b8b8b2 100644 --- a/x-pack/plugins/canvas/public/lib/run_interpreter.ts +++ b/x-pack/plugins/canvas/public/lib/run_interpreter.ts @@ -19,11 +19,13 @@ interface Options { */ export async function interpretAst( ast: ExpressionAstExpression, - variables: Record + variables: Record, + input: ExpressionValue = null ): Promise { const context = { variables }; const { execute } = pluginServices.getServices().expressions; - return await execute(ast, null, context).getData().pipe(pluck('result')).toPromise(); + + return await execute(ast, input, context).getData().pipe(pluck('result')).toPromise(); } /** @@ -43,9 +45,9 @@ export async function runInterpreter( options: Options = {} ): Promise { const context = { variables }; - try { const { execute } = pluginServices.getServices().expressions; + const renderable = await execute(ast, input, context) .getData() .pipe(pluck('result')) diff --git a/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts b/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts index 9021c6d6c2753..ca66fa227e4eb 100644 --- a/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts +++ b/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts @@ -5,6 +5,7 @@ * 2.0. */ import { useContext, useEffect } from 'react'; +import useEffectOnce from 'react-use/lib/useEffectOnce'; import { usePlatformService } from '../../../services'; import { WorkpadRoutingContext } from '..'; @@ -27,4 +28,10 @@ export const useFullscreenPresentationHelper = () => { setFullscreen(true); } }, [isFullscreen, setFullscreen]); + + // Remove fullscreen when component unmounts + useEffectOnce(() => () => { + setFullscreen(true); + document.querySelector('body')?.classList.remove(fullscreenClass); + }); }; diff --git a/x-pack/plugins/canvas/public/state/actions/elements.js b/x-pack/plugins/canvas/public/state/actions/elements.js index a8302cf094016..c8d322163b54f 100644 --- a/x-pack/plugins/canvas/public/state/actions/elements.js +++ b/x-pack/plugins/canvas/public/state/actions/elements.js @@ -111,7 +111,8 @@ export const fetchContext = createThunk( ...element.ast, chain: astChain, }, - variables + variables, + prevContextValue ).then((value) => { dispatch( args.setValue({ diff --git a/x-pack/plugins/cloud/public/plugin.test.ts b/x-pack/plugins/cloud/public/plugin.test.ts index c1c94375d7063..43659d137a6e0 100644 --- a/x-pack/plugins/cloud/public/plugin.test.ts +++ b/x-pack/plugins/cloud/public/plugin.test.ts @@ -348,7 +348,7 @@ describe('Cloud Plugin', () => { expect(coreStart.chrome.setCustomNavLink.mock.calls[0]).toMatchInlineSnapshot(` Array [ Object { - "euiIconType": "arrowLeft", + "euiIconType": "logoCloud", "href": "https://cloud.elastic.co/abc123", "title": "Manage this deployment", }, @@ -370,7 +370,7 @@ describe('Cloud Plugin', () => { expect(coreStart.chrome.setCustomNavLink.mock.calls[0]).toMatchInlineSnapshot(` Array [ Object { - "euiIconType": "arrowLeft", + "euiIconType": "logoCloud", "href": "https://cloud.elastic.co/abc123", "title": "Manage this deployment", }, diff --git a/x-pack/plugins/cloud/public/plugin.ts b/x-pack/plugins/cloud/public/plugin.ts index 64b03acdc3ffd..e71b145c438ed 100644 --- a/x-pack/plugins/cloud/public/plugin.ts +++ b/x-pack/plugins/cloud/public/plugin.ts @@ -131,7 +131,7 @@ export class CloudPlugin implements Plugin { title: i18n.translate('xpack.cloud.deploymentLinkLabel', { defaultMessage: 'Manage this deployment', }), - euiIconType: 'arrowLeft', + euiIconType: 'logoCloud', href: getFullCloudUrl(baseUrl, deploymentUrl), }); } diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx index 4248eb62e33f1..3e12aa7b629f0 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx @@ -122,7 +122,7 @@ describe('SuggestionsLogic', () => { await nextTick(); expect(http.post).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify({ page: { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx index f0100fcafac4e..16c32c9bb0545 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx @@ -75,7 +75,7 @@ export const SuggestionsLogic = kea( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions`, { body: JSON.stringify({ page: { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts index b1f16944c985b..2b51cbb884ff9 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts @@ -295,7 +295,7 @@ describe('CurationLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { @@ -412,6 +412,7 @@ describe('CurationLogic', () => { expect(http.put).toHaveBeenCalledWith( '/internal/app_search/engines/some-engine/curations/cur-123456789', { + query: { skip_record_analytics: 'true' }, body: '{"queries":["a","b","c"],"query":"b","promoted":["d","e","f"],"hidden":["g"]}', // Uses state currently in CurationLogic } ); diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts index b5aecc417003e..08bf8cfd179eb 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts @@ -194,15 +194,18 @@ export const CurationLogic = kea( `/internal/app_search/engines/${engineName}/curations/${props.curationId}`, { + query: { skip_record_analytics: 'true' }, body: JSON.stringify({ queries: values.queries, query: values.activeQuery, diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.test.ts index e6a847f6e9ec6..171c774d8add2 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.test.ts @@ -241,7 +241,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.get).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions/foo-query', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions/foo-query', { query: { type: 'curation', @@ -297,7 +297,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { @@ -380,7 +380,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { @@ -463,7 +463,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { @@ -508,7 +508,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts index 5c51272baea8b..0e774d811f3be 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts @@ -81,7 +81,7 @@ export const CurationSuggestionLogic = kea< try { // eslint-disable-next-line @typescript-eslint/no-explicit-any const suggestionResponse = await http.get( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions/${props.query}`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions/${props.query}`, { query: { type: 'curation', @@ -251,7 +251,7 @@ const updateSuggestion = async ( status: string ) => { const response = await http.put<{ results: Array }>( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions`, { body: JSON.stringify([ { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts index 83a200943256b..8c2545fad651a 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts @@ -114,7 +114,7 @@ describe('IgnoredQueriesLogic', () => { await nextTick(); expect(http.post).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify({ page: { @@ -170,7 +170,7 @@ describe('IgnoredQueriesLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts index e36b5bc156b46..798117ec353d4 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts @@ -89,7 +89,7 @@ export const IgnoredQueriesLogic = kea; - }>(`/internal/app_search/engines/${engineName}/search_relevance_suggestions`, { + }>(`/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions`, { body: JSON.stringify([ { query: ignoredQuery, diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts index b8aae9c39174d..0d09f2d28f396 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts @@ -97,7 +97,7 @@ describe('CurationsSettingsLogic', () => { await nextTick(); expect(http.get).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions/settings' + '/internal/app_search/engines/some-engine/adaptive_relevance/settings' ); expect(CurationsSettingsLogic.actions.onCurationsSettingsLoad).toHaveBeenCalledWith({ enabled: true, @@ -204,7 +204,7 @@ describe('CurationsSettingsLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions/settings', + '/internal/app_search/engines/some-engine/adaptive_relevance/settings', { body: JSON.stringify({ curation: { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts index 3d090653ca74a..692d893a8e22f 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts @@ -72,7 +72,7 @@ export const CurationsSettingsLogic = kea< try { const response = await http.get<{ curation: CurationsSettings }>( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions/settings` + `/internal/app_search/engines/${engineName}/adaptive_relevance/settings` ); actions.onCurationsSettingsLoad(response.curation); } catch (e) { @@ -96,7 +96,7 @@ export const CurationsSettingsLogic = kea< const { engineName } = EngineLogic.values; try { const response = await http.put<{ curation: CurationsSettings }>( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions/settings`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/settings`, { body: JSON.stringify({ curation: currationsSetting }), } diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts index d2229b428932f..0a99b0991f4ed 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts +++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts @@ -382,7 +382,7 @@ export const INVITATION_PENDING_LABEL = i18n.translate( export const ROLE_MODAL_TEXT = i18n.translate('xpack.enterpriseSearch.roleMapping.roleModalText', { defaultMessage: - 'Removing a role mapping revokes access to any user corresponding to the mapping attributes, but may not take effect immediately for SAML-governed roles. Users with an active SAML session will retain access until it expires.', + 'Removing a role mapping could revoke access to the currently logged-in user. Before proceeding, verify that the currently logged-in user has the appropriate access level via a different role mapping to avoid undesired behavior. This action may not take effect immediately for SAML-governed roles. Users with an active SAML session will retain access until it expires.', }); export const USER_MODAL_TITLE = (username: string) => diff --git a/x-pack/plugins/enterprise_search/server/integrations.ts b/x-pack/plugins/enterprise_search/server/integrations.ts index eee5cdc3aaec3..633f5638cc05c 100644 --- a/x-pack/plugins/enterprise_search/server/integrations.ts +++ b/x-pack/plugins/enterprise_search/server/integrations.ts @@ -30,7 +30,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your files and folders stored on Box with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], }, { id: 'confluence_cloud', @@ -47,7 +47,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your organizational content on Confluence Cloud with Workplace Search.', } ), - categories: ['knowledge_platform'], + categories: ['productivity'], }, { id: 'confluence_server', @@ -64,7 +64,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your organizational content on Confluence Server with Workplace Search.', } ), - categories: ['knowledge_platform'], + categories: ['productivity'], }, { id: 'dropbox', @@ -78,7 +78,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your files and folders stored on Dropbox with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], }, { id: 'github', @@ -91,7 +91,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your projects and repos on GitHub with Workplace Search.', } ), - categories: ['software_development'], + categories: ['productivity'], }, { id: 'github_enterprise_server', @@ -108,7 +108,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your projects and repos on GitHub Enterprise Server with Workplace Search.', } ), - categories: ['software_development'], + categories: ['productivity'], }, { id: 'gmail', @@ -121,7 +121,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your emails managed by Gmail with Workplace Search.', } ), - categories: ['communication'], + categories: ['communications'], }, { id: 'google_drive', @@ -134,7 +134,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your documents on Google Drive with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], }, { id: 'jira_cloud', @@ -147,7 +147,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your project workflow on Jira Cloud with Workplace Search.', } ), - categories: ['project_management'], + categories: ['productivity'], }, { id: 'jira_server', @@ -160,7 +160,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your project workflow on Jira Server with Workplace Search.', } ), - categories: ['project_management'], + categories: ['productivity'], }, { id: 'onedrive', @@ -173,7 +173,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your files stored on OneDrive with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], uiInternalPath: '/app/enterprise_search/workplace_search/sources/add/one_drive', }, { @@ -187,7 +187,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your content on Salesforce with Workplace Search.', } ), - categories: ['crm'], + categories: ['productivity'], }, { id: 'salesforce_sandbox', @@ -203,7 +203,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your content on Salesforce Sandbox with Workplace Search.', } ), - categories: ['crm'], + categories: ['productivity'], }, { id: 'servicenow', @@ -216,7 +216,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your content on ServiceNow with Workplace Search.', } ), - categories: ['enterprise_management'], + categories: ['productivity'], }, { id: 'sharepoint_online', @@ -232,7 +232,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your files stored on SharePoint Online with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], uiInternalPath: '/app/enterprise_search/workplace_search/sources/add/share_point', }, { @@ -246,7 +246,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your messages on Slack with Workplace Search.', } ), - categories: ['communication'], + categories: ['communications'], }, { id: 'zendesk', @@ -259,7 +259,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your tickets on Zendesk with Workplace Search.', } ), - categories: ['customer_support'], + categories: ['communications'], }, { id: 'custom_api_source', diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.test.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.test.ts similarity index 67% rename from x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.test.ts rename to x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.test.ts index daab7c35596bf..cec2262c95a2e 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.test.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.test.ts @@ -7,17 +7,17 @@ import { MockRouter, mockRequestHandler, mockDependencies } from '../../__mocks__'; -import { registerSearchRelevanceSuggestionsRoutes } from './search_relevance_suggestions'; +import { registerSearchRelevanceSuggestionsRoutes } from './adaptive_relevance'; describe('search relevance insights routes', () => { beforeEach(() => { jest.clearAllMocks(); }); - describe('POST /internal/app_search/engines/{name}/search_relevance_suggestions', () => { + describe('POST /internal/app_search/engines/{name}/adaptive_relevance/suggestions', () => { const mockRouter = new MockRouter({ method: 'post', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', }); beforeEach(() => { @@ -33,15 +33,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }); }); }); - describe('PUT /internal/app_search/engines/{name}/search_relevance_suggestions', () => { + describe('PUT /internal/app_search/engines/{name}/adaptive_relevance/suggestions', () => { const mockRouter = new MockRouter({ method: 'put', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', }); beforeEach(() => { @@ -62,15 +62,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }); }); }); - describe('GET /internal/app_search/engines/{name}/search_relevance_suggestions/settings', () => { + describe('GET /internal/app_search/engines/{name}/adaptive_relevance/settings', () => { const mockRouter = new MockRouter({ method: 'get', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', }); beforeEach(() => { @@ -86,15 +86,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }); }); }); - describe('PUT /internal/app_search/engines/{name}/search_relevance_suggestions/settings', () => { + describe('PUT /internal/app_search/engines/{name}/adaptive_relevance/settings', () => { const mockRouter = new MockRouter({ method: 'put', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', }); beforeEach(() => { @@ -111,15 +111,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }); }); }); - describe('GET /internal/app_search/engines/{engineName}/search_relevance_suggestions/{query}', () => { + describe('GET /internal/app_search/engines/{engineName}/adaptive_relevance/suggestions/{query}', () => { const mockRouter = new MockRouter({ method: 'get', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/{query}', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions/{query}', }); beforeEach(() => { @@ -136,7 +136,7 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/as/engines/:engineName/search_relevance_suggestions/:query', + path: '/as/engines/:engineName/adaptive_relevance/suggestions/:query', }); }); }); diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.ts similarity index 70% rename from x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.ts rename to x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.ts index 95b50a9c4971e..02260d19186da 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.ts @@ -17,7 +17,7 @@ export function registerSearchRelevanceSuggestionsRoutes({ }: RouteDependencies) { router.post( { - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', validate: { params: schema.object({ engineName: schema.string(), @@ -35,13 +35,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }, enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }) ); router.put( skipBodyValidation({ - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', validate: { params: schema.object({ engineName: schema.string(), @@ -49,13 +49,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }), enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }) ); router.get( { - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', validate: { params: schema.object({ engineName: schema.string(), @@ -63,13 +63,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }, enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }) ); router.put( skipBodyValidation({ - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', validate: { params: schema.object({ engineName: schema.string(), @@ -77,13 +77,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }), enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }) ); router.get( { - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/{query}', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions/{query}', validate: { params: schema.object({ engineName: schema.string(), @@ -95,7 +95,7 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }, enterpriseSearchRequestHandler.createRequest({ - path: '/as/engines/:engineName/search_relevance_suggestions/:query', + path: '/as/engines/:engineName/adaptive_relevance/suggestions/:query', }) ); } diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts index b6ef8c8acafa5..a7282e5dc6cc4 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts @@ -85,6 +85,9 @@ export function registerCurationsRoutes({ { path: '/internal/app_search/engines/{engineName}/curations/{curationId}', validate: { + query: schema.object({ + skip_record_analytics: schema.string(), + }), params: schema.object({ engineName: schema.string(), curationId: schema.string(), diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts index 737b21e6f5a92..602d8c48d520e 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts @@ -7,6 +7,7 @@ import { RouteDependencies } from '../../plugin'; +import { registerSearchRelevanceSuggestionsRoutes } from './adaptive_relevance'; import { registerAnalyticsRoutes } from './analytics'; import { registerApiLogsRoutes } from './api_logs'; import { registerCrawlerRoutes } from './crawler'; @@ -22,7 +23,6 @@ import { registerResultSettingsRoutes } from './result_settings'; import { registerRoleMappingsRoutes } from './role_mappings'; import { registerSchemaRoutes } from './schema'; import { registerSearchRoutes } from './search'; -import { registerSearchRelevanceSuggestionsRoutes } from './search_relevance_suggestions'; import { registerSearchSettingsRoutes } from './search_settings'; import { registerSearchUIRoutes } from './search_ui'; import { registerSettingsRoutes } from './settings'; diff --git a/x-pack/plugins/event_log/server/event_log_service.mock.ts b/x-pack/plugins/event_log/server/event_log_service.mock.ts index a3ad81eb0e5a6..f43f3e025a7cf 100644 --- a/x-pack/plugins/event_log/server/event_log_service.mock.ts +++ b/x-pack/plugins/event_log/server/event_log_service.mock.ts @@ -17,6 +17,7 @@ const createEventLogServiceMock = () => { getProviderActions: jest.fn(), registerSavedObjectProvider: jest.fn(), getLogger: jest.fn().mockReturnValue(eventLoggerMock.create()), + getIndexPattern: jest.fn(), }; return mock; }; diff --git a/x-pack/plugins/event_log/server/event_log_service.ts b/x-pack/plugins/event_log/server/event_log_service.ts index 993631ed3ca8a..2cf22b0f20755 100644 --- a/x-pack/plugins/event_log/server/event_log_service.ts +++ b/x-pack/plugins/event_log/server/event_log_service.ts @@ -92,6 +92,10 @@ export class EventLogService implements IEventLogService { return this.savedObjectProviderRegistry.registerProvider(type, provider); } + getIndexPattern() { + return this.esContext.esNames.indexPattern; + } + getLogger(initialProperties: IEvent): IEventLogger { return new EventLogger({ esContext: this.esContext, diff --git a/x-pack/plugins/event_log/server/types.ts b/x-pack/plugins/event_log/server/types.ts index c50bed7e01dd5..6ffde7fd6dbe0 100644 --- a/x-pack/plugins/event_log/server/types.ts +++ b/x-pack/plugins/event_log/server/types.ts @@ -33,6 +33,7 @@ export interface IEventLogService { getProviderActions(): Map>; registerSavedObjectProvider(type: string, provider: SavedObjectProvider): void; getLogger(properties: IEvent): IEventLogger; + getIndexPattern(): string; } export interface IEventLogClientService { diff --git a/x-pack/plugins/fleet/.gitignore b/x-pack/plugins/fleet/.gitignore new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/x-pack/plugins/fleet/common/constants/routes.ts b/x-pack/plugins/fleet/common/constants/routes.ts index 60795799bb32d..aa5e0dbcd5ed1 100644 --- a/x-pack/plugins/fleet/common/constants/routes.ts +++ b/x-pack/plugins/fleet/common/constants/routes.ts @@ -89,7 +89,6 @@ export const AGENT_API_ROUTES = { CHECKIN_PATTERN: `${API_ROOT}/agents/{agentId}/checkin`, ACKS_PATTERN: `${API_ROOT}/agents/{agentId}/acks`, ACTIONS_PATTERN: `${API_ROOT}/agents/{agentId}/actions`, - ENROLL_PATTERN: `${API_ROOT}/agents/enroll`, UNENROLL_PATTERN: `${API_ROOT}/agents/{agentId}/unenroll`, BULK_UNENROLL_PATTERN: `${API_ROOT}/agents/bulk_unenroll`, REASSIGN_PATTERN: `${API_ROOT}/agents/{agentId}/reassign`, diff --git a/x-pack/plugins/fleet/cypress/README.md b/x-pack/plugins/fleet/cypress/README.md new file mode 100644 index 0000000000000..085ed7533e036 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/README.md @@ -0,0 +1,148 @@ +# Cypress Tests + +The `fleet/cypress` directory contains functional UI tests that execute using [Cypress](https://www.cypress.io/). + +## Running the tests + +There are currently three ways to run the tests, comprised of two execution modes and two target environments, which will be detailed below. + +### Execution modes + +#### Interactive mode + +When you run Cypress in interactive mode, an interactive runner is displayed that allows you to see commands as they execute while also viewing the application under test. For more information, please see [cypress documentation](https://docs.cypress.io/guides/core-concepts/test-runner.html#Overview). + +#### Headless mode + +A headless browser is a browser simulation program that does not have a user interface. These programs operate like any other browser, but do not display any UI. This is why meanwhile you are executing the tests on this mode you are not going to see the application under test. Just the output of the test is displayed on the terminal once the execution is finished. + +### Target environments + +#### FTR (CI) + +This is the configuration used by CI. It uses the FTR to spawn both a Kibana instance (http://localhost:5620) and an Elasticsearch instance (http://localhost:9220) with a preloaded minimum set of data (see preceding "Test data" section), and then executes cypress against this stack. You can find this configuration in `x-pack/test/fleet_cypress` + +### Test Execution: Examples + +#### FTR + Headless (Chrome) + +Since this is how tests are run on CI, this will likely be the configuration you want to reproduce failures locally, etc. + +```shell +# bootstrap kibana from the project root +yarn kbn bootstrap + +# build the plugins/assets that cypress will execute against +node scripts/build_kibana_platform_plugins + +# launch the cypress test runner +cd x-pack/plugins/fleet +yarn cypress:run-as-ci +``` +#### FTR + Interactive + +This is the preferred mode for developing new tests. + +```shell +# bootstrap kibana from the project root +yarn kbn bootstrap + +# build the plugins/assets that cypress will execute against +node scripts/build_kibana_platform_plugins + +# launch the cypress test runner +cd x-pack/plugins/fleet +yarn cypress:open-as-ci +``` + +Alternatively, kibana test server can be started separately, to pick up changes in UI (e.g. change in data-test-subj selector) + +``` +# launch kibana test server +node scripts/functional_tests_server --config x-pack/test/fleet_cypress/config.ts + +# launch cypress runner +node scripts/functional_test_runner --config x-pack/test/fleet_cypress/visual_config.ts +``` + +Note that you can select the browser you want to use on the top right side of the interactive runner. + +## Folder Structure + +### integration/ + +Cypress convention. Contains the specs that are going to be executed. + +### fixtures/ + +Cypress convention. Fixtures are used as external pieces of static data when we stub responses. + +### plugins/ + +Cypress convention. As a convenience, by default Cypress will automatically include the plugins file cypress/plugins/index.js before every single spec file it runs. + +### screens/ + +Contains the elements we want to interact with in our tests. + +Each file inside the screens folder represents a screen in our application. + +### tasks/ + +_Tasks_ are functions that may be reused across tests. + +Each file inside the tasks folder represents a screen of our application. + +## Test data + +The data the tests need: + +- Is generated on the fly using our application APIs (preferred way) +- Is ingested on the ELS instance using the `es_archive` utility + +### How to generate a new archive + +**Note:** As mentioned above, archives are only meant to contain external data, e.g. beats data. Due to the tendency for archived domain objects (rules, signals) to quickly become out of date, it is strongly suggested that you generate this data within the test, through interaction with either the UI or the API. + +We use es_archiver to manage the data that our Cypress tests need. + +1. Set up a clean instance of kibana and elasticsearch (if this is not possible, try to clean/minimize the data that you are going to archive). +2. With the kibana and elasticsearch instance up and running, create the data that you need for your test. +3. When you are sure that you have all the data you need run the following command from: `x-pack/plugins/fleet` + +```sh +node ../../../scripts/es_archiver save --dir ../../test/fleet_cypress/es_archives --config ../../../test/functional/config.js --es-url http://:@: +``` + +Example: + +```sh +node ../../../scripts/es_archiver save custom_rules ".kibana",".siem-signal*" --dir ../../test/fleet_cypress/es_archives --config ../../../test/functional/config.js --es-url http://elastic:changeme@localhost:9220 +``` + +Note that the command will create the folder if it does not exist. + +## Development Best Practices + +### Clean up the state + +Remember to clean up the state of the test after its execution, typically with the `cleanKibana` function. Be mindful of failure scenarios, as well: if your test fails, will it leave the environment in a recoverable state? + +### Minimize the use of es_archive + +When possible, create all the data that you need for executing the tests using the application APIS or the UI. + +### Speed up test execution time + +Loading the web page takes a big amount of time, in order to minimize that impact, the following points should be +taken into consideration until another solution is implemented: + +- Group the tests that are similar in different contexts. +- For every context login only once, clean the state between tests if needed without re-loading the page. +- All tests in a spec file must be order-independent. + +Remember that minimizing the number of times the web page is loaded, we minimize as well the execution time. + +## Linting + +Optional linting rules for Cypress and linting setup can be found [here](https://github.com/cypress-io/eslint-plugin-cypress#usage) diff --git a/x-pack/plugins/fleet/cypress/cypress.json b/x-pack/plugins/fleet/cypress/cypress.json new file mode 100644 index 0000000000000..158001b045561 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/cypress.json @@ -0,0 +1,19 @@ +{ + "baseUrl": "http://localhost:5620", + "defaultCommandTimeout": 60000, + "requestTimeout": 60000, + "responseTimetout": 60000, + "execTimeout": 120000, + "pageLoadTimeout": 120000, + "nodeVersion": "system", + "retries": { + "runMode": 2 + }, + "screenshotsFolder": "../../../target/kibana-fleet/cypress/screenshots", + "trashAssetsBeforeRuns": false, + "video": false, + "videosFolder": "../../../target/kibana-fleet/cypress/videos", + "viewportHeight": 900, + "viewportWidth": 1440, + "screenshotOnRunFailure": true +} diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policies.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policies.json new file mode 100644 index 0000000000000..ba1360e11a21d --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policies.json @@ -0,0 +1,978 @@ +{ + "items": [ + { + "id": "30e16140-2106-11ec-a289-25321523992d", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 4, + "updated_at": "2021-09-29T09:52:13.879Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "15785537-fdf2-4e38-bd49-ae0537bbe162", + "version": "WzU5NSwxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "30e16140-2106-11ec-a289-25321523992d", + "output_id": "1ffdf460-2106-11ec-a289-25321523992d", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.application-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.security-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.system-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "tags": null + } + } + ], + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + } + } + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-15785537-fdf2-4e38-bd49-ae0537bbe162" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.filesystem-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-15785537-fdf2-4e38-bd49-ae0537bbe162" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-15785537-fdf2-4e38-bd49-ae0537bbe162" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-15785537-fdf2-4e38-bd49-ae0537bbe162" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2021-09-29T09:18:23.207Z", + "created_by": "system", + "updated_at": "2021-09-29T09:18:23.207Z", + "updated_by": "system" + }, + { + "id": "63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "version": "WzczOSwxXQ==", + "name": "apache-1", + "description": "", + "namespace": "default", + "policy_id": "30e16140-2106-11ec-a289-25321523992d", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "tags": [ + "apache-access" + ], + "exclude_files": [ + ".gz$" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "exclude_files": [ + ".gz$" + ], + "tags": [ + "apache-error" + ], + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "apache", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"access*\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=apache:error OR sourcetype=apache_error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "apache/metrics", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "apache.status" + }, + "vars": { + "period": { + "value": "30s", + "type": "text" + }, + "server_status_path": { + "value": "/server-status", + "type": "text" + } + }, + "id": "apache/metrics-apache.status-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "metricsets": [ + "status" + ], + "hosts": [ + "http://127.0.0.1" + ], + "period": "30s", + "server_status_path": "/server-status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "apache", + "title": "Apache", + "version": "1.1.0" + }, + "revision": 1, + "created_at": "2021-09-29T09:52:12.865Z", + "created_by": "elastic", + "updated_at": "2021-09-29T09:52:12.865Z", + "updated_by": "elastic" + } + ], + "agents": 1 + }, + { + "id": "30e16141-2106-11ec-a289-25321523992d", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 1, + "updated_at": "2021-09-29T09:18:25.581Z", + "updated_by": "system", + "package_policies": [ + { + "id": "3f79c8a2-ed32-45d9-a7e7-b58852f4cb7d", + "version": "WzU5NywxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.0.1" + }, + "enabled": true, + "policy_id": "30e16141-2106-11ec-a289-25321523992d", + "output_id": "1ffdf460-2106-11ec-a289-25321523992d", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2021-09-29T09:18:25.204Z", + "created_by": "system", + "updated_at": "2021-09-29T09:18:25.204Z", + "updated_by": "system" + } + ], + "agents": 0 + } + ], + "total": 2, + "page": 1, + "perPage": 20 +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policy.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policy.json new file mode 100644 index 0000000000000..aa6520f513acd --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policy.json @@ -0,0 +1,644 @@ +{ + "item": { + "id": "30e16140-2106-11ec-a289-25321523992d", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 1, + "updated_at": "2021-09-30T10:02:50.389Z", + "updated_by": "system", + "package_policies": [ + { + "id": "4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "version": "WzEyNjQsMV0=", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8f108d20-21d5-11ec-9dad-073c0cd6096b", + "output_id": "4f979e90-21d5-11ec-9dad-073c0cd6096b", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.application-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.security-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.system-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "tags": null + } + } + ], + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + } + } + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.filesystem-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2021-09-30T10:02:48.904Z", + "created_by": "system", + "updated_at": "2021-09-30T10:02:48.904Z", + "updated_by": "system" + } + ] + } +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/apache.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/apache.json new file mode 100644 index 0000000000000..3b78048fdd83f --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/apache.json @@ -0,0 +1,1059 @@ +{ + "response": { + "name": "apache", + "title": "Apache", + "version": "1.1.0", + "release": "ga", + "description": "This Elastic integration collects logs and metrics from Apache servers", + "type": "integration", + "download": "/epr/apache/apache-1.1.0.zip", + "path": "/package/apache/1.1.0", + "icons": [ + { + "src": "/img/logo_apache.svg", + "path": "/package/apache/1.1.0/img/logo_apache.svg", + "title": "Apache Logo", + "size": "32x32", + "type": "image/svg+xml" + } + ], + "format_version": "1.0.0", + "readme": "/package/apache/1.1.0/docs/README.md", + "license": "basic", + "categories": [ + "web" + ], + "conditions": { + "kibana.version": "^7.14.0" + }, + "screenshots": [ + { + "src": "/img/apache-metrics-overview.png", + "path": "/package/apache/1.1.0/img/apache-metrics-overview.png", + "title": "Apache metrics overview", + "size": "3360x3064", + "type": "image/png" + }, + { + "src": "/img/apache-logs-overview.png", + "path": "/package/apache/1.1.0/img/apache-logs-overview.png", + "title": "Apache logs overview", + "size": "3342x1384", + "type": "image/png" + } + ], + "assets": { + "kibana": { + "dashboard": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "dashboard", + "file": "apache-Logs-Apache-Dashboard.json", + "path": "apache-1.1.0/kibana/dashboard/apache-Logs-Apache-Dashboard.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "dashboard", + "file": "apache-Metrics-Apache-HTTPD-server-status.json", + "path": "apache-1.1.0/kibana/dashboard/apache-Metrics-Apache-HTTPD-server-status.json" + } + ], + "ml_module": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "ml_module", + "file": "apache-Logs-ml.json", + "path": "apache-1.1.0/kibana/ml_module/apache-Logs-ml.json" + } + ], + "search": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "search", + "file": "apache-HTTPD.json", + "path": "apache-1.1.0/kibana/search/apache-HTTPD.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "search", + "file": "apache-access-logs.json", + "path": "apache-1.1.0/kibana/search/apache-access-logs.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "search", + "file": "apache-errors-log.json", + "path": "apache-1.1.0/kibana/search/apache-errors-log.json" + } + ], + "visualization": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-22057f20-3a12-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-22057f20-3a12-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-320cd980-3a36-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-320cd980-3a36-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-47820ce0-3a1d-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-47820ce0-3a1d-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-7724cf20-3a39-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-7724cf20-3a39-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-7d68f730-3a39-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-7d68f730-3a39-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-805d7bb0-3a10-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-805d7bb0-3a10-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-99666080-3a20-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-99666080-3a20-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-HTTPD-CPU.json", + "path": "apache-1.1.0/kibana/visualization/apache-HTTPD-CPU.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-HTTPD-Load1-slash-5-slash-15.json", + "path": "apache-1.1.0/kibana/visualization/apache-HTTPD-Load1-slash-5-slash-15.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-HTTPD-Scoreboard.json", + "path": "apache-1.1.0/kibana/visualization/apache-HTTPD-Scoreboard.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-a45311f0-3a34-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-a45311f0-3a34-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-access-unique-IPs-map.json", + "path": "apache-1.1.0/kibana/visualization/apache-access-unique-IPs-map.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-browsers.json", + "path": "apache-1.1.0/kibana/visualization/apache-browsers.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-ed44f820-3a10-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-ed44f820-3a10-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-error-logs-over-time.json", + "path": "apache-1.1.0/kibana/visualization/apache-error-logs-over-time.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-f4ffec70-3a36-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-f4ffec70-3a36-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-operating-systems.json", + "path": "apache-1.1.0/kibana/visualization/apache-operating-systems.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-response-codes-of-top-URLs.json", + "path": "apache-1.1.0/kibana/visualization/apache-response-codes-of-top-URLs.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-response-codes-over-time.json", + "path": "apache-1.1.0/kibana/visualization/apache-response-codes-over-time.json" + } + ] + }, + "elasticsearch": { + "ingest_pipeline": [ + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "default.yml", + "dataset": "access", + "path": "apache-1.1.0/data_stream/access/elasticsearch/ingest_pipeline/default.yml" + }, + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "third-party.yml", + "dataset": "access", + "path": "apache-1.1.0/data_stream/access/elasticsearch/ingest_pipeline/third-party.yml" + }, + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "default.yml", + "dataset": "error", + "path": "apache-1.1.0/data_stream/error/elasticsearch/ingest_pipeline/default.yml" + }, + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "third-party.yml", + "dataset": "error", + "path": "apache-1.1.0/data_stream/error/elasticsearch/ingest_pipeline/third-party.yml" + } + ] + } + }, + "policy_templates": [ + { + "name": "apache", + "title": "Apache logs and metrics", + "description": "Collect logs and metrics from Apache instances", + "inputs": [ + { + "type": "logfile", + "title": "Collect logs from Apache instances", + "description": "Collecting Apache access and error logs" + }, + { + "type": "httpjson", + "vars": [ + { + "name": "url", + "type": "text", + "title": "URL of Splunk Enterprise Server", + "description": "i.e. scheme://host:port, path is automatic", + "multi": false, + "required": true, + "show_user": true, + "default": "https://server.example.com:8089" + }, + { + "name": "username", + "type": "text", + "title": "Splunk REST API Username", + "multi": false, + "required": false, + "show_user": true + }, + { + "name": "password", + "type": "password", + "title": "Splunk REST API Password", + "multi": false, + "required": false, + "show_user": true + }, + { + "name": "token", + "type": "password", + "title": "Splunk Authorization Token", + "description": "Bearer Token or Session Key, e.g. \"Bearer eyJFd3e46...\"\nor \"Splunk 192fd3e...\". Cannot be used with username\nand password.\n", + "multi": false, + "required": false, + "show_user": true + }, + { + "name": "ssl", + "type": "yaml", + "title": "SSL Configuration", + "description": "i.e. certificate_authorities, supported_protocols, verification_mode etc.", + "multi": false, + "required": false, + "show_user": false, + "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" + } + ], + "title": "Collect logs from third-party REST API (experimental)", + "description": "Collect logs from third-party REST API (experimental)" + }, + { + "type": "apache/metrics", + "vars": [ + { + "name": "hosts", + "type": "text", + "title": "Hosts", + "multi": true, + "required": true, + "show_user": true, + "default": [ + "http://127.0.0.1" + ] + } + ], + "title": "Collect metrics from Apache instances", + "description": "Collecting Apache status metrics" + } + ], + "multiple": true + } + ], + "data_streams": [ + { + "type": "logs", + "dataset": "apache.access", + "title": "Apache access logs", + "release": "experimental", + "ingest_pipeline": "default", + "streams": [ + { + "input": "logfile", + "vars": [ + { + "name": "paths", + "type": "text", + "title": "Paths", + "multi": true, + "required": true, + "show_user": true, + "default": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ] + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": true, + "show_user": false, + "default": [ + "apache-access" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "log.yml.hbs", + "title": "Apache access logs", + "description": "Collect Apache access logs", + "enabled": true + }, + { + "input": "httpjson", + "vars": [ + { + "name": "interval", + "type": "text", + "title": "Interval to query Splunk Enterprise REST API", + "description": "Go Duration syntax (eg. 10s)", + "multi": false, + "required": true, + "show_user": true, + "default": "10s" + }, + { + "name": "search", + "type": "text", + "title": "Splunk search string", + "multi": false, + "required": true, + "show_user": true, + "default": "search sourcetype=\"access*\"" + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": false, + "show_user": false, + "default": [ + "forwarded", + "apache-access" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "httpjson.yml.hbs", + "title": "Apache access logs via Splunk Enterprise REST API", + "description": "Collect apache access logs via Splunk Enterprise REST API", + "enabled": false + } + ], + "package": "apache", + "path": "access" + }, + { + "type": "logs", + "dataset": "apache.error", + "title": "Apache error logs", + "release": "experimental", + "ingest_pipeline": "default", + "streams": [ + { + "input": "logfile", + "vars": [ + { + "name": "paths", + "type": "text", + "title": "Paths", + "multi": true, + "required": true, + "show_user": true, + "default": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ] + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": true, + "show_user": false, + "default": [ + "apache-error" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "log.yml.hbs", + "title": "Apache error logs", + "description": "Collect Apache error logs", + "enabled": true + }, + { + "input": "httpjson", + "vars": [ + { + "name": "interval", + "type": "text", + "title": "Interval to query Splunk Enterprise REST API", + "description": "Go Duration syntax (eg. 10s)", + "multi": false, + "required": true, + "show_user": true, + "default": "10s" + }, + { + "name": "search", + "type": "text", + "title": "Splunk search string", + "multi": false, + "required": true, + "show_user": true, + "default": "search sourcetype=apache:error OR sourcetype=apache_error" + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": false, + "show_user": false, + "default": [ + "forwarded", + "apache-error" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "httpjson.yml.hbs", + "title": "Apache error logs via Splunk Enterprise REST API", + "description": "Collect apache error logs via Splunk Enterprise REST API", + "enabled": false + } + ], + "package": "apache", + "path": "error" + }, + { + "type": "metrics", + "dataset": "apache.status", + "title": "Apache status metrics", + "release": "experimental", + "streams": [ + { + "input": "apache/metrics", + "vars": [ + { + "name": "period", + "type": "text", + "title": "Period", + "multi": false, + "required": true, + "show_user": true, + "default": "30s" + }, + { + "name": "server_status_path", + "type": "text", + "title": "Server Status Path", + "multi": false, + "required": true, + "show_user": false, + "default": "/server-status" + } + ], + "template_path": "stream.yml.hbs", + "title": "Apache status metrics", + "description": "Collect Apache status metrics", + "enabled": true + } + ], + "package": "apache", + "path": "status" + } + ], + "owner": { + "github": "elastic/integrations" + }, + "latestVersion": "1.1.0", + "removable": true, + "status": "installed", + "savedObject": { + "id": "apache", + "type": "epm-packages", + "namespaces": [], + "updated_at": "2021-09-30T10:47:12.961Z", + "version": "WzI1NjgsMV0=", + "attributes": { + "installed_kibana": [ + { + "id": "apache-Logs-Apache-Dashboard", + "type": "dashboard" + }, + { + "id": "apache-Metrics-Apache-HTTPD-server-status", + "type": "dashboard" + }, + { + "id": "apache-22057f20-3a12-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-320cd980-3a36-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-47820ce0-3a1d-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-7724cf20-3a39-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-7d68f730-3a39-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-805d7bb0-3a10-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-99666080-3a20-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-HTTPD-CPU", + "type": "visualization" + }, + { + "id": "apache-HTTPD-Load1-slash-5-slash-15", + "type": "visualization" + }, + { + "id": "apache-HTTPD-Scoreboard", + "type": "visualization" + }, + { + "id": "apache-a45311f0-3a34-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-access-unique-IPs-map", + "type": "visualization" + }, + { + "id": "apache-browsers", + "type": "visualization" + }, + { + "id": "apache-ed44f820-3a10-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-error-logs-over-time", + "type": "visualization" + }, + { + "id": "apache-f4ffec70-3a36-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-operating-systems", + "type": "visualization" + }, + { + "id": "apache-response-codes-of-top-URLs", + "type": "visualization" + }, + { + "id": "apache-response-codes-over-time", + "type": "visualization" + }, + { + "id": "apache-HTTPD", + "type": "search" + }, + { + "id": "apache-access-logs", + "type": "search" + }, + { + "id": "apache-errors-log", + "type": "search" + }, + { + "id": "apache-Logs-ml", + "type": "ml-module" + } + ], + "installed_es": [ + { + "id": "logs-apache.access-1.1.0", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.access-1.1.0-third-party", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.error-1.1.0", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.error-1.1.0-third-party", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.access", + "type": "index_template" + }, + { + "id": "logs-apache.access@settings", + "type": "component_template" + }, + { + "id": "logs-apache.access@custom", + "type": "component_template" + }, + { + "id": "logs-apache.error", + "type": "index_template" + }, + { + "id": "logs-apache.error@settings", + "type": "component_template" + }, + { + "id": "logs-apache.error@custom", + "type": "component_template" + }, + { + "id": "metrics-apache.status", + "type": "index_template" + }, + { + "id": "metrics-apache.status@settings", + "type": "component_template" + }, + { + "id": "metrics-apache.status@custom", + "type": "component_template" + } + ], + "package_assets": [ + { + "id": "c99057a8-c51a-5795-9e00-b4b09237f780", + "type": "epm-packages-assets" + }, + { + "id": "1388d2c7-254a-5cd4-882d-89b3e8b681cd", + "type": "epm-packages-assets" + }, + { + "id": "c3068bcb-5a74-5044-91f6-c8e99eefb003", + "type": "epm-packages-assets" + }, + { + "id": "4cea5f13-0ec6-5ecc-9012-f2dba2c86fab", + "type": "epm-packages-assets" + }, + { + "id": "6f27b654-fc39-502b-bdda-83ed13e775c1", + "type": "epm-packages-assets" + }, + { + "id": "baa6d518-fa85-530f-9cdc-b0f2207599f8", + "type": "epm-packages-assets" + }, + { + "id": "ea0cfbd9-8173-5429-a83b-6168b2cd4f27", + "type": "epm-packages-assets" + }, + { + "id": "3745632e-1306-5ac6-84ee-0fceae577988", + "type": "epm-packages-assets" + }, + { + "id": "079a3007-eec5-504e-a993-8c489ccc992c", + "type": "epm-packages-assets" + }, + { + "id": "625ba117-a66d-5eba-9172-201e4f03fbf0", + "type": "epm-packages-assets" + }, + { + "id": "f0dd03dd-3dee-51da-881b-425e76966139", + "type": "epm-packages-assets" + }, + { + "id": "c356fb2c-395b-595e-bdf4-51c5750d6efe", + "type": "epm-packages-assets" + }, + { + "id": "861a6d88-8e80-5282-8cc4-b74b13da22f8", + "type": "epm-packages-assets" + }, + { + "id": "49186533-1536-5d2d-a45a-b51a4db1eeca", + "type": "epm-packages-assets" + }, + { + "id": "533a5c29-648c-593c-9444-df3d03c4aae0", + "type": "epm-packages-assets" + }, + { + "id": "9d34d784-f5a7-5213-a711-37bf2af21da5", + "type": "epm-packages-assets" + }, + { + "id": "4d5fa019-7503-5a89-95af-a03227622ecd", + "type": "epm-packages-assets" + }, + { + "id": "edc0c10d-f7f4-5523-8dac-ce9c64aff44d", + "type": "epm-packages-assets" + }, + { + "id": "5792421c-b31c-59a3-891c-1566bc85447b", + "type": "epm-packages-assets" + }, + { + "id": "7a72f59a-27a6-5514-9489-1258de496199", + "type": "epm-packages-assets" + }, + { + "id": "69dffce3-96d1-5c71-b4ae-41b6d61fdd4a", + "type": "epm-packages-assets" + }, + { + "id": "0b971e05-221e-5430-87e6-fbebbc8d4a23", + "type": "epm-packages-assets" + }, + { + "id": "5d7fb7e1-e775-5832-95a7-074d692fb176", + "type": "epm-packages-assets" + }, + { + "id": "4a50c74b-e4ce-511c-badd-54997537b6b8", + "type": "epm-packages-assets" + }, + { + "id": "54e21b74-9ea5-537f-8cce-673b10b8ac39", + "type": "epm-packages-assets" + }, + { + "id": "c9fd9a64-722c-59f7-a686-4d92d4395be0", + "type": "epm-packages-assets" + }, + { + "id": "5a53ca55-23ec-59bc-8d04-be12f1776358", + "type": "epm-packages-assets" + }, + { + "id": "b2652216-a523-5183-8eaa-c26f9ba4bbee", + "type": "epm-packages-assets" + }, + { + "id": "97f717d7-78d6-5b8c-acde-edf80aa27201", + "type": "epm-packages-assets" + }, + { + "id": "6b27939a-1f2a-536d-8d84-560ed372d21a", + "type": "epm-packages-assets" + }, + { + "id": "7d68617a-88b0-5d34-8a98-8f51d3c49568", + "type": "epm-packages-assets" + }, + { + "id": "8e212777-acac-5068-acbb-143e0cbfb3eb", + "type": "epm-packages-assets" + }, + { + "id": "436ed6b2-aa68-55d4-912a-346e14903d7b", + "type": "epm-packages-assets" + }, + { + "id": "5169ccd9-75f9-5d84-8116-2f2bac0dd93f", + "type": "epm-packages-assets" + }, + { + "id": "a36f82fe-4aa0-508f-92e4-e33d779c1ed2", + "type": "epm-packages-assets" + }, + { + "id": "96d9ae25-0ee7-59aa-b8a0-4fbb929cce4a", + "type": "epm-packages-assets" + }, + { + "id": "05e1449f-3723-5d3c-a76f-5e307d88c35b", + "type": "epm-packages-assets" + }, + { + "id": "a0e8abee-4777-5a7f-bb9a-c2c60d49d060", + "type": "epm-packages-assets" + }, + { + "id": "4c77c830-b4e2-5c77-a3dd-941249799ce7", + "type": "epm-packages-assets" + }, + { + "id": "e082c4c2-3215-5fb0-a485-b261a774314e", + "type": "epm-packages-assets" + }, + { + "id": "1f4467ca-6aa9-5fcb-a346-f334e018db3f", + "type": "epm-packages-assets" + }, + { + "id": "fc831e85-d43f-5402-8780-c9fb3b040b34", + "type": "epm-packages-assets" + }, + { + "id": "208cc640-7cb1-5dd0-902e-47d82fe273af", + "type": "epm-packages-assets" + }, + { + "id": "65e211ff-9497-5882-88cc-ebfd79578cff", + "type": "epm-packages-assets" + }, + { + "id": "a6ea40cc-bb98-5039-8d52-151ac69cbfb5", + "type": "epm-packages-assets" + }, + { + "id": "d9e1d1e6-1c31-5164-8805-b8b2249bd8b5", + "type": "epm-packages-assets" + }, + { + "id": "aa843dec-f345-5c94-99e3-8bd2bffb9b4e", + "type": "epm-packages-assets" + }, + { + "id": "2b019917-8d4c-5da9-80b2-5005524a1290", + "type": "epm-packages-assets" + }, + { + "id": "617effde-ae31-5f48-928a-acdf7b6bc0bb", + "type": "epm-packages-assets" + }, + { + "id": "10245259-aff6-5cc9-b60b-9d88a230894e", + "type": "epm-packages-assets" + }, + { + "id": "753a2e77-13fe-5aa8-94a7-08e9357e64f0", + "type": "epm-packages-assets" + }, + { + "id": "4132f76c-78bc-5d70-a7cd-421910242f96", + "type": "epm-packages-assets" + }, + { + "id": "74230ee0-f671-57fc-bf3a-1c1be03acf22", + "type": "epm-packages-assets" + }, + { + "id": "a2465b23-c15e-56f9-acad-e2d5387cae48", + "type": "epm-packages-assets" + }, + { + "id": "94586e3f-78a0-5cf8-b4c2-923f4516153a", + "type": "epm-packages-assets" + }, + { + "id": "7b356571-eb79-541c-ba99-e6fdebf74e98", + "type": "epm-packages-assets" + }, + { + "id": "babd82eb-7317-58c0-a5fc-4d14ca1f2d17", + "type": "epm-packages-assets" + }, + { + "id": "aa68dd98-4844-5162-b96f-e6b5eae5f987", + "type": "epm-packages-assets" + } + ], + "es_index_patterns": { + "access": "logs-apache.access-*", + "error": "logs-apache.error-*", + "status": "metrics-apache.status-*" + }, + "name": "apache", + "version": "1.1.0", + "internal": false, + "removable": true, + "install_version": "1.1.0", + "install_status": "installed", + "install_started_at": "2021-09-30T10:46:58.713Z", + "install_source": "registry" + }, + "references": [], + "migrationVersion": { + "epm-packages": "7.14.1" + }, + "coreMigrationVersion": "8.0.0" + } + } +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/create_integration_response.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/create_integration_response.json new file mode 100644 index 0000000000000..6820aadd01fb1 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/create_integration_response.json @@ -0,0 +1,255 @@ +{ + "item": { + "id": "1", + "version": "WzI4NDAsMV0=", + "name": "apache-1", + "description": "", + "namespace": "default", + "policy_id": "9ced27e0-20ff-11ec-b353-dd9d66c6f483", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.access-1c588150-010b-448a-b2b8-820d1b33811e", + "compiled_stream": { + "paths": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "tags": [ + "apache-access" + ], + "exclude_files": [ + ".gz$" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.error-1c588150-010b-448a-b2b8-820d1b33811e", + "compiled_stream": { + "paths": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "exclude_files": [ + ".gz$" + ], + "tags": [ + "apache-error" + ], + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "apache", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"access*\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.access-1c588150-010b-448a-b2b8-820d1b33811e" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=apache:error OR sourcetype=apache_error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.error-1c588150-010b-448a-b2b8-820d1b33811e" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "apache/metrics", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "apache.status" + }, + "vars": { + "period": { + "value": "30s", + "type": "text" + }, + "server_status_path": { + "value": "/server-status", + "type": "text" + } + }, + "id": "apache/metrics-apache.status-1c588150-010b-448a-b2b8-820d1b33811e", + "compiled_stream": { + "metricsets": [ + "status" + ], + "hosts": [ + "http://127.0.0.1" + ], + "period": "30s", + "server_status_path": "/server-status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "apache", + "title": "Apache", + "version": "1.1.0" + }, + "revision": 1, + "created_at": "2021-09-29T09:12:55.869Z", + "created_by": "elastic", + "updated_at": "2021-09-29T09:12:55.869Z", + "updated_by": "elastic" + } +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/list.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/list.json new file mode 100644 index 0000000000000..73c3ff54c5d95 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/list.json @@ -0,0 +1,260 @@ +{ + "items": [ + { + "id": "1", + "version": "WzczOSwxXQ==", + "name": "apache-1", + "description": "", + "namespace": "default", + "policy_id": "30e16140-2106-11ec-a289-25321523992d", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "tags": [ + "apache-access" + ], + "exclude_files": [ + ".gz$" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "exclude_files": [ + ".gz$" + ], + "tags": [ + "apache-error" + ], + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "apache", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"access*\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=apache:error OR sourcetype=apache_error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "apache/metrics", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "apache.status" + }, + "vars": { + "period": { + "value": "30s", + "type": "text" + }, + "server_status_path": { + "value": "/server-status", + "type": "text" + } + }, + "id": "apache/metrics-apache.status-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "metricsets": [ + "status" + ], + "hosts": [ + "http://127.0.0.1" + ], + "period": "30s", + "server_status_path": "/server-status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "apache", + "title": "Apache", + "version": "1.1.0" + }, + "revision": 1, + "created_at": "2021-09-29T09:52:12.865Z", + "created_by": "elastic", + "updated_at": "2021-09-29T09:52:12.865Z", + "updated_by": "elastic" + } + ], + "total": 1, + "page": 1, + "perPage": 20 +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/integration/fleet_startup.spec.ts b/x-pack/plugins/fleet/cypress/integration/fleet_startup.spec.ts new file mode 100644 index 0000000000000..804fe56510c1d --- /dev/null +++ b/x-pack/plugins/fleet/cypress/integration/fleet_startup.spec.ts @@ -0,0 +1,33 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ADD_AGENT_BUTTON, AGENT_POLICIES_TAB, ENROLLMENT_TOKENS_TAB } from '../screens/fleet'; +import { FLEET, navigateTo } from '../tasks/navigation'; + +describe('Fleet startup', () => { + before(() => { + navigateTo(FLEET); + }); + + it('should display Add agent button and Healthy agent once Fleet Agent page loaded', () => { + cy.getBySel(ADD_AGENT_BUTTON).contains('Add agent'); + cy.get('.euiBadge').contains('Healthy'); + }); + + it('should display default agent policies on agent policies tab', () => { + cy.getBySel(AGENT_POLICIES_TAB).click(); + cy.get('.euiLink').contains('Default policy'); + cy.get('.euiLink').contains('Default Fleet Server policy'); + }); + + it('should display default tokens on enrollment tokens tab', () => { + cy.getBySel(ENROLLMENT_TOKENS_TAB).click(); + cy.get('.euiTableRow').should('have.length', 2); + cy.get('.euiTableRowCell').contains('Default policy'); + cy.get('.euiTableRowCell').contains('Default Fleet Server policy'); + }); +}); diff --git a/x-pack/plugins/fleet/cypress/integration/integrations.spec.ts b/x-pack/plugins/fleet/cypress/integration/integrations.spec.ts new file mode 100644 index 0000000000000..88769ece39f2f --- /dev/null +++ b/x-pack/plugins/fleet/cypress/integration/integrations.spec.ts @@ -0,0 +1,96 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { INTEGRATIONS, navigateTo } from '../tasks/navigation'; +import { + addIntegration, + installPackageWithVersion, + deleteIntegrations, + clickIfVisible, +} from '../tasks/integrations'; +import { + CONFIRM_MODAL_BTN, + FLYOUT_CLOSE_BTN_SEL, + INTEGRATIONS_CARD, + INTEGRATION_NAME_LINK, + LATEST_VERSION, + PACKAGE_VERSION, + POLICIES_TAB, + SETTINGS_TAB, + UPDATE_PACKAGE_BTN, +} from '../screens/integrations'; + +describe('Add Integration', () => { + const integration = 'Apache'; + + describe('Real API', () => { + afterEach(() => { + deleteIntegrations(integration); + }); + it('should display Apache integration in the Policies list once installed ', () => { + addAndVerifyIntegration(); + }); + + it('should upgrade policies with integration update', () => { + const oldVersion = '0.3.3'; + installPackageWithVersion('apache', oldVersion); + navigateTo(`app/integrations/detail/apache-${oldVersion}/policies`); + + addIntegration(); + + cy.getBySel(INTEGRATION_NAME_LINK).contains('apache-'); + cy.getBySel(PACKAGE_VERSION).contains(oldVersion); + + clickIfVisible(FLYOUT_CLOSE_BTN_SEL); + + cy.getBySel(SETTINGS_TAB).click(); + cy.getBySel(UPDATE_PACKAGE_BTN).click(); + cy.getBySel(CONFIRM_MODAL_BTN).click(); + + cy.getBySel(LATEST_VERSION).then(($title) => { + const newVersion = $title.text(); + cy.get('#upgradePoliciesCheckbox').should('not.exist'); + cy.getBySel(POLICIES_TAB).click(); + cy.getBySel(PACKAGE_VERSION).contains(oldVersion).should('not.exist'); + cy.getBySel(PACKAGE_VERSION).contains(newVersion); + }); + }); + }); + + function addAndVerifyIntegration() { + cy.intercept('GET', '/api/fleet/epm/packages?*').as('packages'); + navigateTo(INTEGRATIONS); + cy.wait('@packages'); + cy.get('.euiLoadingSpinner').should('not.exist'); + cy.get('input[placeholder="Search for integrations"]').type('Apache'); + cy.get(INTEGRATIONS_CARD).contains(integration).click(); + addIntegration(); + cy.getBySel(INTEGRATION_NAME_LINK).contains('apache-'); + } + + it.skip('[Mocked requests] should display Apache integration in the Policies list once installed ', () => { + cy.intercept('POST', '/api/fleet/package_policies', { + fixture: 'integrations/create_integration_response.json', + }); + cy.intercept( + 'GET', + '/api/fleet/package_policies?page=1&perPage=20&kuery=ingest-package-policies.package.name%3A%20apache', + { fixture: 'integrations/list.json' } + ); + cy.intercept('GET', '/api/fleet/agent_policies?*', { + fixture: 'integrations/agent_policies.json', + }); + cy.intercept('GET', '/api/fleet/agent_policies/30e16140-2106-11ec-a289-25321523992d', { + fixture: 'integrations/agent_policy.json', + }); + // TODO fixture includes 1 package policy, should be empty initially + cy.intercept('GET', '/api/fleet/epm/packages/apache-1.1.0', { + fixture: 'integrations/apache.json', + }); + addAndVerifyIntegration(); + }); +}); diff --git a/x-pack/plugins/fleet/cypress/plugins/index.ts b/x-pack/plugins/fleet/cypress/plugins/index.ts new file mode 100644 index 0000000000000..a30fd07912cf8 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/plugins/index.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// / +// *********************************************************** +// This example plugins/index.js can be used to load plugins +// +// You can change the location of this file or turn off loading +// the plugins file with the 'pluginsFile' configuration option. +// +// You can read more here: +// https://on.cypress.io/plugins-guide +// *********************************************************** + +// This function is called when a project is opened or re-opened (e.g. due to +// the project's config changing) + +/** + * @type {Cypress.PluginConfig} + */ +module.exports = (_on: any, _config: any) => { + // `on` is used to hook into various events Cypress emits + // `config` is the resolved Cypress config +}; diff --git a/x-pack/plugins/fleet/cypress/screens/fleet.ts b/x-pack/plugins/fleet/cypress/screens/fleet.ts new file mode 100644 index 0000000000000..6be51e5ed24bc --- /dev/null +++ b/x-pack/plugins/fleet/cypress/screens/fleet.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const ADD_AGENT_BUTTON = 'addAgentButton'; + +export const AGENT_POLICIES_TAB = 'fleet-agent-policies-tab'; +export const ENROLLMENT_TOKENS_TAB = 'fleet-enrollment-tokens-tab'; diff --git a/x-pack/plugins/fleet/cypress/screens/integrations.ts b/x-pack/plugins/fleet/cypress/screens/integrations.ts new file mode 100644 index 0000000000000..d42fb904b3224 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/screens/integrations.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const ADD_POLICY_BTN = 'addIntegrationPolicyButton'; +export const CREATE_PACKAGE_POLICY_SAVE_BTN = 'createPackagePolicySaveButton'; +export const INTEGRATIONS_CARD = '.euiCard__titleAnchor'; + +export const INTEGRATION_NAME_LINK = 'integrationNameLink'; + +export const CONFIRM_MODAL_BTN = 'confirmModalConfirmButton'; +export const CONFIRM_MODAL_BTN_SEL = `[data-test-subj=${CONFIRM_MODAL_BTN}]`; + +export const FLYOUT_CLOSE_BTN_SEL = '[data-test-subj="euiFlyoutCloseButton"]'; + +export const SETTINGS_TAB = 'tab-settings'; +export const POLICIES_TAB = 'tab-policies'; + +export const UPDATE_PACKAGE_BTN = 'updatePackageBtn'; +export const LATEST_VERSION = 'latestVersion'; + +export const PACKAGE_VERSION = 'packageVersionText'; diff --git a/x-pack/plugins/fleet/cypress/screens/navigation.ts b/x-pack/plugins/fleet/cypress/screens/navigation.ts new file mode 100644 index 0000000000000..fee38161b6b2b --- /dev/null +++ b/x-pack/plugins/fleet/cypress/screens/navigation.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const TOGGLE_NAVIGATION_BTN = '[data-test-subj="toggleNavButton"]'; diff --git a/x-pack/plugins/fleet/cypress/support/commands.ts b/x-pack/plugins/fleet/cypress/support/commands.ts new file mode 100644 index 0000000000000..54cc44f0057f3 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/support/commands.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// *********************************************** +// This example commands.js shows you how to +// create various custom commands and overwrite +// existing commands. +// +// For more comprehensive examples of custom +// commands please read more here: +// https://on.cypress.io/custom-commands +// *********************************************** +// diff --git a/x-pack/plugins/fleet/cypress/support/index.ts b/x-pack/plugins/fleet/cypress/support/index.ts new file mode 100644 index 0000000000000..f074e424d93c3 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/support/index.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// / + +// *********************************************************** +// This example support/index.js is processed and +// loaded automatically before your test files. +// +// This is a great place to put global configuration and +// behavior that modifies Cypress. +// +// You can change the location of this file or turn off +// automatically serving support files with the +// 'supportFile' configuration option. +// +// You can read more here: +// https://on.cypress.io/configuration +// *********************************************************** + +// Import commands.js using ES2015 syntax: +import './commands'; + +declare global { + // eslint-disable-next-line @typescript-eslint/no-namespace + namespace Cypress { + interface Chainable { + getBySel(value: string): Chainable; + } + } +} + +function getBySel(selector: string, ...args: any[]) { + return cy.get(`[data-test-subj=${selector}]`, ...args); +} + +Cypress.Commands.add('getBySel', getBySel); + +// Alternatively you can use CommonJS syntax: +// require('./commands') +Cypress.on('uncaught:exception', () => { + return false; +}); diff --git a/x-pack/plugins/fleet/cypress/tasks/integrations.ts b/x-pack/plugins/fleet/cypress/tasks/integrations.ts new file mode 100644 index 0000000000000..f1c891fa1186c --- /dev/null +++ b/x-pack/plugins/fleet/cypress/tasks/integrations.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ADD_POLICY_BTN, + CONFIRM_MODAL_BTN, + CREATE_PACKAGE_POLICY_SAVE_BTN, + FLYOUT_CLOSE_BTN_SEL, + INTEGRATION_NAME_LINK, +} from '../screens/integrations'; + +export const addIntegration = () => { + cy.getBySel(ADD_POLICY_BTN).click(); + cy.getBySel(CREATE_PACKAGE_POLICY_SAVE_BTN).click(); + // sometimes agent is assigned to default policy, sometimes not + cy.getBySel(CONFIRM_MODAL_BTN).click(); + + cy.getBySel(CREATE_PACKAGE_POLICY_SAVE_BTN).should('not.exist'); + clickIfVisible(FLYOUT_CLOSE_BTN_SEL); +}; + +export function clickIfVisible(selector: string) { + cy.get('body').then(($body) => { + if ($body.find(selector).length) { + cy.get(selector).click(); + } + }); +} + +export const deleteIntegrations = async (integration: string) => { + const ids: string[] = []; + cy.getBySel(INTEGRATION_NAME_LINK) + .each(($a) => { + const href = $a.attr('href') as string; + ids.push(href.substr(href.lastIndexOf('/') + 1)); + }) + .then(() => { + cy.request({ + url: `/api/fleet/package_policies/delete`, + headers: { 'kbn-xsrf': 'cypress' }, + body: `{ "packagePolicyIds": ${JSON.stringify(ids)} }`, + method: 'POST', + }); + }); +}; + +export const installPackageWithVersion = (integration: string, version: string) => { + cy.request({ + url: `/api/fleet/epm/packages/${integration}-${version}`, + headers: { 'kbn-xsrf': 'cypress' }, + body: '{ "force": true }', + method: 'POST', + }); +}; diff --git a/x-pack/plugins/fleet/cypress/tasks/navigation.ts b/x-pack/plugins/fleet/cypress/tasks/navigation.ts new file mode 100644 index 0000000000000..a2dd131b647a6 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/tasks/navigation.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { TOGGLE_NAVIGATION_BTN } from '../screens/navigation'; + +export const INTEGRATIONS = 'app/integrations#/'; +export const FLEET = 'app/fleet/'; + +export const navigateTo = (page: string) => { + cy.visit(page); +}; + +export const openNavigationFlyout = () => { + cy.get(TOGGLE_NAVIGATION_BTN).click(); +}; diff --git a/x-pack/plugins/fleet/cypress/tsconfig.json b/x-pack/plugins/fleet/cypress/tsconfig.json new file mode 100644 index 0000000000000..1adb067fe682e --- /dev/null +++ b/x-pack/plugins/fleet/cypress/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../../../tsconfig.base.json", + "include": [ + "**/*" + ], + "exclude": [ + "target/**/*" + ], + "compilerOptions": { + "outDir": "target/types", + "types": [ + "cypress", + "node" + ], + "resolveJsonModule": true, + }, + } diff --git a/x-pack/plugins/fleet/package.json b/x-pack/plugins/fleet/package.json index e374dabb82458..ef15c2fc6bb66 100644 --- a/x-pack/plugins/fleet/package.json +++ b/x-pack/plugins/fleet/package.json @@ -3,5 +3,11 @@ "name": "fleet", "version": "8.0.0", "private": true, - "license": "Elastic-License" + "license": "Elastic-License", + "scripts": { + "cypress:open": "../../../node_modules/.bin/cypress open --config-file ./cypress/cypress.json", + "cypress:open-as-ci": "node ../../../scripts/functional_tests --config ../../test/fleet_cypress/visual_config.ts", + "cypress:run": "../../../node_modules/.bin/cypress run --config-file ./cypress/cypress.json", + "cypress:run-as-ci": "node ../../../scripts/functional_tests --config ../../test/fleet_cypress/cli_config.ts" + } } diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx index 3daf7fa545f24..b7c7d263d2675 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx @@ -123,16 +123,33 @@ export const CreatePackagePolicyPageLayout: React.FunctionComponent<{ ); } - return isEdit ? ( - -

- -

- - ) : ( + if (isEdit) { + return ( + +

+ +

+ + ); + } + + if (isUpgrade) { + return ( + +

+ +

+ + ); + } + + return (

setIsEnrollmentFlyoutOpen(true)} + data-test-subj="addAgentButton" > diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx index 0ecab3290051e..fc3007b174ced 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx @@ -22,8 +22,12 @@ const AddAgentButton = ({ onAddAgent }: { onAddAgent: () => void }) => ( ); const AddAgentButtonWithPopover = ({ onAddAgent }: { onAddAgent: () => void }) => { - const button = ; const [isHelpOpen, setIsHelpOpen] = useState(true); + const onAddAgentCloseHelp = () => { + setIsHelpOpen(false); + onAddAgent(); + }; + const button = ; return ( - + = memo(({ packageInfo }: Props) => { /> - + {installedVersion} @@ -262,7 +262,7 @@ export const SettingsPage: React.FC = memo(({ packageInfo }: Props) => { /> - + {latestVersion} diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx index b5a8394fa2cb2..48d4ef5d846d4 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx @@ -289,6 +289,7 @@ export const UpdateButton: React.FunctionComponent = ({ onClick={ upgradePackagePolicies ? () => setIsUpdateModalVisible(true) : handleClickUpdate } + data-test-subj="updatePackageBtn" > ; }) => { const { docLinks } = useStartServices(); - + const theme = useTheme() as EuiTheme; const optionalProps: { offset?: number } = {}; if (offset !== undefined) { @@ -55,6 +58,7 @@ export const AddAgentHelpPopover = ({ /> } + zIndex={theme.eui.euiZLevel1 - 1} // put popover behind any modals that happen to be open isStepOpen={isOpen} minWidth={300} onFinish={() => {}} diff --git a/x-pack/plugins/fleet/server/services/package_policy.test.ts b/x-pack/plugins/fleet/server/services/package_policy.test.ts index 46747762213f1..b6207316829ee 100644 --- a/x-pack/plugins/fleet/server/services/package_policy.test.ts +++ b/x-pack/plugins/fleet/server/services/package_policy.test.ts @@ -1843,6 +1843,100 @@ describe('Package policy service', () => { expect(logfileStream?.enabled).toBe(false); }); }); + + describe('when a datastream is deleted from an input', () => { + it('it remove the non existing datastream', () => { + const basePackagePolicy: NewPackagePolicy = { + name: 'base-package-policy', + description: 'Base Package Policy', + namespace: 'default', + enabled: true, + policy_id: 'xxxx', + output_id: 'xxxx', + package: { + name: 'test-package', + title: 'Test Package', + version: '0.0.1', + }, + inputs: [ + { + type: 'logs', + policy_template: 'template_1', + enabled: true, + vars: { + path: { + type: 'text', + value: ['/var/log/logfile.log'], + }, + }, + streams: [ + { + enabled: true, + data_stream: { dataset: 'dataset.test123', type: 'log' }, + }, + ], + }, + ], + }; + + const packageInfo: PackageInfo = { + name: 'test-package', + description: 'Test Package', + title: 'Test Package', + version: '0.0.1', + latestVersion: '0.0.1', + release: 'experimental', + format_version: '1.0.0', + owner: { github: 'elastic/fleet' }, + policy_templates: [ + { + name: 'template_1', + title: 'Template 1', + description: 'Template 1', + inputs: [ + { + type: 'logs', + title: 'Log', + description: 'Log Input', + vars: [ + { + name: 'path', + type: 'text', + }, + ], + }, + ], + }, + ], + // @ts-ignore + assets: {}, + }; + + const inputsOverride: NewPackagePolicyInput[] = [ + { + type: 'logs', + enabled: true, + streams: [], + vars: { + path: { + type: 'text', + value: '/var/log/new-logfile.log', + }, + }, + }, + ]; + + const result = overridePackageInputs( + basePackagePolicy, + packageInfo, + // TODO: Update this type assertion when the `InputsOverride` type is updated such + // that it no longer causes unresolvable type errors when used directly + inputsOverride as InputsOverride[], + false + ); + expect(result.inputs[0]?.vars?.path.value).toEqual(['/var/log/logfile.log']); + }); + }); }); }); diff --git a/x-pack/plugins/fleet/server/services/package_policy.ts b/x-pack/plugins/fleet/server/services/package_policy.ts index c03ccfc43ebd8..39902d35feb08 100644 --- a/x-pack/plugins/fleet/server/services/package_policy.ts +++ b/x-pack/plugins/fleet/server/services/package_policy.ts @@ -404,6 +404,7 @@ class PackagePolicyService { pkgName: packagePolicy.package.name, pkgVersion: packagePolicy.package.version, }); + const registryPkgInfo = await Registry.fetchInfo(pkgInfo.name, pkgInfo.version); inputs = await this._compilePackagePolicyInputs( registryPkgInfo, @@ -1111,7 +1112,9 @@ export function overridePackageInputs( } if (override.vars) { - originalInput = deepMergeVars(originalInput, override) as NewPackagePolicyInput; + const indexOfInput = inputs.indexOf(originalInput); + inputs[indexOfInput] = deepMergeVars(originalInput, override) as NewPackagePolicyInput; + originalInput = inputs[indexOfInput]; } if (override.streams) { @@ -1130,10 +1133,24 @@ export function overridePackageInputs( } if (stream.vars) { - originalStream = deepMergeVars(originalStream, stream as InputsOverride); + const indexOfStream = originalInput.streams.indexOf(originalStream); + originalInput.streams[indexOfStream] = deepMergeVars( + originalStream, + stream as InputsOverride + ); + originalStream = originalInput.streams[indexOfStream]; } } } + + // Filter all stream that have been removed from the input + originalInput.streams = originalInput.streams.filter((originalStream) => { + return ( + override.streams?.some( + (s) => s.data_stream.dataset === originalStream.data_stream.dataset + ) ?? false + ); + }); } const resultingPackagePolicy: NewPackagePolicy = { diff --git a/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts b/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts index 42c35ba1a5d7a..eca17b4c835d6 100644 --- a/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts +++ b/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts @@ -16,6 +16,7 @@ import { import { DATE_NOW, DESCRIPTION, + DETECTION_TYPE, ELASTIC_USER, ENDPOINT_TYPE, IMMUTABLE, @@ -48,6 +49,26 @@ export const getExceptionListSchemaMock = (): ExceptionListSchema => ({ version: VERSION, }); +export const getDetectionsExceptionListSchemaMock = (): ExceptionListSchema => ({ + _version: _VERSION, + created_at: DATE_NOW, + created_by: USER, + description: DESCRIPTION, + id: '1', + immutable: IMMUTABLE, + list_id: 'exception_list_id', + meta: META, + name: 'Sample Exception List', + namespace_type: 'single', + os_types: ['linux'], + tags: ['user added string for a tag', 'malware'], + tie_breaker_id: TIE_BREAKER, + type: DETECTION_TYPE, + updated_at: DATE_NOW, + updated_by: 'user_name', + version: VERSION, +}); + export const getTrustedAppsListSchemaMock = (): ExceptionListSchema => { return { ...getExceptionListSchemaMock(), diff --git a/x-pack/plugins/lists/server/scripts/check_env_variables.sh b/x-pack/plugins/lists/server/scripts/check_env_variables.sh index 4df0e42adf9f3..df2354ed8398a 100755 --- a/x-pack/plugins/lists/server/scripts/check_env_variables.sh +++ b/x-pack/plugins/lists/server/scripts/check_env_variables.sh @@ -30,13 +30,3 @@ if [ -z "${KIBANA_URL}" ]; then echo "Set KIBANA_URL in your environment" exit 1 fi - -if [ -z "${TASK_MANAGER_INDEX}" ]; then - echo "Set TASK_MANAGER_INDEX in your environment" - exit 1 -fi - -if [ -z "${KIBANA_INDEX}" ]; then - echo "Set KIBANA_INDEX in your environment" - exit 1 -fi diff --git a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts index f5f6a4f1f2d5a..a780080dabc83 100644 --- a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts +++ b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts @@ -11,6 +11,7 @@ import { getFoundExceptionListSchemaMock } from '../../../common/schemas/respons import { getFoundExceptionListItemSchemaMock } from '../../../common/schemas/response/found_exception_list_item_schema.mock'; import { getExceptionListItemSchemaMock } from '../../../common/schemas/response/exception_list_item_schema.mock'; import { + getDetectionsExceptionListSchemaMock, getExceptionListSchemaMock, getTrustedAppsListSchemaMock, } from '../../../common/schemas/response/exception_list_schema.mock'; @@ -31,10 +32,12 @@ export class ExceptionListClientMock extends ExceptionListClient { public createTrustedAppsList = jest.fn().mockResolvedValue(getTrustedAppsListSchemaMock()); public createEndpointList = jest.fn().mockResolvedValue(getExceptionListSchemaMock()); public exportExceptionListAndItems = jest.fn().mockResolvedValue({ - exportData: 'exportString', + exportData: `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}`, exportDetails: { - exported_exception_list_count: 0, - exported_exception_list_item_count: 0, + exported_exception_list_count: 1, + exported_exception_list_item_count: 1, missing_exception_list_item_count: 0, missing_exception_list_items: [], missing_exception_lists: [], diff --git a/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts b/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts index 8f681cc9de70d..4d687969308bb 100644 --- a/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts +++ b/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts @@ -32,6 +32,13 @@ export type TileMetaFeature = Feature & { properties: { 'hits.total.relation': string; 'hits.total.value': number; + + // For _mvt requests with "aggs" property in request: aggregation statistics returned in the pattern outined below + // aggregations._count.min + // aggregations._count.max + // aggregations..min + // aggregations..max + [key: string]: number | string; }; }; diff --git a/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts b/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts index aba25a6d0babf..ed8830a7c56b6 100644 --- a/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts +++ b/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts @@ -7,6 +7,7 @@ import { IndexPattern } from 'src/plugins/data/public'; import { AGG_TYPE } from '../../../../common/constants'; +import { TileMetaFeature } from '../../../../common/descriptor_types'; import { CountAggField } from './count_agg_field'; import { isMetricCountable } from '../../util/is_metric_countable'; import { CountAggFieldParams } from './agg_field_types'; @@ -104,4 +105,17 @@ export class AggField extends CountAggField { async getCategoricalFieldMetaRequest(size: number): Promise { return this._esDocField ? await this._esDocField.getCategoricalFieldMetaRequest(size) : null; } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + const minField = `aggregations.${this.getName()}.min`; + const maxField = `aggregations.${this.getName()}.max`; + return metaFeature.properties && + typeof metaFeature.properties[minField] === 'number' && + typeof metaFeature.properties[maxField] === 'number' + ? { + min: metaFeature.properties[minField] as number, + max: metaFeature.properties[maxField] as number, + } + : null; + } } diff --git a/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts b/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts index d8301ccd35353..7f38379c1075b 100644 --- a/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts +++ b/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts @@ -9,6 +9,7 @@ import { IndexPattern } from 'src/plugins/data/public'; import { IESAggSource } from '../../sources/es_agg_source'; import { IVectorSource } from '../../sources/vector_source'; import { AGG_TYPE, FIELD_ORIGIN } from '../../../../common/constants'; +import { TileMetaFeature } from '../../../../common/descriptor_types'; import { ITooltipProperty, TooltipProperty } from '../../tooltips/tooltip_property'; import { ESAggTooltipProperty } from '../../tooltips/es_agg_tooltip_property'; import { IESAggField, CountAggFieldParams } from './agg_field_types'; @@ -109,4 +110,17 @@ export class CountAggField implements IESAggField { isEqual(field: IESAggField) { return field.getName() === this.getName(); } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + const minField = `aggregations._count.min`; + const maxField = `aggregations._count.max`; + return metaFeature.properties && + typeof metaFeature.properties[minField] === 'number' && + typeof metaFeature.properties[maxField] === 'number' + ? { + min: metaFeature.properties[minField] as number, + max: metaFeature.properties[maxField] as number, + } + : null; + } } diff --git a/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts b/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts index ccb1cae201548..d0618f64a5e71 100644 --- a/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts +++ b/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts @@ -9,6 +9,7 @@ import { IESAggField } from './agg_field_types'; import { IVectorSource } from '../../sources/vector_source'; import { ITooltipProperty, TooltipProperty } from '../../tooltips/tooltip_property'; import { TOP_TERM_PERCENTAGE_SUFFIX, FIELD_ORIGIN } from '../../../../common/constants'; +import { TileMetaFeature } from '../../../../common/descriptor_types'; export class TopTermPercentageField implements IESAggField { private readonly _topTermAggField: IESAggField; @@ -90,4 +91,8 @@ export class TopTermPercentageField implements IESAggField { isEqual(field: IESAggField) { return field.getName() === this.getName(); } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + return null; + } } diff --git a/x-pack/plugins/maps/public/classes/fields/field.ts b/x-pack/plugins/maps/public/classes/fields/field.ts index dcf6ac54dc836..96d42a91319e1 100644 --- a/x-pack/plugins/maps/public/classes/fields/field.ts +++ b/x-pack/plugins/maps/public/classes/fields/field.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { TileMetaFeature } from '../../../common/descriptor_types'; import { FIELD_ORIGIN } from '../../../common/constants'; import { IVectorSource } from '../sources/vector_source'; import { ITooltipProperty, TooltipProperty } from '../tooltips/tooltip_property'; @@ -39,6 +40,8 @@ export interface IField { supportsFieldMetaFromEs(): boolean; isEqual(field: IField): boolean; + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature): { min: number; max: number } | null; } export class AbstractField implements IField { @@ -114,4 +117,8 @@ export class AbstractField implements IField { isEqual(field: IField) { return this._origin === field.getOrigin() && this._fieldName === field.getName(); } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + return null; + } } diff --git a/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx b/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx index adf92a307a552..577fe60aa2e13 100644 --- a/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx +++ b/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx @@ -309,24 +309,17 @@ export class DynamicStyleProperty pluckOrdinalStyleMetaFromTileMetaFeatures( metaFeatures: TileMetaFeature[] ): RangeFieldMeta | null { - if (!this.isOrdinal()) { + if (!this._field || !this.isOrdinal()) { return null; } - const mbFieldName = this.getMbFieldName(); let min = Infinity; let max = -Infinity; for (let i = 0; i < metaFeatures.length; i++) { - const fieldMeta = metaFeatures[i].properties; - const minField = `aggregations.${mbFieldName}.min`; - const maxField = `aggregations.${mbFieldName}.max`; - if ( - fieldMeta && - typeof fieldMeta[minField] === 'number' && - typeof fieldMeta[maxField] === 'number' - ) { - min = Math.min(fieldMeta[minField] as number, min); - max = Math.max(fieldMeta[maxField] as number, max); + const range = this._field.pluckRangeFromTileMetaFeature(metaFeatures[i]); + if (range) { + min = Math.min(range.min, min); + max = Math.max(range.max, max); } } diff --git a/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx b/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx index 7be72b8430233..4cc182988778d 100644 --- a/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx +++ b/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx @@ -16,7 +16,6 @@ import { EuiRangeProps, } from '@elastic/eui'; import { ANOMALY_THRESHOLD } from '../../../../common'; -import './styles.scss'; export interface SeveritySelectorProps { value: number | undefined; @@ -29,23 +28,23 @@ export const SeverityControl: FC = React.memo(({ value, o const levels: EuiRangeProps['levels'] = [ { min: ANOMALY_THRESHOLD.LOW, - max: ANOMALY_THRESHOLD.MINOR - 1, - color: 'success', + max: ANOMALY_THRESHOLD.MINOR, + color: '#8BC8FB', }, { min: ANOMALY_THRESHOLD.MINOR, - max: ANOMALY_THRESHOLD.MAJOR - 1, - color: 'primary', + max: ANOMALY_THRESHOLD.MAJOR, + color: '#FDEC25', }, { min: ANOMALY_THRESHOLD.MAJOR, max: ANOMALY_THRESHOLD.CRITICAL, - color: 'warning', + color: '#FBA740', }, { min: ANOMALY_THRESHOLD.CRITICAL, max: MAX_ANOMALY_SCORE, - color: 'danger', + color: '#FE5050', }, ]; diff --git a/x-pack/plugins/ml/public/application/components/severity_control/styles.scss b/x-pack/plugins/ml/public/application/components/severity_control/styles.scss deleted file mode 100644 index 9a5fa8f2b160a..0000000000000 --- a/x-pack/plugins/ml/public/application/components/severity_control/styles.scss +++ /dev/null @@ -1,18 +0,0 @@ -// Color overrides are required (https://github.com/elastic/eui/issues/4467) - -.mlSeverityControl { - .euiRangeLevel-- { - &success { - background-color: #8BC8FB; - } - &primary { - background-color: #FDEC25; - } - &warning { - background-color: #FBA740; - } - &danger { - background-color: #FE5050; - } - } -} diff --git a/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx b/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx index 5529f28927028..32994b37fffe3 100644 --- a/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx +++ b/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx @@ -79,8 +79,10 @@ export function DateRangePicker({ seriesId, series }: { seriesId: number; series return ( } endDateControl={ } /> diff --git a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts index c12e67bc9b1ae..aac5ac7136d7a 100644 --- a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts +++ b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts @@ -21,6 +21,7 @@ import { BROWSER_VERSION_LABEL, CLS_LABEL, CORE_WEB_VITALS_LABEL, + DCL_LABEL, DEVICE_DISTRIBUTION_LABEL, DEVICE_LABEL, ENVIRONMENT_LABEL, @@ -50,8 +51,18 @@ import { PAGE_LOAD_TIME_LABEL, LABELS_FIELD, STEP_NAME_LABEL, + STEP_DURATION_LABEL, } from './labels'; -import { SYNTHETICS_STEP_NAME } from './field_names/synthetics'; +import { + MONITOR_DURATION_US, + SYNTHETICS_CLS, + SYNTHETICS_DCL, + SYNTHETICS_DOCUMENT_ONLOAD, + SYNTHETICS_FCP, + SYNTHETICS_LCP, + SYNTHETICS_STEP_DURATION, + SYNTHETICS_STEP_NAME, +} from './field_names/synthetics'; export const DEFAULT_TIME = { from: 'now-1h', to: 'now' }; @@ -73,12 +84,19 @@ export const FieldLabels: Record = { [TBT_FIELD]: TBT_LABEL, [FID_FIELD]: FID_LABEL, [CLS_FIELD]: CLS_LABEL, + + [SYNTHETICS_CLS]: CLS_LABEL, + [SYNTHETICS_DCL]: DCL_LABEL, + [SYNTHETICS_STEP_DURATION]: STEP_DURATION_LABEL, + [SYNTHETICS_LCP]: LCP_LABEL, + [SYNTHETICS_FCP]: FCP_LABEL, + [SYNTHETICS_DOCUMENT_ONLOAD]: PAGE_LOAD_TIME_LABEL, [TRANSACTION_TIME_TO_FIRST_BYTE]: BACKEND_TIME_LABEL, [TRANSACTION_DURATION]: PAGE_LOAD_TIME_LABEL, 'monitor.id': MONITOR_ID_LABEL, 'monitor.status': MONITOR_STATUS_LABEL, - 'monitor.duration.us': MONITORS_DURATION_LABEL, + [MONITOR_DURATION_US]: MONITORS_DURATION_LABEL, [SYNTHETICS_STEP_NAME]: STEP_NAME_LABEL, 'agent.hostname': AGENT_HOST_LABEL, diff --git a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts index e548ec2714e14..63bd7e0cf3e81 100644 --- a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts +++ b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts @@ -16,13 +16,13 @@ import { import { CLS_LABEL, DCL_LABEL, - DOCUMENT_ONLOAD_LABEL, DOWN_LABEL, FCP_LABEL, LCP_LABEL, MONITORS_DURATION_LABEL, STEP_DURATION_LABEL, UP_LABEL, + PAGE_LOAD_TIME_LABEL, } from '../constants/labels'; import { MONITOR_DURATION_US, @@ -128,7 +128,7 @@ export function getSyntheticsKPIConfig({ indexPattern }: ConfigProps): SeriesCon columnFilters: getStepMetricColumnFilter(SYNTHETICS_DCL), }, { - label: DOCUMENT_ONLOAD_LABEL, + label: PAGE_LOAD_TIME_LABEL, field: SYNTHETICS_DOCUMENT_ONLOAD, id: SYNTHETICS_DOCUMENT_ONLOAD, columnType: OPERATION_COLUMN, diff --git a/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx b/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx index 5ad4804f88d5e..3adfb0a1d9c89 100644 --- a/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx @@ -7,58 +7,16 @@ import React from 'react'; import { i18n } from '@kbn/i18n'; -import { ObservabilityPublicPluginsStart } from '../..'; import { getMappedNonEcsValue } from './render_cell_value'; import FilterForValueButton from './filter_for_value'; -import { useKibana } from '../../../../../../src/plugins/kibana_react/public'; import { TimelineNonEcsData } from '../../../../timelines/common/search_strategy'; import { TGridCellAction } from '../../../../timelines/common/types/timeline'; -import { getPageRowIndex, TimelinesUIStart } from '../../../../timelines/public'; +import { getPageRowIndex } from '../../../../timelines/public'; export const FILTER_FOR_VALUE = i18n.translate('xpack.observability.hoverActions.filterForValue', { defaultMessage: 'Filter for value', }); -/** a hook to eliminate the verbose boilerplate required to use common services */ -const useKibanaServices = () => { - const { timelines } = useKibana<{ timelines: TimelinesUIStart }>().services; - const { - services: { - data: { - query: { filterManager }, - }, - }, - } = useKibana(); - - return { timelines, filterManager }; -}; - -/** actions common to all cells (e.g. copy to clipboard) */ -const commonCellActions: TGridCellAction[] = [ - ({ data, pageSize }: { data: TimelineNonEcsData[][]; pageSize: number }) => - ({ rowIndex, columnId, Component }) => { - const { timelines } = useKibanaServices(); - - const value = getMappedNonEcsValue({ - data: data[getPageRowIndex(rowIndex, pageSize)], - fieldName: columnId, - }); - - return ( - <> - {timelines.getHoverActions().getCopyButton({ - Component, - field: columnId, - isHoverAction: false, - ownFocus: false, - showTooltip: false, - value, - })} - - ); - }, -]; - /** actions for adding filters to the search bar */ const buildFilterCellActions = (addToQuery: (value: string) => void): TGridCellAction[] => [ ({ data, pageSize }: { data: TimelineNonEcsData[][]; pageSize: number }) => @@ -80,7 +38,5 @@ const buildFilterCellActions = (addToQuery: (value: string) => void): TGridCellA ]; /** returns the default actions shown in `EuiDataGrid` cells */ -export const getDefaultCellActions = ({ addToQuery }: { addToQuery: (value: string) => void }) => [ - ...buildFilterCellActions(addToQuery), - ...commonCellActions, -]; +export const getDefaultCellActions = ({ addToQuery }: { addToQuery: (value: string) => void }) => + buildFilterCellActions(addToQuery); diff --git a/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx b/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx index 77cac9d482a37..f75ae488c9b28 100644 --- a/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx @@ -11,7 +11,7 @@ import { i18n } from '@kbn/i18n'; export const filterForValueButtonLabel = i18n.translate( 'xpack.observability.hoverActions.filterForValueButtonLabel', { - defaultMessage: 'Filter for value', + defaultMessage: 'Filter in', } ); diff --git a/x-pack/plugins/osquery/common/schemas/common/schemas.ts b/x-pack/plugins/osquery/common/schemas/common/schemas.ts index 2ffb6c5feae54..4547db731ce1b 100644 --- a/x-pack/plugins/osquery/common/schemas/common/schemas.ts +++ b/x-pack/plugins/osquery/common/schemas/common/schemas.ts @@ -55,8 +55,9 @@ export type SavedQueryIdOrUndefined = t.TypeOf; export const ecsMapping = t.record( t.string, - t.type({ + t.partial({ field: t.string, + value: t.string, }) ); export type ECSMapping = t.TypeOf; diff --git a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx index 9da9ac72f273a..e04f783608420 100644 --- a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx +++ b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx @@ -13,7 +13,6 @@ import React, { useCallback, useEffect, useMemo, useState } from 'react'; import { AgentIdToName } from '../agents/agent_id_to_name'; import { useActionResults } from './use_action_results'; -import { useAllResults } from '../results/use_all_results'; import { Direction } from '../../common/search_strategy'; import { useActionResultsPrivileges } from './use_action_privileges'; @@ -70,38 +69,8 @@ const ActionResultsSummaryComponent: React.FC = ({ }); } - const { data: logsResults } = useAllResults({ - actionId, - activePage: pageIndex, - limit: pageSize, - sort: [ - { - field: '@timestamp', - direction: Direction.asc, - }, - ], - isLive, - skip: !hasActionResultsPrivileges, - }); - const renderAgentIdColumn = useCallback((agentId) => , []); - - const renderRowsColumn = useCallback( - (_, item) => { - if (!logsResults) return '-'; - const agentId = item.fields.agent_id[0]; - - return ( - // @ts-expect-error update types - logsResults?.rawResponse?.aggregations?.count_by_agent_id?.buckets?.find( - // @ts-expect-error update types - (bucket) => bucket.key === agentId - )?.doc_count ?? '-' - ); - }, - [logsResults] - ); - + const renderRowsColumn = useCallback((rowsCount) => rowsCount ?? '-', []); const renderStatusColumn = useCallback( (_, item) => { if (!item.fields.completed_at) { @@ -145,7 +114,7 @@ const ActionResultsSummaryComponent: React.FC = ({ render: renderAgentIdColumn, }, { - field: 'fields.rows[0]', + field: '_source.action_response.osquery.count', name: i18n.translate( 'xpack.osquery.liveQueryActionResults.table.resultRowsNumberColumnTitle', { @@ -177,18 +146,9 @@ const ActionResultsSummaryComponent: React.FC = ({ setIsLive(() => { if (!agentIds?.length || expired) return false; - const uniqueAgentsRepliedCount = - // @ts-expect-error update types - logsResults?.rawResponse.aggregations?.unique_agents.value ?? 0; - - return !!(uniqueAgentsRepliedCount !== agentIds?.length - aggregations.failed); + return !!(aggregations.totalResponded !== agentIds?.length); }); - }, [ - agentIds?.length, - aggregations.failed, - expired, - logsResults?.rawResponse.aggregations?.unique_agents, - ]); + }, [agentIds?.length, aggregations.totalResponded, expired]); return edges.length ? ( diff --git a/x-pack/plugins/osquery/public/action_results/use_action_results.ts b/x-pack/plugins/osquery/public/action_results/use_action_results.ts index 29bff0819956a..e4b6ef14eb1e9 100644 --- a/x-pack/plugins/osquery/public/action_results/use_action_results.ts +++ b/x-pack/plugins/osquery/public/action_results/use_action_results.ts @@ -84,6 +84,9 @@ export const useActionResults = ({ const totalResponded = // @ts-expect-error update types responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.doc_count ?? 0; + const totalRowCount = + // @ts-expect-error update types + responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.rows_count?.value ?? 0; const aggsBuckets = // @ts-expect-error update types responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.responses.buckets; @@ -100,6 +103,7 @@ export const useActionResults = ({ ...responseData, edges: reverse(uniqBy('fields.agent_id[0]', flatten([responseData.edges, previousEdges]))), aggregations: { + totalRowCount, totalResponded, // @ts-expect-error update types successful: aggsBuckets?.find((bucket) => bucket.key === 'success')?.doc_count ?? 0, diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json index 2b4a3c8c92f2f..a613c8b576524 100644 --- a/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json +++ b/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json @@ -1 +1 @@ -[{"field":"labels","type":"object","description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","description":"Client network address."},{"field":"client.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"client.bytes","type":"long","description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","description":"Client domain."},{"field":"client.geo.city_name","type":"keyword","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","description":"Country name."},{"field":"client.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","description":"Time zone."},{"field":"client.ip","type":"ip","description":"IP address of the client."},{"field":"client.mac","type":"keyword","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","description":"Client NAT port"},{"field":"client.packets","type":"long","description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","description":"User email address."},{"field":"client.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","description":"Machine type of the host machine."},{"field":"cloud.project.id","type":"keyword","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","description":"The cloud service name."},{"field":"container.id","type":"keyword","description":"Unique container id."},{"field":"container.image.name","type":"keyword","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","description":"Container image tags."},{"field":"container.labels","type":"object","description":"Image labels."},{"field":"container.name","type":"keyword","description":"Container name."},{"field":"container.runtime","type":"keyword","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","description":"Destination network address."},{"field":"destination.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"destination.bytes","type":"long","description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","description":"Destination domain."},{"field":"destination.geo.city_name","type":"keyword","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","description":"Time zone."},{"field":"destination.ip","type":"ip","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"dll.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"dll.name","type":"keyword","description":"Name of the library."},{"field":"dll.path","type":"keyword","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","description":"Process name."},{"field":"dll.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"dll.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"dns.answers","type":"object","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","description":"The DNS response code."},{"field":"dns.type","type":"keyword","description":"The type of DNS event captured, query or answer."},{"field":"error.code","type":"keyword","description":"Error code describing the error."},{"field":"error.id","type":"keyword","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","description":"The action captured by the event."},{"field":"event.category","type":"keyword","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","description":"Identification code for this event."},{"field":"event.created","type":"date","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","description":"Name of the dataset."},{"field":"event.duration","type":"long","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","description":"Source of the event."},{"field":"event.reason","type":"keyword","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","description":"Event reference URL"},{"field":"event.risk_score","type":"float","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","description":"Sequence number of the event."},{"field":"event.severity","type":"long","description":"Numeric severity of the event."},{"field":"event.start","type":"date","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","description":"Event time zone."},{"field":"event.type","type":"keyword","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","description":"Event investigation URL"},{"field":"file.accessed","type":"date","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","description":"File creation time."},{"field":"file.ctime","type":"date","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"file.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"file.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"file.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"file.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"file.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"file.inode","type":"keyword","description":"Inode representing the file in the filesystem."},{"field":"file.mime_type","type":"keyword","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","description":"File owner's username."},{"field":"file.path","type":"keyword","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","description":"Process name."},{"field":"file.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"file.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"file.size","type":"long","description":"File size in bytes."},{"field":"file.target_path","type":"keyword","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","description":"Name of the group."},{"field":"host.cpu.usage","type":"scaled_float","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","description":"Country name."},{"field":"host.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","description":"Time zone."},{"field":"host.name","type":"keyword","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.type","type":"keyword","description":"Type of host."},{"field":"host.uptime","type":"long","description":"Seconds the host has been up."},{"field":"host.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"host.user.email","type":"keyword","description":"User email address."},{"field":"host.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"host.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"host.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"host.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"host.user.group.name","type":"keyword","description":"Name of the group."},{"field":"host.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"host.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"host.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"host.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"host.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"http.request.body.bytes","type":"long","description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","description":"HTTP response status code."},{"field":"http.version","type":"keyword","description":"HTTP version."},{"field":"log.file.path","type":"keyword","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","description":"Name of the logger."},{"field":"log.origin.file.line","type":"integer","description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","description":"The function which originated the log event."},{"field":"log.original","type":"keyword","description":"Deprecated original log message with light interpretation only (encoding, newlines)."},{"field":"log.syslog","type":"object","description":"Syslog metadata"},{"field":"log.syslog.facility.code","type":"long","description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","description":"Syslog text-based facility of the event."},{"field":"log.syslog.priority","type":"long","description":"Syslog priority of the event."},{"field":"log.syslog.severity.code","type":"long","description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","description":"Syslog text-based severity of the event."},{"field":"network.application","type":"keyword","description":"Application level protocol name."},{"field":"network.bytes","type":"long","description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","description":"IANA Protocol Number."},{"field":"network.inner","type":"object","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","description":"L7 Network protocol name."},{"field":"network.transport","type":"keyword","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","description":"Time zone."},{"field":"observer.hostname","type":"keyword","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"observer.os.version","type":"keyword","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","description":"Observer serial number."},{"field":"observer.type","type":"keyword","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.name","type":"keyword","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.name","type":"keyword","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.type","type":"keyword","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"package.architecture","type":"keyword","description":"Package architecture."},{"field":"package.build_version","type":"keyword","description":"Build version information"},{"field":"package.checksum","type":"keyword","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","description":"Time when package was installed."},{"field":"package.license","type":"keyword","description":"Package license"},{"field":"package.name","type":"keyword","description":"Package name"},{"field":"package.path","type":"keyword","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","description":"Package home page or reference URL"},{"field":"package.size","type":"long","description":"Package size in bytes."},{"field":"package.type","type":"keyword","description":"Package type"},{"field":"package.version","type":"keyword","description":"Package version"},{"field":"process.args","type":"keyword","description":"Array of process arguments."},{"field":"process.args_count","type":"long","description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"process.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"process.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"process.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"process.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","description":"Unique identifier for the process."},{"field":"process.executable","type":"keyword","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","description":"The exit code of the process."},{"field":"process.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"process.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"process.name","type":"keyword","description":"Process name."},{"field":"process.name.text","type":"match_only_text","description":"Process name."},{"field":"process.parent.args","type":"keyword","description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"process.parent.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"process.parent.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"process.parent.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","description":"The exit code of the process."},{"field":"process.parent.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"process.parent.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"process.parent.name","type":"keyword","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","description":"Process name."},{"field":"process.parent.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pgid","type":"long","description":"Identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","description":"Process id."},{"field":"process.parent.ppid","type":"long","description":"Parent process' pid."},{"field":"process.parent.start","type":"date","description":"The time the process started."},{"field":"process.parent.thread.id","type":"long","description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","description":"Thread name."},{"field":"process.parent.title","type":"keyword","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","description":"Process title."},{"field":"process.parent.uptime","type":"long","description":"Seconds the process has been up."},{"field":"process.parent.working_directory","type":"keyword","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","description":"Process name."},{"field":"process.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"process.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pgid","type":"long","description":"Identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","description":"Process id."},{"field":"process.ppid","type":"long","description":"Parent process' pid."},{"field":"process.start","type":"date","description":"The time the process started."},{"field":"process.thread.id","type":"long","description":"Thread ID."},{"field":"process.thread.name","type":"keyword","description":"Thread name."},{"field":"process.title","type":"keyword","description":"Process title."},{"field":"process.title.text","type":"match_only_text","description":"Process title."},{"field":"process.uptime","type":"long","description":"Seconds the process has been up."},{"field":"process.working_directory","type":"keyword","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","description":"Name of the value written."},{"field":"related.hash","type":"keyword","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","description":"Rule author"},{"field":"rule.category","type":"keyword","description":"Rule category"},{"field":"rule.description","type":"keyword","description":"Rule description"},{"field":"rule.id","type":"keyword","description":"Rule ID"},{"field":"rule.license","type":"keyword","description":"Rule license"},{"field":"rule.name","type":"keyword","description":"Rule name"},{"field":"rule.reference","type":"keyword","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","description":"Rule UUID"},{"field":"rule.version","type":"keyword","description":"Rule version"},{"field":"server.address","type":"keyword","description":"Server network address."},{"field":"server.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"server.bytes","type":"long","description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","description":"Server domain."},{"field":"server.geo.city_name","type":"keyword","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","description":"Country name."},{"field":"server.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","description":"Time zone."},{"field":"server.ip","type":"ip","description":"IP address of the server."},{"field":"server.mac","type":"keyword","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","description":"Server NAT port"},{"field":"server.packets","type":"long","description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","description":"User email address."},{"field":"server.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","description":"Address of this service."},{"field":"service.environment","type":"keyword","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","description":"Name of the service."},{"field":"service.node.name","type":"keyword","description":"Name of the service node."},{"field":"service.state","type":"keyword","description":"Current state of the service."},{"field":"service.type","type":"keyword","description":"The type of the service."},{"field":"service.version","type":"keyword","description":"Version of the service."},{"field":"source.address","type":"keyword","description":"Source network address."},{"field":"source.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"source.bytes","type":"long","description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","description":"Source domain."},{"field":"source.geo.city_name","type":"keyword","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","description":"Country name."},{"field":"source.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","description":"Time zone."},{"field":"source.ip","type":"ip","description":"IP address of the source."},{"field":"source.mac","type":"keyword","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","description":"Source NAT port"},{"field":"source.packets","type":"long","description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","description":"User email address."},{"field":"source.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.size","type":"long","description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.modified_at","type":"date","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.port","type":"long","description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","description":"Matched indicator index"},{"field":"threat.enrichments.matched.type","type":"keyword","description":"Type of indicator match"},{"field":"threat.framework","type":"keyword","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"threat.indicator.file.inode","type":"keyword","description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","description":"Process name."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.size","type":"long","description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","description":"Indicator TLP marking"},{"field":"threat.indicator.modified_at","type":"date","description":"Date/time indicator was last updated."},{"field":"threat.indicator.port","type":"long","description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"tls.version","type":"keyword","description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","description":"Domain of the url."},{"field":"url.extension","type":"keyword","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","description":"Password of the request."},{"field":"url.path","type":"wildcard","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","description":"User email address."},{"field":"user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","description":"Name of the group."},{"field":"user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","description":"User email address."},{"field":"user.target.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"user_agent.os.version","type":"keyword","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","description":"Severity of the vulnerability."}] \ No newline at end of file +[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"","description":"Client domain."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"","description":"Destination domain."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"host.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"host.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"host.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"host.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"host.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"host.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"host.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"host.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"host.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"host.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"host.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"GET, POST, PUT, PoST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"integer","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 localhost My log","description":"Deprecated original log message with light interpretation only (encoding, newlines)."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"L7 Network protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.ppid","type":"long","normalization":"","example":4241,"description":"Parent process' pid."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.ppid","type":"long","normalization":"","example":4241,"description":"Parent process' pid."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"","description":"Server domain."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"","description":"Source domain."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"High","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"White","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"High","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"WHITE","description":"Indicator TLP marking"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx b/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx index 63b30f5d20c7a..c2ac84ce191da 100644 --- a/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx +++ b/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx @@ -165,16 +165,6 @@ export const OsqueryManagedPolicyCreateImportExtension = React.memo< defaultValue: { config: JSON.stringify(get(newPolicy, 'inputs[0].config.osquery.value', {}), null, 2), }, - serializer: (formData) => { - let config; - try { - // @ts-expect-error update types - config = JSON.parse(formData.config); - } catch (e) { - config = {}; - } - return { config }; - }, schema: { config: { label: i18n.translate('xpack.osquery.fleetIntegration.osqueryConfig.configFieldLabel', { @@ -243,10 +233,16 @@ export const OsqueryManagedPolicyCreateImportExtension = React.memo< if (isValid === undefined) return; const updatedPolicy = produce(newPolicy, (draft) => { - if (isEmpty(config)) { + let parsedConfig; + try { + parsedConfig = JSON.parse(config); + // eslint-disable-next-line no-empty + } catch (e) {} + + if (isEmpty(parsedConfig)) { unset(draft, 'inputs[0].config'); } else { - set(draft, 'inputs[0].config.osquery.value', config); + set(draft, 'inputs[0].config.osquery.value', parsedConfig); } return draft; }); diff --git a/x-pack/plugins/osquery/public/packs/form/index.tsx b/x-pack/plugins/osquery/public/packs/form/index.tsx index f20a26f2791dd..1930227c2dc9e 100644 --- a/x-pack/plugins/osquery/public/packs/form/index.tsx +++ b/x-pack/plugins/osquery/public/packs/form/index.tsx @@ -98,14 +98,17 @@ const PackFormComponent: React.FC = ({ defaultValue, editMode = f description: { type: FIELD_TYPES.TEXT, label: i18n.translate('xpack.osquery.pack.form.descriptionFieldLabel', { - defaultMessage: 'Description', + defaultMessage: 'Description (optional)', }), }, policy_ids: { defaultValue: [], type: FIELD_TYPES.COMBO_BOX, label: i18n.translate('xpack.osquery.pack.form.agentPoliciesFieldLabel', { - defaultMessage: 'Agent policies', + defaultMessage: 'Agent policies (optional)', + }), + helpText: i18n.translate('xpack.osquery.pack.form.agentPoliciesFieldHelpText', { + defaultMessage: 'Queries in this pack are scheduled for agents in the selected policies.', }), }, enabled: { diff --git a/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx b/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx index a32f369922958..0b661c61a9057 100644 --- a/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx +++ b/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx @@ -22,6 +22,7 @@ import { } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage, FormattedDate, FormattedTime, FormattedRelative } from '@kbn/i18n/react'; +import moment from 'moment-timezone'; import { TypedLensByValueInput, @@ -29,7 +30,7 @@ import { PieVisualizationState, } from '../../../lens/public'; import { FilterStateStore, IndexPattern } from '../../../../../src/plugins/data/common'; -import { useKibana, isModifiedEvent, isLeftClickEvent } from '../common/lib/kibana'; +import { useKibana } from '../common/lib/kibana'; import { OsqueryManagerPackagePolicyInputStream } from '../../common/types'; import { ScheduledQueryErrorsTable } from './scheduled_query_errors_table'; import { usePackQueryLastResults } from './use_pack_query_last_results'; @@ -207,8 +208,6 @@ const ViewResultsInLensActionComponent: React.FC { - const openInNewTab = !(!isModifiedEvent(event) && isLeftClickEvent(event)); - event.preventDefault(); lensService?.navigateToPrefilledEditor( @@ -222,7 +221,7 @@ const ViewResultsInLensActionComponent: React.FC + {VIEW_IN_DISCOVER} ); @@ -378,6 +377,7 @@ interface ScheduledQueryLastResultsProps { actionId: string; queryId: string; interval: number; + logsIndexPattern: IndexPattern | undefined; toggleErrors: (payload: { queryId: string; interval: number }) => void; expanded: boolean; } @@ -386,12 +386,10 @@ const ScheduledQueryLastResults: React.FC = ({ actionId, queryId, interval, + logsIndexPattern, toggleErrors, expanded, }) => { - const data = useKibana().services.data; - const [logsIndexPattern, setLogsIndexPattern] = useState(undefined); - const { data: lastResultsData, isFetched } = usePackQueryLastResults({ actionId, interval, @@ -409,15 +407,6 @@ const ScheduledQueryLastResults: React.FC = ({ [queryId, interval, toggleErrors] ); - useEffect(() => { - const fetchLogsIndexPattern = async () => { - const indexPattern = await data.indexPatterns.find('logs-*'); - - setLogsIndexPattern(indexPattern[0]); - }; - fetchLogsIndexPattern(); - }, [data.indexPatterns]); - if (!isFetched || !errorsFetched) { return ; } @@ -518,6 +507,86 @@ const ScheduledQueryLastResults: React.FC = ({ const getPackActionId = (actionId: string, packName: string) => `pack_${packName}_${actionId}`; +interface PackViewInActionProps { + item: { + id: string; + interval: number; + }; + logsIndexPattern: IndexPattern | undefined; + packName: string; + agentIds?: string[]; +} + +const PackViewInDiscoverActionComponent: React.FC = ({ + item, + logsIndexPattern, + packName, + agentIds, +}) => { + const { id, interval } = item; + const actionId = getPackActionId(id, packName); + const { data: lastResultsData } = usePackQueryLastResults({ + actionId, + interval, + logsIndexPattern, + }); + + const startDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).subtract(interval, 'seconds').toISOString() + : `now-${interval}s`; + const endDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).toISOString() + : 'now'; + + return ( + + ); +}; + +const PackViewInDiscoverAction = React.memo(PackViewInDiscoverActionComponent); + +const PackViewInLensActionComponent: React.FC = ({ + item, + logsIndexPattern, + packName, + agentIds, +}) => { + const { id, interval } = item; + const actionId = getPackActionId(id, packName); + const { data: lastResultsData } = usePackQueryLastResults({ + actionId, + interval, + logsIndexPattern, + }); + + const startDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).subtract(interval, 'seconds').toISOString() + : `now-${interval}s`; + const endDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).toISOString() + : 'now'; + + return ( + + ); +}; + +const PackViewInLensAction = React.memo(PackViewInLensActionComponent); + interface PackQueriesStatusTableProps { agentIds?: string[]; data: OsqueryManagerPackagePolicyInputStream[]; @@ -533,6 +602,18 @@ const PackQueriesStatusTableComponent: React.FC = ( Record> >({}); + const indexPatterns = useKibana().services.data.indexPatterns; + const [logsIndexPattern, setLogsIndexPattern] = useState(undefined); + + useEffect(() => { + const fetchLogsIndexPattern = async () => { + const indexPattern = await indexPatterns.find('logs-*'); + + setLogsIndexPattern(indexPattern[0]); + }; + fetchLogsIndexPattern(); + }, [indexPatterns]); + const renderQueryColumn = useCallback( (query: string) => ( @@ -564,6 +645,7 @@ const PackQueriesStatusTableComponent: React.FC = ( const renderLastResultsColumn = useCallback( (item) => ( = ( expanded={!!itemIdToExpandedRowMap[item.id]} /> ), - [itemIdToExpandedRowMap, packName, toggleErrors] + [itemIdToExpandedRowMap, packName, toggleErrors, logsIndexPattern] ); const renderDiscoverResultsAction = useCallback( (item) => ( - ), - [agentIds, packName] + [agentIds, logsIndexPattern, packName] ); const renderLensResultsAction = useCallback( (item) => ( - ), - [agentIds, packName] + [agentIds, logsIndexPattern, packName] ); const getItemId = useCallback( diff --git a/x-pack/plugins/osquery/public/packs/packs_table.tsx b/x-pack/plugins/osquery/public/packs/packs_table.tsx index 3d4efd88b789f..dcca0e2f56596 100644 --- a/x-pack/plugins/osquery/public/packs/packs_table.tsx +++ b/x-pack/plugins/osquery/public/packs/packs_table.tsx @@ -126,7 +126,7 @@ const PacksTableComponent = () => { { field: 'policy_ids', name: i18n.translate('xpack.osquery.packs.table.policyColumnTitle', { - defaultMessage: 'Policies', + defaultMessage: 'Scheduled policies', }), truncateText: true, render: renderAgentPolicy, diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx index f6967f26cfbc2..85f4b3b3f0fad 100644 --- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx @@ -30,6 +30,7 @@ import { EuiTitle, EuiText, EuiIcon, + EuiSuperSelect, } from '@elastic/eui'; import sqlParser from 'js-sql-parser'; import { FormattedMessage } from '@kbn/i18n/react'; @@ -54,7 +55,9 @@ import { getUseField, fieldValidators, ValidationFuncArg, + UseMultiFields, } from '../../shared_imports'; +import { OsqueryIcon } from '../../components/osquery_icon'; export const CommonUseField = getUseField({ component: Field }); @@ -77,6 +80,35 @@ const typeMap = { constant_keyword: 'string', }; +const StyledEuiSuperSelect = styled(EuiSuperSelect)` + &.euiFormControlLayout__prepend { + padding-left: 8px; + padding-right: 24px; + box-shadow: none; + + .euiIcon { + padding: 0; + width: 18px; + background: none; + } + } +`; + +// @ts-expect-error update types +const ResultComboBox = styled(EuiComboBox)` + &.euiComboBox--prepended .euiSuperSelect { + border-right: 1px solid ${(props) => props.theme.eui.euiBorderColor}; + + .euiFormControlLayout__childrenWrapper { + border-radius: 6px 0 0 6px; + + .euiFormControlLayoutIcons--right { + right: 6px; + } + } + } +`; + const StyledFieldIcon = styled(FieldIcon)` width: 32px; @@ -90,6 +122,11 @@ const StyledFieldSpan = styled.span` padding-bottom: 0 !important; `; +// align the icon to the inputs +const StyledSemicolonWrapper = styled.div` + margin-top: 8px; +`; + // align the icon to the inputs const StyledButtonWrapper = styled.div` margin-top: 11px; @@ -115,11 +152,10 @@ interface ECSComboboxFieldProps { idAria?: string; } -export const ECSComboboxField: React.FC = ({ +const ECSComboboxFieldComponent: React.FC = ({ field, euiFieldProps = {}, idAria, - ...rest }) => { const { setValue } = field; const [selectedOptions, setSelected] = useState>>( @@ -179,6 +215,21 @@ export const ECSComboboxField: React.FC = ({ [selectedOptions] ); + const helpText = useMemo(() => { + // @ts-expect-error update types + let text = selectedOptions[0]?.value?.description; + + if (!text) return; + + // @ts-expect-error update types + const example = selectedOptions[0]?.value?.example; + if (example) { + text += ` e.g. ${JSON.stringify(example)}`; + } + + return text; + }, [selectedOptions]); + useEffect(() => { // @ts-expect-error update types setSelected(() => { @@ -193,14 +244,12 @@ export const ECSComboboxField: React.FC = ({ return ( = ({ ); }; +export const ECSComboboxField = React.memo(ECSComboboxFieldComponent); + +const OSQUERY_COLUMN_VALUE_TYPE_OPTIONS = [ + { + value: 'field', + inputDisplay: , + dropdownDisplay: ( + + + + + + + + + + + ), + }, + { + value: 'value', + inputDisplay: , + dropdownDisplay: ( + + + + + + + + + + + ), + }, +]; + interface OsqueryColumnFieldProps { - field: FieldHook; + resultType: FieldHook; + resultValue: FieldHook; euiFieldProps: EuiComboBoxProps; idAria?: string; } -export const OsqueryColumnField: React.FC = ({ - field, +const OsqueryColumnFieldComponent: React.FC = ({ + resultType, + resultValue, euiFieldProps = {}, idAria, - ...rest }) => { - const { setValue } = field; - const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage(field); + const { setValue } = resultValue; + const { setValue: setType } = resultType; + const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage(resultValue); const describedByIds = useMemo(() => (idAria ? [idAria] : []), [idAria]); const [selectedOptions, setSelected] = useState< Array> @@ -269,19 +363,51 @@ export const OsqueryColumnField: React.FC = ({ [setValue, setSelected] ); + const onTypeChange = useCallback( + (newType) => { + if (newType !== resultType.value) { + setType(newType); + } + }, + [setType, resultType.value] + ); + + const handleCreateOption = useCallback( + (newOption) => { + setValue(newOption); + }, + [setValue] + ); + + const Prepend = useMemo( + () => ( + + ), + [onTypeChange, resultType.value] + ); + useEffect(() => { setSelected(() => { - if (!field.value.length) return []; + if (!resultValue.value.length) return []; - const selectedOption = find(euiFieldProps?.options, ['label', field.value]); + const selectedOption = find(euiFieldProps?.options, ['label', resultValue.value]); - return selectedOption ? [selectedOption] : [{ label: field.value }]; + return selectedOption ? [selectedOption] : [{ label: resultValue.value }]; }); - }, [euiFieldProps?.options, setSelected, field.value]); + }, [euiFieldProps?.options, setSelected, resultValue.value]); return ( = ({ fullWidth describedByIds={describedByIds} isDisabled={euiFieldProps.isDisabled} - {...rest} > - = ({ ); }; +export const OsqueryColumnField = React.memo( + OsqueryColumnFieldComponent, + (prevProps, nextProps) => + prevProps.resultType.value === nextProps.resultType.value && + prevProps.resultType.isChangingValue === nextProps.resultType.isChangingValue && + prevProps.resultType.errors === nextProps.resultType.errors && + prevProps.resultValue.value === nextProps.resultValue.value && + prevProps.resultValue.isChangingValue === nextProps.resultValue.isChangingValue && + prevProps.resultValue.errors === nextProps.resultValue.errors && + deepEqual(prevProps.euiFieldProps, nextProps.euiFieldProps) +); + export interface ECSMappingEditorFieldRef { validate: () => Promise< | Record< @@ -344,7 +483,7 @@ const getEcsFieldValidator = )(args); // @ts-expect-error update types - if (fieldRequiredError && ((!editForm && args.formData['value.field'].length) || editForm)) { + if (fieldRequiredError && ((!editForm && args.formData['result.value'].length) || editForm)) { return fieldRequiredError; } @@ -354,7 +493,7 @@ const getEcsFieldValidator = const getOsqueryResultFieldValidator = (osquerySchemaOptions: OsquerySchemaOption[], editForm: boolean) => ( - args: ValidationFuncArg + args: ValidationFuncArg ) => { const fieldRequiredError = fieldValidators.emptyField( i18n.translate('xpack.osquery.pack.queryFlyoutForm.osqueryResultFieldRequiredErrorMessage', { @@ -366,7 +505,8 @@ const getOsqueryResultFieldValidator = return fieldRequiredError; } - if (!args.value.length) return; + // @ts-expect-error update types + if (!args.value?.length || args.formData['result.type'] !== 'field') return; const osqueryColumnExists = find(osquerySchemaOptions, ['label', args.value]); @@ -383,6 +523,7 @@ const getOsqueryResultFieldValidator = }, } ), + __isBlocking__: false, } : undefined; }; @@ -395,7 +536,8 @@ const FORM_DEFAULT_VALUE = { interface ECSMappingEditorFormData { key: string; value: { - field: string; + field?: string; + value?: string; }; } @@ -413,27 +555,44 @@ export const ECSMappingEditorForm = forwardRef ({ + key: data.key ?? '', + result: { + type: data.value + ? Object.keys(data.value)[0] + : OSQUERY_COLUMN_VALUE_TYPE_OPTIONS[0].value, + value: data.value ? Object.values(data.value)[0] : '', + }, + }), }); const { submit, reset, validate, __validateFields } = form; @@ -442,17 +601,25 @@ export const ECSMappingEditorForm = forwardRef { validate(); - __validateFields(['value.field']); + __validateFields(['result.value']); const { data, isValid } = await submit(); if (isValid) { + const serializedData = { + key: data.key, + value: { + [data.result.type]: data.result.value, + }, + }; if (onAdd) { - onAdd(data); + onAdd(serializedData); + } + if (onChange) { + onChange(serializedData); } reset(); } - return { data, isValid }; - }, [validate, __validateFields, submit, onAdd, reset]); + }, [validate, __validateFields, submit, onAdd, onChange, reset]); const handleDeleteClick = useCallback(() => { if (defaultValue?.key && onDelete) { @@ -460,6 +627,37 @@ export const ECSMappingEditorForm = forwardRef ( + + {(fields) => ( + + )} + + ), + [osquerySchemaOptions, isDisabled] + ); + + const ecsComboBoxEuiFieldProps = useMemo(() => ({ isDisabled }), [isDisabled]); + useImperativeHandle( ref, () => ({ @@ -468,35 +666,37 @@ export const ECSMappingEditorForm = forwardRef { - if (onAdd && !deepEqual(formData, currentFormData.current)) { + if (!deepEqual(formData, currentFormData.current)) { currentFormData.current = formData; handleSubmit(); } }, [handleSubmit, formData, onAdd]); - useEffect(() => { - if (onChange && !deepEqual(formData, currentFormData.current)) { - currentFormData.current = formData; - onChange(formData); - } - }, [defaultValue, formData, handleDeleteClick, onChange]); - - useEffect(() => { - if (defaultValue) { - validate(); - __validateFields(['value.field']); - } - }, [defaultValue, osquerySchemaOptions, validate, __validateFields]); + // useEffect(() => { + // if (defaultValue) { + // validate(); + // __validateFields(['result.value']); + // } + // }, [defaultValue, osquerySchemaOptions, validate, __validateFields]); return (
@@ -507,30 +707,19 @@ export const ECSMappingEditorForm = forwardRef - - - + + : + - - - + {MultiFields} {!isDisabled && ( @@ -578,179 +767,175 @@ interface OsqueryColumn { index: boolean; } -export const ECSMappingEditorField = ({ - field, - query, - fieldRef, - euiFieldProps, -}: ECSMappingEditorFieldProps) => { - const { setValue, value = {} } = field; - const [osquerySchemaOptions, setOsquerySchemaOptions] = useState([]); - const formRefs = useRef>({}); - - useImperativeHandle( - fieldRef, - () => ({ - validate: async () => { - const validations = await Promise.all( - Object.values(formRefs.current).map(async (formRef) => { - const { data, isValid } = await formRef.validate(); - return [data, isValid]; - }) - ); +export const ECSMappingEditorField = React.memo( + ({ field, query, fieldRef, euiFieldProps }: ECSMappingEditorFieldProps) => { + const { setValue, value = {} } = field; + const [osquerySchemaOptions, setOsquerySchemaOptions] = useState([]); + const formRefs = useRef>({}); - if (find(validations, (result) => result[1] === false)) { - return false; - } - - return deepmerge.all(map(validations, '[0]')); - }, - }), - [] - ); + useImperativeHandle( + fieldRef, + () => ({ + validate: async () => { + const validations = await Promise.all( + Object.values(formRefs.current).map(async (formRef) => { + const { data, isValid } = await formRef.validate(); + return [data, isValid]; + }) + ); + + if (find(validations, (result) => result[1] === false)) { + return false; + } - useEffect(() => { - setOsquerySchemaOptions((currentValue) => { - if (!query?.length) { - return currentValue; - } + return deepmerge.all(map(validations, '[0]')); + }, + }), + [] + ); - // eslint-disable-next-line @typescript-eslint/no-explicit-any - let ast: Record | undefined; + useEffect(() => { + setOsquerySchemaOptions((currentValue) => { + if (!query?.length) { + return currentValue; + } - try { - ast = sqlParser.parse(query)?.value; - } catch (e) { - return currentValue; - } + // eslint-disable-next-line @typescript-eslint/no-explicit-any + let ast: Record | undefined; - const astOsqueryTables: Record< - string, - { - columns: OsqueryColumn[]; - order: number; + try { + ast = sqlParser.parse(query)?.value; + } catch (e) { + return currentValue; } - > = - ast?.from?.value?.reduce( - ( - acc: { - [x: string]: { - columns: OsqueryColumn[]; - order: number; - }; - }, - table: { - value: { - left?: { value: { value: string }; alias?: { value: string } }; - right?: { value: { value: string }; alias?: { value: string } }; - value?: { value: string }; - alias?: { value: string }; - }; - } - ) => { - each(['value.left', 'value.right', 'value'], (valueKey) => { - if (valueKey) { - const osqueryTable = find(osquerySchema, [ - 'name', - get(table, `${valueKey}.value.value`), - ]); - - if (osqueryTable) { - acc[ - get(table, `${valueKey}.alias.value`) ?? get(table, `${valueKey}.value.value`) - ] = { - columns: osqueryTable.columns, - order: Object.keys(acc).length, - }; - } + + const astOsqueryTables: Record< + string, + { + columns: OsqueryColumn[]; + order: number; + } + > = + ast?.from?.value?.reduce( + ( + acc: { + [x: string]: { + columns: OsqueryColumn[]; + order: number; + }; + }, + table: { + value: { + left?: { value: { value: string }; alias?: { value: string } }; + right?: { value: { value: string }; alias?: { value: string } }; + value?: { value: string }; + alias?: { value: string }; + }; } - }); + ) => { + each(['value.left', 'value.right', 'value'], (valueKey) => { + if (valueKey) { + const osqueryTable = find(osquerySchema, [ + 'name', + get(table, `${valueKey}.value.value`), + ]); + + if (osqueryTable) { + acc[ + get(table, `${valueKey}.alias.value`) ?? get(table, `${valueKey}.value.value`) + ] = { + columns: osqueryTable.columns, + order: Object.keys(acc).length, + }; + } + } + }); - return acc; - }, - {} - ) ?? {}; + return acc; + }, + {} + ) ?? {}; - // Table doesn't exist in osquery schema - if (isEmpty(astOsqueryTables)) { - return currentValue; - } + // Table doesn't exist in osquery schema + if (isEmpty(astOsqueryTables)) { + return currentValue; + } - const suggestions = - isArray(ast?.selectItems?.value) && - ast?.selectItems?.value - ?.map((selectItem: { type: string; value: string; hasAs: boolean; alias?: string }) => { - if (selectItem.type === 'Identifier') { - /* + const suggestions = + isArray(ast?.selectItems?.value) && + ast?.selectItems?.value + ?.map((selectItem: { type: string; value: string; hasAs: boolean; alias?: string }) => { + if (selectItem.type === 'Identifier') { + /* select * from routes, uptime; */ - if (ast?.selectItems?.value.length === 1 && selectItem.value === '*') { - return reduce( - astOsqueryTables, - (acc, { columns: osqueryColumns, order: tableOrder }, table) => { - acc.push( - ...osqueryColumns.map((osqueryColumn) => ({ - label: osqueryColumn.name, - value: { - name: osqueryColumn.name, - description: osqueryColumn.description, - table, - tableOrder, - suggestion_label: osqueryColumn.name, - }, - })) - ); - return acc; - }, - [] as OsquerySchemaOption[] - ); - } + if (ast?.selectItems?.value.length === 1 && selectItem.value === '*') { + return reduce( + astOsqueryTables, + (acc, { columns: osqueryColumns, order: tableOrder }, table) => { + acc.push( + ...osqueryColumns.map((osqueryColumn) => ({ + label: osqueryColumn.name, + value: { + name: osqueryColumn.name, + description: osqueryColumn.description, + table, + tableOrder, + suggestion_label: osqueryColumn.name, + }, + })) + ); + return acc; + }, + [] as OsquerySchemaOption[] + ); + } - /* + /* select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid; */ - const [table, column] = selectItem.value.includes('.') - ? selectItem.value?.split('.') - : [Object.keys(astOsqueryTables)[0], selectItem.value]; - - if (column === '*' && astOsqueryTables[table]) { - const { columns: osqueryColumns, order: tableOrder } = astOsqueryTables[table]; - return osqueryColumns.map((osqueryColumn) => ({ - label: osqueryColumn.name, - value: { - name: osqueryColumn.name, - description: osqueryColumn.description, - table, - tableOrder, - suggestion_label: `${osqueryColumn.name}`, - }, - })); - } + const [table, column] = selectItem.value.includes('.') + ? selectItem.value?.split('.') + : [Object.keys(astOsqueryTables)[0], selectItem.value]; + + if (column === '*' && astOsqueryTables[table]) { + const { columns: osqueryColumns, order: tableOrder } = astOsqueryTables[table]; + return osqueryColumns.map((osqueryColumn) => ({ + label: osqueryColumn.name, + value: { + name: osqueryColumn.name, + description: osqueryColumn.description, + table, + tableOrder, + suggestion_label: `${osqueryColumn.name}`, + }, + })); + } + + if (astOsqueryTables[table]) { + const osqueryColumn = find(astOsqueryTables[table].columns, ['name', column]); + + if (osqueryColumn) { + const label = selectItem.hasAs ? selectItem.alias : column; - if (astOsqueryTables[table]) { - const osqueryColumn = find(astOsqueryTables[table].columns, ['name', column]); - - if (osqueryColumn) { - const label = selectItem.hasAs ? selectItem.alias : column; - - return [ - { - label, - value: { - name: osqueryColumn.name, - description: osqueryColumn.description, - table, - tableOrder: astOsqueryTables[table].order, - suggestion_label: `${label}`, + return [ + { + label, + value: { + name: osqueryColumn.name, + description: osqueryColumn.description, + table, + tableOrder: astOsqueryTables[table].order, + suggestion_label: `${label}`, + }, }, - }, - ]; + ]; + } } } - } - /* + /* SELECT pid, uid, name, ROUND(( (user_time + system_time) / (cpu_time.tsb - cpu_time.itsb) ) * 100, 2) AS percentage @@ -764,161 +949,166 @@ export const ECSMappingEditorField = ({ LIMIT 5; */ - if (selectItem.hasAs && selectItem.alias) { - return [ - { - label: selectItem.alias, - value: { - name: selectItem.alias, - description: '', - table: '', - tableOrder: -1, - suggestion_label: selectItem.alias, + if (selectItem.hasAs && selectItem.alias) { + return [ + { + label: selectItem.alias, + value: { + name: selectItem.alias, + description: '', + table: '', + tableOrder: -1, + suggestion_label: selectItem.alias, + }, }, - }, - ]; - } + ]; + } - return []; - }) - .flat(); + return []; + }) + .flat(); - // Remove column duplicates by keeping the column from the table that appears last in the query - return sortedUniqBy( - orderBy(suggestions, ['value.suggestion_label', 'value.tableOrder'], ['asc', 'desc']), - 'label' - ); - }); - }, [query]); - - const handleAddRow = useCallback( - (newRow) => { - if (newRow?.key && newRow?.value) { - setValue( - produce((draft) => { - draft[newRow.key] = newRow.value; - return draft; - }) + // Remove column duplicates by keeping the column from the table that appears last in the query + return sortedUniqBy( + orderBy(suggestions, ['value.suggestion_label', 'value.tableOrder'], ['asc', 'desc']), + 'label' ); - } - }, - [setValue] - ); + }); + }, [query]); + + const handleAddRow = useCallback( + (newRow) => { + if (newRow?.key && newRow?.value) { + setValue( + produce((draft) => { + draft[newRow.key] = newRow.value; + return draft; + }) + ); + } + }, + [setValue] + ); - const handleUpdateRow = useCallback( - (currentKey: string) => (updatedRow: FormData) => { - if (updatedRow?.key && updatedRow?.value) { - setValue( - produce((draft) => { - if (currentKey !== updatedRow.key) { - delete draft[currentKey]; - } + const handleUpdateRow = useCallback( + (currentKey: string) => (updatedRow: FormData) => { + if (updatedRow?.key && updatedRow?.value) { + setValue( + produce((draft) => { + if (currentKey !== updatedRow.key) { + delete draft[currentKey]; + } - draft[updatedRow.key] = updatedRow.value; + draft[updatedRow.key] = updatedRow.value; - return draft; - }) - ); - } - }, - [setValue] - ); + return draft; + }) + ); + } + }, + [setValue] + ); - const handleDeleteRow = useCallback( - (key) => { - if (key) { - setValue( - produce((draft) => { - if (draft[key]) { - delete draft[key]; - } - return draft; - }) - ); + const handleDeleteRow = useCallback( + (key) => { + if (key) { + setValue( + produce((draft) => { + if (draft[key]) { + delete draft[key]; + } + return draft; + }) + ); - if (formRefs.current[key]) { - delete formRefs.current[key]; + if (formRefs.current[key]) { + delete formRefs.current[key]; + } } - } - }, - [setValue] - ); + }, + [setValue] + ); - return ( - <> - - - -
+ return ( + <> + + + +
+ +
+ + -
- - - - - - - - - - - - - - - - - - - - - {Object.entries(value).map(([ecsKey, ecsValue]) => ( - + + + + + + + + + + + + + + + + + {Object.entries(value).map(([ecsKey, ecsValue]) => ( + { - if (formRef) { - formRefs.current[ecsKey] = formRef; - } - }} - key={ecsKey} - osquerySchemaOptions={osquerySchemaOptions} - // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop - defaultValue={{ - key: ecsKey, - value: ecsValue, - }} - onChange={handleUpdateRow(ecsKey)} - onDelete={handleDeleteRow} - isDisabled={!!euiFieldProps?.isDisabled} - /> - ))} - {!euiFieldProps?.isDisabled && ( - + ))} + {!euiFieldProps?.isDisabled && ( + { - if (formRef) { - formRefs.current.new = formRef; - } - }} - osquerySchemaOptions={osquerySchemaOptions} - onAdd={handleAddRow} - /> - )} - - ); -}; + if (formRef) { + formRefs.current.new = formRef; + } + }} + osquerySchemaOptions={osquerySchemaOptions} + onAdd={handleAddRow} + /> + )} + + ); + }, + (prevProps, nextProps) => + prevProps.field.value === nextProps.field.value && + prevProps.query === nextProps.query && + deepEqual(prevProps.euiFieldProps, nextProps.euiFieldProps) +); // eslint-disable-next-line import/no-default-export export default ECSMappingEditorField; diff --git a/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts b/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts index af3e5b23e80f8..cb84386dbe3ea 100644 --- a/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts +++ b/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts @@ -6,6 +6,7 @@ */ import { useQuery } from 'react-query'; +import moment from 'moment-timezone'; import { IndexPattern } from '../../../../../src/plugins/data/common'; import { useKibana } from '../common/lib/kibana'; @@ -46,13 +47,12 @@ export const usePackQueryLastResults = ({ }); const lastResultsResponse = await lastResultsSearchSource.fetch$().toPromise(); + const timestamp = lastResultsResponse.rawResponse?.hits?.hits[0]?.fields?.['@timestamp'][0]; - const responseId = lastResultsResponse.rawResponse?.hits?.hits[0]?._source?.response_id; - - if (responseId) { + if (timestamp) { const aggsSearchSource = await data.search.searchSource.create({ index: logsIndexPattern, - size: 0, + size: 1, aggs: { unique_agents: { cardinality: { field: 'agent.id' } }, }, @@ -61,13 +61,16 @@ export const usePackQueryLastResults = ({ bool: { filter: [ { - match_phrase: { - action_id: actionId, + range: { + '@timestamp': { + gte: moment(timestamp).subtract(interval, 'seconds').format(), + lte: moment(timestamp).format(), + }, }, }, { match_phrase: { - response_id: responseId, + action_id: actionId, }, }, ], @@ -81,7 +84,7 @@ export const usePackQueryLastResults = ({ '@timestamp': lastResultsResponse.rawResponse?.hits?.hits[0]?.fields?.['@timestamp'], // @ts-expect-error update types uniqueAgentsCount: aggsResponse.rawResponse.aggregations?.unique_agents?.value, - docCount: aggsResponse.rawResponse?.hits?.total, + docCount: aggsResponse?.rawResponse?.hits?.total, }; } diff --git a/x-pack/plugins/osquery/public/results/results_table.tsx b/x-pack/plugins/osquery/public/results/results_table.tsx index 5b8143c874e2b..d1d16730e7982 100644 --- a/x-pack/plugins/osquery/public/results/results_table.tsx +++ b/x-pack/plugins/osquery/public/results/results_table.tsx @@ -291,19 +291,9 @@ const ResultsTableComponent: React.FC = ({ setIsLive(() => { if (!agentIds?.length || expired) return false; - const uniqueAgentsRepliedCount = - // @ts-expect-error-type - allResultsData?.rawResponse.aggregations?.unique_agents.value ?? 0; - - return !!(uniqueAgentsRepliedCount !== agentIds?.length - aggregations.failed); + return !!(aggregations.totalResponded !== agentIds?.length); }), - [ - agentIds?.length, - aggregations.failed, - // @ts-expect-error-type - allResultsData?.rawResponse.aggregations?.unique_agents.value, - expired, - ] + [agentIds?.length, aggregations.failed, aggregations.totalResponded, expired] ); if (!hasActionResultsPrivileges) { @@ -328,7 +318,7 @@ const ResultsTableComponent: React.FC = ({ <> {isLive && } - {isFetched && !allResultsData?.edges.length ? ( + {isFetched && !allResultsData?.edges.length && !aggregations?.totalRowCount ? ( <> diff --git a/x-pack/plugins/osquery/public/routes/packs/list/index.tsx b/x-pack/plugins/osquery/public/routes/packs/list/index.tsx index 945677cade577..6f084e9e6bf25 100644 --- a/x-pack/plugins/osquery/public/routes/packs/list/index.tsx +++ b/x-pack/plugins/osquery/public/routes/packs/list/index.tsx @@ -27,6 +27,16 @@ const PacksPageComponent = () => {

+ + +

+ +

+ + ), [] diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts index a7047dfec82d9..9de40c759c2cf 100644 --- a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts +++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts @@ -24,6 +24,7 @@ export const useSavedQueries = ({ return useQuery( [SAVED_QUERIES_ID, { pageIndex, pageSize, sortField, sortDirection }], () => + // eslint-disable-next-line @typescript-eslint/no-explicit-any http.get('/internal/osquery/saved_query', { query: { pageIndex, pageSize, sortField, sortDirection }, }), @@ -36,6 +37,7 @@ export const useSavedQueries = ({ toastMessage: error.body.message, }); }, + refetchOnWindowFocus: !!isLive, } ); }; diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts index 811550feb38fe..f05f38b8259ce 100644 --- a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts +++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts @@ -26,9 +26,11 @@ export const useSavedQuery = ({ savedQueryId }: UseSavedQueryProps) => { return useQuery( [SAVED_QUERY_ID, { savedQueryId }], + // eslint-disable-next-line @typescript-eslint/no-explicit-any () => http.get(`/internal/osquery/saved_query/${savedQueryId}`), { keepPreviousData: true, + refetchOnWindowFocus: false, onSuccess: (data) => { if (data.error) { setErrorToast(data.error, { diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts index e53750080ef76..07f02a892999c 100644 --- a/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts +++ b/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts @@ -11,7 +11,7 @@ import path from 'path'; import { run } from '@kbn/dev-utils'; -const ECS_COLUMN_SCHEMA_FIELDS = ['field', 'type', 'description']; +const ECS_COLUMN_SCHEMA_FIELDS = ['field', 'type', 'normalization', 'example', 'description']; const RESTRICTED_FIELDS = [ 'agent.name', diff --git a/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts b/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts index a633fe4923aeb..fb2c834f3c74d 100644 --- a/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts +++ b/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts @@ -53,6 +53,11 @@ export const savedQueryType: SavedObjectsType = { hidden: false, namespaceType: 'multiple-isolated', mappings: savedQuerySavedObjectMappings, + management: { + defaultSearchField: 'id', + importableAndExportable: true, + getTitle: (savedObject) => savedObject.attributes.id, + }, }; export const packSavedObjectMappings: SavedObjectsType['mappings'] = { @@ -109,4 +114,9 @@ export const packType: SavedObjectsType = { hidden: false, namespaceType: 'multiple-isolated', mappings: packSavedObjectMappings, + management: { + defaultSearchField: 'name', + importableAndExportable: true, + getTitle: (savedObject) => savedObject.attributes.name, + }, }; diff --git a/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts index 3308a8023dd9e..a84ec5a262a64 100644 --- a/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts +++ b/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts @@ -26,7 +26,7 @@ export const readSavedQueryRoute = (router: IRouter) => { const savedObjectsClient = context.core.savedObjects.client; const savedQuery = await savedObjectsClient.get<{ - ecs_mapping: Array<{ field: string; value: string }>; + ecs_mapping: Array<{ key: string; value: Record }>; }>(savedQuerySavedObjectType, request.params.id); if (savedQuery.attributes.ecs_mapping) { diff --git a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts index c0148087ee8c9..b34999204b8a3 100644 --- a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts +++ b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts @@ -34,7 +34,8 @@ export const updateSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAp schema.recordOf( schema.string(), schema.object({ - field: schema.string(), + field: schema.maybe(schema.string()), + value: schema.maybe(schema.string()), }) ) ), diff --git a/x-pack/plugins/osquery/server/routes/utils.ts b/x-pack/plugins/osquery/server/routes/utils.ts index 136cbc190e46c..62464ec5d6336 100644 --- a/x-pack/plugins/osquery/server/routes/utils.ts +++ b/x-pack/plugins/osquery/server/routes/utils.ts @@ -5,22 +5,24 @@ * 2.0. */ -import { pick, reduce } from 'lodash'; +import { reduce } from 'lodash'; export const convertECSMappingToArray = (ecsMapping: Record | undefined) => ecsMapping ? Object.entries(ecsMapping).map((item) => ({ - value: item[0], - ...item[1], + key: item[0], + value: item[1], })) : undefined; -export const convertECSMappingToObject = (ecsMapping: Array<{ field: string; value: string }>) => +export const convertECSMappingToObject = ( + ecsMapping: Array<{ key: string; value: Record }> +) => reduce( ecsMapping, (acc, value) => { - acc[value.value] = pick(value, 'field'); + acc[value.key] = value.value; return acc; }, - {} as Record + {} as Record ); diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts index 109e260911933..96d5ad60cd54c 100644 --- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts +++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts @@ -46,6 +46,11 @@ export const buildActionResultsQuery = ({ }, }, aggs: { + rows_count: { + sum: { + field: 'action_response.osquery.count', + }, + }, responses: { terms: { script: { diff --git a/x-pack/plugins/reporting/server/deprecations/reporting_role.ts b/x-pack/plugins/reporting/server/deprecations/reporting_role.ts index e4575f9875315..355a83c13a37e 100644 --- a/x-pack/plugins/reporting/server/deprecations/reporting_role.ts +++ b/x-pack/plugins/reporting/server/deprecations/reporting_role.ts @@ -19,8 +19,11 @@ import { ReportingCore } from '../'; import { deprecations } from '../lib/deprecations'; const REPORTING_USER_ROLE_NAME = 'reporting_user'; -const getDocumentationUrl = (branch: string) => - `https://www.elastic.co/guide/en/kibana/${branch}/kibana-privileges.html`; +const getDocumentationUrl = (branch: string) => { + // TODO: remove when docs support "main" + const docBranch = branch === 'main' ? 'master' : branch; + return `https://www.elastic.co/guide/en/kibana/${docBranch}/kibana-privileges.html`; +}; interface ExtraDependencies { reportingCore: ReportingCore; diff --git a/x-pack/plugins/security/server/config_deprecations.ts b/x-pack/plugins/security/server/config_deprecations.ts index 3a71dbb28add2..8b778950036b5 100644 --- a/x-pack/plugins/security/server/config_deprecations.ts +++ b/x-pack/plugins/security/server/config_deprecations.ts @@ -34,6 +34,8 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ // Deprecation warning for the old array-based format of `xpack.security.authc.providers`. (settings, _fromPath, addDeprecation, { branch }) => { if (Array.isArray(settings?.xpack?.security?.authc?.providers)) { + // TODO: remove when docs support "main" + const docsBranch = branch === 'main' ? 'master' : 'main'; addDeprecation({ configPath: 'xpack.security.authc.providers', title: i18n.translate('xpack.security.deprecations.authcProvidersTitle', { @@ -43,7 +45,7 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ defaultMessage: 'Use the new object format instead of an array of provider types.', }), level: 'warning', - documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/security-settings-kb.html#authentication-security-settings`, correctiveActions: { manualSteps: [ i18n.translate('xpack.security.deprecations.authcProviders.manualSteps1', { @@ -59,6 +61,9 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ } }, (settings, _fromPath, addDeprecation, { branch }) => { + // TODO: remove when docs support "main" + const docsBranch = branch === 'main' ? 'master' : 'main'; + const hasProviderType = (providerType: string) => { const providers = settings?.xpack?.security?.authc?.providers; if (Array.isArray(providers)) { @@ -86,7 +91,7 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ values: { tokenProvider }, }), level: 'warning', - documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/security-settings-kb.html#authentication-security-settings`, correctiveActions: { manualSteps: [ i18n.translate('xpack.security.deprecations.basicAndTokenProviders.manualSteps1', { @@ -100,6 +105,8 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ } }, (settings, _fromPath, addDeprecation, { branch }) => { + // TODO: remove when docs support "main" + const docsBranch = branch === 'main' ? 'master' : 'main'; const samlProviders = (settings?.xpack?.security?.authc?.providers?.saml ?? {}) as Record< string, any @@ -119,7 +126,7 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ defaultMessage: 'This setting is no longer used.', }), level: 'warning', - documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/security-settings-kb.html#authentication-security-settings`, correctiveActions: { manualSteps: [ i18n.translate('xpack.security.deprecations.maxRedirectURLSize.manualSteps1', { diff --git a/x-pack/plugins/security/server/deprecations/kibana_user_role.ts b/x-pack/plugins/security/server/deprecations/kibana_user_role.ts index ba32446611a62..9746597aa95b8 100644 --- a/x-pack/plugins/security/server/deprecations/kibana_user_role.ts +++ b/x-pack/plugins/security/server/deprecations/kibana_user_role.ts @@ -98,13 +98,16 @@ async function getUsersDeprecations( return []; } + // TODO: remove when docs support "main" + const docsBranch = packageInfo.branch === 'main' ? 'master' : packageInfo.branch; + return [ { title: getDeprecationTitle(), message: getDeprecationMessage(), level: 'warning', deprecationType: 'feature', - documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${packageInfo.branch}/built-in-roles.html`, + documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${docsBranch}/built-in-roles.html`, correctiveActions: { api: { method: 'POST', @@ -159,13 +162,16 @@ async function getRoleMappingsDeprecations( return []; } + // TODO: remove when docs support "main" + const docsBranch = packageInfo.branch === 'main' ? 'master' : packageInfo.branch; + return [ { title: getDeprecationTitle(), message: getDeprecationMessage(), level: 'warning', deprecationType: 'feature', - documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${packageInfo.branch}/built-in-roles.html`, + documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${docsBranch}/built-in-roles.html`, correctiveActions: { api: { method: 'POST', @@ -193,6 +199,9 @@ async function getRoleMappingsDeprecations( function deprecationError(packageInfo: PackageInfo, error: Error): DeprecationsDetails[] { const title = getDeprecationTitle(); + // TODO: remove when docs support "main" + const docsBranch = packageInfo.branch === 'main' ? 'master' : packageInfo.branch; + if (getErrorStatusCode(error) === 403) { return [ { @@ -202,7 +211,7 @@ function deprecationError(packageInfo: PackageInfo, error: Error): DeprecationsD message: i18n.translate('xpack.security.deprecations.kibanaUser.forbiddenErrorMessage', { defaultMessage: 'You do not have enough permissions to fix this deprecation.', }), - documentationUrl: `https://www.elastic.co/guide/en/kibana/${packageInfo.branch}/xpack-security.html#_required_permissions_7`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/xpack-security.html#_required_permissions_7`, correctiveActions: { manualSteps: [ i18n.translate( diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx index d5f8c2dc74788..89d2f029e9538 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx @@ -80,16 +80,20 @@ export const ArtifactEntryCard = memo( data-test-subj={getTestId('subHeader')} /> - - {!hideDescription && ( - - {artifact.description} - + <> + + + {artifact.description} + + )} {!hideComments ? ( - + <> + + + ) : null} diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx index 743eac7a15458..24244aad3ef99 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx @@ -6,7 +6,14 @@ */ import React, { memo, useCallback, useMemo } from 'react'; -import { CommonProps, EuiExpression, EuiToken, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import { + CommonProps, + EuiExpression, + EuiToken, + EuiFlexGroup, + EuiFlexItem, + EuiBadge, +} from '@elastic/eui'; import styled from 'styled-components'; import { ListOperatorTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; import { @@ -21,6 +28,8 @@ import { CONDITION_OPERATOR_TYPE_MATCH_ANY, CONDITION_OPERATOR_TYPE_EXISTS, CONDITION_OPERATOR_TYPE_LIST, + CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY, + CONDITION_OPERATOR_TYPE_NOT_MATCH, } from './translations'; import { ArtifactInfo, ArtifactInfoEntry } from '../types'; import { useTestIdGenerator } from '../../hooks/use_test_id_generator'; @@ -32,7 +41,7 @@ const OS_LABELS = Object.freeze({ windows: OS_WINDOWS, }); -const OPERATOR_TYPE_LABELS = Object.freeze({ +const OPERATOR_TYPE_LABELS_INCLUDED = Object.freeze({ [ListOperatorTypeEnum.NESTED]: CONDITION_OPERATOR_TYPE_NESTED, [ListOperatorTypeEnum.MATCH_ANY]: CONDITION_OPERATOR_TYPE_MATCH_ANY, [ListOperatorTypeEnum.MATCH]: CONDITION_OPERATOR_TYPE_MATCH, @@ -41,8 +50,13 @@ const OPERATOR_TYPE_LABELS = Object.freeze({ [ListOperatorTypeEnum.LIST]: CONDITION_OPERATOR_TYPE_LIST, }); +const OPERATOR_TYPE_LABELS_EXCLUDED = Object.freeze({ + [ListOperatorTypeEnum.MATCH_ANY]: CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY, + [ListOperatorTypeEnum.MATCH]: CONDITION_OPERATOR_TYPE_NOT_MATCH, +}); + const EuiFlexGroupNested = styled(EuiFlexGroup)` - margin-left: ${({ theme }) => theme.eui.spacerSizes.l}; + margin-left: ${({ theme }) => theme.eui.spacerSizes.xl}; `; const EuiFlexItemNested = styled(EuiFlexItem)` @@ -67,11 +81,30 @@ export const CriteriaConditions = memo( .join(', '); }, [os]); + const getEntryValue = (type: string, value: string | string[]) => { + if (type === 'match_any' && Array.isArray(value)) { + return value.map((currentValue) => {currentValue}); + } + return value; + }; + + const getEntryOperator = (type: string, operator: string) => { + if (type === 'nested') return; + return operator === 'included' + ? OPERATOR_TYPE_LABELS_INCLUDED[type as keyof typeof OPERATOR_TYPE_LABELS_INCLUDED] ?? type + : OPERATOR_TYPE_LABELS_EXCLUDED[type as keyof typeof OPERATOR_TYPE_LABELS_EXCLUDED] ?? type; + }; + const getNestedEntriesContent = useCallback( (type: string, nestedEntries: ArtifactInfoEntry[]) => { if (type === 'nested' && nestedEntries.length) { return nestedEntries.map( - ({ field: nestedField, type: nestedType, value: nestedValue }) => { + ({ + field: nestedField, + type: nestedType, + value: nestedValue, + operator: nestedOperator, + }) => { return ( ( @@ -113,7 +143,7 @@ export const CriteriaConditions = memo( - {entries.map(({ field, type, value, entries: nestedEntries = [] }) => { + {entries.map(({ field, type, value, operator, entries: nestedEntries = [] }) => { return (
( color="subdued" /> {getNestedEntriesContent(type, nestedEntries)}
diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts index b2c0edfb2b9eb..3290a52c1c37d 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts @@ -54,6 +54,13 @@ export const CONDITION_OPERATOR_TYPE_MATCH = i18n.translate( } ); +export const CONDITION_OPERATOR_TYPE_NOT_MATCH = i18n.translate( + 'xpack.securitySolution.artifactCard.conditions.matchOperator.not', + { + defaultMessage: 'IS NOT', + } +); + export const CONDITION_OPERATOR_TYPE_WILDCARD = i18n.translate( 'xpack.securitySolution.artifactCard.conditions.wildcardOperator', { @@ -71,7 +78,14 @@ export const CONDITION_OPERATOR_TYPE_NESTED = i18n.translate( export const CONDITION_OPERATOR_TYPE_MATCH_ANY = i18n.translate( 'xpack.securitySolution.artifactCard.conditions.matchAnyOperator', { - defaultMessage: 'is any', + defaultMessage: 'is one of', + } +); + +export const CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY = i18n.translate( + 'xpack.securitySolution.artifactCard.conditions.matchAnyOperator.not', + { + defaultMessage: 'is not one of', } ); diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap index ea5869f79275f..f22cc1179f0d3 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap @@ -743,7 +743,7 @@ exports[`TrustedAppsGrid renders correctly when loaded data 1`] = `
* Formats alerts before sending to `scheduleActions`. We augment the context with * the equivalent "legacy" alert context so that pre-8.0 actions will continue to work. */ -const formatAlertsForNotificationActions = (alerts: unknown[]) => { +const formatAlertsForNotificationActions = (alerts: unknown[]): unknown[] => { return alerts.map((alert) => isRACAlert(alert) ? { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts index efdaf2377872c..018220e400937 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts @@ -69,4 +69,21 @@ describe('Expand Dotted', () => { flat: 'yep', }); }); + + it('expands non dotted field without changing it other than reference', () => { + const simpleDottedObj = { + test: { value: '123' }, + }; + expect(expandDottedObject(simpleDottedObj)).toEqual(simpleDottedObj); + }); + + it('expands empty object without changing it other than reference', () => { + const simpleDottedObj = {}; + expect(expandDottedObject(simpleDottedObj)).toEqual(simpleDottedObj); + }); + + it('if we allow arrays as a type, it should not touch them', () => { + const simpleDottedObj: string[] = ['hello']; + expect(expandDottedObject(simpleDottedObj)).toEqual(simpleDottedObj); + }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts index 69a9cb8236cbc..f90f589486ff5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts @@ -45,6 +45,9 @@ const expandDottedField = (dottedFieldName: string, val: unknown): object => { * } */ export const expandDottedObject = (dottedObj: object) => { + if (Array.isArray(dottedObj)) { + return dottedObj; + } return Object.entries(dottedObj).reduce( (acc, [key, val]) => merge(acc, expandDottedField(key, val)), {} diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts index 80df4c94971cc..99f5f76be1a7c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts @@ -101,8 +101,8 @@ describe.each([ exceptions_list: getListArrayMock(), }); expect(detailsJson).toEqual({ - exported_exception_list_count: 0, - exported_exception_list_item_count: 0, + exported_exception_list_count: 1, + exported_exception_list_item_count: 1, exported_rules_count: 1, missing_exception_list_item_count: 0, missing_exception_list_items: [], diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts index dd7e59c74601c..614c0ae0a1281 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts @@ -8,15 +8,15 @@ import { ENDPOINT_LIST_ID } from '@kbn/securitysolution-list-constants'; import { getExceptionListClientMock } from '../../../../../lists/server/services/exception_lists/exception_list_client.mock'; +import { getDetectionsExceptionListSchemaMock } from '../../../../../lists/common/schemas/response/exception_list_schema.mock'; +import { getExceptionListItemSchemaMock } from '../../../../../lists/common/schemas/response/exception_list_item_schema.mock'; + import { getRuleExceptionsForExport, getExportableExceptions, getDefaultExportDetails, } from './get_export_rule_exceptions'; -import { - getListArrayMock, - getListMock, -} from '../../../../common/detection_engine/schemas/types/lists.mock'; +import { getListMock } from '../../../../common/detection_engine/schemas/types/lists.mock'; describe('get_export_rule_exceptions', () => { describe('getRuleExceptionsForExport', () => { @@ -36,7 +36,24 @@ describe('get_export_rule_exceptions', () => { getExceptionListClientMock() ); - expect(exportData).toEqual('exportString'); + expect(exportData).toEqual( + `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}` + ); + }); + + test('it does not return duplicate exception lists', async () => { + const { exportData } = await getRuleExceptionsForExport( + [getListMock(), getListMock()], + getExceptionListClientMock() + ); + + expect(exportData).toEqual( + `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}` + ); }); test('it does not return a global endpoint list', async () => { @@ -60,11 +77,15 @@ describe('get_export_rule_exceptions', () => { test('it returns stringified exception lists and items', async () => { // This rule has 2 exception lists tied to it const { exportData } = await getExportableExceptions( - getListArrayMock(), + [getListMock()], getExceptionListClientMock() ); - expect(exportData).toEqual('exportStringexportString'); + expect(exportData).toEqual( + `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}` + ); }); test('it throws error if error occurs in getting exceptions', async () => { @@ -72,7 +93,7 @@ describe('get_export_rule_exceptions', () => { exceptionsClient.exportExceptionListAndItems = jest.fn().mockRejectedValue(new Error('oops')); // This rule has 2 exception lists tied to it await expect(async () => { - await getExportableExceptions(getListArrayMock(), exceptionsClient); + await getExportableExceptions([getListMock()], exceptionsClient); }).rejects.toThrowErrorMatchingInlineSnapshot(`"oops"`); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts index 719649d35c0f0..6faf3fdfe6104 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts @@ -21,10 +21,17 @@ export const getRuleExceptionsForExport = async ( exceptions: ListArray, exceptionsListClient: ExceptionListClient | undefined ): Promise => { + const uniqueExceptionLists = new Set(); + if (exceptionsListClient != null) { - const exceptionsWithoutUnexportableLists = exceptions.filter( - ({ list_id: listId }) => !NON_EXPORTABLE_LIST_IDS.includes(listId) - ); + const exceptionsWithoutUnexportableLists = exceptions.filter((list) => { + if (!uniqueExceptionLists.has(list.id)) { + uniqueExceptionLists.add(list.id); + return !NON_EXPORTABLE_LIST_IDS.includes(list.list_id); + } else { + return false; + } + }); return getExportableExceptions(exceptionsWithoutUnexportableLists, exceptionsListClient); } else { return { exportData: '', exportDetails: getDefaultExportDetails() }; @@ -72,9 +79,9 @@ export const getExportableExceptions = async ( }; /** - * Creates promises of the rules and returns them. + * Creates promises of the exceptions to be exported and returns them. * @param exceptionsListClient Exception Lists client - * @param exceptions The rules to apply the update for + * @param exceptions The exceptions to be exported * @returns Promise of export ready exceptions. */ export const createPromises = ( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh index 4df0e42adf9f3..df2354ed8398a 100755 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh @@ -30,13 +30,3 @@ if [ -z "${KIBANA_URL}" ]; then echo "Set KIBANA_URL in your environment" exit 1 fi - -if [ -z "${TASK_MANAGER_INDEX}" ]; then - echo "Set TASK_MANAGER_INDEX in your environment" - exit 1 -fi - -if [ -z "${KIBANA_INDEX}" ]; then - echo "Set KIBANA_INDEX in your environment" - exit 1 -fi diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts index 48def86203e95..8da9267daabac 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts @@ -8,6 +8,7 @@ import moment from 'moment'; import sinon from 'sinon'; import { TransportResult } from '@elastic/elasticsearch'; +import { ALERT_UUID } from '@kbn/rule-data-utils'; import { alertsMock, AlertServicesMock } from '../../../../../alerting/server/mocks'; import { listMock } from '../../../../../lists/server/mocks'; @@ -41,6 +42,7 @@ import { getValidDateFromDoc, calculateTotal, getTotalHitsValue, + isRACAlert, } from './utils'; import { BulkResponseErrorAggregation, SearchAfterAndBulkCreateReturnType } from './types'; import { @@ -1519,4 +1521,52 @@ describe('utils', () => { expect(calculateTotal(undefined, 2)).toBe(-1); }); }); + + describe('isRACAlert', () => { + test('alert with dotted fields returns true', () => { + expect( + isRACAlert({ + [ALERT_UUID]: '123', + }) + ).toEqual(true); + }); + + test('alert with nested fields returns true', () => { + expect( + isRACAlert({ + kibana: { + alert: { uuid: '123' }, + }, + }) + ).toEqual(true); + }); + + test('undefined returns false', () => { + expect(isRACAlert(undefined)).toEqual(false); + }); + + test('null returns false', () => { + expect(isRACAlert(null)).toEqual(false); + }); + + test('number returns false', () => { + expect(isRACAlert(5)).toEqual(false); + }); + + test('string returns false', () => { + expect(isRACAlert('a')).toEqual(false); + }); + + test('array returns false', () => { + expect(isRACAlert([])).toEqual(false); + }); + + test('empty object returns false', () => { + expect(isRACAlert({})).toEqual(false); + }); + + test('alert with null value returns false', () => { + expect(isRACAlert({ 'kibana.alert.uuid': null })).toEqual(false); + }); + }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts index 7cdcae96490a9..8a59d71fe74ec 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts @@ -986,7 +986,7 @@ export const isWrappedRACAlert = (event: SimpleHit): event is WrappedRACAlert => }; export const isRACAlert = (event: unknown): event is RACAlert => { - return (event as RACAlert)?.[ALERT_UUID] != null; + return get(event, ALERT_UUID) != null; }; export const racFieldMappings: Record = { diff --git a/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts b/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts index d541ffb5684da..5d513c645a862 100644 --- a/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts +++ b/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts @@ -46,7 +46,10 @@ export function logHealthMetrics( } const message = `Latest Monitored Stats: ${JSON.stringify(monitoredHealth)}`; - const docLink = `https://www.elastic.co/guide/en/kibana/${kibanaPackageJson.branch}/task-manager-health-monitoring.html`; + // TODO: remove when docs support "main" + const docsBranch = kibanaPackageJson.branch === 'main' ? 'master' : 'main'; + + const docLink = `https://www.elastic.co/guide/en/kibana/${docsBranch}/task-manager-health-monitoring.html`; const detectedProblemMessage = `Task Manager detected a degradation in performance. This is usually temporary, and Kibana can recover automatically. If the problem persists, check the docs for troubleshooting information: ${docLink} .`; if (enabled) { const driftInSeconds = (monitoredHealth.stats.runtime?.value.drift.p99 ?? 0) / 1000; diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 2786cab4fe963..8ac619d479bef 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -100,6 +100,49 @@ } } }, + "count_actions_executions_per_day": { + "type": "long" + }, + "count_actions_executions_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } + }, "count_active_email_connectors_by_service_type": { "properties": { "DYNAMIC_KEY": { @@ -127,6 +170,92 @@ }, "count_actions_namespaces": { "type": "long" + }, + "count_actions_executions_failed_per_day": { + "type": "long" + }, + "count_actions_executions_failed_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } + }, + "avg_execution_time_per_day": { + "type": "long" + }, + "avg_execution_time_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } } } }, @@ -352,6 +481,633 @@ }, "count_rules_namespaces": { "type": "long" + }, + "count_rules_executions_per_day": { + "type": "long" + }, + "count_rules_executions_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "count_rules_executions_failured_per_day": { + "type": "long" + }, + "count_rules_executions_failured_by_reason_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "read": { + "type": "long" + }, + "decrypt": { + "type": "long" + }, + "license": { + "type": "long" + }, + "unknown": { + "type": "long" + } + } + }, + "count_rules_executions_failured_by_reason_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "read": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "decrypt": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "license": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "unknown": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + } + } + }, + "avg_execution_time_per_day": { + "type": "long" + }, + "avg_execution_time_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } } } }, diff --git a/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx index 9e43c16fd5e6f..29766a5b8a1f5 100644 --- a/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx +++ b/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx @@ -146,7 +146,14 @@ const EuiDataGridContainer = styled.div<{ hideLastPage: boolean }>` } `; -const FIELDS_WITHOUT_CELL_ACTIONS = ['@timestamp', 'signal.rule.risk_score', 'signal.reason']; +// TODO: accept extra list of column ids without actions from callsites +const FIELDS_WITHOUT_CELL_ACTIONS = [ + '@timestamp', + 'signal.rule.risk_score', + 'signal.reason', + 'kibana.alert.duration.us', + 'kibana.alert.reason', +]; const hasCellActions = (columnId?: string) => columnId && FIELDS_WITHOUT_CELL_ACTIONS.indexOf(columnId) < 0; const transformControlColumns = ({ diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 7ab4c7d31d745..857e97daa3515 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -1359,11 +1359,7 @@ "core.ui.primaryNav.pinnedLinksAriaLabel": "ピン留めされたリンク", "core.ui.primaryNav.screenReaderLabel": "プライマリ", "core.ui.primaryNav.toggleNavAriaLabel": "プライマリナビゲーションを切り替える", - "core.ui.primaryNavSection.dockAriaLabel": "プライマリナビゲーションリンクを固定する", - "core.ui.primaryNavSection.dockLabel": "ナビゲーションを固定する", "core.ui.primaryNavSection.screenReaderLabel": "プライマリナビゲーションリンク、{category}", - "core.ui.primaryNavSection.undockAriaLabel": "プライマリナビゲーションリンクの固定を解除する", - "core.ui.primaryNavSection.undockLabel": "ナビゲーションの固定を解除する", "core.ui.publicBaseUrlWarning.configMissingDescription": "{configKey}が見つかりません。本番環境を実行するときに構成してください。一部の機能が正常に動作しない場合があります。", "core.ui.publicBaseUrlWarning.configMissingTitle": "構成がありません", "core.ui.publicBaseUrlWarning.muteWarningButtonLabel": "ミュート警告", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 1208277001cb9..6c860a5b2cc4d 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -1375,11 +1375,7 @@ "core.ui.primaryNav.pinnedLinksAriaLabel": "置顶链接", "core.ui.primaryNav.screenReaderLabel": "主分片", "core.ui.primaryNav.toggleNavAriaLabel": "切换主导航", - "core.ui.primaryNavSection.dockAriaLabel": "停靠主导航", - "core.ui.primaryNavSection.dockLabel": "停靠导航", "core.ui.primaryNavSection.screenReaderLabel": "主导航链接, {category}", - "core.ui.primaryNavSection.undockAriaLabel": "取消停靠主导航", - "core.ui.primaryNavSection.undockLabel": "取消停靠导航", "core.ui.publicBaseUrlWarning.configMissingDescription": "{configKey} 缺失,在生产环境中运行时应配置。某些功能可能运行不正常。", "core.ui.publicBaseUrlWarning.configMissingTitle": "配置缺失", "core.ui.publicBaseUrlWarning.muteWarningButtonLabel": "静音警告", diff --git a/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts b/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts index 7b181ac2cf50c..040f0a83e84ab 100644 --- a/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts +++ b/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts @@ -27,6 +27,11 @@ export const JourneyStepType = t.intersection([ lt: t.string, }), }), + observer: t.type({ + geo: t.type({ + name: t.string, + }), + }), synthetics: t.partial({ error: t.partial({ message: t.string, diff --git a/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx b/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx index 54f73fb39a52a..f8776f74b780e 100644 --- a/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx +++ b/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx @@ -36,6 +36,7 @@ export const StepScreenshots = ({ step }: Props) => { timestamp: step['@timestamp'], monitorId: step.monitor.id, stepIndex: step.synthetics?.step?.index!, + location: step.observer?.geo?.name, }); } }, [step._id, step['@timestamp']]); diff --git a/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx b/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx index 7aa763c15ca1f..e1f43cfebdbb2 100644 --- a/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx +++ b/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx @@ -228,6 +228,9 @@ const browserConsoleStep = { _id: 'IvT1oXwB5ds00bB_FVXP', observer: { hostname: '16Elastic', + geo: { + name: 'au-heartbeat', + }, }, agent: { name: '16Elastic', diff --git a/x-pack/plugins/uptime/public/state/api/journey.ts b/x-pack/plugins/uptime/public/state/api/journey.ts index b982da90d9dc5..05d4a9e356919 100644 --- a/x-pack/plugins/uptime/public/state/api/journey.ts +++ b/x-pack/plugins/uptime/public/state/api/journey.ts @@ -51,10 +51,12 @@ export async function fetchLastSuccessfulStep({ monitorId, timestamp, stepIndex, + location, }: { monitorId: string; timestamp: string; stepIndex: number; + location?: string; }): Promise { return await apiService.get( `/api/uptime/synthetics/step/success/`, @@ -62,6 +64,7 @@ export async function fetchLastSuccessfulStep({ monitorId, timestamp, stepIndex, + location, }, JourneyStepType ); diff --git a/x-pack/plugins/uptime/server/lib/lib.ts b/x-pack/plugins/uptime/server/lib/lib.ts index 894bf743499f9..fbd0494a3ca82 100644 --- a/x-pack/plugins/uptime/server/lib/lib.ts +++ b/x-pack/plugins/uptime/server/lib/lib.ts @@ -59,8 +59,6 @@ export function createUptimeESClient({ request?: KibanaRequest; savedObjectsClient: SavedObjectsClientContract | ISavedObjectsRepository; }) { - const { _inspect = false } = (request?.query as { _inspect: boolean }) ?? {}; - return { baseESClient: esClient, async search( @@ -101,10 +99,9 @@ export function createUptimeESClient({ startTime: startTimeNow, }) ); - } - - if (_inspect && request) { - debugESCall({ startTime, request, esError, operationName: 'search', params: esParams }); + if (request) { + debugESCall({ startTime, request, esError, operationName: 'search', params: esParams }); + } } if (esError) { @@ -129,8 +126,9 @@ export function createUptimeESClient({ } catch (e) { esError = e; } + const inspectableEsQueries = inspectableEsQueriesMap.get(request!); - if (_inspect && request) { + if (inspectableEsQueries && request) { debugESCall({ startTime, request, esError, operationName: 'count', params: esParams }); } diff --git a/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.test.ts b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.test.ts new file mode 100644 index 0000000000000..63274bf64536c --- /dev/null +++ b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.test.ts @@ -0,0 +1,132 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getLastSuccessfulStepParams } from './get_last_successful_step'; + +describe('getLastSuccessfulStep', () => { + describe('getLastSuccessfulStepParams', () => { + it('formats ES params with location', () => { + const monitorId = 'my-monitor'; + const stepIndex = 1; + const location = 'au-heartbeat'; + const timestamp = '2021-10-31T19:47:52.392Z'; + const params = getLastSuccessfulStepParams({ + monitorId, + stepIndex, + location, + timestamp, + }); + + expect(params).toEqual({ + query: { + bool: { + filter: [ + { + range: { + '@timestamp': { + lte: '2021-10-31T19:47:52.392Z', + }, + }, + }, + { + term: { + 'monitor.id': monitorId, + }, + }, + { + term: { + 'synthetics.type': 'step/end', + }, + }, + { + term: { + 'synthetics.step.status': 'succeeded', + }, + }, + { + term: { + 'synthetics.step.index': stepIndex, + }, + }, + { + term: { + 'observer.geo.name': location, + }, + }, + ], + }, + }, + size: 1, + sort: [ + { + '@timestamp': { + order: 'desc', + }, + }, + ], + }); + }); + + it('formats ES params without location', () => { + const params = getLastSuccessfulStepParams({ + monitorId: 'my-monitor', + stepIndex: 1, + location: undefined, + timestamp: '2021-10-31T19:47:52.392Z', + }); + + expect(params).toEqual({ + query: { + bool: { + filter: [ + { + range: { + '@timestamp': { + lte: '2021-10-31T19:47:52.392Z', + }, + }, + }, + { + term: { + 'monitor.id': 'my-monitor', + }, + }, + { + term: { + 'synthetics.type': 'step/end', + }, + }, + { + term: { + 'synthetics.step.status': 'succeeded', + }, + }, + { + term: { + 'synthetics.step.index': 1, + }, + }, + ], + must_not: { + exists: { + field: 'observer.geo.name', + }, + }, + }, + }, + size: 1, + sort: [ + { + '@timestamp': { + order: 'desc', + }, + }, + ], + }); + }); + }); +}); diff --git a/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts index e096cdaa65b86..d6862b93c8cd4 100644 --- a/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts +++ b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts @@ -13,13 +13,16 @@ export interface GetStepScreenshotParams { monitorId: string; timestamp: string; stepIndex: number; + location?: string; } -export const getStepLastSuccessfulStep: UMElasticsearchQueryFn< - GetStepScreenshotParams, - JourneyStep | null -> = async ({ uptimeEsClient, monitorId, stepIndex, timestamp }) => { - const lastSuccessCheckParams: estypes.SearchRequest['body'] = { +export const getLastSuccessfulStepParams = ({ + monitorId, + stepIndex, + timestamp, + location, +}: GetStepScreenshotParams): estypes.SearchRequest['body'] => { + return { size: 1, sort: [ { @@ -58,10 +61,40 @@ export const getStepLastSuccessfulStep: UMElasticsearchQueryFn< 'synthetics.step.index': stepIndex, }, }, + ...(location + ? [ + { + term: { + 'observer.geo.name': location, + }, + }, + ] + : []), ], + ...(!location + ? { + must_not: { + exists: { + field: 'observer.geo.name', + }, + }, + } + : {}), }, }, }; +}; + +export const getStepLastSuccessfulStep: UMElasticsearchQueryFn< + GetStepScreenshotParams, + JourneyStep | null +> = async ({ uptimeEsClient, monitorId, stepIndex, timestamp, location }) => { + const lastSuccessCheckParams = getLastSuccessfulStepParams({ + monitorId, + stepIndex, + timestamp, + location, + }); const { body: result } = await uptimeEsClient.search({ body: lastSuccessCheckParams }); diff --git a/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts b/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts index 5d1407a8679c8..81539459172cc 100644 --- a/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts +++ b/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts @@ -22,16 +22,18 @@ export const createLastSuccessfulStepRoute: UMRestApiRouteFactory = (libs: UMSer monitorId: schema.string(), stepIndex: schema.number(), timestamp: schema.string(), + location: schema.maybe(schema.string()), }), }, handler: async ({ uptimeEsClient, request, response }) => { - const { timestamp, monitorId, stepIndex } = request.query; + const { timestamp, monitorId, stepIndex, location } = request.query; const step: JourneyStep | null = await libs.requests.getStepLastSuccessfulStep({ uptimeEsClient, monitorId, stepIndex, timestamp, + location, }); if (step === null) { diff --git a/x-pack/plugins/watcher/public/legacy/calc_es_interval.js b/x-pack/plugins/watcher/public/legacy/calc_es_interval.ts similarity index 83% rename from x-pack/plugins/watcher/public/legacy/calc_es_interval.js rename to x-pack/plugins/watcher/public/legacy/calc_es_interval.ts index 29f0f0f56d38d..cae88b797ea4f 100644 --- a/x-pack/plugins/watcher/public/legacy/calc_es_interval.js +++ b/x-pack/plugins/watcher/public/legacy/calc_es_interval.ts @@ -7,7 +7,7 @@ import dateMath from '@elastic/datemath'; -import { parseEsInterval } from './index'; +import { parseEsInterval } from './parse_es_interval'; const unitsDesc = dateMath.unitsDesc; const largeMax = unitsDesc.indexOf('M'); @@ -17,10 +17,9 @@ const largeMax = unitsDesc.indexOf('M'); * compatible expression, and provide * associated metadata * - * @param {moment.duration} duration - * @return {object} + * @param duration */ -export function convertDurationToNormalizedEsInterval(duration) { +export function convertDurationToNormalizedEsInterval(duration: moment.Duration) { for (let i = 0; i < unitsDesc.length; i++) { const unit = unitsDesc[i]; const val = duration.as(unit); @@ -35,7 +34,7 @@ export function convertDurationToNormalizedEsInterval(duration) { return { value: val, - unit: unit, + unit, expression: val + unit, }; } @@ -49,7 +48,7 @@ export function convertDurationToNormalizedEsInterval(duration) { }; } -export function convertIntervalToEsInterval(interval) { +export function convertIntervalToEsInterval(interval: string) { const { value, unit } = parseEsInterval(interval); return { value, diff --git a/x-pack/scripts/functional_tests_server.js b/x-pack/scripts/functional_tests_server.js old mode 100644 new mode 100755 diff --git a/x-pack/test/accessibility/apps/reporting.ts b/x-pack/test/accessibility/apps/reporting.ts index bccb650fa08ca..91356ef85972b 100644 --- a/x-pack/test/accessibility/apps/reporting.ts +++ b/x-pack/test/accessibility/apps/reporting.ts @@ -16,7 +16,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const reporting = getService('reporting'); - const esArchiver = getService('esArchiver'); const security = getService('security'); describe('Reporting', () => { @@ -33,17 +32,13 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { }; before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); - + await reporting.initLogs(); await createReportingUser(); await reporting.loginReportingUser(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); - + await reporting.teardownLogs(); await deleteReportingUser(); }); diff --git a/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts b/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts index c7b6bbb84436f..24cf4699d952c 100644 --- a/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts +++ b/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts @@ -58,7 +58,11 @@ export default function ({ getService }: FtrProviderContext) { }, strategy: 'securitySolutionSearchStrategy', }); - expect(networkDns.rawResponse.aggregations?.dns_count).to.eql({ value: 6604 }); + // This can have a odd unknown flake if we do anything more strict than this. + const dnsCount = networkDns.rawResponse.aggregations?.dns_count as unknown as { + value: number; + }; + expect(dnsCount.value).to.be.above(0); }); }); }); diff --git a/x-pack/test/apm_api_integration/tests/errors/distribution.ts b/x-pack/test/apm_api_integration/tests/errors/distribution.ts index 4f4b457de86bd..487b5ff8a12c9 100644 --- a/x-pack/test/apm_api_integration/tests/errors/distribution.ts +++ b/x-pack/test/apm_api_integration/tests/errors/distribution.ts @@ -4,7 +4,6 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { service, timerange } from '@elastic/apm-synthtrace'; import expect from '@kbn/expect'; import { first, last, sumBy } from 'lodash'; import { isFiniteNumber } from '../../../../plugins/apm/common/utils/is_finite_number'; @@ -15,6 +14,7 @@ import { import { RecursivePartial } from '../../../../plugins/apm/typings/common'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { registry } from '../../common/registry'; +import { config, generateData } from './generate_data'; type ErrorsDistribution = APIReturnType<'GET /internal/apm/services/{serviceName}/errors/distribution'>; @@ -65,59 +65,9 @@ export default function ApiTest({ getService }: FtrProviderContext) { { config: 'basic', archives: ['apm_mappings_only_8.0.0'] }, () => { describe('errors distribution', () => { - const appleTransaction = { - name: 'GET /apple 🍎 ', - successRate: 75, - failureRate: 25, - }; - const bananaTransaction = { - name: 'GET /banana 🍌', - successRate: 50, - failureRate: 50, - }; - + const { appleTransaction, bananaTransaction } = config; before(async () => { - const serviceGoProdInstance = service(serviceName, 'production', 'go').instance( - 'instance-a' - ); - - const interval = '1m'; - - const indices = [appleTransaction, bananaTransaction] - .map((transaction, index) => { - return [ - ...timerange(start, end) - .interval(interval) - .rate(transaction.successRate) - .flatMap((timestamp) => - serviceGoProdInstance - .transaction(transaction.name) - .timestamp(timestamp) - .duration(1000) - .success() - .serialize() - ), - ...timerange(start, end) - .interval(interval) - .rate(transaction.failureRate) - .flatMap((timestamp) => - serviceGoProdInstance - .transaction(transaction.name) - .errors( - serviceGoProdInstance - .error(`Error ${index}`, transaction.name) - .timestamp(timestamp) - ) - .duration(1000) - .timestamp(timestamp) - .failure() - .serialize() - ), - ]; - }) - .flatMap((_) => _); - - await synthtraceEsClient.index(indices); + await generateData({ serviceName, start, end, synthtraceEsClient }); }); after(() => synthtraceEsClient.clean()); @@ -154,48 +104,83 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); describe('with comparison', () => { - let errorsDistribution: ErrorsDistribution; - before(async () => { - const fiveMinutes = 5 * 60 * 1000; - const response = await callApi({ - query: { - start: new Date(end - fiveMinutes).toISOString(), - end: new Date(end).toISOString(), - comparisonStart: new Date(start).toISOString(), - comparisonEnd: new Date(start + fiveMinutes).toISOString(), - }, + describe('when data is returned', () => { + let errorsDistribution: ErrorsDistribution; + before(async () => { + const fiveMinutes = 5 * 60 * 1000; + const response = await callApi({ + query: { + start: new Date(end - fiveMinutes).toISOString(), + end: new Date(end).toISOString(), + comparisonStart: new Date(start).toISOString(), + comparisonEnd: new Date(start + fiveMinutes).toISOString(), + }, + }); + errorsDistribution = response.body; }); - errorsDistribution = response.body; - }); - it('returns some data', () => { - const hasCurrentPeriodData = errorsDistribution.currentPeriod.some(({ y }) => - isFiniteNumber(y) - ); + it('returns some data', () => { + const hasCurrentPeriodData = errorsDistribution.currentPeriod.some(({ y }) => + isFiniteNumber(y) + ); - const hasPreviousPeriodData = errorsDistribution.previousPeriod.some(({ y }) => - isFiniteNumber(y) - ); + const hasPreviousPeriodData = errorsDistribution.previousPeriod.some(({ y }) => + isFiniteNumber(y) + ); - expect(hasCurrentPeriodData).to.equal(true); - expect(hasPreviousPeriodData).to.equal(true); - }); + expect(hasCurrentPeriodData).to.equal(true); + expect(hasPreviousPeriodData).to.equal(true); + }); - it('has same start time for both periods', () => { - expect(first(errorsDistribution.currentPeriod)?.x).to.equal( - first(errorsDistribution.previousPeriod)?.x - ); - }); + it('has same start time for both periods', () => { + expect(first(errorsDistribution.currentPeriod)?.x).to.equal( + first(errorsDistribution.previousPeriod)?.x + ); + }); - it('has same end time for both periods', () => { - expect(last(errorsDistribution.currentPeriod)?.x).to.equal( - last(errorsDistribution.previousPeriod)?.x - ); + it('has same end time for both periods', () => { + expect(last(errorsDistribution.currentPeriod)?.x).to.equal( + last(errorsDistribution.previousPeriod)?.x + ); + }); + + it('returns same number of buckets for both periods', () => { + expect(errorsDistribution.currentPeriod.length).to.equal( + errorsDistribution.previousPeriod.length + ); + }); }); - it('returns same number of buckets for both periods', () => { - expect(errorsDistribution.currentPeriod.length).to.equal( - errorsDistribution.previousPeriod.length - ); + describe('when no data is returned', () => { + let errorsDistribution: ErrorsDistribution; + before(async () => { + const response = await callApi({ + query: { + start: '2021-01-03T00:00:00.000Z', + end: '2021-01-03T00:15:00.000Z', + comparisonStart: '2021-01-02T00:00:00.000Z', + comparisonEnd: '2021-01-02T00:15:00.000Z', + }, + }); + errorsDistribution = response.body; + }); + + it('has same start time for both periods', () => { + expect(first(errorsDistribution.currentPeriod)?.x).to.equal( + first(errorsDistribution.previousPeriod)?.x + ); + }); + + it('has same end time for both periods', () => { + expect(last(errorsDistribution.currentPeriod)?.x).to.equal( + last(errorsDistribution.previousPeriod)?.x + ); + }); + + it('returns same number of buckets for both periods', () => { + expect(errorsDistribution.currentPeriod.length).to.equal( + errorsDistribution.previousPeriod.length + ); + }); }); }); }); diff --git a/x-pack/test/apm_api_integration/tests/errors/error_group_list.ts b/x-pack/test/apm_api_integration/tests/errors/error_group_list.ts new file mode 100644 index 0000000000000..4b5cbf4a2662a --- /dev/null +++ b/x-pack/test/apm_api_integration/tests/errors/error_group_list.ts @@ -0,0 +1,150 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import expect from '@kbn/expect'; +import { service, timerange } from '@elastic/apm-synthtrace'; +import { + APIClientRequestParamsOf, + APIReturnType, +} from '../../../../plugins/apm/public/services/rest/createCallApmApi'; +import { RecursivePartial } from '../../../../plugins/apm/typings/common'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { registry } from '../../common/registry'; + +type ErrorGroups = APIReturnType<'GET /internal/apm/services/{serviceName}/errors'>['errorGroups']; + +export default function ApiTest({ getService }: FtrProviderContext) { + const apmApiClient = getService('apmApiClient'); + const synthtraceEsClient = getService('synthtraceEsClient'); + + const serviceName = 'synth-go'; + const start = new Date('2021-01-01T00:00:00.000Z').getTime(); + const end = new Date('2021-01-01T00:15:00.000Z').getTime() - 1; + + async function callApi( + overrides?: RecursivePartial< + APIClientRequestParamsOf<'GET /internal/apm/services/{serviceName}/errors'>['params'] + > + ) { + return await apmApiClient.readUser({ + endpoint: `GET /internal/apm/services/{serviceName}/errors`, + params: { + path: { serviceName, ...overrides?.path }, + query: { + start: new Date(start).toISOString(), + end: new Date(end).toISOString(), + environment: 'ENVIRONMENT_ALL', + kuery: '', + ...overrides?.query, + }, + }, + }); + } + + registry.when('when data is not loaded', { config: 'basic', archives: [] }, () => { + it('handles empty state', async () => { + const response = await callApi(); + expect(response.status).to.be(200); + expect(response.body.errorGroups).to.empty(); + }); + }); + + registry.when( + 'when data is loaded', + { config: 'basic', archives: ['apm_mappings_only_8.0.0'] }, + () => { + describe('errors group', () => { + const appleTransaction = { + name: 'GET /apple 🍎 ', + successRate: 75, + failureRate: 25, + }; + + const bananaTransaction = { + name: 'GET /banana 🍌', + successRate: 50, + failureRate: 50, + }; + + before(async () => { + const serviceInstance = service(serviceName, 'production', 'go').instance('instance-a'); + + await synthtraceEsClient.index([ + ...timerange(start, end) + .interval('1m') + .rate(appleTransaction.successRate) + .flatMap((timestamp) => + serviceInstance + .transaction(appleTransaction.name) + .timestamp(timestamp) + .duration(1000) + .success() + .serialize() + ), + ...timerange(start, end) + .interval('1m') + .rate(appleTransaction.failureRate) + .flatMap((timestamp) => + serviceInstance + .transaction(appleTransaction.name) + .errors(serviceInstance.error('error 1', 'foo').timestamp(timestamp)) + .duration(1000) + .timestamp(timestamp) + .failure() + .serialize() + ), + ...timerange(start, end) + .interval('1m') + .rate(bananaTransaction.successRate) + .flatMap((timestamp) => + serviceInstance + .transaction(bananaTransaction.name) + .timestamp(timestamp) + .duration(1000) + .success() + .serialize() + ), + ...timerange(start, end) + .interval('1m') + .rate(bananaTransaction.failureRate) + .flatMap((timestamp) => + serviceInstance + .transaction(bananaTransaction.name) + .errors(serviceInstance.error('error 2', 'bar').timestamp(timestamp)) + .duration(1000) + .timestamp(timestamp) + .failure() + .serialize() + ), + ]); + }); + + after(() => synthtraceEsClient.clean()); + + describe('returns the correct data', () => { + let errorGroups: ErrorGroups; + before(async () => { + const response = await callApi(); + errorGroups = response.body.errorGroups; + }); + + it('returns correct number of errors', () => { + expect(errorGroups.length).to.equal(2); + expect(errorGroups.map((error) => error.message).sort()).to.eql(['error 1', 'error 2']); + }); + + it('returns correct occurences', () => { + const numberOfBuckets = 15; + expect(errorGroups.map((error) => error.occurrenceCount).sort()).to.eql([ + appleTransaction.failureRate * numberOfBuckets, + bananaTransaction.failureRate * numberOfBuckets, + ]); + }); + }); + }); + } + ); +} diff --git a/x-pack/test/apm_api_integration/tests/errors/generate_data.ts b/x-pack/test/apm_api_integration/tests/errors/generate_data.ts new file mode 100644 index 0000000000000..f7874b1c61495 --- /dev/null +++ b/x-pack/test/apm_api_integration/tests/errors/generate_data.ts @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { service, SynthtraceEsClient, timerange } from '@elastic/apm-synthtrace'; + +export const config = { + appleTransaction: { + name: 'GET /apple 🍎 ', + successRate: 75, + failureRate: 25, + }, + bananaTransaction: { + name: 'GET /banana 🍌', + successRate: 50, + failureRate: 50, + }, +}; + +export async function generateData({ + synthtraceEsClient, + serviceName, + start, + end, +}: { + synthtraceEsClient: SynthtraceEsClient; + serviceName: string; + start: number; + end: number; +}) { + const serviceGoProdInstance = service(serviceName, 'production', 'go').instance('instance-a'); + + const interval = '1m'; + + const { bananaTransaction, appleTransaction } = config; + + const documents = [appleTransaction, bananaTransaction] + .map((transaction, index) => { + return [ + ...timerange(start, end) + .interval(interval) + .rate(transaction.successRate) + .flatMap((timestamp) => + serviceGoProdInstance + .transaction(transaction.name) + .timestamp(timestamp) + .duration(1000) + .success() + .serialize() + ), + ...timerange(start, end) + .interval(interval) + .rate(transaction.failureRate) + .flatMap((timestamp) => + serviceGoProdInstance + .transaction(transaction.name) + .errors( + serviceGoProdInstance.error(`Error ${index}`, transaction.name).timestamp(timestamp) + ) + .duration(1000) + .timestamp(timestamp) + .failure() + .serialize() + ), + ]; + }) + .flatMap((_) => _); + + await synthtraceEsClient.index(documents); +} diff --git a/x-pack/test/apm_api_integration/tests/errors/group_id.ts b/x-pack/test/apm_api_integration/tests/errors/group_id.ts new file mode 100644 index 0000000000000..ef9e293355a7f --- /dev/null +++ b/x-pack/test/apm_api_integration/tests/errors/group_id.ts @@ -0,0 +1,92 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import expect from '@kbn/expect'; +import { + APIClientRequestParamsOf, + APIReturnType, +} from '../../../../plugins/apm/public/services/rest/createCallApmApi'; +import { RecursivePartial } from '../../../../plugins/apm/typings/common'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { registry } from '../../common/registry'; +import { config, generateData } from './generate_data'; + +type ErrorsDistribution = + APIReturnType<'GET /internal/apm/services/{serviceName}/errors/{groupId}'>; + +export default function ApiTest({ getService }: FtrProviderContext) { + const apmApiClient = getService('apmApiClient'); + const synthtraceEsClient = getService('synthtraceEsClient'); + + const serviceName = 'synth-go'; + const start = new Date('2021-01-01T00:00:00.000Z').getTime(); + const end = new Date('2021-01-01T00:15:00.000Z').getTime() - 1; + + async function callApi( + overrides?: RecursivePartial< + APIClientRequestParamsOf<'GET /internal/apm/services/{serviceName}/errors/{groupId}'>['params'] + > + ) { + const response = await apmApiClient.readUser({ + endpoint: 'GET /internal/apm/services/{serviceName}/errors/{groupId}', + params: { + path: { + serviceName, + groupId: 'foo', + ...overrides?.path, + }, + query: { + start: new Date(start).toISOString(), + end: new Date(end).toISOString(), + environment: 'ENVIRONMENT_ALL', + kuery: '', + ...overrides?.query, + }, + }, + }); + return response; + } + + registry.when('when data is not loaded', { config: 'basic', archives: [] }, () => { + it('handles the empty state', async () => { + const response = await callApi(); + expect(response.status).to.be(200); + expect(response.body.occurrencesCount).to.be(0); + }); + }); + + registry.when( + 'when data is loaded', + { config: 'basic', archives: ['apm_mappings_only_8.0.0'] }, + () => { + const { bananaTransaction } = config; + describe('error group id', () => { + before(async () => { + await generateData({ serviceName, start, end, synthtraceEsClient }); + }); + + after(() => synthtraceEsClient.clean()); + + describe('return correct data', () => { + let errorsDistribution: ErrorsDistribution; + before(async () => { + const response = await callApi({ + path: { groupId: '0000000000000000000000000Error 1' }, + }); + errorsDistribution = response.body; + }); + + it('displays correct number of occurrences', () => { + const numberOfBuckets = 15; + expect(errorsDistribution.occurrencesCount).to.equal( + bananaTransaction.failureRate * numberOfBuckets + ); + }); + }); + }); + } + ); +} diff --git a/x-pack/test/apm_api_integration/tests/index.ts b/x-pack/test/apm_api_integration/tests/index.ts index 29b40b6ff62cf..46966834a176e 100644 --- a/x-pack/test/apm_api_integration/tests/index.ts +++ b/x-pack/test/apm_api_integration/tests/index.ts @@ -241,10 +241,19 @@ export default function apmApiIntegrationTests(providerContext: FtrProviderConte loadTestFile(require.resolve('./latency/service_apis')); }); + // Errors + describe('errors/group_id', function () { + loadTestFile(require.resolve('./errors/group_id')); + }); + describe('errors/distribution', function () { loadTestFile(require.resolve('./errors/distribution')); }); + describe('errors/error_group_list', function () { + loadTestFile(require.resolve('./errors/error_group_list')); + }); + // Dependencies describe('dependencies/metadata', function () { loadTestFile(require.resolve('./dependencies/metadata')); diff --git a/x-pack/test/detection_engine_api_integration/utils.ts b/x-pack/test/detection_engine_api_integration/utils.ts index ae769bd01b52d..848dbc8fd50af 100644 --- a/x-pack/test/detection_engine_api_integration/utils.ts +++ b/x-pack/test/detection_engine_api_integration/utils.ts @@ -809,16 +809,18 @@ export const getSimpleRuleOutputWithWebHookAction = (actionId: string): Partial< export const waitFor = async ( functionToTest: () => Promise, functionName: string, - maxTimeout: number = 20000, - timeoutWait: number = 10 + maxTimeout: number = 800000, + timeoutWait: number = 250 ): Promise => { let found = false; let numberOfTries = 0; - - while (!found && numberOfTries < Math.floor(maxTimeout / timeoutWait)) { + const maxTries = Math.floor(maxTimeout / timeoutWait); + while (!found && numberOfTries < maxTries) { if (await functionToTest()) { found = true; } else { + // eslint-disable-next-line no-console + console.log(`Try number ${numberOfTries} out of ${maxTries} for function ${functionName}`); numberOfTries++; } @@ -940,9 +942,9 @@ export const createRule = async ( if (rule.rule_id != null) { // eslint-disable-next-line no-console console.log( - `When creating a rule found an unexpected conflict (409), will attempt a cleanup and one time re-try. This usually indicates a bad cleanup or race condition within the tests: ${JSON.stringify( + `Did not get an expected 200 "ok" when creating a rule (createRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body - )}` + )}, status: ${JSON.stringify(response.status)}` ); await deleteRule(supertest, rule.rule_id); const secondResponseTry = await supertest @@ -986,7 +988,7 @@ export const deleteRule = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" when deleting the rule. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" when deleting the rule (deleteRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -1023,12 +1025,19 @@ export const updateRule = async ( supertest: SuperTest.SuperTest, updatedRule: UpdateRulesSchema ): Promise => { - const { body } = await supertest + const response = await supertest .put(DETECTION_ENGINE_RULES_URL) .set('kbn-xsrf', 'true') - .send(updatedRule) - .expect(200); - return body; + .send(updatedRule); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when updating a rule (updateRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1037,12 +1046,19 @@ export const updateRule = async ( * @param supertest The supertest deps */ export const createNewAction = async (supertest: SuperTest.SuperTest) => { - const { body } = await supertest + const response = await supertest .post('/api/actions/action') .set('kbn-xsrf', 'true') - .send(getWebHookAction()) - .expect(200); - return body; + .send(getWebHookAction()); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when creating a new action. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1059,14 +1075,21 @@ export const findImmutableRuleById = async ( total: number; data: FullResponseSchema[]; }> => { - const { body } = await supertest + const response = await supertest .get( `${DETECTION_ENGINE_RULES_URL}/_find?filter=alert.attributes.tags: "${INTERNAL_IMMUTABLE_KEY}:true" AND alert.attributes.tags: "${INTERNAL_RULE_ID_KEY}:${ruleId}"` ) .set('kbn-xsrf', 'true') - .send() - .expect(200); - return body; + .send(); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when finding an immutable rule by id (findImmutableRuleById). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1077,12 +1100,20 @@ export const findImmutableRuleById = async ( export const getPrePackagedRulesStatus = async ( supertest: SuperTest.SuperTest ): Promise => { - const { body } = await supertest + const response = await supertest .get(`${DETECTION_ENGINE_PREPACKAGED_URL}/_status`) .set('kbn-xsrf', 'true') - .send() - .expect(200); - return body; + .send(); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a pre-packaged rule status. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1104,9 +1135,9 @@ export const createExceptionList = async ( if (exceptionList.list_id != null) { // eslint-disable-next-line no-console console.log( - `When creating an exception list found an unexpected conflict (409), will attempt a cleanup and one time re-try. This usually indicates a bad cleanup or race condition within the tests: ${JSON.stringify( + `When creating an exception list found an unexpected conflict (409) creating an exception list (createExceptionList), will attempt a cleanup and one time re-try. This usually indicates a bad cleanup or race condition within the tests: ${JSON.stringify( response.body - )}` + )}, status: ${JSON.stringify(response.status)}` ); await deleteExceptionList(supertest, exceptionList.list_id); const secondResponseTry = await supertest @@ -1152,7 +1183,7 @@ export const deleteExceptionList = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" when deleting an exception list. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" when deleting an exception list (deleteExceptionList). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -1179,7 +1210,7 @@ export const createExceptionListItem = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" when creating an exception list item. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" when creating an exception list item (createExceptionListItem). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -1197,11 +1228,19 @@ export const getRule = async ( supertest: SuperTest.SuperTest, ruleId: string ): Promise => { - const { body } = await supertest + const response = await supertest .get(`${DETECTION_ENGINE_RULES_URL}?rule_id=${ruleId}`) - .set('kbn-xsrf', 'true') - .expect(200); - return body; + .set('kbn-xsrf', 'true'); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a rule (getRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; export const waitForAlertToComplete = async ( @@ -1209,11 +1248,16 @@ export const waitForAlertToComplete = async ( id: string ): Promise => { await waitFor(async () => { - const { body: alertBody } = await supertest - .get(`/api/alerts/alert/${id}/state`) - .set('kbn-xsrf', 'true') - .expect(200); - return alertBody.previousStartedAt != null; + const response = await supertest.get(`/api/alerts/alert/${id}/state`).set('kbn-xsrf', 'true'); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for an alert to complete (waitForAlertToComplete). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body.previousStartedAt != null; }, 'waitForAlertToComplete'); }; @@ -1229,12 +1273,28 @@ export const waitForRuleSuccessOrStatus = async ( ): Promise => { await waitFor(async () => { try { - const { body } = await supertest + const response = await supertest .post(`${DETECTION_ENGINE_RULES_URL}/_find_statuses`) .set('kbn-xsrf', 'true') - .send({ ids: [id] }) - .expect(200); - return body[id]?.current_status?.status === status; + .send({ ids: [id] }); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for a rule success or status (waitForRuleSuccessOrStatus). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + if (response.body[id]?.current_status?.status !== status) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected status of ${status} while waiting for a rule success or status for rule id ${id} (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + + return response.body[id]?.current_status?.status === status; } catch (e) { if ((e as Error).message.includes('got 503 "Service Unavailable"')) { return false; @@ -1274,11 +1334,21 @@ export const getSignalsByRuleIds = async ( supertest: SuperTest.SuperTest, ruleIds: string[] ): Promise> => { - const { body: signalsOpen }: { body: estypes.SearchResponse } = await supertest + const response = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalsRuleId(ruleIds)) - .expect(200); + .send(getQuerySignalsRuleId(ruleIds)); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a signal by rule_id (getSignalsByRuleIds). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + + const { body: signalsOpen }: { body: estypes.SearchResponse } = response; return signalsOpen; }; @@ -1293,11 +1363,20 @@ export const getSignalsByIds = async ( ids: string[], size?: number ): Promise> => { - const { body: signalsOpen }: { body: estypes.SearchResponse } = await supertest + const response = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalsId(ids, size)) - .expect(200); + .send(getQuerySignalsId(ids, size)); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a signal by id. CI issues could happen (getSignalsByIds). Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + const { body: signalsOpen }: { body: estypes.SearchResponse } = response; return signalsOpen; }; @@ -1310,11 +1389,20 @@ export const getSignalsById = async ( supertest: SuperTest.SuperTest, id: string ): Promise> => { - const { body: signalsOpen }: { body: estypes.SearchResponse } = await supertest + const response = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalsId([id])) - .expect(200); + .send(getQuerySignalsId([id])); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting signals by id (getSignalsById). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + const { body: signalsOpen }: { body: estypes.SearchResponse } = response; return signalsOpen; }; @@ -1322,10 +1410,19 @@ export const installPrePackagedRules = async ( supertest: SuperTest.SuperTest ): Promise => { await countDownTest(async () => { - const { status } = await supertest + const { status, body } = await supertest .put(DETECTION_ENGINE_PREPACKAGED_URL) .set('kbn-xsrf', 'true') .send(); + if (status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when installing pre-packaged rules (installPrePackagedRules) yet. Retrying until we get a 200 "ok". body: ${JSON.stringify( + body + )}, status: ${JSON.stringify(status)}` + ); + } + return status === 200; }, 'installPrePackagedRules'); }; @@ -1480,12 +1577,19 @@ export const createRuleWithExceptionEntries = async ( exceptions_list: [...maybeExceptionList, ...maybeEndpointList], }; const ruleResponse = await createRule(supertest, ruleWithException); - await supertest + const response = await supertest .patch(DETECTION_ENGINE_RULES_URL) .set('kbn-xsrf', 'true') - .send({ rule_id: ruleResponse.rule_id, enabled: true }) - .expect(200); + .send({ rule_id: ruleResponse.rule_id, enabled: true }); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when patching a rule with exception entries (createRuleWithExceptionEntries). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } return ruleResponse; }; @@ -1542,14 +1646,22 @@ export const startSignalsMigration = async ({ supertest: SuperTest.SuperTest; indices: string[]; }): Promise => { - const { - body: { indices: created }, - }: { body: { indices: CreateMigrationResponse[] } } = await supertest + const response = await supertest .post(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) .set('kbn-xsrf', 'true') - .send({ index: indices }) - .expect(200); + .send({ index: indices }); + const { + body: { indices: created }, + }: { body: { indices: CreateMigrationResponse[] } } = response; + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when starting a signals migration (startSignalsMigration). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } return created; }; @@ -1566,14 +1678,22 @@ export const finalizeSignalsMigration = async ({ supertest: SuperTest.SuperTest; migrationIds: string[]; }): Promise => { - const { - body: { migrations }, - }: { body: { migrations: FinalizeMigrationResponse[] } } = await supertest + const response = await supertest .post(DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL) .set('kbn-xsrf', 'true') - .send({ migration_ids: migrationIds }) - .expect(200); + .send({ migration_ids: migrationIds }); + const { + body: { migrations }, + }: { body: { migrations: FinalizeMigrationResponse[] } } = response; + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when finalizing signals migration (finalizeSignalsMigration). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } return migrations; }; diff --git a/x-pack/test/examples/embedded_lens/embedded_example.ts b/x-pack/test/examples/embedded_lens/embedded_example.ts index 3a0891079f24e..d11495f0450b4 100644 --- a/x-pack/test/examples/embedded_lens/embedded_example.ts +++ b/x-pack/test/examples/embedded_lens/embedded_example.ts @@ -16,8 +16,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const retry = getService('retry'); async function checkData() { - const data = await elasticChart.getChartDebugData(); - expect(data!.bars![0].bars.length).to.eql(24); + await retry.try(async () => { + const data = await elasticChart.getChartDebugData(); + expect(data!.bars![0].bars.length).to.eql(24); + }); } describe('show and save', () => { diff --git a/x-pack/test/fleet_cypress/agent.ts b/x-pack/test/fleet_cypress/agent.ts new file mode 100644 index 0000000000000..e05a21c6a63e3 --- /dev/null +++ b/x-pack/test/fleet_cypress/agent.ts @@ -0,0 +1,114 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ToolingLog } from '@kbn/dev-utils'; +import axios, { AxiosRequestConfig } from 'axios'; +import { ChildProcess, spawn } from 'child_process'; +import { getLatestVersion } from './artifact_manager'; +import { Manager } from './resource_manager'; + +interface AgentManagerParams { + user: string; + password: string; + kibanaUrl: string; + esHost: string; +} + +export class AgentManager extends Manager { + private params: AgentManagerParams; + private log: ToolingLog; + private agentProcess?: ChildProcess; + private requestOptions: AxiosRequestConfig; + constructor(params: AgentManagerParams, log: ToolingLog) { + super(); + this.log = log; + this.params = params; + this.requestOptions = { + headers: { + 'kbn-xsrf': 'kibana', + }, + auth: { + username: this.params.user, + password: this.params.password, + }, + }; + } + + public async setup() { + this.log.info('Running agent preconfig'); + return await axios.post( + `${this.params.kibanaUrl}/api/fleet/agents/setup`, + {}, + this.requestOptions + ); + } + + public async startAgent() { + this.log.info('Getting agent enrollment key'); + const { data: apiKeys } = await axios.get( + this.params.kibanaUrl + '/api/fleet/enrollment-api-keys', + this.requestOptions + ); + const policy = apiKeys.list[1]; + + this.log.info('Running the agent'); + + const artifact = `docker.elastic.co/beats/elastic-agent:${await getLatestVersion()}`; + this.log.info(artifact); + + const args = [ + 'run', + '--add-host', + 'host.docker.internal:host-gateway', + '--env', + 'FLEET_ENROLL=1', + '--env', + `FLEET_URL=http://host.docker.internal:8220`, + '--env', + `FLEET_ENROLLMENT_TOKEN=${policy.api_key}`, + '--env', + 'FLEET_INSECURE=true', + '--rm', + artifact, + ]; + + this.agentProcess = spawn('docker', args, { stdio: 'inherit' }); + + // Wait til we see the agent is online + let done = false; + let retries = 0; + while (!done) { + await new Promise((r) => setTimeout(r, 5000)); + const { data: agents } = await axios.get( + `${this.params.kibanaUrl}/api/fleet/agents`, + this.requestOptions + ); + done = agents.list[0]?.status === 'online'; + if (++retries > 12) { + this.log.error('Giving up on enrolling the agent after a minute'); + throw new Error('Agent timed out while coming online'); + } + } + + return { policyId: policy.policy_id as string }; + } + + protected _cleanup() { + this.log.info('Cleaning up the agent process'); + if (this.agentProcess) { + if (!this.agentProcess.kill(9)) { + this.log.warning('Unable to kill agent process'); + } + + this.agentProcess.on('close', () => { + this.log.info('Agent process closed'); + }); + delete this.agentProcess; + } + return; + } +} diff --git a/x-pack/test/fleet_cypress/artifact_manager.ts b/x-pack/test/fleet_cypress/artifact_manager.ts new file mode 100644 index 0000000000000..aea0eb8bbec86 --- /dev/null +++ b/x-pack/test/fleet_cypress/artifact_manager.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import axios from 'axios'; +import { last } from 'lodash'; + +export async function getLatestVersion(): Promise { + const response: any = await axios('https://artifacts-api.elastic.co/v1/versions'); + return last(response.data.versions as string[]) || '8.0.0-SNAPSHOT'; +} diff --git a/x-pack/test/fleet_cypress/cli_config.ts b/x-pack/test/fleet_cypress/cli_config.ts new file mode 100644 index 0000000000000..b8eb78e6a4abc --- /dev/null +++ b/x-pack/test/fleet_cypress/cli_config.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +import { FleetCypressCliTestRunner } from './runner'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const cypressConfig = await readConfigFile(require.resolve('./config.ts')); + return { + ...cypressConfig.getAll(), + + testRunner: FleetCypressCliTestRunner, + }; +} diff --git a/x-pack/test/fleet_cypress/config.ts b/x-pack/test/fleet_cypress/config.ts new file mode 100644 index 0000000000000..14898f81aac12 --- /dev/null +++ b/x-pack/test/fleet_cypress/config.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +import { CA_CERT_PATH } from '@kbn/dev-utils'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const kibanaCommonTestsConfig = await readConfigFile( + require.resolve('../../../test/common/config.js') + ); + const xpackFunctionalTestsConfig = await readConfigFile( + require.resolve('../functional/config.js') + ); + + return { + ...kibanaCommonTestsConfig.getAll(), + + esTestCluster: { + ...xpackFunctionalTestsConfig.get('esTestCluster'), + serverArgs: [ + ...xpackFunctionalTestsConfig.get('esTestCluster.serverArgs'), + // define custom es server here + // API Keys is enabled at the top level + 'xpack.security.enabled=true', + 'http.host=0.0.0.0', + ], + }, + + kbnTestServer: { + ...xpackFunctionalTestsConfig.get('kbnTestServer'), + serverArgs: [ + ...xpackFunctionalTestsConfig.get('kbnTestServer.serverArgs'), + '--csp.strict=false', + // define custom kibana server args here + `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`, + ], + }, + }; +} diff --git a/x-pack/test/fleet_cypress/fleet_server.ts b/x-pack/test/fleet_cypress/fleet_server.ts new file mode 100644 index 0000000000000..fe2b8c7459229 --- /dev/null +++ b/x-pack/test/fleet_cypress/fleet_server.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ChildProcess, spawn } from 'child_process'; +import { ToolingLog } from '@kbn/dev-utils'; +import axios from 'axios'; +import { Manager } from './resource_manager'; +import { getLatestVersion } from './artifact_manager'; + +export interface ElasticsearchConfig { + esHost: string; + user: string; + password: string; + port: string; +} + +export class FleetManager extends Manager { + private fleetProcess?: ChildProcess; + private esConfig: ElasticsearchConfig; + private log: ToolingLog; + constructor(esConfig: ElasticsearchConfig, log: ToolingLog) { + super(); + this.esConfig = esConfig; + this.log = log; + } + public async setup(): Promise { + this.log.info('Setting fleet up'); + return new Promise(async (res, rej) => { + try { + const response = await axios.post( + `${this.esConfig.esHost}/_security/service/elastic/fleet-server/credential/token` + ); + const serviceToken = response.data.token.value; + const artifact = `docker.elastic.co/beats/elastic-agent:${await getLatestVersion()}`; + this.log.info(artifact); + + const host = 'host.docker.internal'; + + const args = [ + 'run', + '-p', + `8220:8220`, + '--add-host', + 'host.docker.internal:host-gateway', + '--env', + 'FLEET_SERVER_ENABLE=true', + '--env', + `FLEET_SERVER_ELASTICSEARCH_HOST=http://${host}:${this.esConfig.port}`, + '--env', + `FLEET_SERVER_SERVICE_TOKEN=${serviceToken}`, + '--rm', + artifact, + ]; + this.fleetProcess = spawn('docker', args, { + stdio: 'inherit', + }); + this.fleetProcess.on('error', rej); + setTimeout(res, 15000); + } catch (error) { + rej(error); + } + }); + } + + protected _cleanup() { + this.log.info('Removing old fleet config'); + if (this.fleetProcess) { + this.log.info('Closing fleet process'); + if (!this.fleetProcess.kill(9)) { + this.log.warning('Unable to kill fleet server process'); + } + + this.fleetProcess.on('close', () => { + this.log.info('Fleet server process closed'); + }); + delete this.fleetProcess; + } + } +} diff --git a/x-pack/test/fleet_cypress/ftr_provider_context.d.ts b/x-pack/test/fleet_cypress/ftr_provider_context.d.ts new file mode 100644 index 0000000000000..aa56557c09df8 --- /dev/null +++ b/x-pack/test/fleet_cypress/ftr_provider_context.d.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { GenericFtrProviderContext } from '@kbn/test'; + +import { services } from './services'; + +export type FtrProviderContext = GenericFtrProviderContext; diff --git a/x-pack/test/fleet_cypress/resource_manager.ts b/x-pack/test/fleet_cypress/resource_manager.ts new file mode 100644 index 0000000000000..e892021155417 --- /dev/null +++ b/x-pack/test/fleet_cypress/resource_manager.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +const CLEANUP_EVENTS = ['SIGINT', 'exit', 'uncaughtException', 'unhandledRejection']; +export class Manager { + private cleaned = false; + constructor() { + const cleanup = () => this.cleanup(); + CLEANUP_EVENTS.forEach((ev) => process.on(ev, cleanup)); + } + // This must be a synchronous method because it is used in the unhandledException and exit event handlers + public cleanup() { + // Since this can be called multiple places we proxy it with some protection + if (this._cleanup && !this.cleaned) { + this.cleaned = true; + this._cleanup(); + } + } + protected _cleanup?(): void; +} diff --git a/x-pack/test/fleet_cypress/runner.ts b/x-pack/test/fleet_cypress/runner.ts new file mode 100644 index 0000000000000..b49bfbdc091e2 --- /dev/null +++ b/x-pack/test/fleet_cypress/runner.ts @@ -0,0 +1,105 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { resolve } from 'path'; +import Url from 'url'; + +import { withProcRunner } from '@kbn/dev-utils'; + +import { FtrProviderContext } from './ftr_provider_context'; + +import { AgentManager } from './agent'; +import { FleetManager } from './fleet_server'; + +async function withFleetAgent( + { getService }: FtrProviderContext, + runner: (runnerEnv: Record) => Promise +) { + const log = getService('log'); + const config = getService('config'); + + const esHost = Url.format(config.get('servers.elasticsearch')); + const esConfig = { + user: config.get('servers.elasticsearch.username'), + password: config.get('servers.elasticsearch.password'), + esHost, + port: config.get('servers.elasticsearch.port'), + }; + const fleetManager = new FleetManager(esConfig, log); + + const agentManager = new AgentManager( + { + ...esConfig, + kibanaUrl: Url.format({ + protocol: config.get('servers.kibana.protocol'), + hostname: config.get('servers.kibana.hostname'), + port: config.get('servers.kibana.port'), + }), + }, + log + ); + + // Since the managers will create uncaughtException event handlers we need to exit manually + process.on('uncaughtException', (err) => { + // eslint-disable-next-line no-console + console.error('Encountered error; exiting after cleanup.', err); + process.exit(1); + }); + + await agentManager.setup(); + await fleetManager.setup(); + try { + await runner({}); + } finally { + fleetManager.cleanup(); + agentManager.cleanup(); + } +} + +export async function FleetCypressCliTestRunner(context: FtrProviderContext) { + await startFleetAgent(context, 'run'); +} + +export async function FleetCypressVisualTestRunner(context: FtrProviderContext) { + await startFleetAgent(context, 'open'); +} + +function startFleetAgent(context: FtrProviderContext, cypressCommand: string) { + const log = context.getService('log'); + const config = context.getService('config'); + return withFleetAgent(context, (runnerEnv) => + withProcRunner(log, async (procs) => { + await procs.run('cypress', { + cmd: 'yarn', + args: [`cypress:${cypressCommand}`], + cwd: resolve(__dirname, '../../plugins/fleet'), + env: { + FORCE_COLOR: '1', + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_baseUrl: Url.format(config.get('servers.kibana')), + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_protocol: config.get('servers.kibana.protocol'), + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_hostname: config.get('servers.kibana.hostname'), + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_configport: config.get('servers.kibana.port'), + CYPRESS_ELASTICSEARCH_URL: Url.format(config.get('servers.elasticsearch')), + CYPRESS_ELASTICSEARCH_USERNAME: config.get('servers.elasticsearch.username'), + CYPRESS_ELASTICSEARCH_PASSWORD: config.get('servers.elasticsearch.password'), + CYPRESS_KIBANA_URL: Url.format({ + protocol: config.get('servers.kibana.protocol'), + hostname: config.get('servers.kibana.hostname'), + port: config.get('servers.kibana.port'), + }), + ...runnerEnv, + ...process.env, + }, + wait: true, + }); + }) + ); +} diff --git a/x-pack/test/fleet_cypress/services.ts b/x-pack/test/fleet_cypress/services.ts new file mode 100644 index 0000000000000..5e063134081ad --- /dev/null +++ b/x-pack/test/fleet_cypress/services.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from '../../../test/common/services'; diff --git a/x-pack/test/fleet_cypress/visual_config.ts b/x-pack/test/fleet_cypress/visual_config.ts new file mode 100644 index 0000000000000..1a343b52c1161 --- /dev/null +++ b/x-pack/test/fleet_cypress/visual_config.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +import { FleetCypressVisualTestRunner } from './runner'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const cypressConfig = await readConfigFile(require.resolve('./config.ts')); + return { + ...cypressConfig.getAll(), + + testRunner: FleetCypressVisualTestRunner, + }; +} diff --git a/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts b/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts index ebe76ee52499b..7efa86c3acf28 100644 --- a/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts +++ b/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts @@ -177,7 +177,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('does not show Management navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`does not allow navigation to advanced settings; shows "not found" error`, async () => { diff --git a/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts b/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts index 5a73f31c8427f..983a3101b9e31 100644 --- a/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts +++ b/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts @@ -67,7 +67,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows canvas navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Canvas']); + expect(navLinks).to.eql(['Canvas']); }); it(`landing page shows "Create new workpad" button`, async () => { @@ -142,7 +142,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows canvas navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Canvas']); + expect(navLinks).to.eql(['Canvas']); }); it(`landing page shows disabled "Create new workpad" button`, async () => { diff --git a/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts b/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts index 70f6fc49f0063..e7aa3e6a54e60 100644 --- a/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts +++ b/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts @@ -89,11 +89,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('only shows the dashboard navlink', async () => { const navLinks = await appsMenu.readLinks(); - expect(navLinks.map((link) => link.text)).to.eql([ - 'Overview', - 'Dashboard', - 'Stack Management', - ]); + expect(navLinks.map((link) => link.text)).to.eql(['Dashboard', 'Stack Management']); }); it(`landing page shows "Create new Dashboard" button`, async () => { @@ -296,7 +292,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows dashboard navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Dashboard']); + expect(navLinks).to.eql(['Dashboard']); }); it(`landing page doesn't show "Create new Dashboard" button`, async () => { @@ -427,7 +423,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows dashboard navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Dashboard']); + expect(navLinks).to.eql(['Dashboard']); }); it(`landing page doesn't show "Create new Dashboard" button`, async () => { @@ -502,7 +498,8 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }); }); - describe('no dashboard privileges', () => { + // FLAKY: https://github.com/elastic/kibana/issues/116881 + describe.skip('no dashboard privileges', () => { before(async () => { await security.role.create('no_dashboard_privileges_role', { elasticsearch: { diff --git a/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts b/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts index 79ddaea13dfa5..4ee61811e5f85 100644 --- a/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts +++ b/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts @@ -18,6 +18,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const log = getService('log'); const testSubjects = getService('testSubjects'); const kibanaServer = getService('kibanaServer'); + const reportingAPI = getService('reporting'); const filterBar = getService('filterBar'); const find = getService('find'); const retry = getService('retry'); @@ -124,9 +125,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { describe('Field Formatters and Scripted Fields', () => { before(async () => { + await reportingAPI.initLogs(); await esArchiver.load('x-pack/test/functional/es_archives/reporting/hugedata'); }); after(async () => { + await reportingAPI.teardownLogs(); await esArchiver.unload('x-pack/test/functional/es_archives/reporting/hugedata'); }); diff --git a/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts b/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts index 2010bfd56d2af..8ebf277d63cbe 100644 --- a/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts +++ b/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts @@ -91,7 +91,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows discover navlink', async () => { const navLinks = await appsMenu.readLinks(); expect(navLinks.map((link) => link.text)).to.eql([ - 'Overview', 'Discover', 'Stack Management', // because `global_discover_all_role` enables search sessions and reporting ]); @@ -201,7 +200,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows discover navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`doesn't show save button`, async () => { @@ -293,7 +292,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows discover navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`doesn't show save button`, async () => { diff --git a/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts b/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts index 913a5034bacc5..69f2f585d8dba 100644 --- a/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts +++ b/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts @@ -67,7 +67,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows graph navlink', async () => { const navLinks = await appsMenu.readLinks(); - expect(navLinks.map((link) => link.text)).to.eql(['Overview', 'Graph']); + expect(navLinks.map((link) => link.text)).to.eql(['Graph']); }); it('landing page shows "Create new graph" button', async () => { @@ -130,7 +130,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows graph navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Graph']); + expect(navLinks).to.eql(['Graph']); }); it('does not show a "Create new Workspace" button', async () => { diff --git a/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts b/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts index c1610ebe0709f..d04ec8f4d66b4 100644 --- a/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts +++ b/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts @@ -179,7 +179,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('does not show Management navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`doesn't show Index Patterns in management side-nav`, async () => { diff --git a/x-pack/test/functional/apps/management/feature_controls/management_security.ts b/x-pack/test/functional/apps/management/feature_controls/management_security.ts index 8235bf6e1e9e2..5366274cd6f58 100644 --- a/x-pack/test/functional/apps/management/feature_controls/management_security.ts +++ b/x-pack/test/functional/apps/management/feature_controls/management_security.ts @@ -36,7 +36,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('should not show the Stack Management nav link', async () => { const links = await appsMenu.readLinks(); - expect(links.map((link) => link.text)).to.eql(['Overview', 'Dashboard']); + expect(links.map((link) => link.text)).to.eql(['Dashboard']); }); it('should render the "application not found" view when navigating to management directly', async () => { diff --git a/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts b/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts index b141aeea16cfe..dcd82ea05ccf3 100644 --- a/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts +++ b/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts @@ -165,7 +165,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows Maps navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Maps']); + expect(navLinks).to.eql(['Maps']); }); it(`does not show create new button`, async () => { diff --git a/x-pack/test/functional/apps/maps/index.js b/x-pack/test/functional/apps/maps/index.js index 33184f2d35213..6a2a843682f26 100644 --- a/x-pack/test/functional/apps/maps/index.js +++ b/x-pack/test/functional/apps/maps/index.js @@ -79,7 +79,7 @@ export default function ({ loadTestFile, getService }) { loadTestFile(require.resolve('./joins')); loadTestFile(require.resolve('./mapbox_styles')); loadTestFile(require.resolve('./mvt_scaling')); - loadTestFile(require.resolve('./mvt_super_fine')); + loadTestFile(require.resolve('./mvt_geotile_grid')); loadTestFile(require.resolve('./add_layer_panel')); loadTestFile(require.resolve('./import_geojson')); loadTestFile(require.resolve('./layer_errors')); diff --git a/x-pack/test/functional/apps/maps/mvt_super_fine.js b/x-pack/test/functional/apps/maps/mvt_geotile_grid.js similarity index 52% rename from x-pack/test/functional/apps/maps/mvt_super_fine.js rename to x-pack/test/functional/apps/maps/mvt_geotile_grid.js index 6c5065a77c1d2..ffda75f8bf98a 100644 --- a/x-pack/test/functional/apps/maps/mvt_super_fine.js +++ b/x-pack/test/functional/apps/maps/mvt_geotile_grid.js @@ -14,13 +14,12 @@ export default function ({ getPageObjects, getService }) { const inspector = getService('inspector'); const security = getService('security'); - describe('mvt grid layer', () => { + describe('mvt geotile grid layer', () => { before(async () => { await security.testUser.setRoles( ['global_maps_all', 'test_logstash_reader', 'geoshape_data_reader'], false ); - await PageObjects.maps.loadSavedMap('geo grid vector grid example SUPER_FINE resolution'); }); after(async () => { @@ -28,7 +27,8 @@ export default function ({ getPageObjects, getService }) { await security.testUser.restoreDefaults(); }); - it('should render with mvt-source', async () => { + it('should render with mvt-source (style meta from ES)', async () => { + await PageObjects.maps.loadSavedMap('MVT geotile grid (style meta from ES)'); const mapboxStyle = await PageObjects.maps.getMapboxStyle(); //Source should be correct @@ -79,5 +79,95 @@ export default function ({ getPageObjects, getService }) { 'fill-opacity': 0.75, }); }); + + it('should render with mvt-source (style meta from local - count)', async () => { + await PageObjects.maps.loadSavedMap('MVT geotile grid (style meta from local - count)'); + const mapboxStyle = await PageObjects.maps.getMapboxStyle(); + + const fillLayer = mapboxStyle.layers.find( + (layer) => layer.id === MB_VECTOR_SOURCE_ID + '_fill' + ); + + expect(fillLayer.paint).to.eql({ + 'fill-color': [ + 'interpolate', + ['linear'], + [ + 'coalesce', + [ + 'case', + ['==', ['get', '_count'], null], + 0, + ['max', ['min', ['to-number', ['get', '_count']], 10], 1], + ], + 0, + ], + 0, + 'rgba(0,0,0,0)', + 1, + '#ecf1f7', + 2.125, + '#d9e3ef', + 3.25, + '#c5d5e7', + 4.375, + '#b2c7df', + 5.5, + '#9eb9d8', + 6.625, + '#8bacd0', + 7.75, + '#769fc8', + 8.875, + '#6092c0', + ], + 'fill-opacity': 0.75, + }); + }); + + it('should render with mvt-source (style meta from local - metric)', async () => { + await PageObjects.maps.loadSavedMap('MVT geotile grid (style meta from local - metric)'); + const mapboxStyle = await PageObjects.maps.getMapboxStyle(); + + const fillLayer = mapboxStyle.layers.find( + (layer) => layer.id === MB_VECTOR_SOURCE_ID + '_fill' + ); + + expect(fillLayer.paint).to.eql({ + 'fill-color': [ + 'interpolate', + ['linear'], + [ + 'coalesce', + [ + 'case', + ['==', ['get', 'sum_of_bytes.value'], null], + -1, + ['max', ['min', ['to-number', ['get', 'sum_of_bytes.value']], 14941], 0], + ], + -1, + ], + -1, + 'rgba(0,0,0,0)', + 0, + '#ecf1f7', + 1867.625, + '#d9e3ef', + 3735.25, + '#c5d5e7', + 5602.875, + '#b2c7df', + 7470.5, + '#9eb9d8', + 9338.125, + '#8bacd0', + 11205.75, + '#769fc8', + 13073.375, + '#6092c0', + ], + 'fill-opacity': 0.75, + }); + }); }); } diff --git a/x-pack/test/functional/apps/monitoring/logstash/pipelines.js b/x-pack/test/functional/apps/monitoring/logstash/pipelines.js index 72a6ff8e1af23..931afc83e8415 100644 --- a/x-pack/test/functional/apps/monitoring/logstash/pipelines.js +++ b/x-pack/test/functional/apps/monitoring/logstash/pipelines.js @@ -15,7 +15,8 @@ export default function ({ getService, getPageObjects }) { const pipelinesList = getService('monitoringLogstashPipelines'); const lsClusterSummaryStatus = getService('monitoringLogstashSummaryStatus'); - describe('Logstash pipelines', () => { + // FLAKY: https://github.com/elastic/kibana/issues/116070 + describe.skip('Logstash pipelines', () => { const { setup, tearDown } = getLifecycleMethods(getService, getPageObjects); before(async () => { diff --git a/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts b/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts index 790909164b33d..4dce6bca8f67a 100644 --- a/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts +++ b/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts @@ -20,7 +20,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const retry = getService('retry'); - describe('Export import saved objects between versions', function () { + // Failing: See https://github.com/elastic/kibana/issues/116058 + describe.skip('Export import saved objects between versions', function () { before(async function () { await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); await esArchiver.load('x-pack/test/functional/es_archives/getting_started/shakespeare'); diff --git a/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts b/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts index 7bfae9ba36be4..d089ab47c0cf7 100644 --- a/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts +++ b/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts @@ -214,7 +214,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows visualize navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Visualize Library']); + expect(navLinks).to.eql(['Visualize Library']); }); it(`landing page shows "Create new Visualization" button`, async () => { @@ -329,7 +329,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows visualize navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Visualize Library']); + expect(navLinks).to.eql(['Visualize Library']); }); it(`landing page shows "Create new Visualization" button`, async () => { diff --git a/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/data.json.gz b/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/data.json.gz deleted file mode 100644 index c434eee5dd8d3..0000000000000 Binary files a/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/data.json.gz and /dev/null differ diff --git a/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/mappings.json b/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/mappings.json deleted file mode 100644 index e67abaf2032c7..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/mappings.json +++ /dev/null @@ -1,2185 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": {} - }, - "index": ".kibana_1", - "mappings": { - "_meta": { - "migrationMappingPropertyHashes": { - "action": "6e96ac5e648f57523879661ea72525b7", - "action_task_params": "a9d49f184ee89641044be0ca2950fa3a", - "alert": "7b44fba6773e37c806ce290ea9b7024e", - "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd", - "apm-telemetry": "3d1b76c39bfb2cc8296b024d73854724", - "app_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724", - "application_usage_totals": "3d1b76c39bfb2cc8296b024d73854724", - "application_usage_transactional": "43b8830d5d0df85a6823d290885fc9fd", - "canvas-element": "7390014e1091044523666d97247392fc", - "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231", - "canvas-workpad-template": "ae2673f678281e2c055d764b153e9715", - "cases": "32aa96a6d3855ddda53010ae2048ac22", - "cases-comments": "c2061fb929f585df57425102fa928b4b", - "cases-configure": "42711cbb311976c0687853f4c1354572", - "cases-user-actions": "32277330ec6b721abe3b846cfd939a71", - "config": "c63748b75f39d0c54de12d12c1ccbc20", - "dashboard": "d00f614b29a80360e1190193fd333bab", - "endpoint:user-artifact": "4a11183eee21e6fbad864f7a30b39ad0", - "endpoint:user-artifact-manifest": "a0d7b04ad405eed54d76e279c3727862", - "epm-packages": "8f6e0b09ea0374c4ffe98c3755373cff", - "exception-list": "4818e7dfc3e538562c80ec34eb6f841b", - "exception-list-agnostic": "4818e7dfc3e538562c80ec34eb6f841b", - "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e", - "fleet-agent-actions": "e520c855577170c24481be05c3ae14ec", - "fleet-agent-events": "3231653fafe4ef3196fe3b32ab774bf2", - "fleet-agents": "034346488514b7058a79140b19ddf631", - "fleet-enrollment-api-keys": "28b91e20b105b6f928e2012600085d8f", - "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1", - "index-pattern": "66eccb05066c5a89924f48a9e9736499", - "ingest-agent-policies": "9326f99c977fd2ef5ab24b6336a0675c", - "ingest-outputs": "8aa988c376e65443fefc26f1075e93a3", - "ingest-package-policies": "48e8bd97e488008e21c0b5a2367b83ad", - "ingest_manager_settings": "012cf278ec84579495110bb827d1ed09", - "kql-telemetry": "d12a98a6f19a2d273696597547e064ee", - "lens": "d33c68a69ff1e78c9888dedd2164ac22", - "lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327", - "map": "4a05b35c3a3a58fbc72dd0202dc3487f", - "maps-telemetry": "5ef305b18111b77789afefbd36b66171", - "migrationVersion": "4a1746014a75ade3a714e1db5763276f", - "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9", - "namespace": "2f4316de49999235636386fe51dc06c1", - "namespaces": "2f4316de49999235636386fe51dc06c1", - "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9", - "references": "7997cf5a56cc02bdc9c93361bde732b0", - "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4", - "search": "5c4b9a6effceb17ae8a0ab22d0c49767", - "search-telemetry": "3d1b76c39bfb2cc8296b024d73854724", - "siem-detection-engine-rule-actions": "6569b288c169539db10cb262bf79de18", - "siem-detection-engine-rule-status": "ae783f41c6937db6b7a2ef5c93a9e9b0", - "siem-ui-timeline": "94bc38c7a421d15fbfe8ea565370a421", - "siem-ui-timeline-note": "8874706eedc49059d4cf0f5094559084", - "siem-ui-timeline-pinned-event": "20638091112f0e14f0e443d512301c29", - "telemetry": "36a616f7026dfa617d6655df850fe16d", - "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215", - "type": "2f4316de49999235636386fe51dc06c1", - "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3", - "updated_at": "00da57df13e94e9d98437d13ace4bfe0", - "upgrade-assistant-reindex-operation": "215107c281839ea9b3ad5f6419819763", - "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b", - "uptime-dynamic-settings": "fcdb453a30092f022f2642db29523d80", - "url": "c7f66a0df8b1b52f17c28c4adb111105", - "visualization": "52d7a13ad68a150c4525b292d23e12cc", - "workplace_search_telemetry": "3d1b76c39bfb2cc8296b024d73854724" - } - }, - "dynamic": "strict", - "properties": { - "action": { - "properties": { - "actionTypeId": { - "type": "keyword" - }, - "config": { - "enabled": false, - "type": "object" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "secrets": { - "type": "binary" - } - } - }, - "action_task_params": { - "properties": { - "actionId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alert": { - "properties": { - "actions": { - "properties": { - "actionRef": { - "type": "keyword" - }, - "actionTypeId": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - }, - "type": "nested" - }, - "alertTypeId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "apiKeyOwner": { - "type": "keyword" - }, - "consumer": { - "type": "keyword" - }, - "createdAt": { - "type": "date" - }, - "createdBy": { - "type": "keyword" - }, - "enabled": { - "type": "boolean" - }, - "muteAll": { - "type": "boolean" - }, - "mutedInstanceIds": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "params": { - "enabled": false, - "type": "object" - }, - "schedule": { - "properties": { - "interval": { - "type": "keyword" - } - } - }, - "scheduledTaskId": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "throttle": { - "type": "keyword" - }, - "updatedBy": { - "type": "keyword" - } - } - }, - "apm-indices": { - "properties": { - "error": { - "type": "keyword" - }, - "metric": { - "type": "keyword" - }, - "onboarding": { - "type": "keyword" - }, - "sourcemap": { - "type": "keyword" - }, - "span": { - "type": "keyword" - }, - "transaction": { - "type": "keyword" - } - } - }, - "apm-telemetry": { - "dynamic": "false", - "type": "object" - }, - "app_search_telemetry": { - "dynamic": "false", - "type": "object" - }, - "application_usage_totals": { - "dynamic": "false", - "type": "object" - }, - "application_usage_transactional": { - "dynamic": "false", - "properties": { - "timestamp": { - "type": "date" - } - } - }, - "canvas-element": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "content": { - "type": "text" - }, - "help": { - "type": "text" - }, - "image": { - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad-template": { - "dynamic": "false", - "properties": { - "help": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "tags": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "template_key": { - "type": "keyword" - } - } - }, - "cases": { - "properties": { - "closed_at": { - "type": "date" - }, - "closed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "connector_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "description": { - "type": "text" - }, - "external_service": { - "properties": { - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "external_id": { - "type": "keyword" - }, - "external_title": { - "type": "text" - }, - "external_url": { - "type": "text" - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "status": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-comments": { - "properties": { - "comment": { - "type": "text" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-configure": { - "properties": { - "closure_type": { - "type": "keyword" - }, - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-user-actions": { - "properties": { - "action": { - "type": "keyword" - }, - "action_at": { - "type": "date" - }, - "action_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "action_field": { - "type": "keyword" - }, - "new_value": { - "type": "text" - }, - "old_value": { - "type": "text" - } - } - }, - "config": { - "dynamic": "false", - "properties": { - "buildNum": { - "type": "keyword" - } - } - }, - "dashboard": { - "properties": { - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "optionsJSON": { - "type": "text" - }, - "panelsJSON": { - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "type": "keyword" - }, - "pause": { - "type": "boolean" - }, - "section": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "timeFrom": { - "type": "keyword" - }, - "timeRestore": { - "type": "boolean" - }, - "timeTo": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "endpoint:user-artifact": { - "properties": { - "body": { - "type": "binary" - }, - "compressionAlgorithm": { - "index": false, - "type": "keyword" - }, - "created": { - "index": false, - "type": "date" - }, - "decodedSha256": { - "index": false, - "type": "keyword" - }, - "decodedSize": { - "index": false, - "type": "long" - }, - "encodedSha256": { - "type": "keyword" - }, - "encodedSize": { - "index": false, - "type": "long" - }, - "encryptionAlgorithm": { - "index": false, - "type": "keyword" - }, - "identifier": { - "type": "keyword" - } - } - }, - "endpoint:user-artifact-manifest": { - "properties": { - "created": { - "index": false, - "type": "date" - }, - "schemaVersion": { - "type": "keyword" - }, - "semanticVersion": { - "index": false, - "type": "keyword" - }, - "artifacts": { - "type": "nested", - "properties": { - "policyId": { - "type": "keyword", - "index": false - }, - "artifactId": { - "type": "keyword", - "index": false - } - } - } - } - }, - "epm-packages": { - "properties": { - "es_index_patterns": { - "enabled": false, - "type": "object" - }, - "installed_es": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "installed_kibana": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "internal": { - "type": "boolean" - }, - "name": { - "type": "keyword" - }, - "removable": { - "type": "boolean" - }, - "version": { - "type": "keyword" - } - } - }, - "exception-list": { - "properties": { - "_tags": { - "type": "keyword" - }, - "comments": { - "properties": { - "comment": { - "type": "keyword" - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "updated_at": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "entries": { - "properties": { - "entries": { - "properties": { - "field": { - "type": "keyword" - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "field": { - "type": "keyword" - }, - "list": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "item_id": { - "type": "keyword" - }, - "list_id": { - "type": "keyword" - }, - "list_type": { - "type": "keyword" - }, - "meta": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "tie_breaker_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "exception-list-agnostic": { - "properties": { - "_tags": { - "type": "keyword" - }, - "comments": { - "properties": { - "comment": { - "type": "keyword" - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "updated_at": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "entries": { - "properties": { - "entries": { - "properties": { - "field": { - "type": "keyword" - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "field": { - "type": "keyword" - }, - "list": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "item_id": { - "type": "keyword" - }, - "list_id": { - "type": "keyword" - }, - "list_type": { - "type": "keyword" - }, - "meta": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "tie_breaker_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "file-upload-telemetry": { - "properties": { - "filesUploadedTotalCount": { - "type": "long" - } - } - }, - "fleet-agent-actions": { - "properties": { - "agent_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "data": { - "type": "binary" - }, - "sent_at": { - "type": "date" - }, - "type": { - "type": "keyword" - } - } - }, - "fleet-agent-events": { - "properties": { - "action_id": { - "type": "keyword" - }, - "agent_id": { - "type": "keyword" - }, - "policy_id": { - "type": "keyword" - }, - "data": { - "type": "text" - }, - "message": { - "type": "text" - }, - "payload": { - "type": "text" - }, - "stream_id": { - "type": "keyword" - }, - "subtype": { - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "type": { - "type": "keyword" - } - } - }, - "fleet-agents": { - "properties": { - "access_api_key_id": { - "type": "keyword" - }, - "active": { - "type": "boolean" - }, - "policy_id": { - "type": "keyword" - }, - "policy_revision": { - "type": "integer" - }, - "current_error_events": { - "index": false, - "type": "text" - }, - "default_api_key": { - "type": "binary" - }, - "default_api_key_id": { - "type": "keyword" - }, - "enrolled_at": { - "type": "date" - }, - "last_checkin": { - "type": "date" - }, - "last_checkin_status": { - "type": "keyword" - }, - "last_updated": { - "type": "date" - }, - "local_metadata": { - "type": "flattened" - }, - "packages": { - "type": "keyword" - }, - "shared_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "unenrolled_at": { - "type": "date" - }, - "unenrollment_started_at": { - "type": "date" - }, - "updated_at": { - "type": "date" - }, - "user_provided_metadata": { - "type": "flattened" - }, - "version": { - "type": "keyword" - } - } - }, - "fleet-enrollment-api-keys": { - "properties": { - "active": { - "type": "boolean" - }, - "api_key": { - "type": "binary" - }, - "api_key_id": { - "type": "keyword" - }, - "policy_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "expire_at": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - } - } - }, - "graph-workspace": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "properties": { - "fieldFormatMap": { - "type": "text" - }, - "fields": { - "type": "text" - }, - "intervalName": { - "type": "keyword" - }, - "notExpandable": { - "type": "boolean" - }, - "sourceFilters": { - "type": "text" - }, - "timeFieldName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "type": { - "type": "keyword" - }, - "typeMeta": { - "type": "keyword" - } - } - }, - "ingest-agent-policies": { - "properties": { - "description": { - "type": "text" - }, - "is_default": { - "type": "boolean" - }, - "monitoring_enabled": { - "index": false, - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "namespace": { - "type": "keyword" - }, - "package_policies": { - "type": "keyword" - }, - "revision": { - "type": "integer" - }, - "status": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "ingest-outputs": { - "properties": { - "ca_sha256": { - "index": false, - "type": "keyword" - }, - "config": { - "type": "flattened" - }, - "fleet_enroll_password": { - "type": "binary" - }, - "fleet_enroll_username": { - "type": "binary" - }, - "hosts": { - "type": "keyword" - }, - "is_default": { - "type": "boolean" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "ingest-package-policies": { - "properties": { - "policy_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "enabled": { - "type": "boolean" - }, - "inputs": { - "enabled": false, - "properties": { - "config": { - "type": "flattened" - }, - "enabled": { - "type": "boolean" - }, - "streams": { - "properties": { - "compiled_stream": { - "type": "flattened" - }, - "config": { - "type": "flattened" - }, - "data_stream": { - "properties": { - "dataset": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "vars": { - "type": "flattened" - } - }, - "type": "nested" - }, - "type": { - "type": "keyword" - }, - "vars": { - "type": "flattened" - } - }, - "type": "nested" - }, - "name": { - "type": "keyword" - }, - "namespace": { - "type": "keyword" - }, - "output_id": { - "type": "keyword" - }, - "package": { - "properties": { - "name": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "revision": { - "type": "integer" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "ingest_manager_settings": { - "properties": { - "agent_auto_upgrade": { - "type": "keyword" - }, - "has_seen_add_data_notice": { - "index": false, - "type": "boolean" - }, - "kibana_ca_sha256": { - "type": "keyword" - }, - "kibana_url": { - "type": "keyword" - }, - "package_auto_upgrade": { - "type": "keyword" - } - } - }, - "kql-telemetry": { - "properties": { - "optInCount": { - "type": "long" - }, - "optOutCount": { - "type": "long" - } - } - }, - "lens": { - "properties": { - "description": { - "type": "text" - }, - "expression": { - "index": false, - "type": "keyword" - }, - "state": { - "type": "flattened" - }, - "title": { - "type": "text" - }, - "visualizationType": { - "type": "keyword" - } - } - }, - "lens-ui-telemetry": { - "properties": { - "count": { - "type": "integer" - }, - "date": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "map": { - "properties": { - "description": { - "type": "text" - }, - "layerListJSON": { - "type": "text" - }, - "mapStateJSON": { - "type": "text" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "maps-telemetry": { - "enabled": false, - "type": "object" - }, - "migrationVersion": { - "dynamic": "true", - "properties": { - "canvas-workpad": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "config": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "ml-telemetry": { - "properties": { - "file_data_visualizer": { - "properties": { - "index_creation_count": { - "type": "long" - } - } - } - } - }, - "namespace": { - "type": "keyword" - }, - "namespaces": { - "type": "keyword" - }, - "query": { - "properties": { - "description": { - "type": "text" - }, - "filters": { - "enabled": false, - "type": "object" - }, - "query": { - "properties": { - "language": { - "type": "keyword" - }, - "query": { - "index": false, - "type": "keyword" - } - } - }, - "timefilter": { - "enabled": false, - "type": "object" - }, - "title": { - "type": "text" - } - } - }, - "references": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "sample-data-telemetry": { - "properties": { - "installCount": { - "type": "long" - }, - "unInstallCount": { - "type": "long" - } - } - }, - "search": { - "properties": { - "columns": { - "index": false, - "type": "keyword" - }, - "description": { - "type": "text" - }, - "hits": { - "index": false, - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "index": false, - "type": "text" - } - } - }, - "sort": { - "index": false, - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "search-telemetry": { - "dynamic": "false", - "type": "object" - }, - "siem-detection-engine-rule-actions": { - "properties": { - "actions": { - "properties": { - "action_type_id": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alertThrottle": { - "type": "keyword" - }, - "ruleAlertId": { - "type": "keyword" - }, - "ruleThrottle": { - "type": "keyword" - } - } - }, - "siem-detection-engine-rule-status": { - "properties": { - "alertId": { - "type": "keyword" - }, - "bulkCreateTimeDurations": { - "type": "float" - }, - "gap": { - "type": "text" - }, - "lastFailureAt": { - "type": "date" - }, - "lastFailureMessage": { - "type": "text" - }, - "lastLookBackDate": { - "type": "date" - }, - "lastSuccessAt": { - "type": "date" - }, - "lastSuccessMessage": { - "type": "text" - }, - "searchAfterTimeDurations": { - "type": "float" - }, - "status": { - "type": "keyword" - }, - "statusDate": { - "type": "date" - } - } - }, - "siem-ui-timeline": { - "properties": { - "columns": { - "properties": { - "aggregatable": { - "type": "boolean" - }, - "category": { - "type": "keyword" - }, - "columnHeaderType": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "example": { - "type": "text" - }, - "id": { - "type": "keyword" - }, - "indexes": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "placeholder": { - "type": "text" - }, - "searchable": { - "type": "boolean" - }, - "type": { - "type": "keyword" - } - } - }, - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "dataProviders": { - "properties": { - "and": { - "properties": { - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "type": { - "type": "text" - } - } - }, - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "type": { - "type": "text" - } - } - }, - "dateRange": { - "properties": { - "end": { - "type": "date" - }, - "start": { - "type": "date" - } - } - }, - "description": { - "type": "text" - }, - "eventType": { - "type": "keyword" - }, - "excludedRowRendererIds": { - "type": "text" - }, - "favorite": { - "properties": { - "favoriteDate": { - "type": "date" - }, - "fullName": { - "type": "text" - }, - "keySearch": { - "type": "text" - }, - "userName": { - "type": "text" - } - } - }, - "filters": { - "properties": { - "exists": { - "type": "text" - }, - "match_all": { - "type": "text" - }, - "meta": { - "properties": { - "alias": { - "type": "text" - }, - "controlledBy": { - "type": "text" - }, - "disabled": { - "type": "boolean" - }, - "field": { - "type": "text" - }, - "formattedValue": { - "type": "text" - }, - "index": { - "type": "keyword" - }, - "key": { - "type": "keyword" - }, - "negate": { - "type": "boolean" - }, - "params": { - "type": "text" - }, - "type": { - "type": "keyword" - }, - "value": { - "type": "text" - } - } - }, - "missing": { - "type": "text" - }, - "query": { - "type": "text" - }, - "range": { - "type": "text" - }, - "script": { - "type": "text" - } - } - }, - "kqlMode": { - "type": "keyword" - }, - "kqlQuery": { - "properties": { - "filterQuery": { - "properties": { - "kuery": { - "properties": { - "expression": { - "type": "text" - }, - "kind": { - "type": "keyword" - } - } - }, - "serializedQuery": { - "type": "text" - } - } - } - } - }, - "savedQueryId": { - "type": "keyword" - }, - "sort": { - "properties": { - "columnId": { - "type": "keyword" - }, - "sortDirection": { - "type": "keyword" - } - } - }, - "status": { - "type": "keyword" - }, - "templateTimelineId": { - "type": "text" - }, - "templateTimelineVersion": { - "type": "integer" - }, - "timelineType": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-note": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "note": { - "type": "text" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-pinned-event": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "telemetry": { - "properties": { - "allowChangingOptInStatus": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "lastReported": { - "type": "date" - }, - "lastVersionChecked": { - "type": "keyword" - }, - "reportFailureCount": { - "type": "integer" - }, - "reportFailureVersion": { - "type": "keyword" - }, - "sendUsageFrom": { - "type": "keyword" - }, - "userHasSeenNotice": { - "type": "boolean" - } - } - }, - "tsvb-validation-telemetry": { - "properties": { - "failedRequests": { - "type": "long" - } - } - }, - "type": { - "type": "keyword" - }, - "ui-metric": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "updated_at": { - "type": "date" - }, - "upgrade-assistant-reindex-operation": { - "properties": { - "errorMessage": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "indexName": { - "type": "keyword" - }, - "lastCompletedStep": { - "type": "long" - }, - "locked": { - "type": "date" - }, - "newIndexName": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "reindexOptions": { - "properties": { - "openAndClose": { - "type": "boolean" - }, - "queueSettings": { - "properties": { - "queuedAt": { - "type": "long" - }, - "startedAt": { - "type": "long" - } - } - } - } - }, - "reindexTaskId": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "reindexTaskPercComplete": { - "type": "float" - }, - "runningReindexCount": { - "type": "integer" - }, - "status": { - "type": "integer" - } - } - }, - "upgrade-assistant-telemetry": { - "properties": { - "features": { - "properties": { - "deprecation_logging": { - "properties": { - "enabled": { - "null_value": true, - "type": "boolean" - } - } - } - } - }, - "ui_open": { - "properties": { - "cluster": { - "null_value": 0, - "type": "long" - }, - "indices": { - "null_value": 0, - "type": "long" - }, - "overview": { - "null_value": 0, - "type": "long" - } - } - }, - "ui_reindex": { - "properties": { - "close": { - "null_value": 0, - "type": "long" - }, - "open": { - "null_value": 0, - "type": "long" - }, - "start": { - "null_value": 0, - "type": "long" - }, - "stop": { - "null_value": 0, - "type": "long" - } - } - } - } - }, - "uptime-dynamic-settings": { - "properties": { - "certAgeThreshold": { - "type": "long" - }, - "certExpirationThreshold": { - "type": "long" - }, - "heartbeatIndices": { - "type": "keyword" - } - } - }, - "url": { - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "visualization": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "savedSearchRefName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "type": "text" - } - } - }, - "workplace_search_telemetry": { - "dynamic": "false", - "type": "object" - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} diff --git a/x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces/data.json b/x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces/data.json index 06543e44de56c..2a9ac3d232f59 100644 --- a/x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces/data.json +++ b/x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces/data.json @@ -21,28 +21,6 @@ } } -{ - "type": "doc", - "value": { - "id": "index-pattern:aac3e500-f2c7-11ea-8250-fb138aa491e7", - "index": ".kibana_1", - "source": { - "index-pattern": { - "fields": "[{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"category\"}}},{\"count\":0,\"name\":\"currency\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"customer_birth_date\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"customer_first_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"customer_first_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"customer_first_name\"}}},{\"count\":1,\"name\":\"customer_full_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"customer_full_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"customer_full_name\"}}},{\"count\":0,\"name\":\"customer_gender\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"customer_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"customer_last_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"customer_last_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"customer_last_name\"}}},{\"count\":0,\"name\":\"customer_phone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"day_of_week\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"day_of_week_i\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.continent_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.region_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"manufacturer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"manufacturer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manufacturer\"}}},{\"count\":1,\"name\":\"order_date\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"order_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products._id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products._id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products._id\"}}},{\"count\":0,\"name\":\"products.base_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.base_unit_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products.category\"}}},{\"count\":0,\"name\":\"products.created_on\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.discount_amount\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.discount_percentage\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.manufacturer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products.manufacturer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products.manufacturer\"}}},{\"count\":0,\"name\":\"products.min_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.product_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.product_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products.product_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products.product_name\"}}},{\"count\":0,\"name\":\"products.quantity\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.sku\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.tax_amount\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.taxful_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.taxless_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.unit_discount_amount\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sku\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"taxful_total_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"taxless_total_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"total_quantity\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"total_unique_products\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", - "timeFieldName": "order_date", - "title": "ec*" - }, - "migrationVersion": { - "index-pattern": "7.6.0" - }, - "references": [ - ], - "type": "index-pattern", - "updated_at": "2020-09-09T18:10:54.007Z" - } - } -} - { "type": "doc", "value": { @@ -67,28 +45,6 @@ } } -{ - "type": "doc", - "value": { - "id": "config:8.0.0", - "index": ".kibana_1", - "source": { - "config": { - "buildNum": 9007199254740991, - "dateFormat:tz": "UTC", - "defaultIndex": "aac3e500-f2c7-11ea-8250-fb138aa491e7" - }, - "migrationVersion": { - "config": "7.13.0" - }, - "references": [ - ], - "type": "config", - "updated_at": "2020-08-26T22:46:48.711Z" - } - } -} - { "type": "doc", "value": { @@ -198,45 +154,6 @@ } } -{ - "type": "doc", - "value": { - "id": "search:bbe45ae0-f2c7-11ea-8250-fb138aa491e7", - "index": ".kibana_1", - "source": { - "migrationVersion": { - "search": "7.4.0" - }, - "references": [ - { - "id": "aac3e500-f2c7-11ea-8250-fb138aa491e7", - "name": "kibanaSavedObjectMeta.searchSourceJSON.index", - "type": "index-pattern" - } - ], - "search": { - "columns": [ - "category", - "customer_full_name", - "taxful_total_price", - "currency" - ], - "description": "", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" - }, - "sort": [ - ], - "title": "EC SEARCH from DEFAULT", - "version": 1 - }, - "type": "search", - "updated_at": "2020-09-09T18:10:58.011Z" - } - } -} - { "type": "doc", "value": { diff --git a/x-pack/test/functional/es_archives/reporting/hugedata/data.json.gz b/x-pack/test/functional/es_archives/reporting/hugedata/data.json.gz index e5fb8a73234e4..c35837a009133 100644 Binary files a/x-pack/test/functional/es_archives/reporting/hugedata/data.json.gz and b/x-pack/test/functional/es_archives/reporting/hugedata/data.json.gz differ diff --git a/x-pack/test/functional/es_archives/reporting/hugedata/mappings.json b/x-pack/test/functional/es_archives/reporting/hugedata/mappings.json deleted file mode 100644 index d1cb75c1f5150..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/hugedata/mappings.json +++ /dev/null @@ -1,2523 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": { - } - }, - "index": ".kibana_1", - "mappings": { - "dynamic": "strict", - "properties": { - "action": { - "properties": { - "actionTypeId": { - "type": "keyword" - }, - "config": { - "enabled": false, - "type": "object" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "secrets": { - "type": "binary" - } - } - }, - "action_task_params": { - "properties": { - "actionId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alert": { - "properties": { - "actions": { - "properties": { - "actionRef": { - "type": "keyword" - }, - "actionTypeId": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - }, - "type": "nested" - }, - "alertTypeId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "apiKeyOwner": { - "type": "keyword" - }, - "consumer": { - "type": "keyword" - }, - "createdAt": { - "type": "date" - }, - "createdBy": { - "type": "keyword" - }, - "enabled": { - "type": "boolean" - }, - "executionStatus": { - "properties": { - "error": { - "properties": { - "message": { - "type": "keyword" - }, - "reason": { - "type": "keyword" - } - } - }, - "lastExecutionDate": { - "type": "date" - }, - "status": { - "type": "keyword" - } - } - }, - "meta": { - "properties": { - "versionApiKeyLastmodified": { - "type": "keyword" - } - } - }, - "muteAll": { - "type": "boolean" - }, - "mutedInstanceIds": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "notifyWhen": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - }, - "schedule": { - "properties": { - "interval": { - "type": "keyword" - } - } - }, - "scheduledTaskId": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "throttle": { - "type": "keyword" - }, - "updatedAt": { - "type": "date" - }, - "updatedBy": { - "type": "keyword" - } - } - }, - "api_key_pending_invalidation": { - "properties": { - "apiKeyId": { - "type": "keyword" - }, - "createdAt": { - "type": "date" - } - } - }, - "apm-indices": { - "properties": { - "error": { - "type": "keyword" - }, - "metric": { - "type": "keyword" - }, - "onboarding": { - "type": "keyword" - }, - "sourcemap": { - "type": "keyword" - }, - "span": { - "type": "keyword" - }, - "transaction": { - "type": "keyword" - } - } - }, - "apm-telemetry": { - "dynamic": "false", - "type": "object" - }, - "app_search_telemetry": { - "dynamic": "false", - "type": "object" - }, - "application_usage_daily": { - "dynamic": "false", - "properties": { - "timestamp": { - "type": "date" - } - } - }, - "application_usage_totals": { - "dynamic": "false", - "type": "object" - }, - "application_usage_transactional": { - "dynamic": "false", - "type": "object" - }, - "canvas-element": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "content": { - "type": "text" - }, - "help": { - "type": "text" - }, - "image": { - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad-template": { - "dynamic": "false", - "properties": { - "help": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "tags": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "template_key": { - "type": "keyword" - } - } - }, - "cases": { - "properties": { - "closed_at": { - "type": "date" - }, - "closed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "connector": { - "properties": { - "fields": { - "properties": { - "key": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "id": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "description": { - "type": "text" - }, - "external_service": { - "properties": { - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "external_id": { - "type": "keyword" - }, - "external_title": { - "type": "text" - }, - "external_url": { - "type": "text" - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "settings": { - "properties": { - "syncAlerts": { - "type": "boolean" - } - } - }, - "status": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-comments": { - "properties": { - "alertId": { - "type": "keyword" - }, - "comment": { - "type": "text" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "index": { - "type": "keyword" - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "type": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-configure": { - "properties": { - "closure_type": { - "type": "keyword" - }, - "connector": { - "properties": { - "fields": { - "properties": { - "key": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "id": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-connector-mappings": { - "properties": { - "mappings": { - "properties": { - "action_type": { - "type": "keyword" - }, - "source": { - "type": "keyword" - }, - "target": { - "type": "keyword" - } - } - } - } - }, - "cases-user-actions": { - "properties": { - "action": { - "type": "keyword" - }, - "action_at": { - "type": "date" - }, - "action_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "action_field": { - "type": "keyword" - }, - "new_value": { - "type": "text" - }, - "old_value": { - "type": "text" - } - } - }, - "config": { - "dynamic": "false", - "properties": { - "buildNum": { - "type": "keyword" - } - } - }, - "core-usage-stats": { - "dynamic": "false", - "type": "object" - }, - "dashboard": { - "properties": { - "description": { - "type": "text" - }, - "hits": { - "doc_values": false, - "index": false, - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "index": false, - "type": "text" - } - } - }, - "optionsJSON": { - "index": false, - "type": "text" - }, - "panelsJSON": { - "index": false, - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "pause": { - "doc_values": false, - "index": false, - "type": "boolean" - }, - "section": { - "doc_values": false, - "index": false, - "type": "integer" - }, - "value": { - "doc_values": false, - "index": false, - "type": "integer" - } - } - }, - "timeFrom": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "timeRestore": { - "doc_values": false, - "index": false, - "type": "boolean" - }, - "timeTo": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "endpoint:user-artifact": { - "properties": { - "body": { - "type": "binary" - }, - "compressionAlgorithm": { - "index": false, - "type": "keyword" - }, - "created": { - "index": false, - "type": "date" - }, - "decodedSha256": { - "index": false, - "type": "keyword" - }, - "decodedSize": { - "index": false, - "type": "long" - }, - "encodedSha256": { - "type": "keyword" - }, - "encodedSize": { - "index": false, - "type": "long" - }, - "encryptionAlgorithm": { - "index": false, - "type": "keyword" - }, - "identifier": { - "type": "keyword" - } - } - }, - "endpoint:user-artifact-manifest": { - "properties": { - "created": { - "index": false, - "type": "date" - }, - "ids": { - "index": false, - "type": "keyword" - }, - "schemaVersion": { - "type": "keyword" - }, - "semanticVersion": { - "index": false, - "type": "keyword" - } - } - }, - "enterprise_search_telemetry": { - "dynamic": "false", - "type": "object" - }, - "epm-packages": { - "properties": { - "es_index_patterns": { - "enabled": false, - "type": "object" - }, - "install_source": { - "type": "keyword" - }, - "install_started_at": { - "type": "date" - }, - "install_status": { - "type": "keyword" - }, - "install_version": { - "type": "keyword" - }, - "installed_es": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "installed_kibana": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "internal": { - "type": "boolean" - }, - "name": { - "type": "keyword" - }, - "package_assets": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "removable": { - "type": "boolean" - }, - "version": { - "type": "keyword" - } - } - }, - "epm-packages-assets": { - "properties": { - "asset_path": { - "type": "keyword" - }, - "data_base64": { - "type": "binary" - }, - "data_utf8": { - "index": false, - "type": "text" - }, - "install_source": { - "type": "keyword" - }, - "media_type": { - "type": "keyword" - }, - "package_name": { - "type": "keyword" - }, - "package_version": { - "type": "keyword" - } - } - }, - "exception-list": { - "properties": { - "_tags": { - "type": "keyword" - }, - "comments": { - "properties": { - "comment": { - "type": "keyword" - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "updated_at": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "entries": { - "properties": { - "entries": { - "properties": { - "field": { - "type": "keyword" - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "field": { - "type": "keyword" - }, - "list": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "immutable": { - "type": "boolean" - }, - "item_id": { - "type": "keyword" - }, - "list_id": { - "type": "keyword" - }, - "list_type": { - "type": "keyword" - }, - "meta": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "os_types": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "tie_breaker_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "exception-list-agnostic": { - "properties": { - "_tags": { - "type": "keyword" - }, - "comments": { - "properties": { - "comment": { - "type": "keyword" - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "updated_at": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "entries": { - "properties": { - "entries": { - "properties": { - "field": { - "type": "keyword" - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "field": { - "type": "keyword" - }, - "list": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "immutable": { - "type": "boolean" - }, - "item_id": { - "type": "keyword" - }, - "list_id": { - "type": "keyword" - }, - "list_type": { - "type": "keyword" - }, - "meta": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "os_types": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "tie_breaker_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "file-upload-telemetry": { - "properties": { - "filesUploadedTotalCount": { - "type": "long" - } - } - }, - "file-upload-usage-collection-telemetry": { - "properties": { - "file_upload": { - "properties": { - "index_creation_count": { - "type": "long" - } - } - } - } - }, - "fleet-agent-actions": { - "properties": { - "ack_data": { - "type": "text" - }, - "agent_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "data": { - "type": "binary" - }, - "policy_id": { - "type": "keyword" - }, - "policy_revision": { - "type": "integer" - }, - "sent_at": { - "type": "date" - }, - "type": { - "type": "keyword" - } - } - }, - "fleet-agent-events": { - "properties": { - "action_id": { - "type": "keyword" - }, - "agent_id": { - "type": "keyword" - }, - "data": { - "type": "text" - }, - "message": { - "type": "text" - }, - "payload": { - "type": "text" - }, - "policy_id": { - "type": "keyword" - }, - "stream_id": { - "type": "keyword" - }, - "subtype": { - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "type": { - "type": "keyword" - } - } - }, - "fleet-agents": { - "properties": { - "access_api_key_id": { - "type": "keyword" - }, - "active": { - "type": "boolean" - }, - "current_error_events": { - "index": false, - "type": "text" - }, - "default_api_key": { - "type": "binary" - }, - "default_api_key_id": { - "type": "keyword" - }, - "enrolled_at": { - "type": "date" - }, - "last_checkin": { - "type": "date" - }, - "last_checkin_status": { - "type": "keyword" - }, - "last_updated": { - "type": "date" - }, - "local_metadata": { - "type": "flattened" - }, - "packages": { - "type": "keyword" - }, - "policy_id": { - "type": "keyword" - }, - "policy_revision": { - "type": "integer" - }, - "type": { - "type": "keyword" - }, - "unenrolled_at": { - "type": "date" - }, - "unenrollment_started_at": { - "type": "date" - }, - "updated_at": { - "type": "date" - }, - "upgrade_started_at": { - "type": "date" - }, - "upgraded_at": { - "type": "date" - }, - "user_provided_metadata": { - "type": "flattened" - }, - "version": { - "type": "keyword" - } - } - }, - "fleet-enrollment-api-keys": { - "properties": { - "active": { - "type": "boolean" - }, - "api_key": { - "type": "binary" - }, - "api_key_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "expire_at": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "policy_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - } - } - }, - "graph-workspace": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "legacyIndexPatternRef": { - "index": false, - "type": "text" - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "dynamic": "false", - "properties": { - "title": { - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "infrastructure-ui-source": { - "dynamic": "false", - "type": "object" - }, - "ingest-agent-policies": { - "properties": { - "description": { - "type": "text" - }, - "is_default": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "monitoring_enabled": { - "index": false, - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "namespace": { - "type": "keyword" - }, - "package_policies": { - "type": "keyword" - }, - "revision": { - "type": "integer" - }, - "status": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "ingest-outputs": { - "properties": { - "ca_sha256": { - "index": false, - "type": "keyword" - }, - "config": { - "type": "flattened" - }, - "config_yaml": { - "type": "text" - }, - "fleet_enroll_password": { - "type": "binary" - }, - "fleet_enroll_username": { - "type": "binary" - }, - "hosts": { - "type": "keyword" - }, - "is_default": { - "type": "boolean" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "ingest-package-policies": { - "properties": { - "created_at": { - "type": "date" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "enabled": { - "type": "boolean" - }, - "inputs": { - "enabled": false, - "properties": { - "compiled_input": { - "type": "flattened" - }, - "config": { - "type": "flattened" - }, - "enabled": { - "type": "boolean" - }, - "streams": { - "properties": { - "compiled_stream": { - "type": "flattened" - }, - "config": { - "type": "flattened" - }, - "data_stream": { - "properties": { - "dataset": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "vars": { - "type": "flattened" - } - }, - "type": "nested" - }, - "type": { - "type": "keyword" - }, - "vars": { - "type": "flattened" - } - }, - "type": "nested" - }, - "name": { - "type": "keyword" - }, - "namespace": { - "type": "keyword" - }, - "output_id": { - "type": "keyword" - }, - "package": { - "properties": { - "name": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "policy_id": { - "type": "keyword" - }, - "revision": { - "type": "integer" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "ingest_manager_settings": { - "properties": { - "agent_auto_upgrade": { - "type": "keyword" - }, - "has_seen_add_data_notice": { - "index": false, - "type": "boolean" - }, - "kibana_ca_sha256": { - "type": "keyword" - }, - "kibana_urls": { - "type": "keyword" - }, - "package_auto_upgrade": { - "type": "keyword" - } - } - }, - "inventory-view": { - "dynamic": "false", - "type": "object" - }, - "kql-telemetry": { - "properties": { - "optInCount": { - "type": "long" - }, - "optOutCount": { - "type": "long" - } - } - }, - "legacy-url-alias": { - "dynamic": "false", - "type": "object" - }, - "lens": { - "properties": { - "description": { - "type": "text" - }, - "expression": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "state": { - "type": "flattened" - }, - "title": { - "type": "text" - }, - "visualizationType": { - "type": "keyword" - } - } - }, - "lens-ui-telemetry": { - "properties": { - "count": { - "type": "integer" - }, - "date": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "map": { - "properties": { - "bounds": { - "dynamic": "false", - "type": "object" - }, - "description": { - "type": "text" - }, - "layerListJSON": { - "type": "text" - }, - "mapStateJSON": { - "type": "text" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "maps-telemetry": { - "enabled": false, - "type": "object" - }, - "metrics-explorer-view": { - "dynamic": "false", - "type": "object" - }, - "ml-job": { - "properties": { - "datafeed_id": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "job_id": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "ml-telemetry": { - "dynamic": "false", - "type": "object" - }, - "monitoring-telemetry": { - "properties": { - "reportedClusterUuids": { - "type": "keyword" - } - } - }, - "namespace": { - "type": "keyword" - }, - "namespaces": { - "type": "keyword" - }, - "originId": { - "type": "keyword" - }, - "query": { - "properties": { - "description": { - "type": "text" - }, - "filters": { - "enabled": false, - "type": "object" - }, - "query": { - "properties": { - "language": { - "type": "keyword" - }, - "query": { - "index": false, - "type": "keyword" - } - } - }, - "timefilter": { - "enabled": false, - "type": "object" - }, - "title": { - "type": "text" - } - } - }, - "references": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "sample-data-telemetry": { - "properties": { - "installCount": { - "type": "long" - }, - "unInstallCount": { - "type": "long" - } - } - }, - "search": { - "properties": { - "columns": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "description": { - "type": "text" - }, - "grid": { - "enabled": false, - "type": "object" - }, - "hits": { - "doc_values": false, - "index": false, - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "index": false, - "type": "text" - } - } - }, - "pre712": { - "type": "boolean" - }, - "sort": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "search-session": { - "properties": { - "appId": { - "type": "keyword" - }, - "created": { - "type": "date" - }, - "expires": { - "type": "date" - }, - "idMapping": { - "enabled": false, - "type": "object" - }, - "initialState": { - "enabled": false, - "type": "object" - }, - "name": { - "type": "keyword" - }, - "persisted": { - "type": "boolean" - }, - "restoreState": { - "enabled": false, - "type": "object" - }, - "sessionId": { - "type": "keyword" - }, - "status": { - "type": "keyword" - }, - "touched": { - "type": "date" - }, - "urlGeneratorId": { - "type": "keyword" - } - } - }, - "search-telemetry": { - "dynamic": "false", - "type": "object" - }, - "security-solution-signals-migration": { - "properties": { - "created": { - "index": false, - "type": "date" - }, - "createdBy": { - "index": false, - "type": "text" - }, - "destinationIndex": { - "index": false, - "type": "keyword" - }, - "error": { - "index": false, - "type": "text" - }, - "sourceIndex": { - "type": "keyword" - }, - "status": { - "index": false, - "type": "keyword" - }, - "taskId": { - "index": false, - "type": "keyword" - }, - "updated": { - "index": false, - "type": "date" - }, - "updatedBy": { - "index": false, - "type": "text" - }, - "version": { - "type": "long" - } - } - }, - "server": { - "dynamic": "false", - "type": "object" - }, - "siem-detection-engine-rule-actions": { - "properties": { - "actions": { - "properties": { - "action_type_id": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alertThrottle": { - "type": "keyword" - }, - "ruleAlertId": { - "type": "keyword" - }, - "ruleThrottle": { - "type": "keyword" - } - } - }, - "siem-detection-engine-rule-status": { - "properties": { - "alertId": { - "type": "keyword" - }, - "bulkCreateTimeDurations": { - "type": "float" - }, - "gap": { - "type": "text" - }, - "lastFailureAt": { - "type": "date" - }, - "lastFailureMessage": { - "type": "text" - }, - "lastLookBackDate": { - "type": "date" - }, - "lastSuccessAt": { - "type": "date" - }, - "lastSuccessMessage": { - "type": "text" - }, - "searchAfterTimeDurations": { - "type": "float" - }, - "status": { - "type": "keyword" - }, - "statusDate": { - "type": "date" - } - } - }, - "siem-ui-timeline": { - "properties": { - "columns": { - "properties": { - "aggregatable": { - "type": "boolean" - }, - "category": { - "type": "keyword" - }, - "columnHeaderType": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "example": { - "type": "text" - }, - "id": { - "type": "keyword" - }, - "indexes": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "placeholder": { - "type": "text" - }, - "searchable": { - "type": "boolean" - }, - "type": { - "type": "keyword" - } - } - }, - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "dataProviders": { - "properties": { - "and": { - "properties": { - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "type": { - "type": "text" - } - } - }, - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "type": { - "type": "text" - } - } - }, - "dateRange": { - "properties": { - "end": { - "type": "date" - }, - "start": { - "type": "date" - } - } - }, - "description": { - "type": "text" - }, - "eventType": { - "type": "keyword" - }, - "excludedRowRendererIds": { - "type": "text" - }, - "favorite": { - "properties": { - "favoriteDate": { - "type": "date" - }, - "fullName": { - "type": "text" - }, - "keySearch": { - "type": "text" - }, - "userName": { - "type": "text" - } - } - }, - "filters": { - "properties": { - "exists": { - "type": "text" - }, - "match_all": { - "type": "text" - }, - "meta": { - "properties": { - "alias": { - "type": "text" - }, - "controlledBy": { - "type": "text" - }, - "disabled": { - "type": "boolean" - }, - "field": { - "type": "text" - }, - "formattedValue": { - "type": "text" - }, - "index": { - "type": "keyword" - }, - "key": { - "type": "keyword" - }, - "negate": { - "type": "boolean" - }, - "params": { - "type": "text" - }, - "type": { - "type": "keyword" - }, - "value": { - "type": "text" - } - } - }, - "missing": { - "type": "text" - }, - "query": { - "type": "text" - }, - "range": { - "type": "text" - }, - "script": { - "type": "text" - } - } - }, - "indexNames": { - "type": "text" - }, - "kqlMode": { - "type": "keyword" - }, - "kqlQuery": { - "properties": { - "filterQuery": { - "properties": { - "kuery": { - "properties": { - "expression": { - "type": "text" - }, - "kind": { - "type": "keyword" - } - } - }, - "serializedQuery": { - "type": "text" - } - } - } - } - }, - "savedQueryId": { - "type": "keyword" - }, - "sort": { - "dynamic": "false", - "properties": { - "columnId": { - "type": "keyword" - }, - "columnType": { - "type": "keyword" - }, - "sortDirection": { - "type": "keyword" - } - } - }, - "status": { - "type": "keyword" - }, - "templateTimelineId": { - "type": "text" - }, - "templateTimelineVersion": { - "type": "integer" - }, - "timelineType": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-note": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "note": { - "type": "text" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-pinned-event": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "space": { - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "disabledFeatures": { - "type": "keyword" - }, - "imageUrl": { - "index": false, - "type": "text" - }, - "initials": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "spaces-usage-stats": { - "dynamic": "false", - "type": "object" - }, - "tag": { - "properties": { - "color": { - "type": "text" - }, - "description": { - "type": "text" - }, - "name": { - "type": "text" - } - } - }, - "telemetry": { - "properties": { - "allowChangingOptInStatus": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "lastReported": { - "type": "date" - }, - "lastVersionChecked": { - "type": "keyword" - }, - "reportFailureCount": { - "type": "integer" - }, - "reportFailureVersion": { - "type": "keyword" - }, - "sendUsageFrom": { - "type": "keyword" - }, - "userHasSeenNotice": { - "type": "boolean" - } - } - }, - "type": { - "type": "keyword" - }, - "ui-counter": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "ui-metric": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "updated_at": { - "type": "date" - }, - "upgrade-assistant-reindex-operation": { - "properties": { - "errorMessage": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "indexName": { - "type": "keyword" - }, - "lastCompletedStep": { - "type": "long" - }, - "locked": { - "type": "date" - }, - "newIndexName": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "reindexOptions": { - "properties": { - "openAndClose": { - "type": "boolean" - }, - "queueSettings": { - "properties": { - "queuedAt": { - "type": "long" - }, - "startedAt": { - "type": "long" - } - } - } - } - }, - "reindexTaskId": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "reindexTaskPercComplete": { - "type": "float" - }, - "runningReindexCount": { - "type": "integer" - }, - "status": { - "type": "integer" - } - } - }, - "upgrade-assistant-telemetry": { - "properties": { - "features": { - "properties": { - "deprecation_logging": { - "properties": { - "enabled": { - "null_value": true, - "type": "boolean" - } - } - } - } - }, - "ui_open": { - "properties": { - "cluster": { - "null_value": 0, - "type": "long" - }, - "indices": { - "null_value": 0, - "type": "long" - }, - "overview": { - "null_value": 0, - "type": "long" - } - } - }, - "ui_reindex": { - "properties": { - "close": { - "null_value": 0, - "type": "long" - }, - "open": { - "null_value": 0, - "type": "long" - }, - "start": { - "null_value": 0, - "type": "long" - }, - "stop": { - "null_value": 0, - "type": "long" - } - } - } - } - }, - "uptime-dynamic-settings": { - "dynamic": "false", - "type": "object" - }, - "url": { - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "user-action": { - "dynamic": "false", - "type": "object" - }, - "visualization": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "index": false, - "type": "text" - } - } - }, - "savedSearchRefName": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "index": false, - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "index": false, - "type": "text" - } - } - }, - "workplace_search_telemetry": { - "dynamic": "false", - "type": "object" - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} - diff --git a/x-pack/test/functional/es_archives/reporting/logs/data.json.gz b/x-pack/test/functional/es_archives/reporting/logs/data.json.gz deleted file mode 100644 index dbd8f6f8e2e76..0000000000000 Binary files a/x-pack/test/functional/es_archives/reporting/logs/data.json.gz and /dev/null differ diff --git a/x-pack/test/functional/es_archives/reporting/logs/mappings.json b/x-pack/test/functional/es_archives/reporting/logs/mappings.json deleted file mode 100644 index 2e1873e43ffcc..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/logs/mappings.json +++ /dev/null @@ -1,263 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": {} - }, - "index": ".kibana_1", - "mappings": { - "properties": { - "config": { - "dynamic": "true", - "properties": { - "buildNum": { - "type": "keyword" - } - } - }, - "dashboard": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "optionsJSON": { - "type": "text" - }, - "panelsJSON": { - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "type": "keyword" - }, - "pause": { - "type": "boolean" - }, - "section": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "timeFrom": { - "type": "keyword" - }, - "timeRestore": { - "type": "boolean" - }, - "timeTo": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "graph-workspace": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "dynamic": "strict", - "properties": { - "fieldFormatMap": { - "type": "text" - }, - "fields": { - "type": "text" - }, - "intervalName": { - "type": "keyword" - }, - "notExpandable": { - "type": "boolean" - }, - "sourceFilters": { - "type": "text" - }, - "timeFieldName": { - "type": "keyword" - }, - "title": { - "type": "text" - } - } - }, - "search": { - "dynamic": "strict", - "properties": { - "columns": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "sort": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "server": { - "dynamic": "strict", - "properties": { - "uuid": { - "type": "keyword" - } - } - }, - "space": { - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "initials": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "spaceId": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "url": { - "dynamic": "strict", - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "visualization": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "savedSearchId": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "type": "text" - } - } - } - } - }, - "settings": { - "index": { - "number_of_replicas": "1", - "number_of_shards": "1" - } - } - } -} \ No newline at end of file diff --git a/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz b/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz deleted file mode 100644 index bb0e05d632f54..0000000000000 Binary files a/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz and /dev/null differ diff --git a/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json b/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json deleted file mode 100644 index f28ffce8ce3ce..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "tests-001", - "mappings": { - "properties": { - "@date": { - "type": "date" - }, - "ants": { - "type": "integer" - }, - "country": { - "type": "keyword" - }, - "name": { - "type": "keyword" - } - } - }, - "settings": { - "index": { - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "tests-002", - "mappings": { - "properties": { - "@date": { - "type": "date" - }, - "ants": { - "type": "integer" - }, - "country": { - "type": "keyword" - }, - "name": { - "type": "keyword" - } - } - }, - "settings": { - "index": { - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "tests-003", - "mappings": { - "properties": { - "@date": { - "type": "date" - }, - "ants": { - "type": "integer" - }, - "country": { - "type": "keyword" - }, - "name": { - "type": "keyword" - } - } - }, - "settings": { - "index": { - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} diff --git a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz deleted file mode 100644 index a6330916d62f7..0000000000000 Binary files a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz and /dev/null differ diff --git a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json deleted file mode 100644 index 69c6cbc3b46b5..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json +++ /dev/null @@ -1,2027 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": { - } - }, - "index": ".kibana_1", - "mappings": { - "_meta": { - "migrationMappingPropertyHashes": { - "action": "6e96ac5e648f57523879661ea72525b7", - "action_task_params": "a9d49f184ee89641044be0ca2950fa3a", - "alert": "7b44fba6773e37c806ce290ea9b7024e", - "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd", - "apm-telemetry": "3525d7c22c42bc80f5e6e9cb3f2b26a2", - "application_usage_totals": "c897e4310c5f24b07caaff3db53ae2c1", - "application_usage_transactional": "965839e75f809fefe04f92dc4d99722a", - "canvas-element": "7390014e1091044523666d97247392fc", - "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231", - "cases": "32aa96a6d3855ddda53010ae2048ac22", - "cases-comments": "c2061fb929f585df57425102fa928b4b", - "cases-configure": "42711cbb311976c0687853f4c1354572", - "cases-user-actions": "32277330ec6b721abe3b846cfd939a71", - "config": "ae24d22d5986d04124cc6568f771066f", - "dashboard": "d00f614b29a80360e1190193fd333bab", - "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e", - "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1", - "index-pattern": "66eccb05066c5a89924f48a9e9736499", - "kql-telemetry": "d12a98a6f19a2d273696597547e064ee", - "lens": "d33c68a69ff1e78c9888dedd2164ac22", - "lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327", - "map": "4a05b35c3a3a58fbc72dd0202dc3487f", - "maps": "bfd39d88aadadb4be597ea984d433dbe", - "migrationVersion": "4a1746014a75ade3a714e1db5763276f", - "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9", - "namespace": "2f4316de49999235636386fe51dc06c1", - "namespaces": "2f4316de49999235636386fe51dc06c1", - "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9", - "references": "7997cf5a56cc02bdc9c93361bde732b0", - "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4", - "search": "181661168bbadd1eff5902361e2a0d5c", - "telemetry": "36a616f7026dfa617d6655df850fe16d", - "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215", - "type": "2f4316de49999235636386fe51dc06c1", - "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3", - "updated_at": "00da57df13e94e9d98437d13ace4bfe0", - "upgrade-assistant-reindex-operation": "296a89039fc4260292be36b1b005d8f2", - "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b", - "uptime-dynamic-settings": "fcdb453a30092f022f2642db29523d80", - "url": "b675c3be8d76ecf029294d51dc7ec65d", - "visualization": "52d7a13ad68a150c4525b292d23e12cc" - } - }, - "dynamic": "strict", - "properties": { - "action": { - "properties": { - "actionTypeId": { - "type": "keyword" - }, - "config": { - "enabled": false, - "type": "object" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "secrets": { - "type": "binary" - } - } - }, - "action_task_params": { - "properties": { - "actionId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alert": { - "properties": { - "actions": { - "properties": { - "actionRef": { - "type": "keyword" - }, - "actionTypeId": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - }, - "type": "nested" - }, - "alertTypeId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "apiKeyOwner": { - "type": "keyword" - }, - "consumer": { - "type": "keyword" - }, - "createdAt": { - "type": "date" - }, - "createdBy": { - "type": "keyword" - }, - "enabled": { - "type": "boolean" - }, - "muteAll": { - "type": "boolean" - }, - "mutedInstanceIds": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "params": { - "enabled": false, - "type": "object" - }, - "schedule": { - "properties": { - "interval": { - "type": "keyword" - } - } - }, - "scheduledTaskId": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "throttle": { - "type": "keyword" - }, - "updatedBy": { - "type": "keyword" - } - } - }, - "apm-indices": { - "properties": { - "error": { - "type": "keyword" - }, - "metric": { - "type": "keyword" - }, - "onboarding": { - "type": "keyword" - }, - "sourcemap": { - "type": "keyword" - }, - "span": { - "type": "keyword" - }, - "transaction": { - "type": "keyword" - } - } - }, - "apm-telemetry": { - "properties": { - "agents": { - "properties": { - "dotnet": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "go": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "java": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "js-base": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "nodejs": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "python": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "ruby": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "rum-js": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - } - } - }, - "cardinality": { - "properties": { - "transaction": { - "properties": { - "name": { - "properties": { - "all_agents": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "rum": { - "properties": { - "1d": { - "type": "long" - } - } - } - } - } - } - }, - "user_agent": { - "properties": { - "original": { - "properties": { - "all_agents": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "rum": { - "properties": { - "1d": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "counts": { - "properties": { - "agent_configuration": { - "properties": { - "all": { - "type": "long" - } - } - }, - "error": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "max_error_groups_per_service": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "max_transaction_groups_per_service": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "metric": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "onboarding": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "services": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "sourcemap": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "span": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "traces": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "transaction": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - } - } - }, - "has_any_services": { - "type": "boolean" - }, - "indices": { - "properties": { - "all": { - "properties": { - "total": { - "properties": { - "docs": { - "properties": { - "count": { - "type": "long" - } - } - }, - "store": { - "properties": { - "size_in_bytes": { - "type": "long" - } - } - } - } - } - } - }, - "shards": { - "properties": { - "total": { - "type": "long" - } - } - } - } - }, - "integrations": { - "properties": { - "ml": { - "properties": { - "all_jobs_count": { - "type": "long" - } - } - } - } - }, - "retainment": { - "properties": { - "error": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "metric": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "onboarding": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "span": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "transaction": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "services_per_agent": { - "properties": { - "dotnet": { - "null_value": 0, - "type": "long" - }, - "go": { - "null_value": 0, - "type": "long" - }, - "java": { - "null_value": 0, - "type": "long" - }, - "js-base": { - "null_value": 0, - "type": "long" - }, - "nodejs": { - "null_value": 0, - "type": "long" - }, - "python": { - "null_value": 0, - "type": "long" - }, - "ruby": { - "null_value": 0, - "type": "long" - }, - "rum-js": { - "null_value": 0, - "type": "long" - } - } - }, - "tasks": { - "properties": { - "agent_configuration": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "agents": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "cardinality": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "groupings": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "indices_stats": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "integrations": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "processor_events": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "services": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "versions": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "version": { - "properties": { - "apm_server": { - "properties": { - "major": { - "type": "long" - }, - "minor": { - "type": "long" - }, - "patch": { - "type": "long" - } - } - } - } - } - } - }, - "application_usage_totals": { - "properties": { - "appId": { - "type": "keyword" - }, - "minutesOnScreen": { - "type": "float" - }, - "numberOfClicks": { - "type": "long" - } - } - }, - "application_usage_transactional": { - "properties": { - "appId": { - "type": "keyword" - }, - "minutesOnScreen": { - "type": "float" - }, - "numberOfClicks": { - "type": "long" - }, - "timestamp": { - "type": "date" - } - } - }, - "canvas-element": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "content": { - "type": "text" - }, - "help": { - "type": "text" - }, - "image": { - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "cases": { - "properties": { - "closed_at": { - "type": "date" - }, - "closed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "connector_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "description": { - "type": "text" - }, - "external_service": { - "properties": { - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "external_id": { - "type": "keyword" - }, - "external_title": { - "type": "text" - }, - "external_url": { - "type": "text" - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "status": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-comments": { - "properties": { - "comment": { - "type": "text" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-configure": { - "properties": { - "closure_type": { - "type": "keyword" - }, - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-user-actions": { - "properties": { - "action": { - "type": "keyword" - }, - "action_at": { - "type": "date" - }, - "action_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "action_field": { - "type": "keyword" - }, - "new_value": { - "type": "text" - }, - "old_value": { - "type": "text" - } - } - }, - "config": { - "dynamic": "true", - "properties": { - "buildNum": { - "type": "keyword" - }, - "defaultIndex": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "dashboard": { - "properties": { - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "optionsJSON": { - "type": "text" - }, - "panelsJSON": { - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "type": "keyword" - }, - "pause": { - "type": "boolean" - }, - "section": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "timeFrom": { - "type": "keyword" - }, - "timeRestore": { - "type": "boolean" - }, - "timeTo": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "file-upload-telemetry": { - "properties": { - "filesUploadedTotalCount": { - "type": "long" - } - } - }, - "graph-workspace": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "properties": { - "fieldFormatMap": { - "type": "text" - }, - "fields": { - "type": "text" - }, - "intervalName": { - "type": "keyword" - }, - "notExpandable": { - "type": "boolean" - }, - "sourceFilters": { - "type": "text" - }, - "timeFieldName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "type": { - "type": "keyword" - }, - "typeMeta": { - "type": "keyword" - } - } - }, - "kql-telemetry": { - "properties": { - "optInCount": { - "type": "long" - }, - "optOutCount": { - "type": "long" - } - } - }, - "lens": { - "properties": { - "description": { - "type": "text" - }, - "expression": { - "index": false, - "type": "keyword" - }, - "state": { - "type": "flattened" - }, - "title": { - "type": "text" - }, - "visualizationType": { - "type": "keyword" - } - } - }, - "lens-ui-telemetry": { - "properties": { - "count": { - "type": "integer" - }, - "date": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "map": { - "properties": { - "description": { - "type": "text" - }, - "layerListJSON": { - "type": "text" - }, - "mapStateJSON": { - "type": "text" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "maps": { - "properties": { - "attributesPerMap": { - "properties": { - "dataSourcesCount": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - }, - "emsVectorLayersCount": { - "dynamic": "true", - "type": "object" - }, - "layerTypesCount": { - "dynamic": "true", - "type": "object" - }, - "layersCount": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - } - } - }, - "indexPatternsWithGeoFieldCount": { - "type": "long" - }, - "indexPatternsWithGeoPointFieldCount": { - "type": "long" - }, - "indexPatternsWithGeoShapeFieldCount": { - "type": "long" - }, - "mapsTotalCount": { - "type": "long" - }, - "settings": { - "properties": { - "showMapVisualizationTypes": { - "type": "boolean" - } - } - }, - "timeCaptured": { - "type": "date" - } - } - }, - "migrationVersion": { - "dynamic": "true", - "properties": { - "config": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "index-pattern": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "ml-telemetry": { - "properties": { - "file_data_visualizer": { - "properties": { - "index_creation_count": { - "type": "long" - } - } - } - } - }, - "namespace": { - "type": "keyword" - }, - "namespaces": { - "type": "keyword" - }, - "query": { - "properties": { - "description": { - "type": "text" - }, - "filters": { - "enabled": false, - "type": "object" - }, - "query": { - "properties": { - "language": { - "type": "keyword" - }, - "query": { - "index": false, - "type": "keyword" - } - } - }, - "timefilter": { - "enabled": false, - "type": "object" - }, - "title": { - "type": "text" - } - } - }, - "references": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "sample-data-telemetry": { - "properties": { - "installCount": { - "type": "long" - }, - "unInstallCount": { - "type": "long" - } - } - }, - "search": { - "properties": { - "columns": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "sort": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "telemetry": { - "properties": { - "allowChangingOptInStatus": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "lastReported": { - "type": "date" - }, - "lastVersionChecked": { - "type": "keyword" - }, - "reportFailureCount": { - "type": "integer" - }, - "reportFailureVersion": { - "type": "keyword" - }, - "sendUsageFrom": { - "type": "keyword" - }, - "userHasSeenNotice": { - "type": "boolean" - } - } - }, - "tsvb-validation-telemetry": { - "properties": { - "failedRequests": { - "type": "long" - } - } - }, - "type": { - "type": "keyword" - }, - "ui-metric": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "updated_at": { - "type": "date" - }, - "upgrade-assistant-reindex-operation": { - "properties": { - "errorMessage": { - "type": "keyword" - }, - "indexName": { - "type": "keyword" - }, - "lastCompletedStep": { - "type": "integer" - }, - "locked": { - "type": "date" - }, - "newIndexName": { - "type": "keyword" - }, - "reindexOptions": { - "properties": { - "openAndClose": { - "type": "boolean" - }, - "queueSettings": { - "properties": { - "queuedAt": { - "type": "long" - }, - "startedAt": { - "type": "long" - } - } - } - } - }, - "reindexTaskId": { - "type": "keyword" - }, - "reindexTaskPercComplete": { - "type": "float" - }, - "runningReindexCount": { - "type": "integer" - }, - "status": { - "type": "integer" - } - } - }, - "upgrade-assistant-telemetry": { - "properties": { - "features": { - "properties": { - "deprecation_logging": { - "properties": { - "enabled": { - "null_value": true, - "type": "boolean" - } - } - } - } - }, - "ui_open": { - "properties": { - "cluster": { - "null_value": 0, - "type": "long" - }, - "indices": { - "null_value": 0, - "type": "long" - }, - "overview": { - "null_value": 0, - "type": "long" - } - } - }, - "ui_reindex": { - "properties": { - "close": { - "null_value": 0, - "type": "long" - }, - "open": { - "null_value": 0, - "type": "long" - }, - "start": { - "null_value": 0, - "type": "long" - }, - "stop": { - "null_value": 0, - "type": "long" - } - } - } - } - }, - "uptime-dynamic-settings": { - "properties": { - "certAgeThreshold": { - "type": "long" - }, - "certExpirationThreshold": { - "type": "long" - }, - "heartbeatIndices": { - "type": "keyword" - } - } - }, - "url": { - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "visualization": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "savedSearchRefName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "type": "text" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} diff --git a/x-pack/test/functional/es_archives/reporting/nanos/data.json b/x-pack/test/functional/es_archives/reporting/nanos/data.json new file mode 100644 index 0000000000000..02a56e95dd1f6 --- /dev/null +++ b/x-pack/test/functional/es_archives/reporting/nanos/data.json @@ -0,0 +1,25 @@ +{ + "type": "doc", + "value": { + "id": "1", + "index": "nanos", + "source": { + "date": "2015-01-01T12:10:30", + "message": "Hello 1" + }, + "type": "_doc" + } +} + +{ + "type": "doc", + "value": { + "id": "2", + "index": "nanos", + "source": { + "date": "2015-01-01T12:10:30.123456789Z", + "message": "Hello 2" + }, + "type": "_doc" + } +} diff --git a/x-pack/test/functional/es_archives/reporting/nanos/data.json.gz b/x-pack/test/functional/es_archives/reporting/nanos/data.json.gz deleted file mode 100644 index 2811c495aae2d..0000000000000 Binary files a/x-pack/test/functional/es_archives/reporting/nanos/data.json.gz and /dev/null differ diff --git a/x-pack/test/functional/es_archives/reporting/nanos/mappings.json b/x-pack/test/functional/es_archives/reporting/nanos/mappings.json index 216b89e4bfbcf..3db5e17b7557f 100644 --- a/x-pack/test/functional/es_archives/reporting/nanos/mappings.json +++ b/x-pack/test/functional/es_archives/reporting/nanos/mappings.json @@ -1,1031 +1,3 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": { - } - }, - "index": ".kibana_1", - "mappings": { - "_meta": { - "migrationMappingPropertyHashes": { - "action": "415a6b78886a072bc79bbf1cef25a0b3", - "alert": "4f896c3659aa95c75b078a96a19f5bf2", - "apm-telemetry": "07ee1939fa4302c62ddc052ec03fed90", - "canvas-element": "7390014e1091044523666d97247392fc", - "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231", - "config": "87aca8fdb053154f11383fce3dbf3edf", - "dashboard": "d00f614b29a80360e1190193fd333bab", - "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e", - "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1", - "index-pattern": "66eccb05066c5a89924f48a9e9736499", - "infrastructure-ui-source": "ddc0ecb18383f6b26101a2fadb2dab0c", - "kql-telemetry": "d12a98a6f19a2d273696597547e064ee", - "maps-telemetry": "a4229f8b16a6820c6d724b7e0c1f729d", - "migrationVersion": "4a1746014a75ade3a714e1db5763276f", - "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9", - "namespace": "2f4316de49999235636386fe51dc06c1", - "references": "7997cf5a56cc02bdc9c93361bde732b0", - "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4", - "search": "181661168bbadd1eff5902361e2a0d5c", - "server": "ec97f1c5da1a19609a60874e5af1100c", - "siem-ui-timeline": "1f6f0860ad7bc0dba3e42467ca40470d", - "siem-ui-timeline-note": "8874706eedc49059d4cf0f5094559084", - "siem-ui-timeline-pinned-event": "20638091112f0e14f0e443d512301c29", - "space": "25de8c2deec044392922989cfcf24c54", - "telemetry": "e1c8bc94e443aefd9458932cc0697a4d", - "type": "2f4316de49999235636386fe51dc06c1", - "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3", - "updated_at": "00da57df13e94e9d98437d13ace4bfe0", - "upgrade-assistant-reindex-operation": "a53a20fe086b72c9a86da3cc12dad8a6", - "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b", - "url": "c7f66a0df8b1b52f17c28c4adb111105", - "visualization": "52d7a13ad68a150c4525b292d23e12cc" - } - }, - "dynamic": "strict", - "properties": { - "action": { - "properties": { - "config": { - "enabled": false, - "type": "object" - }, - "secrets": { - "type": "binary" - }, - "actionTypeId": { - "type": "keyword" - }, - "description": { - "type": "text" - } - } - }, - "alert": { - "properties": { - "actions": { - "properties": { - "actionRef": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - }, - "type": "nested" - }, - "alertTypeId": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - }, - "interval": { - "type": "keyword" - }, - "scheduledTaskId": { - "type": "keyword" - } - } - }, - "apm-telemetry": { - "properties": { - "has_any_services": { - "type": "boolean" - }, - "services_per_agent": { - "properties": { - "dotnet": { - "null_value": 0, - "type": "long" - }, - "go": { - "null_value": 0, - "type": "long" - }, - "java": { - "null_value": 0, - "type": "long" - }, - "js-base": { - "null_value": 0, - "type": "long" - }, - "nodejs": { - "null_value": 0, - "type": "long" - }, - "python": { - "null_value": 0, - "type": "long" - }, - "ruby": { - "null_value": 0, - "type": "long" - }, - "rum-js": { - "null_value": 0, - "type": "long" - } - } - } - } - }, - "canvas-element": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "content": { - "type": "text" - }, - "help": { - "type": "text" - }, - "image": { - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "config": { - "dynamic": "true", - "properties": { - "buildNum": { - "type": "keyword" - }, - "dateFormat:tz": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "defaultIndex": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "search:queryLanguage": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "dashboard": { - "properties": { - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "optionsJSON": { - "type": "text" - }, - "panelsJSON": { - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "type": "keyword" - }, - "pause": { - "type": "boolean" - }, - "section": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "timeFrom": { - "type": "keyword" - }, - "timeRestore": { - "type": "boolean" - }, - "timeTo": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "file-upload-telemetry": { - "properties": { - "filesUploadedTotalCount": { - "type": "long" - } - } - }, - "graph-workspace": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "properties": { - "fieldFormatMap": { - "type": "text" - }, - "fields": { - "type": "text" - }, - "intervalName": { - "type": "keyword" - }, - "notExpandable": { - "type": "boolean" - }, - "sourceFilters": { - "type": "text" - }, - "timeFieldName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "type": { - "type": "keyword" - }, - "typeMeta": { - "type": "keyword" - } - } - }, - "infrastructure-ui-source": { - "properties": { - "description": { - "type": "text" - }, - "fields": { - "properties": { - "container": { - "type": "keyword" - }, - "host": { - "type": "keyword" - }, - "pod": { - "type": "keyword" - }, - "tiebreaker": { - "type": "keyword" - }, - "timestamp": { - "type": "keyword" - } - } - }, - "logAlias": { - "type": "keyword" - }, - "logColumns": { - "properties": { - "fieldColumn": { - "properties": { - "field": { - "type": "keyword" - }, - "id": { - "type": "keyword" - } - } - }, - "messageColumn": { - "properties": { - "id": { - "type": "keyword" - } - } - }, - "timestampColumn": { - "properties": { - "id": { - "type": "keyword" - } - } - } - }, - "type": "nested" - }, - "metricAlias": { - "type": "keyword" - }, - "name": { - "type": "text" - } - } - }, - "kql-telemetry": { - "properties": { - "optInCount": { - "type": "long" - }, - "optOutCount": { - "type": "long" - } - } - }, - "map": { - "properties": { - "bounds": { - "dynamic": false, - "properties": {} - }, - "description": { - "type": "text" - }, - "layerListJSON": { - "type": "text" - }, - "mapStateJSON": { - "type": "text" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "maps-telemetry": { - "properties": { - "attributesPerMap": { - "properties": { - "dataSourcesCount": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - }, - "emsVectorLayersCount": { - "dynamic": "true", - "type": "object" - }, - "layerTypesCount": { - "dynamic": "true", - "type": "object" - }, - "layersCount": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - } - } - }, - "mapsTotalCount": { - "type": "long" - }, - "timeCaptured": { - "type": "date" - } - } - }, - "migrationVersion": { - "dynamic": "true", - "properties": { - "dashboard": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "index-pattern": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "search": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "space": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "ml-telemetry": { - "properties": { - "file_data_visualizer": { - "properties": { - "index_creation_count": { - "type": "long" - } - } - } - } - }, - "namespace": { - "type": "keyword" - }, - "references": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "sample-data-telemetry": { - "properties": { - "installCount": { - "type": "long" - }, - "unInstallCount": { - "type": "long" - } - } - }, - "search": { - "properties": { - "columns": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "sort": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "server": { - "properties": { - "uuid": { - "type": "keyword" - } - } - }, - "siem-ui-timeline": { - "properties": { - "columns": { - "properties": { - "aggregatable": { - "type": "boolean" - }, - "category": { - "type": "keyword" - }, - "columnHeaderType": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "example": { - "type": "text" - }, - "id": { - "type": "keyword" - }, - "indexes": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "placeholder": { - "type": "text" - }, - "searchable": { - "type": "boolean" - }, - "type": { - "type": "keyword" - } - } - }, - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "dataProviders": { - "properties": { - "and": { - "properties": { - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - } - } - }, - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - } - } - }, - "dateRange": { - "properties": { - "end": { - "type": "date" - }, - "start": { - "type": "date" - } - } - }, - "description": { - "type": "text" - }, - "favorite": { - "properties": { - "favoriteDate": { - "type": "date" - }, - "fullName": { - "type": "text" - }, - "keySearch": { - "type": "text" - }, - "userName": { - "type": "text" - } - } - }, - "kqlMode": { - "type": "keyword" - }, - "kqlQuery": { - "properties": { - "filterQuery": { - "properties": { - "kuery": { - "properties": { - "expression": { - "type": "text" - }, - "kind": { - "type": "keyword" - } - } - }, - "serializedQuery": { - "type": "text" - } - } - } - } - }, - "sort": { - "properties": { - "columnId": { - "type": "keyword" - }, - "sortDirection": { - "type": "keyword" - } - } - }, - "title": { - "type": "text" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-note": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "note": { - "type": "text" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-pinned-event": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "space": { - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "disabledFeatures": { - "type": "keyword" - }, - "initials": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "telemetry": { - "properties": { - "enabled": { - "type": "boolean" - } - } - }, - "type": { - "type": "keyword" - }, - "ui-metric": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "updated_at": { - "type": "date" - }, - "upgrade-assistant-reindex-operation": { - "dynamic": "true", - "properties": { - "indexName": { - "type": "keyword" - }, - "status": { - "type": "integer" - } - } - }, - "upgrade-assistant-telemetry": { - "properties": { - "features": { - "properties": { - "deprecation_logging": { - "properties": { - "enabled": { - "null_value": true, - "type": "boolean" - } - } - } - } - }, - "ui_open": { - "properties": { - "cluster": { - "null_value": 0, - "type": "long" - }, - "indices": { - "null_value": 0, - "type": "long" - }, - "overview": { - "null_value": 0, - "type": "long" - } - } - }, - "ui_reindex": { - "properties": { - "close": { - "null_value": 0, - "type": "long" - }, - "open": { - "null_value": 0, - "type": "long" - }, - "start": { - "null_value": 0, - "type": "long" - }, - "stop": { - "null_value": 0, - "type": "long" - } - } - } - } - }, - "url": { - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "user-action": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "visualization": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "savedSearchRefName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "type": "text" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} - { "type": "index", "value": { diff --git a/x-pack/test/functional/es_archives/reporting/sales/data.json.gz b/x-pack/test/functional/es_archives/reporting/sales/data.json.gz index 9478d482abe16..4d517a0c2597c 100644 Binary files a/x-pack/test/functional/es_archives/reporting/sales/data.json.gz and b/x-pack/test/functional/es_archives/reporting/sales/data.json.gz differ diff --git a/x-pack/test/functional/es_archives/reporting/sales/mappings.json b/x-pack/test/functional/es_archives/reporting/sales/mappings.json index 317b185046ce1..498aef34028fb 100644 --- a/x-pack/test/functional/es_archives/reporting/sales/mappings.json +++ b/x-pack/test/functional/es_archives/reporting/sales/mappings.json @@ -1,267 +1,3 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": {} - }, - "index": ".kibana_1", - "mappings": { - "properties": { - "config": { - "dynamic": "true", - "properties": { - "buildNum": { - "type": "keyword" - } - } - }, - "dashboard": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "optionsJSON": { - "type": "text" - }, - "panelsJSON": { - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "type": "keyword" - }, - "pause": { - "type": "boolean" - }, - "section": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "timeFrom": { - "type": "keyword" - }, - "timeRestore": { - "type": "boolean" - }, - "timeTo": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "graph-workspace": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "dynamic": "strict", - "properties": { - "fieldFormatMap": { - "type": "text" - }, - "fields": { - "type": "text" - }, - "intervalName": { - "type": "keyword" - }, - "notExpandable": { - "type": "boolean" - }, - "sourceFilters": { - "type": "text" - }, - "timeFieldName": { - "type": "keyword" - }, - "title": { - "type": "text" - } - } - }, - "search": { - "dynamic": "strict", - "properties": { - "columns": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "sort": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "server": { - "dynamic": "strict", - "properties": { - "uuid": { - "type": "keyword" - } - } - }, - "space": { - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "initials": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "spaceId": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "url": { - "dynamic": "strict", - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "visualization": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "savedSearchId": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "type": "text" - } - } - } - } - }, - "settings": { - "index": { - "number_of_replicas": "1", - "number_of_shards": "1" - } - } - } -} - { "type": "index", "value": { diff --git a/x-pack/test/functional/fixtures/kbn_archiver/maps.json b/x-pack/test/functional/fixtures/kbn_archiver/maps.json index 78e49997d5c9e..94ab038ae973b 100644 --- a/x-pack/test/functional/fixtures/kbn_archiver/maps.json +++ b/x-pack/test/functional/fixtures/kbn_archiver/maps.json @@ -725,7 +725,7 @@ "description": "", "layerListJSON": "[{\"id\":\"g1xkv\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"sourceDescriptor\":{\"resolution\":\"SUPER_FINE\",\"type\":\"ES_GEO_GRID\",\"id\":\"9305f6ea-4518-4c06-95b9-33321aa38d6a\",\"geoField\":\"geo.coordinates\",\"requestType\":\"grid\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"max\",\"field\":\"bytes\"}],\"indexPatternRefName\":\"layer_0_source_index_pattern\",\"applyGlobalQuery\":true},\"visible\":true,\"temporary\":false,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"max of bytes\",\"name\":\"max_of_bytes\",\"origin\":\"source\"},\"color\":\"Blues\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#cccccc\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32}}},\"temporary\":true,\"previousStyle\":null},\"type\":\"TILED_VECTOR\"}]", "mapStateJSON": "{\"zoom\":3.59,\"center\":{\"lon\":-98.05765,\"lat\":38.32288},\"timeFilters\":{\"from\":\"2015-09-20T00:00:00.000Z\",\"to\":\"2015-09-20T01:00:00.000Z\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":1000},\"settings\":{\"autoFitToDataBounds\":false}}", - "title": "geo grid vector grid example SUPER_FINE resolution", + "title": "MVT geotile grid (style meta from ES)", "uiStateJSON": "{\"isDarkMode\":false}" }, "coreMigrationVersion": "8.0.0", @@ -744,6 +744,56 @@ "version": "WzU1LDJd" } +{ + "attributes": { + "description":"", + "layerListJSON":"[{\"id\":\"g1xkv\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"sourceDescriptor\":{\"resolution\":\"SUPER_FINE\",\"type\":\"ES_GEO_GRID\",\"id\":\"9305f6ea-4518-4c06-95b9-33321aa38d6a\",\"geoField\":\"geo.coordinates\",\"requestType\":\"grid\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"max\",\"field\":\"bytes\"}],\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_0_source_index_pattern\"},\"visible\":true,\"temporary\":false,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"type\":\"ORDINAL\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#cccccc\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"TILED_VECTOR\"}]", + "mapStateJSON":"{\"zoom\":3.59,\"center\":{\"lon\":-98.05765,\"lat\":38.32288},\"timeFilters\":{\"from\":\"2015-09-20T00:00:00.000Z\",\"to\":\"2015-09-21T01:00:00.000Z\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":1000},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title":"MVT geotile grid (style meta from local - count)", + "uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[\"g1xkv\"]}" + }, + "coreMigrationVersion":"8.1.0", + "id":"943443a0-3b48-11ec-8a0d-af01166a5cc3", + "migrationVersion": { + "map":"8.0.0" + }, + "references": [ + { + "id":"c698b940-e149-11e8-a35a-370a8516603a", + "name":"layer_0_source_index_pattern", + "type":"index-pattern" + } + ], + "type":"map", + "updated_at":"2021-11-01T19:20:50.287Z", + "version":"WzkwLDFd" +} + +{ + "attributes": { + "description":"", + "layerListJSON":"[{\"id\":\"g1xkv\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"sourceDescriptor\":{\"resolution\":\"SUPER_FINE\",\"type\":\"ES_GEO_GRID\",\"id\":\"9305f6ea-4518-4c06-95b9-33321aa38d6a\",\"geoField\":\"geo.coordinates\",\"requestType\":\"grid\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"bytes\"}],\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_0_source_index_pattern\"},\"visible\":true,\"temporary\":false,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"origin\":\"source\",\"name\":\"sum_of_bytes\"},\"color\":\"Blues\",\"fieldMetaOptions\":{\"isEnabled\":false}}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#cccccc\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"TILED_VECTOR\"}]", + "mapStateJSON":"{\"zoom\":3.59,\"center\":{\"lon\":-98.05765,\"lat\":38.32288},\"timeFilters\":{\"from\":\"2015-09-20T00:00:00.000Z\",\"to\":\"2015-09-20T04:00:00.000Z\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":1000},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title":"MVT geotile grid (style meta from local - metric)", + "uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[\"g1xkv\"]}" + }, + "coreMigrationVersion":"8.1.0", + "id":"9ff6f170-3b56-11ec-9cfb-57b0ede90800", + "migrationVersion": { + "map":"8.0.0" + }, + "references": [ + { + "id":"c698b940-e149-11e8-a35a-370a8516603a", + "name":"layer_0_source_index_pattern", + "type":"index-pattern" + } + ], + "type":"map", + "updated_at":"2021-11-01T21:01:40.951Z", + "version":"WzkyLDFd" +} + { "attributes": { "description": "", diff --git a/x-pack/test/functional/fixtures/kbn_archiver/reporting/ecommerce.json b/x-pack/test/functional/fixtures/kbn_archiver/reporting/ecommerce.json index c1274b4c78c90..ce308d9ec0bf3 100644 --- a/x-pack/test/functional/fixtures/kbn_archiver/reporting/ecommerce.json +++ b/x-pack/test/functional/fixtures/kbn_archiver/reporting/ecommerce.json @@ -712,3 +712,54 @@ "updated_at": "2021-09-20T23:37:22.367Z", "version": "WzY3LDFd" } + +{ + "attributes": { + "fields": "[{\"count\":0,\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_score\",\"type\":\"number\",\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":0,\"name\":\"category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"category\"}}},{\"count\":0,\"name\":\"currency\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"customer_birth_date\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"customer_first_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"customer_first_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"customer_first_name\"}}},{\"count\":1,\"name\":\"customer_full_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"customer_full_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"customer_full_name\"}}},{\"count\":0,\"name\":\"customer_gender\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"customer_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"customer_last_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"customer_last_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"customer_last_name\"}}},{\"count\":0,\"name\":\"customer_phone\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"day_of_week\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"day_of_week_i\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"email\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.city_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.continent_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.country_iso_code\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.location\",\"type\":\"geo_point\",\"esTypes\":[\"geo_point\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"geoip.region_name\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"manufacturer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"manufacturer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"manufacturer\"}}},{\"count\":1,\"name\":\"order_date\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"order_id\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products._id\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products._id.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products._id\"}}},{\"count\":0,\"name\":\"products.base_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.base_unit_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.category\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products.category.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products.category\"}}},{\"count\":0,\"name\":\"products.created_on\",\"type\":\"date\",\"esTypes\":[\"date\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.discount_amount\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.discount_percentage\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.manufacturer\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products.manufacturer.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products.manufacturer\"}}},{\"count\":0,\"name\":\"products.min_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.product_id\",\"type\":\"number\",\"esTypes\":[\"long\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.product_name\",\"type\":\"string\",\"esTypes\":[\"text\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"count\":0,\"name\":\"products.product_name.keyword\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true,\"subType\":{\"multi\":{\"parent\":\"products.product_name\"}}},{\"count\":0,\"name\":\"products.quantity\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.sku\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.tax_amount\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.taxful_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.taxless_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"products.unit_discount_amount\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"sku\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"taxful_total_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"taxless_total_price\",\"type\":\"number\",\"esTypes\":[\"half_float\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"total_quantity\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":1,\"name\":\"total_unique_products\",\"type\":\"number\",\"esTypes\":[\"integer\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"type\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"count\":0,\"name\":\"user\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", + "timeFieldName": "order_date", + "title": "ec*" + }, + "coreMigrationVersion": "8.0.0", + "id": "aac3e500-f2c7-11ea-8250-fb138aa491e7", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2020-09-09T18:10:54.007Z", + "version": "WzIwLDJd" +} + +{ + "attributes": { + "columns": [ + "category", + "customer_full_name", + "taxful_total_price", + "currency" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "sort": [], + "title": "EC SEARCH from DEFAULT", + "version": 1 + }, + "coreMigrationVersion": "8.0.0", + "id": "bbe45ae0-f2c7-11ea-8250-fb138aa491e7", + "migrationVersion": { + "search": "8.0.0" + }, + "references": [ + { + "id": "aac3e500-f2c7-11ea-8250-fb138aa491e7", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-09-09T18:10:58.011Z", + "version": "WzI4LDJd" +} diff --git a/x-pack/test/functional/fixtures/kbn_archiver/reporting/logs.json b/x-pack/test/functional/fixtures/kbn_archiver/reporting/logs.json new file mode 100644 index 0000000000000..64fd4c8e5c20d --- /dev/null +++ b/x-pack/test/functional/fixtures/kbn_archiver/reporting/logs.json @@ -0,0 +1,441 @@ +{ + "attributes": { + "fields": "[{\"name\":\"referer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.og:image:width\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.og:type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"xss.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"headings.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"meta.user.lastname\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.article:tag.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"geo.dest\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.twitter:image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.article:section.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"utc_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.twitter:card\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"meta.char\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"clientip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:image:height\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"machine.ram\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"links\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"@tags.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"phpmemory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.twitter:card.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:image\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.article:modified_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.og:site_name.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"request.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.article:tag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"agent.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"spaces\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.twitter:site.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"headings\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"relatedContent.og:image.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"index.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"extension\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"memory\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"relatedContent.twitter:site\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.twitter:description\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.og:url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"geo.coordinates\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.url.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"meta.related\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.twitter:title.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:title.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"response.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"@message.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"machine.os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.article:section\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.og:url.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"xss\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"links.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"geo.srcdest\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"url.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"extension.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"machine.os.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"@tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"host.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:type.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"geo.src\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"spaces.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:image:height.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.twitter:description.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:site_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.twitter:title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"@message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.twitter:image.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"meta.user.firstname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":true,\"doc_values\":false},{\"name\":\"relatedContent.og:image:width.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.og:description.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"relatedContent.article:published_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"indexed\":true,\"analyzed\":false,\"doc_values\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"indexed\":false,\"analyzed\":false,\"doc_values\":false}]", + "timeFieldName": "@timestamp", + "title": "logstash-*" + }, + "coreMigrationVersion": "8.0.0", + "id": "logstash-*", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "version": "WzIsMl0=" +} + +{ + "attributes": { + "columns": [ + "clientip", + "extension" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":\"datefilter🥜\",\"negate\":false,\"type\":\"range\",\"key\":\"@timestamp\",\"value\":\"Sep 20, 2015 @ 03:19:40.307 to Sep 20, 2015 @ 03:26:56.221\",\"params\":{\"gte\":\"2015-09-20T10:19:40.307Z\",\"lt\":\"2015-09-20T10:26:56.221Z\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"range\":{\"@timestamp\":{\"gte\":\"2015-09-20T10:19:40.307Z\",\"lt\":\"2015-09-20T10:26:56.221Z\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "sort": [ + [ + "@timestamp", + "desc" + ] + ], + "title": "A Saved Search With a DATE FILTER", + "version": 1 + }, + "coreMigrationVersion": "8.0.0", + "id": "d7a79750-3edd-11e9-99cc-4d80163ee9e7", + "migrationVersion": { + "search": "8.0.0" + }, + "references": [ + { + "id": "logstash-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "logstash-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-03-05T00:34:28.706Z", + "version": "WzMsMl0=" +} + +{ + "attributes": { + "buildNum": 9007199254740991, + "dateFormat:tz": "UTC", + "defaultIndex": "89655130-5013-11e9-bce7-4dabcb8bef24", + "csv:quoteValues": true, + "csv:separator": ",", + "search:queryLanguage": "lucene" + }, + "coreMigrationVersion": "8.0.0", + "id": "8.0.0", + "migrationVersion": { + "config": "8.0.0" + }, + "references": [], + "type": "config", + "updated_at": "2019-07-09T21:57:57.129Z", + "version": "WzMsMl0=" +} + +{ + "attributes": { + "fieldFormatMap": "{\"date\":{\"id\":\"date_nanos\"}}", + "fields": "[{\"name\":\"_id\",\"type\":\"string\",\"esTypes\":[\"_id\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"esTypes\":[\"_index\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"esTypes\":[\"_source\"],\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"esTypes\":[\"_type\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"date\",\"type\":\"date\",\"esTypes\":[\"date_nanos\"],\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"esTypes\":[\"keyword\"],\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", + "title": "nanos" + }, + "coreMigrationVersion": "8.0.0", + "id": "907bc200-a294-11e9-a900-ef10e0ac769e", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2019-07-09T22:07:17.154Z", + "version": "WzQsMl0=" +} + +{ + "attributes": { + "columns": [ + "date", + "message", + "_id" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "sort": [ + [ + "date", + "desc" + ] + ], + "title": "TESTS DATE NANOS", + "version": 1 + }, + "coreMigrationVersion": "8.0.0", + "id": "e4035040-a295-11e9-a900-ef10e0ac769e", + "migrationVersion": { + "search": "8.0.0" + }, + "references": [ + { + "id": "907bc200-a294-11e9-a900-ef10e0ac769e", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2019-07-09T22:07:22.318Z", + "version": "WzUsMl0=" +} + +{ + "id": "timeless-sales", + "attributes": { + "fields": "[{\"name\":\"@date\",\"type\":\"date\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"metric\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"power\",\"type\":\"number\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"success\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]", + "title": "sales" + }, + "migrationVersion": { + "index-pattern": "6.5.0" + }, + "references": [ + ], + "type": "index-pattern", + "updated_at": "2019-03-05T22:52:35.474Z" +} + +{ + "id": "71e3ee20-3f99-11e9-b8ee-6b9604f2f877", + "migrationVersion": { + "search": "7.0.0" + }, + "references": [ + { + "id": "timeless-sales", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "timeless-sales", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "attributes": { + "columns": [ + "name", + "power" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"power\",\"negate\":false,\"params\":{\"gte\":1,\"lt\":null},\"type\":\"range\",\"value\":\"1 to \",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"range\":{\"power\":{\"gte\":1,\"lt\":null}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "sort": [[ + "power", + "asc" + ]], + "title": "SALE POWER", + "version": 1 + }, + "type": "search", + "updated_at": "2019-03-05T22:53:08.481Z" +} + +{ + "attributes": { + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "0385075d-0f3b-4a12-b3c0-68a95781d48d": { + "columnOrder": [ + "03195b79-6315-40f7-b513-5222330367d7", + "2cb8226c-bfe5-4505-9c66-9f99ff6b5822" + ], + "columns": { + "03195b79-6315-40f7-b513-5222330367d7": { + "dataType": "date", + "isBucketed": true, + "label": "date", + "operationType": "date_histogram", + "params": { + "interval": "auto" + }, + "scale": "interval", + "sourceField": "date" + }, + "2cb8226c-bfe5-4505-9c66-9f99ff6b5822": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "accessors": [ + "2cb8226c-bfe5-4505-9c66-9f99ff6b5822" + ], + "layerId": "0385075d-0f3b-4a12-b3c0-68a95781d48d", + "layerType": "data", + "position": "top", + "seriesType": "bar_stacked", + "showGridlines": false, + "xAccessor": "03195b79-6315-40f7-b513-5222330367d7" + } + ], + "legend": { + "isVisible": true, + "position": "right" + }, + "preferredSeriesType": "bar_stacked", + "title": "Empty XY chart", + "valueLabels": "hide" + } + }, + "title": "distogram", + "visualizationType": "lnsXY" + }, + "coreMigrationVersion": "8.0.0", + "id": "4b498150-6821-11eb-9375-4bd700f7d8d4", + "migrationVersion": { + "lens": "8.0.0" + }, + "references": [], + "type": "lens", + "updated_at": "2021-02-06T02:16:17.129Z", + "version": "WzgsMl0=" +} + +{ + "attributes": { + "fieldAttrs": "{\"_id\":{\"count\":1},\"gender\":{\"count\":1},\"name\":{\"count\":1},\"value\":{\"count\":1},\"year\":{\"count\":1},\"years_ago\":{\"count\":1},\"date_informal\":{\"count\":1}}", + "fieldFormatMap": "{\"years_ago\":{\"id\":\"number\",\"params\":{\"pattern\":\"0,0.00000000000000000000\"}},\"year\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"date_informal\":{\"id\":\"date\",\"params\":{\"parsedUrl\":{\"origin\":\"http://localhost:5620\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"MMM Do YY\"}}}", + "fields": "[{\"count\":1,\"script\":\"2019 - doc['year'].value\",\"lang\":\"painless\",\"name\":\"years_ago\",\"type\":\"number\",\"scripted\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"count\":1,\"script\":\"doc['date'].value\",\"lang\":\"painless\",\"name\":\"date_informal\",\"type\":\"date\",\"scripted\":true,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false}]", + "runtimeFieldMap": "{}", + "timeFieldName": "date", + "title": "babynames" + }, + "coreMigrationVersion": "8.0.0", + "id": "89655130-5013-11e9-bce7-4dabcb8bef24", + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2021-02-06T02:15:25.565Z", + "version": "WzcsMl0=" +} + +{ + "attributes": { + "columns": [ + "_id", + "name", + "gender", + "value", + "year", + "years_ago", + "date_informal" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"sort\":[{\"date\":\"desc\"}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"fieldsFromSource\":[\"_id\",\"_index\",\"_score\",\"_source\",\"_type\",\"date\",\"gender\",\"name\",\"percent\",\"value\",\"year\",\"years_ago\",\"date_informal\"],\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "sort": [ + [ + "date", + "desc" + ] + ], + "title": "namessearch", + "version": 1 + }, + "coreMigrationVersion": "8.0.0", + "id": "cdb908f0-6820-11eb-9375-4bd700f7d8d4", + "migrationVersion": { + "search": "8.0.0" + }, + "references": [ + { + "id": "89655130-5013-11e9-bce7-4dabcb8bef24", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2021-02-06T02:15:31.253Z", + "version": "WzYsMl0=" +} + +{ + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}" + }, + "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}", + "panelsJSON": "[{\"version\":\"7.11.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":13,\"i\":\"56f914c9-9597-4781-bfc6-229d40b382c7\"},\"panelIndex\":\"56f914c9-9597-4781-bfc6-229d40b382c7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_56f914c9-9597-4781-bfc6-229d40b382c7\"},{\"version\":\"7.11.0\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":14,\"i\":\"f3ea512f-e441-4206-8aa7-000b1418ea2b\"},\"panelIndex\":\"f3ea512f-e441-4206-8aa7-000b1418ea2b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f3ea512f-e441-4206-8aa7-000b1418ea2b\"}]", + "timeRestore": false, + "title": "names dashboard", + "version": 1 + }, + "coreMigrationVersion": "8.0.0", + "id": "52af6d10-6821-11eb-9375-4bd700f7d8d4", + "migrationVersion": { + "dashboard": "8.0.0" + }, + "references": [ + { + "id": "cdb908f0-6820-11eb-9375-4bd700f7d8d4", + "name": "56f914c9-9597-4781-bfc6-229d40b382c7:panel_56f914c9-9597-4781-bfc6-229d40b382c7", + "type": "search" + }, + { + "id": "4b498150-6821-11eb-9375-4bd700f7d8d4", + "name": "f3ea512f-e441-4206-8aa7-000b1418ea2b:panel_f3ea512f-e441-4206-8aa7-000b1418ea2b", + "type": "lens" + } + ], + "type": "dashboard", + "updated_at": "2021-02-06T02:16:29.540Z", + "version": "WzksMl0=" +} + +{ + "attributes": { + "@created": "2020-07-16T20:33:21.826Z", + "@timestamp": "2020-07-16T20:34:01.093Z", + "assets": {}, + "colors": [ + "#37988d", + "#c19628", + "#b83c6f", + "#3f9939", + "#1785b0", + "#ca5f35", + "#45bdb0", + "#f2bc33", + "#e74b8b", + "#4fbf48", + "#1ea6dc", + "#fd7643", + "#72cec3", + "#f5cc5d", + "#ec77a8", + "#7acf74", + "#4cbce4", + "#fd986f", + "#a1ded7", + "#f8dd91", + "#f2a4c5", + "#a6dfa2", + "#86d2ed", + "#fdba9f", + "#000000", + "#444444", + "#777777", + "#BBBBBB", + "#FFFFFF", + "rgba(255,255,255,0)" + ], + "css": ".canvasPage {\n\n}", + "height": 720, + "isWriteable": true, + "name": "Workpad of Death", + "page": 0, + "pages": [ + { + "elements": [ + { + "expression": "image \n dataurl=\"https://via.placeholder.com/728x90.png?text=test+external+image\" mode=\"contain\"\n| render", + "id": "element-4612f502-7880-418b-8107-a629e9b842bc", + "position": { + "angle": 0, + "height": 300, + "left": 20, + "parent": null, + "top": 20, + "width": 500 + } + } + ], + "groups": [], + "id": "page-28d24ed2-c162-408c-92b3-978d7433aa1d", + "style": { + "background": "#FFF" + }, + "transition": {} + } + ], + "variables": [], + "width": 1080 + }, + "coreMigrationVersion": "8.1.0", + "id": "workpad-e7464259-0b75-4b8c-81c8-8422b15ff201", + "migrationVersion": { + "canvas-workpad": "8.0.0" + }, + "references": [], + "type": "canvas-workpad", + "updated_at": "2020-07-16T20:34:01.098Z", + "version": "WzIsMl0=" +} diff --git a/x-pack/test/functional/services/observability/alerts/common.ts b/x-pack/test/functional/services/observability/alerts/common.ts index f47d17039b5ae..7e29b94c85fa3 100644 --- a/x-pack/test/functional/services/observability/alerts/common.ts +++ b/x-pack/test/functional/services/observability/alerts/common.ts @@ -16,7 +16,7 @@ const DATE_WITH_DATA = { }; const ALERTS_FLYOUT_SELECTOR = 'alertsFlyout'; -const COPY_TO_CLIPBOARD_BUTTON_SELECTOR = 'copy-to-clipboard'; +const FILTER_FOR_VALUE_BUTTON_SELECTOR = 'filter-for-value'; const ALERTS_TABLE_CONTAINER_SELECTOR = 'events-viewer-panel'; const ACTION_COLUMN_INDEX = 1; @@ -149,16 +149,12 @@ export function ObservabilityAlertsCommonProvider({ // Cell actions - const copyToClipboardButtonExists = async () => { - return await testSubjects.exists(COPY_TO_CLIPBOARD_BUTTON_SELECTOR); - }; - - const getCopyToClipboardButton = async () => { - return await testSubjects.find(COPY_TO_CLIPBOARD_BUTTON_SELECTOR); + const filterForValueButtonExists = async () => { + return await testSubjects.exists(FILTER_FOR_VALUE_BUTTON_SELECTOR); }; const getFilterForValueButton = async () => { - return await testSubjects.find('filter-for-value'); + return await testSubjects.find(FILTER_FOR_VALUE_BUTTON_SELECTOR); }; const openActionsMenuForRow = async (rowIndex: number) => { @@ -216,15 +212,14 @@ export function ObservabilityAlertsCommonProvider({ getQueryBar, clearQueryBar, closeAlertsFlyout, + filterForValueButtonExists, getAlertsFlyout, getAlertsFlyoutDescriptionListDescriptions, getAlertsFlyoutDescriptionListTitles, getAlertsFlyoutOrFail, getAlertsFlyoutTitle, getAlertsFlyoutViewInAppButtonOrFail, - getCopyToClipboardButton, getFilterForValueButton, - copyToClipboardButtonExists, getNoDataPageOrFail, getNoDataStateOrFail, getTableCells, diff --git a/x-pack/test/lists_api_integration/utils.ts b/x-pack/test/lists_api_integration/utils.ts index eda32c7fe9fb8..8a2a7a8ca65ff 100644 --- a/x-pack/test/lists_api_integration/utils.ts +++ b/x-pack/test/lists_api_integration/utils.ts @@ -116,20 +116,25 @@ export const removeExceptionListServerGeneratedProperties = ( export const waitFor = async ( functionToTest: () => Promise, functionName: string, - maxTimeout: number = 5000, - timeoutWait: number = 10 + maxTimeout: number = 800000, + timeoutWait: number = 250 ) => { await new Promise(async (resolve, reject) => { try { let found = false; let numberOfTries = 0; + const maxTries = Math.floor(maxTimeout / timeoutWait); - while (!found && numberOfTries < Math.floor(maxTimeout / timeoutWait)) { + while (!found && numberOfTries < maxTries) { const itPasses = await functionToTest(); if (itPasses) { found = true; } else { + // eslint-disable-next-line no-console + console.log( + `Try number ${numberOfTries} out of ${maxTries} for function ${functionName}` + ); numberOfTries++; } @@ -219,7 +224,7 @@ export const importFile = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" When importing a file. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" When importing a file (importFile). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -246,12 +251,20 @@ export const importTextFile = async ( contents: string[], fileName: string ): Promise => { - await supertest + const response = await supertest .post(`${LIST_ITEM_URL}/_import?type=${type}`) .set('kbn-xsrf', 'true') .attach('file', getImportListItemAsBuffer(contents), fileName) - .expect('Content-Type', 'application/json; charset=utf-8') - .expect(200); + .expect('Content-Type', 'application/json; charset=utf-8'); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when importing a text file (importTextFile). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } // although we have pushed the list and its items, it is async so we // have to wait for the contents before continuing @@ -271,10 +284,17 @@ export const waitForListItem = async ( fileName: string ): Promise => { await waitFor(async () => { - const { status } = await supertest + const { status, body } = await supertest .get(`${LIST_ITEM_URL}?list_id=${fileName}&value=${itemValue}`) .send(); - + if (status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for a list item (waitForListItem) yet. Retrying until we get a 200 "ok". body: ${JSON.stringify( + body + )}, status: ${JSON.stringify(status)}` + ); + } return status === 200; }, `waitForListItem fileName: "${fileName}" itemValue: "${itemValue}"`); }; @@ -310,9 +330,17 @@ export const waitForTextListItem = async ( await waitFor(async () => { const promises = await Promise.all( tokens.map(async (token) => { - const { status } = await supertest + const { status, body } = await supertest .get(`${LIST_ITEM_URL}?list_id=${fileName}&value=${token}`) .send(); + if (status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for a text list item (waitForTextListItem) yet. Retrying until we get a 200 "ok". body: ${JSON.stringify( + body + )}, status: ${JSON.stringify(status)}` + ); + } return status === 200; }) ); diff --git a/x-pack/test/observability_functional/apps/observability/alerts/index.ts b/x-pack/test/observability_functional/apps/observability/alerts/index.ts index 112c24f7c3a88..216a9736fbe87 100644 --- a/x-pack/test/observability_functional/apps/observability/alerts/index.ts +++ b/x-pack/test/observability_functional/apps/observability/alerts/index.ts @@ -189,19 +189,15 @@ export default ({ getService }: FtrProviderContext) => { await alertStatusCell.moveMouseTo(); await retry.waitFor( 'cell actions visible', - async () => await observability.alerts.common.copyToClipboardButtonExists() + async () => await observability.alerts.common.filterForValueButtonExists() ); }); }); afterEach(async () => { await observability.alerts.common.clearQueryBar(); - }); - - it('Copy button works', async () => { - // NOTE: We don't have access to the clipboard in a headless environment, - // so we'll just check the button is clickable in the functional tests. - await (await observability.alerts.common.getCopyToClipboardButton()).click(); + // Reset the query bar by hiding the dropdown + await observability.alerts.common.submitQuery(''); }); it('Filter for value works', async () => { diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/__snapshots__/download_csv_dashboard.snap b/x-pack/test/reporting_api_integration/reporting_and_security/__snapshots__/download_csv_dashboard.snap index 806fa16f56921..e54f173bbd04c 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/__snapshots__/download_csv_dashboard.snap +++ b/x-pack/test/reporting_api_integration/reporting_and_security/__snapshots__/download_csv_dashboard.snap @@ -1,68 +1,5 @@ // Jest Snapshot v1, https://goo.gl/fbAQLP -exports[`Reporting APIs CSV Generation from SearchSource Exports CSV with all fields when using defaults 1`] = ` -"_id,_index,_score,_type,category,category.keyword,currency,customer_first_name,customer_first_name.keyword,customer_full_name,customer_full_name.keyword,customer_gender,customer_id,customer_last_name,customer_last_name.keyword,customer_phone,day_of_week,day_of_week_i,email,geoip.city_name,geoip.continent_name,geoip.country_iso_code,geoip.location,geoip.region_name,manufacturer,manufacturer.keyword,order_date,order_id,products._id,products._id.keyword,products.base_price,products.base_unit_price,products.category,products.category.keyword,products.created_on,products.discount_amount,products.discount_percentage,products.manufacturer,products.manufacturer.keyword,products.min_price,products.price,products.product_id,products.product_name,products.product_name.keyword,products.quantity,products.sku,products.tax_amount,products.taxful_price,products.taxless_price,products.unit_discount_amount,sku,taxful_total_price,taxless_total_price,total_quantity,total_unique_products,type,user -9AMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,Men's Clothing,EUR,Boris,Boris,Boris Bradley,Boris Bradley,MALE,36,Bradley,Bradley,(empty),Wednesday,2,boris@bradley-family.zzz,-,Europe,GB,{ - \\"coordinates\\": [ - -0.1, - 51.5 - ], - \\"type\\": \\"Point\\" -},-,Microlutions, Elitelligence,Microlutions, Elitelligence,Jun 25, 2019 @ 00:00:00.000,568397,sold_product_568397_24419, sold_product_568397_20207,sold_product_568397_24419, sold_product_568397_20207,33, 28.984,33, 28.984,Men's Clothing, Men's Clothing,Men's Clothing, Men's Clothing,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Microlutions, Elitelligence,Microlutions, Elitelligence,17.484, 13.922,33, 28.984,24,419, 20,207,Cargo trousers - oliv, Trousers - black,Cargo trousers - oliv, Trousers - black,1, 1,ZO0112101121, ZO0530405304,0, 0,33, 28.984,33, 28.984,0, 0,ZO0112101121, ZO0530405304,61.969,61.969,2,2,order,boris -9QMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,Men's Clothing,EUR,Oliver,Oliver,Oliver Hubbard,Oliver Hubbard,MALE,7,Hubbard,Hubbard,(empty),Wednesday,2,oliver@hubbard-family.zzz,-,Europe,GB,{ - \\"coordinates\\": [ - -0.1, - 51.5 - ], - \\"type\\": \\"Point\\" -},-,Spritechnologies, Microlutions,Spritechnologies, Microlutions,Jun 25, 2019 @ 00:00:00.000,568044,sold_product_568044_12799, sold_product_568044_18008,sold_product_568044_12799, sold_product_568044_18008,14.992, 16.984,14.992, 16.984,Men's Clothing, Men's Clothing,Men's Clothing, Men's Clothing,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Spritechnologies, Microlutions,Spritechnologies, Microlutions,6.898, 8.828,14.992, 16.984,12,799, 18,008,Undershirt - dark grey multicolor, Long sleeved top - purple,Undershirt - dark grey multicolor, Long sleeved top - purple,1, 1,ZO0630406304, ZO0120201202,0, 0,14.992, 16.984,14.992, 16.984,0, 0,ZO0630406304, ZO0120201202,31.984,31.984,2,2,order,oliver -OAMtOW0BH63Xcmy432HJ,ecommerce,-,-,Women's Accessories,Women's Accessories,EUR,Betty,Betty,Betty Reese,Betty Reese,FEMALE,44,Reese,Reese,(empty),Wednesday,2,betty@reese-family.zzz,New York,North America,US,{ - \\"coordinates\\": [ - -74, - 40.7 - ], - \\"type\\": \\"Point\\" -},New York,Pyramidustries,Pyramidustries,Jun 25, 2019 @ 00:00:00.000,568229,sold_product_568229_24991, sold_product_568229_12039,sold_product_568229_24991, sold_product_568229_12039,11.992, 10.992,11.992, 10.992,Women's Accessories, Women's Accessories,Women's Accessories, Women's Accessories,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Pyramidustries, Pyramidustries,Pyramidustries, Pyramidustries,6.352, 5.82,11.992, 10.992,24,991, 12,039,Scarf - rose/white, Scarf - nude/black/turquoise,Scarf - rose/white, Scarf - nude/black/turquoise,1, 1,ZO0192201922, ZO0192801928,0, 0,11.992, 10.992,11.992, 10.992,0, 0,ZO0192201922, ZO0192801928,22.984,22.984,2,2,order,betty -OQMtOW0BH63Xcmy432HJ,ecommerce,-,-,Men's Clothing, Men's Accessories,Men's Clothing, Men's Accessories,EUR,Recip,Recip,Recip Salazar,Recip Salazar,MALE,10,Salazar,Salazar,(empty),Wednesday,2,recip@salazar-family.zzz,Istanbul,Asia,TR,{ - \\"coordinates\\": [ - 29, - 41 - ], - \\"type\\": \\"Point\\" -},Istanbul,Elitelligence,Elitelligence,Jun 25, 2019 @ 00:00:00.000,568292,sold_product_568292_23627, sold_product_568292_11149,sold_product_568292_23627, sold_product_568292_11149,24.984, 10.992,24.984, 10.992,Men's Clothing, Men's Accessories,Men's Clothing, Men's Accessories,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Elitelligence, Elitelligence,Elitelligence, Elitelligence,12.492, 5.059,24.984, 10.992,23,627, 11,149,Slim fit jeans - grey, Sunglasses - black,Slim fit jeans - grey, Sunglasses - black,1, 1,ZO0534205342, ZO0599605996,0, 0,24.984, 10.992,24.984, 10.992,0, 0,ZO0534205342, ZO0599605996,35.969,35.969,2,2,order,recip -jwMtOW0BH63Xcmy432HJ,ecommerce,-,-,Men's Clothing,Men's Clothing,EUR,Jackson,Jackson,Jackson Harper,Jackson Harper,MALE,13,Harper,Harper,(empty),Wednesday,2,jackson@harper-family.zzz,Los Angeles,North America,US,{ - \\"coordinates\\": [ - -118.2, - 34.1 - ], - \\"type\\": \\"Point\\" -},California,Low Tide Media, Oceanavigations,Low Tide Media, Oceanavigations,Jun 25, 2019 @ 00:00:00.000,568386,sold_product_568386_11959, sold_product_568386_2774,sold_product_568386_11959, sold_product_568386_2774,24.984, 85,24.984, 85,Men's Clothing, Men's Clothing,Men's Clothing, Men's Clothing,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Low Tide Media, Oceanavigations,Low Tide Media, Oceanavigations,12.742, 45.875,24.984, 85,11,959, 2,774,SLIM FIT - Formal shirt - lila, Classic coat - black,SLIM FIT - Formal shirt - lila, Classic coat - black,1, 1,ZO0422404224, ZO0291702917,0, 0,24.984, 85,24.984, 85,0, 0,ZO0422404224, ZO0291702917,110,110,2,2,order,jackson -" -`; - -exports[`Reporting APIs CSV Generation from SearchSource Exports CSV with almost all fields when using fieldsFromSource 1`] = ` -"_id,_index,_score,_type,category,currency,customer_first_name,customer_full_name,customer_gender,customer_id,customer_last_name,customer_phone,day_of_week,day_of_week_i,email,geoip,manufacturer,order_date,order_id,products,products.created_on,sku,taxful_total_price,taxless_total_price,total_quantity,total_unique_products,type,user -9AMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,EUR,Boris,Boris Bradley,MALE,36,Bradley,-,Wednesday,2,boris@bradley-family.zzz,{\\"continent_name\\":\\"Europe\\",\\"country_iso_code\\":\\"GB\\",\\"location\\":{\\"lat\\":51.5,\\"lon\\":-0.1}},Microlutions, Elitelligence,Jun 25, 2019 @ 00:00:00.000,568397,{\\"_id\\":\\"sold_product_568397_24419\\",\\"base_price\\":32.99,\\"base_unit_price\\":32.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Microlutions\\",\\"min_price\\":17.48,\\"price\\":32.99,\\"product_id\\":24419,\\"product_name\\":\\"Cargo trousers - oliv\\",\\"quantity\\":1,\\"sku\\":\\"ZO0112101121\\",\\"tax_amount\\":0,\\"taxful_price\\":32.99,\\"taxless_price\\":32.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568397_20207\\",\\"base_price\\":28.99,\\"base_unit_price\\":28.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Elitelligence\\",\\"min_price\\":13.92,\\"price\\":28.99,\\"product_id\\":20207,\\"product_name\\":\\"Trousers - black\\",\\"quantity\\":1,\\"sku\\":\\"ZO0530405304\\",\\"tax_amount\\":0,\\"taxful_price\\":28.99,\\"taxless_price\\":28.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0112101121, ZO0530405304,61.98,61.98,2,2,order,boris -9QMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,EUR,Oliver,Oliver Hubbard,MALE,7,Hubbard,-,Wednesday,2,oliver@hubbard-family.zzz,{\\"continent_name\\":\\"Europe\\",\\"country_iso_code\\":\\"GB\\",\\"location\\":{\\"lat\\":51.5,\\"lon\\":-0.1}},Spritechnologies, Microlutions,Jun 25, 2019 @ 00:00:00.000,568044,{\\"_id\\":\\"sold_product_568044_12799\\",\\"base_price\\":14.99,\\"base_unit_price\\":14.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Spritechnologies\\",\\"min_price\\":6.9,\\"price\\":14.99,\\"product_id\\":12799,\\"product_name\\":\\"Undershirt - dark grey multicolor\\",\\"quantity\\":1,\\"sku\\":\\"ZO0630406304\\",\\"tax_amount\\":0,\\"taxful_price\\":14.99,\\"taxless_price\\":14.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568044_18008\\",\\"base_price\\":16.99,\\"base_unit_price\\":16.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Microlutions\\",\\"min_price\\":8.83,\\"price\\":16.99,\\"product_id\\":18008,\\"product_name\\":\\"Long sleeved top - purple\\",\\"quantity\\":1,\\"sku\\":\\"ZO0120201202\\",\\"tax_amount\\":0,\\"taxful_price\\":16.99,\\"taxless_price\\":16.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0630406304, ZO0120201202,31.98,31.98,2,2,order,oliver -OAMtOW0BH63Xcmy432HJ,ecommerce,-,-,Women's Accessories,EUR,Betty,Betty Reese,FEMALE,44,Reese,-,Wednesday,2,betty@reese-family.zzz,{\\"city_name\\":\\"New York\\",\\"continent_name\\":\\"North America\\",\\"country_iso_code\\":\\"US\\",\\"location\\":{\\"lat\\":40.7,\\"lon\\":-74},\\"region_name\\":\\"New York\\"},Pyramidustries,Jun 25, 2019 @ 00:00:00.000,568229,{\\"_id\\":\\"sold_product_568229_24991\\",\\"base_price\\":11.99,\\"base_unit_price\\":11.99,\\"category\\":\\"Women's Accessories\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Pyramidustries\\",\\"min_price\\":6.35,\\"price\\":11.99,\\"product_id\\":24991,\\"product_name\\":\\"Scarf - rose/white\\",\\"quantity\\":1,\\"sku\\":\\"ZO0192201922\\",\\"tax_amount\\":0,\\"taxful_price\\":11.99,\\"taxless_price\\":11.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568229_12039\\",\\"base_price\\":10.99,\\"base_unit_price\\":10.99,\\"category\\":\\"Women's Accessories\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Pyramidustries\\",\\"min_price\\":5.82,\\"price\\":10.99,\\"product_id\\":12039,\\"product_name\\":\\"Scarf - nude/black/turquoise\\",\\"quantity\\":1,\\"sku\\":\\"ZO0192801928\\",\\"tax_amount\\":0,\\"taxful_price\\":10.99,\\"taxless_price\\":10.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0192201922, ZO0192801928,22.98,22.98,2,2,order,betty -OQMtOW0BH63Xcmy432HJ,ecommerce,-,-,Men's Clothing, Men's Accessories,EUR,Recip,Recip Salazar,MALE,10,Salazar,-,Wednesday,2,recip@salazar-family.zzz,{\\"city_name\\":\\"Istanbul\\",\\"continent_name\\":\\"Asia\\",\\"country_iso_code\\":\\"TR\\",\\"location\\":{\\"lat\\":41,\\"lon\\":29},\\"region_name\\":\\"Istanbul\\"},Elitelligence,Jun 25, 2019 @ 00:00:00.000,568292,{\\"_id\\":\\"sold_product_568292_23627\\",\\"base_price\\":24.99,\\"base_unit_price\\":24.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Elitelligence\\",\\"min_price\\":12.49,\\"price\\":24.99,\\"product_id\\":23627,\\"product_name\\":\\"Slim fit jeans - grey\\",\\"quantity\\":1,\\"sku\\":\\"ZO0534205342\\",\\"tax_amount\\":0,\\"taxful_price\\":24.99,\\"taxless_price\\":24.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568292_11149\\",\\"base_price\\":10.99,\\"base_unit_price\\":10.99,\\"category\\":\\"Men's Accessories\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Elitelligence\\",\\"min_price\\":5.06,\\"price\\":10.99,\\"product_id\\":11149,\\"product_name\\":\\"Sunglasses - black\\",\\"quantity\\":1,\\"sku\\":\\"ZO0599605996\\",\\"tax_amount\\":0,\\"taxful_price\\":10.99,\\"taxless_price\\":10.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0534205342, ZO0599605996,35.98,35.98,2,2,order,recip -" -`; - -exports[`Reporting APIs CSV Generation from SearchSource date formatting Formatted date_nanos data, UTC timezone 1`] = ` -"date,message -\\"Jan 1, 2015 @ 12:10:30.123456789\\",\\"Hello 2\\" -\\"Jan 1, 2015 @ 12:10:30.000000000\\",\\"Hello 1\\" -" -`; - -exports[`Reporting APIs CSV Generation from SearchSource date formatting Formatted date_nanos data, custom timezone (New York) 1`] = ` -"date,message -\\"Jan 1, 2015 @ 07:10:30.123456789\\",\\"Hello 2\\" -\\"Jan 1, 2015 @ 07:10:30.000000000\\",\\"Hello 1\\" -" -`; - exports[`Reporting APIs CSV Generation from SearchSource date formatting With filters and timebased data, default to UTC 1`] = ` "\\"@timestamp\\",clientip,extension \\"Sep 20, 2015 @ 10:26:48.725\\",\\"74.214.76.90\\",jpg @@ -191,6 +128,20 @@ exports[`Reporting APIs CSV Generation from SearchSource date formatting With fi " `; +exports[`Reporting APIs CSV Generation from SearchSource nanosecond formatting Formatted date_nanos data, UTC timezone 1`] = ` +"date,message +\\"Jan 1, 2015 @ 12:10:30.123456789\\",\\"Hello 2\\" +\\"Jan 1, 2015 @ 12:10:30.000000000\\",\\"Hello 1\\" +" +`; + +exports[`Reporting APIs CSV Generation from SearchSource nanosecond formatting Formatted date_nanos data, custom timezone (New York) 1`] = ` +"date,message +\\"Jan 1, 2015 @ 07:10:30.123456789\\",\\"Hello 2\\" +\\"Jan 1, 2015 @ 07:10:30.000000000\\",\\"Hello 1\\" +" +`; + exports[`Reporting APIs CSV Generation from SearchSource non-timebased Handle _id and _index columns 1`] = ` "date,message,\\"_id\\",\\"_index\\" \\"Jan 1, 2015 @ 12:10:30.123456789\\",\\"Hello 2\\",2,nanos @@ -215,6 +166,55 @@ exports[`Reporting APIs CSV Generation from SearchSource non-timebased With filt " `; +exports[`Reporting APIs CSV Generation from SearchSource unquoted values Exports CSV with all fields when using defaults 1`] = ` +"_id,_index,_score,_type,category,category.keyword,currency,customer_first_name,customer_first_name.keyword,customer_full_name,customer_full_name.keyword,customer_gender,customer_id,customer_last_name,customer_last_name.keyword,customer_phone,day_of_week,day_of_week_i,email,geoip.city_name,geoip.continent_name,geoip.country_iso_code,geoip.location,geoip.region_name,manufacturer,manufacturer.keyword,order_date,order_id,products._id,products._id.keyword,products.base_price,products.base_unit_price,products.category,products.category.keyword,products.created_on,products.discount_amount,products.discount_percentage,products.manufacturer,products.manufacturer.keyword,products.min_price,products.price,products.product_id,products.product_name,products.product_name.keyword,products.quantity,products.sku,products.tax_amount,products.taxful_price,products.taxless_price,products.unit_discount_amount,sku,taxful_total_price,taxless_total_price,total_quantity,total_unique_products,type,user +9AMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,Men's Clothing,EUR,Boris,Boris,Boris Bradley,Boris Bradley,MALE,36,Bradley,Bradley,(empty),Wednesday,2,boris@bradley-family.zzz,-,Europe,GB,{ + \\"coordinates\\": [ + -0.1, + 51.5 + ], + \\"type\\": \\"Point\\" +},-,Microlutions, Elitelligence,Microlutions, Elitelligence,Jun 25, 2019 @ 00:00:00.000,568397,sold_product_568397_24419, sold_product_568397_20207,sold_product_568397_24419, sold_product_568397_20207,33, 28.984,33, 28.984,Men's Clothing, Men's Clothing,Men's Clothing, Men's Clothing,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Microlutions, Elitelligence,Microlutions, Elitelligence,17.484, 13.922,33, 28.984,24,419, 20,207,Cargo trousers - oliv, Trousers - black,Cargo trousers - oliv, Trousers - black,1, 1,ZO0112101121, ZO0530405304,0, 0,33, 28.984,33, 28.984,0, 0,ZO0112101121, ZO0530405304,61.969,61.969,2,2,order,boris +9QMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,Men's Clothing,EUR,Oliver,Oliver,Oliver Hubbard,Oliver Hubbard,MALE,7,Hubbard,Hubbard,(empty),Wednesday,2,oliver@hubbard-family.zzz,-,Europe,GB,{ + \\"coordinates\\": [ + -0.1, + 51.5 + ], + \\"type\\": \\"Point\\" +},-,Spritechnologies, Microlutions,Spritechnologies, Microlutions,Jun 25, 2019 @ 00:00:00.000,568044,sold_product_568044_12799, sold_product_568044_18008,sold_product_568044_12799, sold_product_568044_18008,14.992, 16.984,14.992, 16.984,Men's Clothing, Men's Clothing,Men's Clothing, Men's Clothing,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Spritechnologies, Microlutions,Spritechnologies, Microlutions,6.898, 8.828,14.992, 16.984,12,799, 18,008,Undershirt - dark grey multicolor, Long sleeved top - purple,Undershirt - dark grey multicolor, Long sleeved top - purple,1, 1,ZO0630406304, ZO0120201202,0, 0,14.992, 16.984,14.992, 16.984,0, 0,ZO0630406304, ZO0120201202,31.984,31.984,2,2,order,oliver +OAMtOW0BH63Xcmy432HJ,ecommerce,-,-,Women's Accessories,Women's Accessories,EUR,Betty,Betty,Betty Reese,Betty Reese,FEMALE,44,Reese,Reese,(empty),Wednesday,2,betty@reese-family.zzz,New York,North America,US,{ + \\"coordinates\\": [ + -74, + 40.7 + ], + \\"type\\": \\"Point\\" +},New York,Pyramidustries,Pyramidustries,Jun 25, 2019 @ 00:00:00.000,568229,sold_product_568229_24991, sold_product_568229_12039,sold_product_568229_24991, sold_product_568229_12039,11.992, 10.992,11.992, 10.992,Women's Accessories, Women's Accessories,Women's Accessories, Women's Accessories,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Pyramidustries, Pyramidustries,Pyramidustries, Pyramidustries,6.352, 5.82,11.992, 10.992,24,991, 12,039,Scarf - rose/white, Scarf - nude/black/turquoise,Scarf - rose/white, Scarf - nude/black/turquoise,1, 1,ZO0192201922, ZO0192801928,0, 0,11.992, 10.992,11.992, 10.992,0, 0,ZO0192201922, ZO0192801928,22.984,22.984,2,2,order,betty +OQMtOW0BH63Xcmy432HJ,ecommerce,-,-,Men's Clothing, Men's Accessories,Men's Clothing, Men's Accessories,EUR,Recip,Recip,Recip Salazar,Recip Salazar,MALE,10,Salazar,Salazar,(empty),Wednesday,2,recip@salazar-family.zzz,Istanbul,Asia,TR,{ + \\"coordinates\\": [ + 29, + 41 + ], + \\"type\\": \\"Point\\" +},Istanbul,Elitelligence,Elitelligence,Jun 25, 2019 @ 00:00:00.000,568292,sold_product_568292_23627, sold_product_568292_11149,sold_product_568292_23627, sold_product_568292_11149,24.984, 10.992,24.984, 10.992,Men's Clothing, Men's Accessories,Men's Clothing, Men's Accessories,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Elitelligence, Elitelligence,Elitelligence, Elitelligence,12.492, 5.059,24.984, 10.992,23,627, 11,149,Slim fit jeans - grey, Sunglasses - black,Slim fit jeans - grey, Sunglasses - black,1, 1,ZO0534205342, ZO0599605996,0, 0,24.984, 10.992,24.984, 10.992,0, 0,ZO0534205342, ZO0599605996,35.969,35.969,2,2,order,recip +jwMtOW0BH63Xcmy432HJ,ecommerce,-,-,Men's Clothing,Men's Clothing,EUR,Jackson,Jackson,Jackson Harper,Jackson Harper,MALE,13,Harper,Harper,(empty),Wednesday,2,jackson@harper-family.zzz,Los Angeles,North America,US,{ + \\"coordinates\\": [ + -118.2, + 34.1 + ], + \\"type\\": \\"Point\\" +},California,Low Tide Media, Oceanavigations,Low Tide Media, Oceanavigations,Jun 25, 2019 @ 00:00:00.000,568386,sold_product_568386_11959, sold_product_568386_2774,sold_product_568386_11959, sold_product_568386_2774,24.984, 85,24.984, 85,Men's Clothing, Men's Clothing,Men's Clothing, Men's Clothing,Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,0, 0,0, 0,Low Tide Media, Oceanavigations,Low Tide Media, Oceanavigations,12.742, 45.875,24.984, 85,11,959, 2,774,SLIM FIT - Formal shirt - lila, Classic coat - black,SLIM FIT - Formal shirt - lila, Classic coat - black,1, 1,ZO0422404224, ZO0291702917,0, 0,24.984, 85,24.984, 85,0, 0,ZO0422404224, ZO0291702917,110,110,2,2,order,jackson +" +`; + +exports[`Reporting APIs CSV Generation from SearchSource unquoted values Exports CSV with almost all fields when using fieldsFromSource 1`] = ` +"_id,_index,_score,_type,category,currency,customer_first_name,customer_full_name,customer_gender,customer_id,customer_last_name,customer_phone,day_of_week,day_of_week_i,email,geoip,manufacturer,order_date,order_id,products,products.created_on,sku,taxful_total_price,taxless_total_price,total_quantity,total_unique_products,type,user +9AMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,EUR,Boris,Boris Bradley,MALE,36,Bradley,-,Wednesday,2,boris@bradley-family.zzz,{\\"continent_name\\":\\"Europe\\",\\"country_iso_code\\":\\"GB\\",\\"location\\":{\\"lat\\":51.5,\\"lon\\":-0.1}},Microlutions, Elitelligence,Jun 25, 2019 @ 00:00:00.000,568397,{\\"_id\\":\\"sold_product_568397_24419\\",\\"base_price\\":32.99,\\"base_unit_price\\":32.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Microlutions\\",\\"min_price\\":17.48,\\"price\\":32.99,\\"product_id\\":24419,\\"product_name\\":\\"Cargo trousers - oliv\\",\\"quantity\\":1,\\"sku\\":\\"ZO0112101121\\",\\"tax_amount\\":0,\\"taxful_price\\":32.99,\\"taxless_price\\":32.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568397_20207\\",\\"base_price\\":28.99,\\"base_unit_price\\":28.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Elitelligence\\",\\"min_price\\":13.92,\\"price\\":28.99,\\"product_id\\":20207,\\"product_name\\":\\"Trousers - black\\",\\"quantity\\":1,\\"sku\\":\\"ZO0530405304\\",\\"tax_amount\\":0,\\"taxful_price\\":28.99,\\"taxless_price\\":28.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0112101121, ZO0530405304,61.98,61.98,2,2,order,boris +9QMtOW0BH63Xcmy432DJ,ecommerce,-,-,Men's Clothing,EUR,Oliver,Oliver Hubbard,MALE,7,Hubbard,-,Wednesday,2,oliver@hubbard-family.zzz,{\\"continent_name\\":\\"Europe\\",\\"country_iso_code\\":\\"GB\\",\\"location\\":{\\"lat\\":51.5,\\"lon\\":-0.1}},Spritechnologies, Microlutions,Jun 25, 2019 @ 00:00:00.000,568044,{\\"_id\\":\\"sold_product_568044_12799\\",\\"base_price\\":14.99,\\"base_unit_price\\":14.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Spritechnologies\\",\\"min_price\\":6.9,\\"price\\":14.99,\\"product_id\\":12799,\\"product_name\\":\\"Undershirt - dark grey multicolor\\",\\"quantity\\":1,\\"sku\\":\\"ZO0630406304\\",\\"tax_amount\\":0,\\"taxful_price\\":14.99,\\"taxless_price\\":14.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568044_18008\\",\\"base_price\\":16.99,\\"base_unit_price\\":16.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Microlutions\\",\\"min_price\\":8.83,\\"price\\":16.99,\\"product_id\\":18008,\\"product_name\\":\\"Long sleeved top - purple\\",\\"quantity\\":1,\\"sku\\":\\"ZO0120201202\\",\\"tax_amount\\":0,\\"taxful_price\\":16.99,\\"taxless_price\\":16.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0630406304, ZO0120201202,31.98,31.98,2,2,order,oliver +OAMtOW0BH63Xcmy432HJ,ecommerce,-,-,Women's Accessories,EUR,Betty,Betty Reese,FEMALE,44,Reese,-,Wednesday,2,betty@reese-family.zzz,{\\"city_name\\":\\"New York\\",\\"continent_name\\":\\"North America\\",\\"country_iso_code\\":\\"US\\",\\"location\\":{\\"lat\\":40.7,\\"lon\\":-74},\\"region_name\\":\\"New York\\"},Pyramidustries,Jun 25, 2019 @ 00:00:00.000,568229,{\\"_id\\":\\"sold_product_568229_24991\\",\\"base_price\\":11.99,\\"base_unit_price\\":11.99,\\"category\\":\\"Women's Accessories\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Pyramidustries\\",\\"min_price\\":6.35,\\"price\\":11.99,\\"product_id\\":24991,\\"product_name\\":\\"Scarf - rose/white\\",\\"quantity\\":1,\\"sku\\":\\"ZO0192201922\\",\\"tax_amount\\":0,\\"taxful_price\\":11.99,\\"taxless_price\\":11.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568229_12039\\",\\"base_price\\":10.99,\\"base_unit_price\\":10.99,\\"category\\":\\"Women's Accessories\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Pyramidustries\\",\\"min_price\\":5.82,\\"price\\":10.99,\\"product_id\\":12039,\\"product_name\\":\\"Scarf - nude/black/turquoise\\",\\"quantity\\":1,\\"sku\\":\\"ZO0192801928\\",\\"tax_amount\\":0,\\"taxful_price\\":10.99,\\"taxless_price\\":10.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0192201922, ZO0192801928,22.98,22.98,2,2,order,betty +OQMtOW0BH63Xcmy432HJ,ecommerce,-,-,Men's Clothing, Men's Accessories,EUR,Recip,Recip Salazar,MALE,10,Salazar,-,Wednesday,2,recip@salazar-family.zzz,{\\"city_name\\":\\"Istanbul\\",\\"continent_name\\":\\"Asia\\",\\"country_iso_code\\":\\"TR\\",\\"location\\":{\\"lat\\":41,\\"lon\\":29},\\"region_name\\":\\"Istanbul\\"},Elitelligence,Jun 25, 2019 @ 00:00:00.000,568292,{\\"_id\\":\\"sold_product_568292_23627\\",\\"base_price\\":24.99,\\"base_unit_price\\":24.99,\\"category\\":\\"Men's Clothing\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Elitelligence\\",\\"min_price\\":12.49,\\"price\\":24.99,\\"product_id\\":23627,\\"product_name\\":\\"Slim fit jeans - grey\\",\\"quantity\\":1,\\"sku\\":\\"ZO0534205342\\",\\"tax_amount\\":0,\\"taxful_price\\":24.99,\\"taxless_price\\":24.99,\\"unit_discount_amount\\":0}, {\\"_id\\":\\"sold_product_568292_11149\\",\\"base_price\\":10.99,\\"base_unit_price\\":10.99,\\"category\\":\\"Men's Accessories\\",\\"created_on\\":\\"2016-12-14T00:00:00+00:00\\",\\"discount_amount\\":0,\\"discount_percentage\\":0,\\"manufacturer\\":\\"Elitelligence\\",\\"min_price\\":5.06,\\"price\\":10.99,\\"product_id\\":11149,\\"product_name\\":\\"Sunglasses - black\\",\\"quantity\\":1,\\"sku\\":\\"ZO0599605996\\",\\"tax_amount\\":0,\\"taxful_price\\":10.99,\\"taxless_price\\":10.99,\\"unit_discount_amount\\":0},Dec 14, 2016 @ 00:00:00.000, Dec 14, 2016 @ 00:00:00.000,ZO0534205342, ZO0599605996,35.98,35.98,2,2,order,recip +" +`; + exports[`Reporting APIs CSV Generation from SearchSource validation Searches large amount of data, stops at Max Size Reached 1`] = ` "\\"_id\\",\\"_index\\",\\"_score\\",\\"_type\\",category,\\"category.keyword\\",currency,\\"customer_first_name\\",\\"customer_first_name.keyword\\",\\"customer_full_name\\",\\"customer_full_name.keyword\\",\\"customer_gender\\",\\"customer_id\\",\\"customer_last_name\\",\\"customer_last_name.keyword\\",\\"customer_phone\\",\\"day_of_week\\",\\"day_of_week_i\\",email,\\"geoip.city_name\\",\\"geoip.continent_name\\",\\"geoip.country_iso_code\\",\\"geoip.location\\",\\"geoip.region_name\\",manufacturer,\\"manufacturer.keyword\\",\\"order_date\\",\\"order_id\\",\\"products._id\\",\\"products._id.keyword\\",\\"products.base_price\\",\\"products.base_unit_price\\",\\"products.category\\",\\"products.category.keyword\\",\\"products.created_on\\",\\"products.discount_amount\\",\\"products.discount_percentage\\",\\"products.manufacturer\\",\\"products.manufacturer.keyword\\",\\"products.min_price\\",\\"products.price\\",\\"products.product_id\\",\\"products.product_name\\",\\"products.product_name.keyword\\",\\"products.quantity\\",\\"products.sku\\",\\"products.tax_amount\\",\\"products.taxful_price\\",\\"products.taxless_price\\",\\"products.unit_discount_amount\\",sku,\\"taxful_total_price\\",\\"taxless_total_price\\",\\"total_quantity\\",\\"total_unique_products\\",type,user 3AMtOW0BH63Xcmy432DJ,ecommerce,\\"-\\",\\"-\\",\\"Men's Shoes, Men's Clothing, Women's Accessories, Men's Accessories\\",\\"Men's Shoes, Men's Clothing, Women's Accessories, Men's Accessories\\",EUR,\\"Sultan Al\\",\\"Sultan Al\\",\\"Sultan Al Boone\\",\\"Sultan Al Boone\\",MALE,19,Boone,Boone,\\"(empty)\\",Saturday,5,\\"sultan al@boone-family.zzz\\",\\"Abu Dhabi\\",Asia,AE,\\"{ diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/download_csv_dashboard.ts b/x-pack/test/reporting_api_integration/reporting_and_security/download_csv_dashboard.ts index 3515602342db5..9e99f5886894e 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/download_csv_dashboard.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/download_csv_dashboard.ts @@ -38,171 +38,173 @@ export default function ({ getService }: FtrProviderContext) { describe('CSV Generation from SearchSource', () => { before(async () => { + await reportingAPI.initEcommerce(); + await reportingAPI.initLogs(); await kibanaServer.uiSettings.update({ - 'csv:quoteValues': false, + 'csv:quoteValues': true, 'dateFormat:tz': 'UTC', - defaultIndex: 'logstash-*', }); - await reportingAPI.initEcommerce(); }); + after(async () => { await reportingAPI.teardownEcommerce(); + await reportingAPI.teardownLogs(); await reportingAPI.deleteAllReports(); }); - it('Exports CSV with almost all fields when using fieldsFromSource', async () => { - const { - status: resStatus, - text: resText, - type: resType, - } = (await generateAPI.getCSVFromSearchSource( - getMockJobParams({ - searchSource: { - query: { query: '', language: 'kuery' }, - index: '5193f870-d861-11e9-a311-0fa548c5f953', - sort: [{ order_date: 'desc' }], - fieldsFromSource: [ - '_id', - '_index', - '_score', - '_source', - '_type', - 'category', - 'category.keyword', - 'currency', - 'customer_birth_date', - 'customer_first_name', - 'customer_first_name.keyword', - 'customer_full_name', - 'customer_full_name.keyword', - 'customer_gender', - 'customer_id', - 'customer_last_name', - 'customer_last_name.keyword', - 'customer_phone', - 'day_of_week', - 'day_of_week_i', - 'email', - 'geoip.city_name', - 'geoip.continent_name', - 'geoip.country_iso_code', - 'geoip.location', - 'geoip.region_name', - 'manufacturer', - 'manufacturer.keyword', - 'order_date', - 'order_id', - 'products._id', - 'products._id.keyword', - 'products.base_price', - 'products.base_unit_price', - 'products.category', - 'products.category.keyword', - 'products.created_on', - 'products.discount_amount', - 'products.discount_percentage', - 'products.manufacturer', - 'products.manufacturer.keyword', - 'products.min_price', - 'products.price', - 'products.product_id', - 'products.product_name', - 'products.product_name.keyword', - 'products.quantity', - 'products.sku', - 'products.tax_amount', - 'products.taxful_price', - 'products.taxless_price', - 'products.unit_discount_amount', - 'sku', - 'taxful_total_price', - 'taxless_total_price', - 'total_quantity', - 'total_unique_products', - 'type', - 'user', - ], - filter: [], - parent: { - query: { language: 'kuery', query: '' }, + describe('unquoted values', () => { + before(async () => { + await kibanaServer.uiSettings.update({ 'csv:quoteValues': false }); + }); + + after(async () => { + await kibanaServer.uiSettings.update({ 'csv:quoteValues': true }); + }); + + it('Exports CSV with almost all fields when using fieldsFromSource', async () => { + const { + status: resStatus, + text: resText, + type: resType, + } = (await generateAPI.getCSVFromSearchSource( + getMockJobParams({ + searchSource: { + query: { query: '', language: 'kuery' }, + index: '5193f870-d861-11e9-a311-0fa548c5f953', + sort: [{ order_date: 'desc' }], + fieldsFromSource: [ + '_id', + '_index', + '_score', + '_source', + '_type', + 'category', + 'category.keyword', + 'currency', + 'customer_birth_date', + 'customer_first_name', + 'customer_first_name.keyword', + 'customer_full_name', + 'customer_full_name.keyword', + 'customer_gender', + 'customer_id', + 'customer_last_name', + 'customer_last_name.keyword', + 'customer_phone', + 'day_of_week', + 'day_of_week_i', + 'email', + 'geoip.city_name', + 'geoip.continent_name', + 'geoip.country_iso_code', + 'geoip.location', + 'geoip.region_name', + 'manufacturer', + 'manufacturer.keyword', + 'order_date', + 'order_id', + 'products._id', + 'products._id.keyword', + 'products.base_price', + 'products.base_unit_price', + 'products.category', + 'products.category.keyword', + 'products.created_on', + 'products.discount_amount', + 'products.discount_percentage', + 'products.manufacturer', + 'products.manufacturer.keyword', + 'products.min_price', + 'products.price', + 'products.product_id', + 'products.product_name', + 'products.product_name.keyword', + 'products.quantity', + 'products.sku', + 'products.tax_amount', + 'products.taxful_price', + 'products.taxless_price', + 'products.unit_discount_amount', + 'sku', + 'taxful_total_price', + 'taxless_total_price', + 'total_quantity', + 'total_unique_products', + 'type', + 'user', + ], filter: [], parent: { - filter: [ - { - meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, - range: { - order_date: { - gte: fromTime, - lte: toTime, - format: 'strict_date_optional_time', + query: { language: 'kuery', query: '' }, + filter: [], + parent: { + filter: [ + { + meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, + range: { + order_date: { + gte: fromTime, + lte: toTime, + format: 'strict_date_optional_time', + }, }, }, - }, - ], + ], + }, }, }, - }, - browserTimezone: 'UTC', - title: 'testfooyu78yt90-', - }) - )) as supertest.Response; - expect(resStatus).to.eql(200); - expect(resType).to.eql('text/csv'); - expectSnapshot(resText).toMatch(); - }); + browserTimezone: 'UTC', + title: 'testfooyu78yt90-', + }) + )) as supertest.Response; + expect(resStatus).to.eql(200); + expect(resType).to.eql('text/csv'); + expectSnapshot(resText).toMatch(); + }); - it('Exports CSV with all fields when using defaults', async () => { - const { - status: resStatus, - text: resText, - type: resType, - } = await generateAPI.getCSVFromSearchSource( - getMockJobParams({ - searchSource: { - query: { query: '', language: 'kuery' }, - index: '5193f870-d861-11e9-a311-0fa548c5f953', - sort: [{ order_date: 'desc' }], - fields: ['*'], - filter: [], - parent: { - query: { language: 'kuery', query: '' }, + it('Exports CSV with all fields when using defaults', async () => { + const { + status: resStatus, + text: resText, + type: resType, + } = await generateAPI.getCSVFromSearchSource( + getMockJobParams({ + searchSource: { + query: { query: '', language: 'kuery' }, + index: '5193f870-d861-11e9-a311-0fa548c5f953', + sort: [{ order_date: 'desc' }], + fields: ['*'], filter: [], parent: { - filter: [ - { - meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, - range: { - order_date: { - gte: fromTime, - lte: toTime, - format: 'strict_date_optional_time', + query: { language: 'kuery', query: '' }, + filter: [], + parent: { + filter: [ + { + meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, + range: { + order_date: { + gte: fromTime, + lte: toTime, + format: 'strict_date_optional_time', + }, }, }, - }, - ], + ], + }, }, }, - }, - browserTimezone: 'UTC', - title: 'testfooyu78yt90-', - }) - ); - expect(resStatus).to.eql(200); - expect(resType).to.eql('text/csv'); - expectSnapshot(resText).toMatch(); + browserTimezone: 'UTC', + title: 'testfooyu78yt90-', + }) + ); + expect(resStatus).to.eql(200); + expect(resType).to.eql('text/csv'); + expectSnapshot(resText).toMatch(); + }); }); describe('date formatting', () => { - before(async () => { - // load test data that contains a saved search and documents - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); - }); - after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); - }); - it('With filters and timebased data, default to UTC', async () => { const res = (await generateAPI.getCSVFromSearchSource( getMockJobParams({ @@ -277,10 +279,18 @@ export default function ({ getService }: FtrProviderContext) { expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); }); + }); - it('Formatted date_nanos data, UTC timezone', async () => { + describe('nanosecond formatting', () => { + before(async () => { await esArchiver.load('x-pack/test/functional/es_archives/reporting/nanos'); + }); + after(async () => { + await esArchiver.unload('x-pack/test/functional/es_archives/reporting/nanos'); + }); + + it('Formatted date_nanos data, UTC timezone', async () => { const res = await generateAPI.getCSVFromSearchSource( getMockJobParams({ searchSource: { @@ -298,13 +308,9 @@ export default function ({ getService }: FtrProviderContext) { expect(resStatus).to.eql(200); expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); - - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/nanos'); }); it('Formatted date_nanos data, custom timezone (New York)', async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/nanos'); - const res = await generateAPI.getCSVFromSearchSource( getMockJobParams({ browserTimezone: 'America/New_York', @@ -323,8 +329,6 @@ export default function ({ getService }: FtrProviderContext) { expect(resStatus).to.eql(200); expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); - - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/nanos'); }); }); @@ -354,7 +358,6 @@ export default function ({ getService }: FtrProviderContext) { }); it('With filters and non-timebased data', async () => { - // load test data that contains a saved search and documents await esArchiver.load('x-pack/test/functional/es_archives/reporting/sales'); const { @@ -405,8 +408,6 @@ export default function ({ getService }: FtrProviderContext) { // NOTE: this test requires having the test server run with `xpack.reporting.csv.maxSizeBytes=6000` it(`Searches large amount of data, stops at Max Size Reached`, async () => { - await reportingAPI.initEcommerce(); - const { status: resStatus, text: resText, @@ -447,8 +448,6 @@ export default function ({ getService }: FtrProviderContext) { expect(resStatus).to.eql(200); expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); - - await reportingAPI.teardownEcommerce(); }); }); }); diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts b/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts index 9e3ddfaf57b39..bd662fb391f15 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts @@ -12,7 +12,6 @@ import { JOB_PARAMS_RISON_CSV_DEPRECATED } from '../services/fixtures'; // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const supertestSvc = getService('supertest'); const reportingAPI = getService('reportingAPI'); @@ -32,13 +31,11 @@ export default function ({ getService }: FtrProviderContext) { describe('Generation from Legacy Job Params', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.initLogs(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.teardownLogs(); await reportingAPI.deleteAllReports(); }); diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts index d1dc091992dd6..af6afe99e8c9d 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts @@ -13,7 +13,6 @@ import { ILM_POLICY_NAME } from '../../../plugins/reporting/common/constants'; // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const es = getService('es'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -22,13 +21,12 @@ export default function ({ getService }: FtrProviderContext) { describe('ILM policy migration APIs', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.initLogs(); + await reportingAPI.migrateReportingIndices(); // ensure that the ILM policy exists for the first test }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.teardownLogs(); }); afterEach(async () => { diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/index.ts b/x-pack/test/reporting_api_integration/reporting_and_security/index.ts index f6654ff5a6b1d..6ea6de3482501 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/index.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/index.ts @@ -14,6 +14,7 @@ export default function ({ getService, loadTestFile }: FtrProviderContext) { before(async () => { const reportingAPI = getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); await reportingAPI.createDataAnalystRole(); await reportingAPI.createTestReportingUserRole(); await reportingAPI.createDataAnalyst(); diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts b/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts index f097208658467..842cfbcf7c1e1 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts @@ -10,11 +10,9 @@ import { FtrProviderContext } from '../ftr_provider_context'; // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const reportingAPI = getService('reportingAPI'); const retry = getService('retry'); const supertest = getService('supertest'); - const archive = 'x-pack/test/functional/es_archives/reporting/canvas_disallowed_url'; /* * The Reporting API Functional Test config implements a network policy that @@ -22,11 +20,11 @@ export default function ({ getService }: FtrProviderContext) { */ describe('Network Policy', () => { before(async () => { - await esArchiver.load(archive); // includes a canvas worksheet with an offending image URL + await reportingAPI.initLogs(); // includes a canvas worksheet with an offending image URL }); after(async () => { - await esArchiver.unload(archive); + await reportingAPI.teardownLogs(); }); it('should fail job when page voilates the network policy', async () => { diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts b/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts index e61195e2f95c8..e1ca664122c76 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts @@ -38,18 +38,19 @@ export default function ({ getService }: FtrProviderContext) { ); }; + const spacesSharedObjectsArchive = + 'x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces'; + describe('Exports and Spaces', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/ecommerce'); - await esArchiver.load('x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces'); // multiple spaces with different config settings + await esArchiver.load(spacesSharedObjectsArchive); // multiple spaces with different config settings + await reportingAPI.initEcommerce(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/ecommerce'); - await esArchiver.unload( - 'x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces' - ); + await reportingAPI.teardownEcommerce(); await reportingAPI.deleteAllReports(); + await esArchiver.unload(spacesSharedObjectsArchive); }); describe('CSV saved search export', () => { diff --git a/x-pack/test/reporting_api_integration/reporting_without_security/index.ts b/x-pack/test/reporting_api_integration/reporting_without_security/index.ts index 81ca3e05e4dd0..258ae814f5789 100644 --- a/x-pack/test/reporting_api_integration/reporting_without_security/index.ts +++ b/x-pack/test/reporting_api_integration/reporting_without_security/index.ts @@ -8,8 +8,12 @@ import { FtrProviderContext } from '../ftr_provider_context'; // eslint-disable-next-line import/no-default-export -export default function ({ loadTestFile }: FtrProviderContext) { +export default function ({ loadTestFile, getService }: FtrProviderContext) { describe('Reporting API Integration Tests with Security disabled', function () { + before(async () => { + const reportingAPI = getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); + }); this.tags('ciGroup13'); loadTestFile(require.resolve('./job_apis_csv')); loadTestFile(require.resolve('./job_apis_csv_deprecated')); diff --git a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts index 06f3756593d76..e1935c2617f41 100644 --- a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts +++ b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts @@ -49,12 +49,12 @@ export default function ({ getService }: FtrProviderContext) { describe('Job Listing APIs', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); + await reportingAPI.initLogs(); await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); + await reportingAPI.teardownLogs(); await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); }); diff --git a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts index 6ff8946d48c5b..5cd6065352649 100644 --- a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts +++ b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts @@ -27,19 +27,16 @@ const parseApiJSON = (apiResponseText: string): { job: ReportApiJSON; path: stri // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const supertestNoAuth = getService('supertestWithoutAuth'); const reportingAPI = getService('reportingAPI'); describe('Job Listing APIs: Deprecated CSV Export', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.initLogs(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.teardownLogs(); }); afterEach(async () => { diff --git a/x-pack/test/reporting_api_integration/services/scenarios.ts b/x-pack/test/reporting_api_integration/services/scenarios.ts index e39a3e2e5954b..6af60018d01da 100644 --- a/x-pack/test/reporting_api_integration/services/scenarios.ts +++ b/x-pack/test/reporting_api_integration/services/scenarios.ts @@ -29,13 +29,29 @@ export function createScenarios({ getService }: Pick { + // Check task manager health for analyzing test failures. See https://github.com/elastic/kibana/issues/114946 + const tmHealth = await supertest.get(`/api/task_manager/_health`); + const driftValues = tmHealth.body?.stats?.runtime?.value; + + log.info(`Task Manager status: "${tmHealth.body?.status}"`); + log.info(`Task Manager overall drift rankings: "${JSON.stringify(driftValues?.drift)}"`); + log.info( + `Task Manager drift rankings for "report:execute": "${JSON.stringify( + driftValues?.drift_by_type?.['report:execute'] + )}"` + ); + }; + const initEcommerce = async () => { await esArchiver.load('x-pack/test/functional/es_archives/reporting/ecommerce'); await kibanaServer.importExport.load(ecommerceSOPath); @@ -46,6 +62,15 @@ export function createScenarios({ getService }: Pick { + await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await kibanaServer.importExport.load(logsSOPath); + }; + const teardownLogs = async () => { + await kibanaServer.importExport.unload(logsSOPath); + await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + }; + const createDataAnalystRole = async () => { await security.role.create('data_analyst', { metadata: {}, @@ -132,7 +157,11 @@ export function createScenarios({ getService }: Pick { + const generateCsv = async ( + job: JobParamsCSV, + username = 'elastic', + password = process.env.TEST_KIBANA_PASS || 'changeme' + ) => { const jobParams = rison.encode(job as object as RisonValue); return await supertestWithoutAuth .post(`/api/reporting/generate/csv_searchsource`) @@ -201,8 +230,11 @@ export function createScenarios({ getService }: Pick { + const reportingAPI = context.getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); await createDataAnalystRole(); await createDataAnalyst(); await createReportingUser(); diff --git a/x-pack/test/reporting_functional/reporting_and_security/index.ts b/x-pack/test/reporting_functional/reporting_and_security/index.ts index be0e76a28bd0b..22057c9be77dc 100644 --- a/x-pack/test/reporting_functional/reporting_and_security/index.ts +++ b/x-pack/test/reporting_functional/reporting_and_security/index.ts @@ -14,6 +14,7 @@ export default function ({ getService, loadTestFile }: FtrProviderContext) { before(async () => { const reportingFunctional = getService('reportingFunctional'); + await reportingFunctional.logTaskManagerHealth(); await reportingFunctional.createDataAnalystRole(); await reportingFunctional.createDataAnalyst(); await reportingFunctional.createTestReportingUserRole(); diff --git a/x-pack/test/reporting_functional/reporting_without_security/index.ts b/x-pack/test/reporting_functional/reporting_without_security/index.ts index d1801b7e3e2e6..fecc0e97daac0 100644 --- a/x-pack/test/reporting_functional/reporting_without_security/index.ts +++ b/x-pack/test/reporting_functional/reporting_without_security/index.ts @@ -11,6 +11,12 @@ import { FtrProviderContext } from '../ftr_provider_context'; export default function ({ loadTestFile, getService }: FtrProviderContext) { describe('Reporting Functional Tests with Security disabled', function () { this.tags('ciGroup2'); + + before(async () => { + const reportingAPI = getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); + }); + loadTestFile(require.resolve('./management')); }); }