From c7b53f16b76bdbfca766f3c592798ca9438f6ed5 Mon Sep 17 00:00:00 2001 From: Miriam <31922082+MiriamAparicio@users.noreply.github.com> Date: Tue, 2 Nov 2021 12:25:17 +0000 Subject: [PATCH 01/53] [APM] Apm errors api tests (#116764) * changes after review * move file to errors folder --- .../tests/errors/error_group_list.ts | 150 ++++++ .../test/apm_api_integration/tests/index.ts | 482 +++++++++--------- 2 files changed, 393 insertions(+), 239 deletions(-) create mode 100644 x-pack/test/apm_api_integration/tests/errors/error_group_list.ts diff --git a/x-pack/test/apm_api_integration/tests/errors/error_group_list.ts b/x-pack/test/apm_api_integration/tests/errors/error_group_list.ts new file mode 100644 index 0000000000000..4b5cbf4a2662a --- /dev/null +++ b/x-pack/test/apm_api_integration/tests/errors/error_group_list.ts @@ -0,0 +1,150 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import expect from '@kbn/expect'; +import { service, timerange } from '@elastic/apm-synthtrace'; +import { + APIClientRequestParamsOf, + APIReturnType, +} from '../../../../plugins/apm/public/services/rest/createCallApmApi'; +import { RecursivePartial } from '../../../../plugins/apm/typings/common'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { registry } from '../../common/registry'; + +type ErrorGroups = APIReturnType<'GET /internal/apm/services/{serviceName}/errors'>['errorGroups']; + +export default function ApiTest({ getService }: FtrProviderContext) { + const apmApiClient = getService('apmApiClient'); + const synthtraceEsClient = getService('synthtraceEsClient'); + + const serviceName = 'synth-go'; + const start = new Date('2021-01-01T00:00:00.000Z').getTime(); + const end = new Date('2021-01-01T00:15:00.000Z').getTime() - 1; + + async function callApi( + overrides?: RecursivePartial< + APIClientRequestParamsOf<'GET /internal/apm/services/{serviceName}/errors'>['params'] + > + ) { + return await apmApiClient.readUser({ + endpoint: `GET /internal/apm/services/{serviceName}/errors`, + params: { + path: { serviceName, ...overrides?.path }, + query: { + start: new Date(start).toISOString(), + end: new Date(end).toISOString(), + environment: 'ENVIRONMENT_ALL', + kuery: '', + ...overrides?.query, + }, + }, + }); + } + + registry.when('when data is not loaded', { config: 'basic', archives: [] }, () => { + it('handles empty state', async () => { + const response = await callApi(); + expect(response.status).to.be(200); + expect(response.body.errorGroups).to.empty(); + }); + }); + + registry.when( + 'when data is loaded', + { config: 'basic', archives: ['apm_mappings_only_8.0.0'] }, + () => { + describe('errors group', () => { + const appleTransaction = { + name: 'GET /apple 🍎 ', + successRate: 75, + failureRate: 25, + }; + + const bananaTransaction = { + name: 'GET /banana 🍌', + successRate: 50, + failureRate: 50, + }; + + before(async () => { + const serviceInstance = service(serviceName, 'production', 'go').instance('instance-a'); + + await synthtraceEsClient.index([ + ...timerange(start, end) + .interval('1m') + .rate(appleTransaction.successRate) + .flatMap((timestamp) => + serviceInstance + .transaction(appleTransaction.name) + .timestamp(timestamp) + .duration(1000) + .success() + .serialize() + ), + ...timerange(start, end) + .interval('1m') + .rate(appleTransaction.failureRate) + .flatMap((timestamp) => + serviceInstance + .transaction(appleTransaction.name) + .errors(serviceInstance.error('error 1', 'foo').timestamp(timestamp)) + .duration(1000) + .timestamp(timestamp) + .failure() + .serialize() + ), + ...timerange(start, end) + .interval('1m') + .rate(bananaTransaction.successRate) + .flatMap((timestamp) => + serviceInstance + .transaction(bananaTransaction.name) + .timestamp(timestamp) + .duration(1000) + .success() + .serialize() + ), + ...timerange(start, end) + .interval('1m') + .rate(bananaTransaction.failureRate) + .flatMap((timestamp) => + serviceInstance + .transaction(bananaTransaction.name) + .errors(serviceInstance.error('error 2', 'bar').timestamp(timestamp)) + .duration(1000) + .timestamp(timestamp) + .failure() + .serialize() + ), + ]); + }); + + after(() => synthtraceEsClient.clean()); + + describe('returns the correct data', () => { + let errorGroups: ErrorGroups; + before(async () => { + const response = await callApi(); + errorGroups = response.body.errorGroups; + }); + + it('returns correct number of errors', () => { + expect(errorGroups.length).to.equal(2); + expect(errorGroups.map((error) => error.message).sort()).to.eql(['error 1', 'error 2']); + }); + + it('returns correct occurences', () => { + const numberOfBuckets = 15; + expect(errorGroups.map((error) => error.occurrenceCount).sort()).to.eql([ + appleTransaction.failureRate * numberOfBuckets, + bananaTransaction.failureRate * numberOfBuckets, + ]); + }); + }); + }); + } + ); +} diff --git a/x-pack/test/apm_api_integration/tests/index.ts b/x-pack/test/apm_api_integration/tests/index.ts index 29b40b6ff62cf..b6693e9d344f2 100644 --- a/x-pack/test/apm_api_integration/tests/index.ts +++ b/x-pack/test/apm_api_integration/tests/index.ts @@ -14,245 +14,249 @@ export default function apmApiIntegrationTests(providerContext: FtrProviderConte describe('APM API tests', function () { this.tags('ciGroup1'); - // inspect feature - describe('inspect/inspect', function () { - loadTestFile(require.resolve('./inspect/inspect')); - }); - - // alerts - describe('alerts/chart_preview', function () { - loadTestFile(require.resolve('./alerts/chart_preview')); - }); - - describe('alerts/rule_registry', function () { - loadTestFile(require.resolve('./alerts/rule_registry')); - }); - - // correlations - describe('correlations/failed_transactions', function () { - loadTestFile(require.resolve('./correlations/failed_transactions')); - }); - - describe('correlations/latency', function () { - loadTestFile(require.resolve('./correlations/latency')); - }); - - describe('event_metadata/event_metadata', function () { - loadTestFile(require.resolve('./event_metadata/event_metadata')); - }); - - describe('metrics_charts/metrics_charts', function () { - loadTestFile(require.resolve('./metrics_charts/metrics_charts')); - }); - - describe('observability_overview/has_data', function () { - loadTestFile(require.resolve('./observability_overview/has_data')); - }); - - describe('observability_overview/observability_overview', function () { - loadTestFile(require.resolve('./observability_overview/observability_overview')); - }); - - describe('service_maps/service_maps', function () { - loadTestFile(require.resolve('./service_maps/service_maps')); - }); - - // Service overview - describe('service_overview/dependencies', function () { - loadTestFile(require.resolve('./service_overview/dependencies')); - }); - - describe('service_overview/instances_main_statistics', function () { - loadTestFile(require.resolve('./service_overview/instances_main_statistics')); - }); - - describe('service_overview/instances_detailed_statistics', function () { - loadTestFile(require.resolve('./service_overview/instances_detailed_statistics')); - }); - - describe('service_overview/instance_details', function () { - loadTestFile(require.resolve('./service_overview/instance_details')); - }); - - // Services - describe('services/agent', function () { - loadTestFile(require.resolve('./services/agent')); - }); - - describe('services/annotations', function () { - loadTestFile(require.resolve('./services/annotations')); - loadTestFile(require.resolve('./services/derived_annotations')); - }); - - describe('services/service_details', function () { - loadTestFile(require.resolve('./services/service_details')); - }); - - describe('services/service_icons', function () { - loadTestFile(require.resolve('./services/service_icons')); - }); - - describe('services/throughput', function () { - loadTestFile(require.resolve('./services/throughput')); - }); - - describe('service apis throughput', function () { - loadTestFile(require.resolve('./throughput/service_apis')); - }); - - describe('dependencies throughput', function () { - loadTestFile(require.resolve('./throughput/dependencies_apis')); - }); - - describe('services/top_services', function () { - loadTestFile(require.resolve('./services/top_services')); - }); - - describe('services/transaction_types', function () { - loadTestFile(require.resolve('./services/transaction_types')); - }); - - describe('services/error_groups_main_statistics', function () { - loadTestFile(require.resolve('./services/error_groups/error_groups_main_statistics')); - }); - - describe('services/error_groups_detailed_statistics', function () { - loadTestFile(require.resolve('./services/error_groups/error_groups_detailed_statistics')); - }); - - describe('services/detailed_statistics', function () { - loadTestFile(require.resolve('./services/services_detailed_statistics')); - }); - - // Settinges - describe('settings/anomaly_detection/basic', function () { - loadTestFile(require.resolve('./settings/anomaly_detection/basic')); - }); - - describe('settings/anomaly_detection/no_access_user', function () { - loadTestFile(require.resolve('./settings/anomaly_detection/no_access_user')); - }); - - describe('settings/anomaly_detection/read_user', function () { - loadTestFile(require.resolve('./settings/anomaly_detection/read_user')); - }); - - describe('settings/anomaly_detection/write_user', function () { - loadTestFile(require.resolve('./settings/anomaly_detection/write_user')); - }); - - describe('settings/agent_configuration', function () { - loadTestFile(require.resolve('./settings/agent_configuration')); - }); - - describe('settings/custom_link', function () { - loadTestFile(require.resolve('./settings/custom_link')); - }); - - // suggestions - describe('suggestions', function () { - loadTestFile(require.resolve('./suggestions/suggestions')); - }); - - // traces - describe('traces/top_traces', function () { - loadTestFile(require.resolve('./traces/top_traces')); - }); - describe('/internal/apm/traces/{traceId}', function () { - loadTestFile(require.resolve('./traces/trace_by_id')); - }); - - // transactions - describe('transactions/breakdown', function () { - loadTestFile(require.resolve('./transactions/breakdown')); - }); - - describe('transactions/trace_samples', function () { - loadTestFile(require.resolve('./transactions/trace_samples')); - }); - - describe('transactions/error_rate', function () { - loadTestFile(require.resolve('./transactions/error_rate')); - }); - - describe('transactions/latency_overall_distribution', function () { - loadTestFile(require.resolve('./transactions/latency_overall_distribution')); - }); - - describe('transactions/latency', function () { - loadTestFile(require.resolve('./transactions/latency')); - }); - - describe('transactions/transactions_groups_main_statistics', function () { - loadTestFile(require.resolve('./transactions/transactions_groups_main_statistics')); - }); - - describe('transactions/transactions_groups_detailed_statistics', function () { - loadTestFile(require.resolve('./transactions/transactions_groups_detailed_statistics')); - }); - - // feature control - describe('feature_controls', function () { - loadTestFile(require.resolve('./feature_controls')); - }); - - // CSM - describe('csm/csm_services', function () { - loadTestFile(require.resolve('./csm/csm_services')); - }); - - describe('csm/has_rum_data', function () { - loadTestFile(require.resolve('./csm/has_rum_data')); - }); - - describe('csm/js_errors', function () { - loadTestFile(require.resolve('./csm/js_errors')); - }); - - describe('csm/long_task_metrics', function () { - loadTestFile(require.resolve('./csm/long_task_metrics')); - }); - - describe('csm/page_load_dist', function () { - loadTestFile(require.resolve('./csm/page_load_dist')); - }); - - describe('csm/page_views', function () { - loadTestFile(require.resolve('./csm/page_views')); - }); - - describe('csm/url_search', function () { - loadTestFile(require.resolve('./csm/url_search')); - }); - - describe('csm/web_core_vitals', function () { - loadTestFile(require.resolve('./csm/web_core_vitals')); - }); - - describe('historical_data/has_data', function () { - loadTestFile(require.resolve('./historical_data/has_data')); - }); - - describe('error_rate/service_apis', function () { - loadTestFile(require.resolve('./error_rate/service_apis')); - }); - - describe('latency/service_apis', function () { - loadTestFile(require.resolve('./latency/service_apis')); - }); - - describe('errors/distribution', function () { - loadTestFile(require.resolve('./errors/distribution')); - }); - - // Dependencies - describe('dependencies/metadata', function () { - loadTestFile(require.resolve('./dependencies/metadata')); - }); - - describe('dependencies/top_dependencies', function () { - loadTestFile(require.resolve('./dependencies/top_dependencies')); - }); + // // inspect feature + // describe('inspect/inspect', function () { + // loadTestFile(require.resolve('./inspect/inspect')); + // }); + + // // alerts + // describe('alerts/chart_preview', function () { + // loadTestFile(require.resolve('./alerts/chart_preview')); + // }); + + // describe('alerts/rule_registry', function () { + // loadTestFile(require.resolve('./alerts/rule_registry')); + // }); + + // // correlations + // describe('correlations/failed_transactions', function () { + // loadTestFile(require.resolve('./correlations/failed_transactions')); + // }); + + // describe('correlations/latency', function () { + // loadTestFile(require.resolve('./correlations/latency')); + // }); + + // describe('event_metadata/event_metadata', function () { + // loadTestFile(require.resolve('./event_metadata/event_metadata')); + // }); + + // describe('metrics_charts/metrics_charts', function () { + // loadTestFile(require.resolve('./metrics_charts/metrics_charts')); + // }); + + // describe('observability_overview/has_data', function () { + // loadTestFile(require.resolve('./observability_overview/has_data')); + // }); + + // describe('observability_overview/observability_overview', function () { + // loadTestFile(require.resolve('./observability_overview/observability_overview')); + // }); + + // describe('service_maps/service_maps', function () { + // loadTestFile(require.resolve('./service_maps/service_maps')); + // }); + + // // Service overview + // describe('service_overview/dependencies', function () { + // loadTestFile(require.resolve('./service_overview/dependencies')); + // }); + + // describe('service_overview/instances_main_statistics', function () { + // loadTestFile(require.resolve('./service_overview/instances_main_statistics')); + // }); + + // describe('service_overview/instances_detailed_statistics', function () { + // loadTestFile(require.resolve('./service_overview/instances_detailed_statistics')); + // }); + + // describe('service_overview/instance_details', function () { + // loadTestFile(require.resolve('./service_overview/instance_details')); + // }); + + // // Services + // describe('services/agent', function () { + // loadTestFile(require.resolve('./services/agent')); + // }); + + // describe('services/annotations', function () { + // loadTestFile(require.resolve('./services/annotations')); + // loadTestFile(require.resolve('./services/derived_annotations')); + // }); + + // describe('services/service_details', function () { + // loadTestFile(require.resolve('./services/service_details')); + // }); + + // describe('services/service_icons', function () { + // loadTestFile(require.resolve('./services/service_icons')); + // }); + + // describe('services/throughput', function () { + // loadTestFile(require.resolve('./services/throughput')); + // }); + + // describe('service apis throughput', function () { + // loadTestFile(require.resolve('./throughput/service_apis')); + // }); + + // describe('dependencies throughput', function () { + // loadTestFile(require.resolve('./throughput/dependencies_apis')); + // }); + + // describe('services/top_services', function () { + // loadTestFile(require.resolve('./services/top_services')); + // }); + + // describe('services/transaction_types', function () { + // loadTestFile(require.resolve('./services/transaction_types')); + // }); + + // describe('services/error_groups_main_statistics', function () { + // loadTestFile(require.resolve('./services/error_groups/error_groups_main_statistics')); + // }); + + // describe('services/error_groups_detailed_statistics', function () { + // loadTestFile(require.resolve('./services/error_groups/error_groups_detailed_statistics')); + // }); + + // describe('services/detailed_statistics', function () { + // loadTestFile(require.resolve('./services/services_detailed_statistics')); + // }); + + // // Settings + // describe('settings/anomaly_detection/basic', function () { + // loadTestFile(require.resolve('./settings/anomaly_detection/basic')); + // }); + + // describe('settings/anomaly_detection/no_access_user', function () { + // loadTestFile(require.resolve('./settings/anomaly_detection/no_access_user')); + // }); + + // describe('settings/anomaly_detection/read_user', function () { + // loadTestFile(require.resolve('./settings/anomaly_detection/read_user')); + // }); + + // describe('settings/anomaly_detection/write_user', function () { + // loadTestFile(require.resolve('./settings/anomaly_detection/write_user')); + // }); + + // describe('settings/agent_configuration', function () { + // loadTestFile(require.resolve('./settings/agent_configuration')); + // }); + + // describe('settings/custom_link', function () { + // loadTestFile(require.resolve('./settings/custom_link')); + // }); + + // // suggestions + // describe('suggestions', function () { + // loadTestFile(require.resolve('./suggestions/suggestions')); + // }); + + // // traces + // describe('traces/top_traces', function () { + // loadTestFile(require.resolve('./traces/top_traces')); + // }); + // describe('/internal/apm/traces/{traceId}', function () { + // loadTestFile(require.resolve('./traces/trace_by_id')); + // }); + + // // transactions + // describe('transactions/breakdown', function () { + // loadTestFile(require.resolve('./transactions/breakdown')); + // }); + + // describe('transactions/trace_samples', function () { + // loadTestFile(require.resolve('./transactions/trace_samples')); + // }); + + // describe('transactions/error_rate', function () { + // loadTestFile(require.resolve('./transactions/error_rate')); + // }); + + // describe('transactions/latency_overall_distribution', function () { + // loadTestFile(require.resolve('./transactions/latency_overall_distribution')); + // }); + + // describe('transactions/latency', function () { + // loadTestFile(require.resolve('./transactions/latency')); + // }); + + // describe('transactions/transactions_groups_main_statistics', function () { + // loadTestFile(require.resolve('./transactions/transactions_groups_main_statistics')); + // }); + + // describe('transactions/transactions_groups_detailed_statistics', function () { + // loadTestFile(require.resolve('./transactions/transactions_groups_detailed_statistics')); + // }); + + // // feature control + // describe('feature_controls', function () { + // loadTestFile(require.resolve('./feature_controls')); + // }); + + // // CSM + // describe('csm/csm_services', function () { + // loadTestFile(require.resolve('./csm/csm_services')); + // }); + + // describe('csm/has_rum_data', function () { + // loadTestFile(require.resolve('./csm/has_rum_data')); + // }); + + // describe('csm/js_errors', function () { + // loadTestFile(require.resolve('./csm/js_errors')); + // }); + + // describe('csm/long_task_metrics', function () { + // loadTestFile(require.resolve('./csm/long_task_metrics')); + // }); + + // describe('csm/page_load_dist', function () { + // loadTestFile(require.resolve('./csm/page_load_dist')); + // }); + + // describe('csm/page_views', function () { + // loadTestFile(require.resolve('./csm/page_views')); + // }); + + // describe('csm/url_search', function () { + // loadTestFile(require.resolve('./csm/url_search')); + // }); + + // describe('csm/web_core_vitals', function () { + // loadTestFile(require.resolve('./csm/web_core_vitals')); + // }); + + // describe('historical_data/has_data', function () { + // loadTestFile(require.resolve('./historical_data/has_data')); + // }); + + // describe('error_rate/service_apis', function () { + // loadTestFile(require.resolve('./error_rate/service_apis')); + // }); + + // describe('latency/service_apis', function () { + // loadTestFile(require.resolve('./latency/service_apis')); + // }); + + // describe('errors/distribution', function () { + // loadTestFile(require.resolve('./errors/distribution')); + // }); + + describe('errors/error_group_list', function () { + loadTestFile(require.resolve('./errors/error_group_list')); + }); + + // // Dependencies + // describe('dependencies/metadata', function () { + // loadTestFile(require.resolve('./dependencies/metadata')); + // }); + + // describe('dependencies/top_dependencies', function () { + // loadTestFile(require.resolve('./dependencies/top_dependencies')); + // }); registry.run(providerContext); }); From 63cf1d0ab51ced63a81c0e460bad346d45abfdab Mon Sep 17 00:00:00 2001 From: Nicolas Chaulet Date: Tue, 2 Nov 2021 08:43:22 -0400 Subject: [PATCH 02/53] [Fleet] Delete non existing streams in overrideInputs (#116998) --- .../server/services/package_policy.test.ts | 94 +++++++++++++++++++ .../fleet/server/services/package_policy.ts | 21 ++++- 2 files changed, 113 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/fleet/server/services/package_policy.test.ts b/x-pack/plugins/fleet/server/services/package_policy.test.ts index 46747762213f1..b6207316829ee 100644 --- a/x-pack/plugins/fleet/server/services/package_policy.test.ts +++ b/x-pack/plugins/fleet/server/services/package_policy.test.ts @@ -1843,6 +1843,100 @@ describe('Package policy service', () => { expect(logfileStream?.enabled).toBe(false); }); }); + + describe('when a datastream is deleted from an input', () => { + it('it remove the non existing datastream', () => { + const basePackagePolicy: NewPackagePolicy = { + name: 'base-package-policy', + description: 'Base Package Policy', + namespace: 'default', + enabled: true, + policy_id: 'xxxx', + output_id: 'xxxx', + package: { + name: 'test-package', + title: 'Test Package', + version: '0.0.1', + }, + inputs: [ + { + type: 'logs', + policy_template: 'template_1', + enabled: true, + vars: { + path: { + type: 'text', + value: ['/var/log/logfile.log'], + }, + }, + streams: [ + { + enabled: true, + data_stream: { dataset: 'dataset.test123', type: 'log' }, + }, + ], + }, + ], + }; + + const packageInfo: PackageInfo = { + name: 'test-package', + description: 'Test Package', + title: 'Test Package', + version: '0.0.1', + latestVersion: '0.0.1', + release: 'experimental', + format_version: '1.0.0', + owner: { github: 'elastic/fleet' }, + policy_templates: [ + { + name: 'template_1', + title: 'Template 1', + description: 'Template 1', + inputs: [ + { + type: 'logs', + title: 'Log', + description: 'Log Input', + vars: [ + { + name: 'path', + type: 'text', + }, + ], + }, + ], + }, + ], + // @ts-ignore + assets: {}, + }; + + const inputsOverride: NewPackagePolicyInput[] = [ + { + type: 'logs', + enabled: true, + streams: [], + vars: { + path: { + type: 'text', + value: '/var/log/new-logfile.log', + }, + }, + }, + ]; + + const result = overridePackageInputs( + basePackagePolicy, + packageInfo, + // TODO: Update this type assertion when the `InputsOverride` type is updated such + // that it no longer causes unresolvable type errors when used directly + inputsOverride as InputsOverride[], + false + ); + expect(result.inputs[0]?.vars?.path.value).toEqual(['/var/log/logfile.log']); + }); + }); }); }); diff --git a/x-pack/plugins/fleet/server/services/package_policy.ts b/x-pack/plugins/fleet/server/services/package_policy.ts index c03ccfc43ebd8..39902d35feb08 100644 --- a/x-pack/plugins/fleet/server/services/package_policy.ts +++ b/x-pack/plugins/fleet/server/services/package_policy.ts @@ -404,6 +404,7 @@ class PackagePolicyService { pkgName: packagePolicy.package.name, pkgVersion: packagePolicy.package.version, }); + const registryPkgInfo = await Registry.fetchInfo(pkgInfo.name, pkgInfo.version); inputs = await this._compilePackagePolicyInputs( registryPkgInfo, @@ -1111,7 +1112,9 @@ export function overridePackageInputs( } if (override.vars) { - originalInput = deepMergeVars(originalInput, override) as NewPackagePolicyInput; + const indexOfInput = inputs.indexOf(originalInput); + inputs[indexOfInput] = deepMergeVars(originalInput, override) as NewPackagePolicyInput; + originalInput = inputs[indexOfInput]; } if (override.streams) { @@ -1130,10 +1133,24 @@ export function overridePackageInputs( } if (stream.vars) { - originalStream = deepMergeVars(originalStream, stream as InputsOverride); + const indexOfStream = originalInput.streams.indexOf(originalStream); + originalInput.streams[indexOfStream] = deepMergeVars( + originalStream, + stream as InputsOverride + ); + originalStream = originalInput.streams[indexOfStream]; } } } + + // Filter all stream that have been removed from the input + originalInput.streams = originalInput.streams.filter((originalStream) => { + return ( + override.streams?.some( + (s) => s.data_stream.dataset === originalStream.data_stream.dataset + ) ?? false + ); + }); } const resultingPackagePolicy: NewPackagePolicy = { From 0de567aa990b7b717ef0151bb522aa0c9940563b Mon Sep 17 00:00:00 2001 From: Tiago Costa Date: Tue, 2 Nov 2021 12:51:58 +0000 Subject: [PATCH 03/53] skip flaky suite (#116070) --- x-pack/test/functional/apps/monitoring/logstash/pipelines.js | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/test/functional/apps/monitoring/logstash/pipelines.js b/x-pack/test/functional/apps/monitoring/logstash/pipelines.js index 72a6ff8e1af23..931afc83e8415 100644 --- a/x-pack/test/functional/apps/monitoring/logstash/pipelines.js +++ b/x-pack/test/functional/apps/monitoring/logstash/pipelines.js @@ -15,7 +15,8 @@ export default function ({ getService, getPageObjects }) { const pipelinesList = getService('monitoringLogstashPipelines'); const lsClusterSummaryStatus = getService('monitoringLogstashSummaryStatus'); - describe('Logstash pipelines', () => { + // FLAKY: https://github.com/elastic/kibana/issues/116070 + describe.skip('Logstash pipelines', () => { const { setup, tearDown } = getLifecycleMethods(getService, getPageObjects); before(async () => { From 02e8271e363331d1629957aa0751c6a8a4c269fe Mon Sep 17 00:00:00 2001 From: Michael Dokolin Date: Tue, 2 Nov 2021 13:53:54 +0100 Subject: [PATCH 04/53] [Data] Add extra logging to detect flaky test problem (#113661) --- .../test_suites/run_pipeline/esaggs_timeshift.ts | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts b/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts index 244d07d2cfc82..adfd724f063b4 100644 --- a/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts +++ b/test/interpreter_functional/test_suites/run_pipeline/esaggs_timeshift.ts @@ -12,6 +12,10 @@ import { ExpectExpression, expectExpressionProvider } from './helpers'; import { FtrProviderContext } from '../../../functional/ftr_provider_context'; function getCell(esaggsResult: any, row: number, column: number): unknown | undefined { + if (esaggsResult && !esaggsResult.columns) { + throw new Error(`Unexpected esaggs result: ${JSON.stringify(esaggsResult, undefined, ' ')}`); + } + const columnId = esaggsResult?.columns[column]?.id; if (!columnId) { return; @@ -37,8 +41,7 @@ export default function ({ }: FtrProviderContext & { updateBaselines: boolean }) { let expectExpression: ExpectExpression; - // FLAKY https://github.com/elastic/kibana/issues/107028 - describe.skip('esaggs timeshift tests', () => { + describe('esaggs timeshift tests', () => { before(() => { expectExpression = expectExpressionProvider({ getService, updateBaselines }); }); @@ -98,6 +101,7 @@ export default function ({ 'esaggs_shift_single_percentile', expression ).getResponse(); + // percentile is not stable expect(getCell(result, 0, 0)).to.be.within(10000, 20000); expect(getCell(result, 0, 1)).to.be.within(10000, 20000); From 4d8363a92d1f5ce511000f24c7929f9cdf3d3ff7 Mon Sep 17 00:00:00 2001 From: Tiago Costa Date: Tue, 2 Nov 2021 13:02:14 +0000 Subject: [PATCH 05/53] skip flaky suite (#116881) --- .../apps/dashboard/feature_controls/dashboard_security.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts b/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts index 70f6fc49f0063..624a2cae63b78 100644 --- a/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts +++ b/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts @@ -502,7 +502,8 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { }); }); - describe('no dashboard privileges', () => { + // FLAKY: https://github.com/elastic/kibana/issues/116881 + describe.skip('no dashboard privileges', () => { before(async () => { await security.role.create('no_dashboard_privileges_role', { elasticsearch: { From f130759e827bf8332fea3a662b7efacc142c8eec Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Tue, 2 Nov 2021 13:12:14 +0000 Subject: [PATCH 06/53] [Fleet] Fix add agent help not closing when button clicked (#117104) * close help popover when button clicked * reduce popover z-index to hide behind modals --- .../policies/components/package_policy_agents_cell.tsx | 6 +++++- .../fleet/public/components/add_agent_help_popover.tsx | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx index 0ecab3290051e..fc3007b174ced 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/components/package_policy_agents_cell.tsx @@ -22,8 +22,12 @@ const AddAgentButton = ({ onAddAgent }: { onAddAgent: () => void }) => ( ); const AddAgentButtonWithPopover = ({ onAddAgent }: { onAddAgent: () => void }) => { - const button = ; const [isHelpOpen, setIsHelpOpen] = useState(true); + const onAddAgentCloseHelp = () => { + setIsHelpOpen(false); + onAddAgent(); + }; + const button = ; return ( ; }) => { const { docLinks } = useStartServices(); - + const theme = useTheme() as EuiTheme; const optionalProps: { offset?: number } = {}; if (offset !== undefined) { @@ -55,6 +58,7 @@ export const AddAgentHelpPopover = ({ /> } + zIndex={theme.eui.euiZLevel1 - 1} // put popover behind any modals that happen to be open isStepOpen={isOpen} minWidth={300} onFinish={() => {}} From 2a1eaadeb8aa636e709e1ceb5f07cc4da826198c Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Tue, 2 Nov 2021 06:57:52 -0700 Subject: [PATCH 07/53] [Reporting] Stabilize ILM test for Cloud (#117003) Closes https://github.com/elastic/kibana/issues/109456 --- .../reporting_and_security/ilm_migration_apis.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts index d1dc091992dd6..6a2139a70dde5 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts @@ -24,6 +24,7 @@ export default function ({ getService }: FtrProviderContext) { before(async () => { await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.migrateReportingIndices(); // ensure that the ILM policy exists for the first test }); after(async () => { From 55fb58b9f4efb5de37a6ab042d5d54a9775bdefb Mon Sep 17 00:00:00 2001 From: Tobias Stadler Date: Tue, 2 Nov 2021 15:05:51 +0100 Subject: [PATCH 08/53] xpack.actions.{proxy}VerificationMode is actual xpack.actions.ssl.{proxy}VerificationMode (#114593) * xpack.actions.proxyVerificationMode is actual xpack.actions.ssl.proxyVerificationMode * xpack.actions.verificationMode is actual xpack.actions.ssl.verificationMode Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- x-pack/plugins/actions/server/index.test.ts | 4 ++-- x-pack/plugins/actions/server/index.ts | 8 ++++---- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/actions/server/index.test.ts b/x-pack/plugins/actions/server/index.test.ts index 9021879fa38aa..fe8cf98a48f43 100644 --- a/x-pack/plugins/actions/server/index.test.ts +++ b/x-pack/plugins/actions/server/index.test.ts @@ -51,10 +51,10 @@ describe('index', () => { '"xpack.actions.customHostSettings[].ssl.rejectUnauthorized" is deprecated.Use "xpack.actions.customHostSettings[].ssl.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' ); expect(messages[1]).toBe( - '"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' + '"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.ssl.verificationMode" instead, with the setting "verificationMode:full" eql to "rejectUnauthorized:true", and "verificationMode:none" eql to "rejectUnauthorized:false".' ); expect(messages[2]).toBe( - '"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.proxyVerificationMode" instead, with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".' + '"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.ssl.proxyVerificationMode" instead, with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".' ); }); }); diff --git a/x-pack/plugins/actions/server/index.ts b/x-pack/plugins/actions/server/index.ts index e6c82969a0aa2..e1c60b9fd0491 100644 --- a/x-pack/plugins/actions/server/index.ts +++ b/x-pack/plugins/actions/server/index.ts @@ -103,13 +103,13 @@ export const config: PluginConfigDescriptor = { level: 'warning', configPath: `${fromPath}.rejectUnauthorized`, message: - `"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.verificationMode" instead, ` + + `"xpack.actions.rejectUnauthorized" is deprecated. Use "xpack.actions.ssl.verificationMode" instead, ` + `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + `and "verificationMode:none" eql to "rejectUnauthorized:false".`, correctiveActions: { manualSteps: [ `Remove "xpack.actions.rejectUnauthorized" from your kibana configs.`, - `Use "xpack.actions.verificationMode" ` + + `Use "xpack.actions.ssl.verificationMode" ` + `with the setting "verificationMode:full" eql to "rejectUnauthorized:true", ` + `and "verificationMode:none" eql to "rejectUnauthorized:false".`, ], @@ -131,13 +131,13 @@ export const config: PluginConfigDescriptor = { level: 'warning', configPath: `${fromPath}.proxyRejectUnauthorizedCertificates`, message: - `"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.proxyVerificationMode" instead, ` + + `"xpack.actions.proxyRejectUnauthorizedCertificates" is deprecated. Use "xpack.actions.ssl.proxyVerificationMode" instead, ` + `with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",` + `and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".`, correctiveActions: { manualSteps: [ `Remove "xpack.actions.proxyRejectUnauthorizedCertificates" from your kibana configs.`, - `Use "xpack.actions.proxyVerificationMode" ` + + `Use "xpack.actions.ssl.proxyVerificationMode" ` + `with the setting "proxyVerificationMode:full" eql to "rejectUnauthorized:true",` + `and "proxyVerificationMode:none" eql to "rejectUnauthorized:false".`, ], From 1860f8759e3b3e30b10f9d4ecfe41f185438b053 Mon Sep 17 00:00:00 2001 From: Caroline Horn <549577+cchaos@users.noreply.github.com> Date: Tue, 2 Nov 2021 10:12:11 -0400 Subject: [PATCH 09/53] [Global Nav] Moved Overview page/link to the accordion/Solution title (#114018) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Global Nav] Moved Overview page/link to the accordion/Solution title * Using Cloud logo for deployment link and fixing isActive state * Change Deployment section to dark background * Completely remove locking ability * Change buttonElement if overview page exists * Snaps from button/div * PR Feedback: - Puts `Overview` links back for Observability and Security - Increases hit area and scopes underline of anchor tag within the accordion header - Uses `id`’s to find Overview pages instead of `title` text --- .../collapsible_nav.test.tsx.snap | 45 +++++--- .../header/__snapshots__/header.test.tsx.snap | 41 +------ .../chrome/ui/header/collapsible_nav.scss | 21 ++++ .../chrome/ui/header/collapsible_nav.tsx | 101 ++++++++---------- src/core/public/chrome/ui/header/header.tsx | 2 - src/core/public/chrome/ui/header/nav_link.tsx | 38 +++++-- x-pack/plugins/cloud/public/plugin.test.ts | 4 +- x-pack/plugins/cloud/public/plugin.ts | 2 +- .../translations/translations/ja-JP.json | 4 - .../translations/translations/zh-CN.json | 4 - .../advanced_settings_security.ts | 2 +- .../feature_controls/canvas_security.ts | 4 +- .../feature_controls/dashboard_security.ts | 10 +- .../feature_controls/discover_security.ts | 5 +- .../graph/feature_controls/graph_security.ts | 4 +- .../index_patterns_security.ts | 2 +- .../feature_controls/management_security.ts | 2 +- .../maps/feature_controls/maps_security.ts | 2 +- .../feature_controls/visualize_security.ts | 4 +- 19 files changed, 147 insertions(+), 150 deletions(-) diff --git a/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap b/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap index 571b564f90329..a16c15555f5e5 100644 --- a/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap +++ b/src/core/public/chrome/ui/header/__snapshots__/collapsible_nav.test.tsx.snap @@ -425,7 +425,7 @@ exports[`CollapsibleNav renders links grouped by category 1`] = ` } > - diff --git a/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap b/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap index e73d5e8002a02..d2b1078641437 100644 --- a/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap +++ b/src/core/public/chrome/ui/header/__snapshots__/header.test.tsx.snap @@ -1272,45 +1272,7 @@ exports[`Header renders 1`] = ` "closed": false, "hasError": false, "isStopped": false, - "observers": Array [ - Subscriber { - "_parentOrParents": null, - "_subscriptions": Array [ - SubjectSubscription { - "_parentOrParents": [Circular], - "_subscriptions": null, - "closed": false, - "subject": [Circular], - "subscriber": [Circular], - }, - ], - "closed": false, - "destination": SafeSubscriber { - "_complete": undefined, - "_context": [Circular], - "_error": undefined, - "_next": [Function], - "_parentOrParents": null, - "_parentSubscriber": [Circular], - "_subscriptions": null, - "closed": false, - "destination": Object { - "closed": true, - "complete": [Function], - "error": [Function], - "next": [Function], - }, - "isStopped": false, - "syncErrorThrowable": false, - "syncErrorThrown": false, - "syncErrorValue": null, - }, - "isStopped": false, - "syncErrorThrowable": true, - "syncErrorThrown": false, - "syncErrorValue": null, - }, - ], + "observers": Array [], "thrownError": null, } } @@ -4338,7 +4300,6 @@ exports[`Header renders 1`] = ` } homeHref="/" id="generated-id" - isLocked={true} isNavOpen={false} navLinks$={ BehaviorSubject { diff --git a/src/core/public/chrome/ui/header/collapsible_nav.scss b/src/core/public/chrome/ui/header/collapsible_nav.scss index d72775d374d47..5f84863ad7309 100644 --- a/src/core/public/chrome/ui/header/collapsible_nav.scss +++ b/src/core/public/chrome/ui/header/collapsible_nav.scss @@ -3,3 +3,24 @@ max-height: $euiSize * 10; margin-right: -$euiSizeS; } + +/** + * 1. Increase the hit area of the link (anchor) + * 2. Only show the text underline when hovering on the text/anchor portion + */ + +.kbnCollapsibleNav__solutionGroupButton { + display: block; /* 1 */ + + &:hover { + text-decoration: none; /* 2 */ + } +} + +.kbnCollapsibleNav__solutionGroupLink { + display: block; /* 1 */ + + &:hover { + text-decoration: underline; /* 2 */ + } +} diff --git a/src/core/public/chrome/ui/header/collapsible_nav.tsx b/src/core/public/chrome/ui/header/collapsible_nav.tsx index ccc0e17b655b1..ef380ee47e235 100644 --- a/src/core/public/chrome/ui/header/collapsible_nav.tsx +++ b/src/core/public/chrome/ui/header/collapsible_nav.tsx @@ -14,13 +14,12 @@ import { EuiHorizontalRule, EuiListGroup, EuiListGroupItem, - EuiShowFor, EuiCollapsibleNavProps, EuiButton, } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { groupBy, sortBy } from 'lodash'; -import React, { Fragment, useMemo, useRef } from 'react'; +import React, { Fragment, useMemo } from 'react'; import useObservable from 'react-use/lib/useObservable'; import * as Rx from 'rxjs'; import { ChromeNavLink, ChromeRecentlyAccessedHistoryItem } from '../..'; @@ -33,6 +32,7 @@ import { createRecentNavLink, isModifiedOrPrevented, createEuiButtonItem, + createOverviewLink, } from './nav_link'; function getAllCategories(allCategorizedLinks: Record) { const allCategories = {} as Record; @@ -72,7 +72,6 @@ interface Props { appId$: InternalApplicationStart['currentAppId$']; basePath: HttpStart['basePath']; id: string; - isLocked: boolean; isNavOpen: boolean; homeHref: string; navLinks$: Rx.Observable; @@ -86,10 +85,17 @@ interface Props { button: EuiCollapsibleNavProps['button']; } +const overviewIDsToHide = ['kibanaOverview', 'enterpriseSearch']; +const overviewIDs = [ + ...overviewIDsToHide, + 'observability-overview', + 'securitySolutionUI:overview', + 'management', +]; + export function CollapsibleNav({ basePath, id, - isLocked, isNavOpen, homeHref, storage = window.localStorage, @@ -104,23 +110,29 @@ export function CollapsibleNav({ const allowedLinks = useMemo( () => allLinks.filter( - // Filterting out hidden links and the integrations one in favor of a specific Add Data button at the bottom - (link) => !link.hidden && link.id !== 'integrations' + (link) => + // Filterting out hidden links, + !link.hidden && + // integrations link in favor of a specific Add Data button at the bottom, + link.id !== 'integrations' && + // and non-data overview pages + !overviewIDsToHide.includes(link.id) ), [allLinks] ); + // Find just the integrations link const integrationsLink = useMemo( - () => - allLinks.find( - // Find just the integrations link - (link) => link.id === 'integrations' - ), + () => allLinks.find((link) => link.id === 'integrations'), + [allLinks] + ); + // Find all the overview (landing page) links + const overviewLinks = useMemo( + () => allLinks.filter((link) => overviewIDs.includes(link.id)), [allLinks] ); const recentlyAccessed = useObservable(observables.recentlyAccessed$, []); const customNavLink = useObservable(observables.customNavLink$, undefined); const appId = useObservable(observables.appId$, ''); - const lockRef = useRef(null); const groupedNavLinks = groupBy(allowedLinks, (link) => link?.category?.id); const { undefined: unknowns = [], ...allCategorizedLinks } = groupedNavLinks; const categoryDictionary = getAllCategories(allCategorizedLinks); @@ -153,7 +165,7 @@ export function CollapsibleNav({ @@ -166,12 +178,13 @@ export function CollapsibleNav({ dataTestSubj: 'collapsibleNavCustomNavLink', onClick: closeNav, externalLink: true, + iconProps: { color: 'ghost' }, }), ]} maxWidth="none" - color="text" gutterSize="none" size="s" + color="ghost" /> @@ -270,13 +283,31 @@ export function CollapsibleNav({ {/* Kibana, Observability, Security, and Management sections */} {orderedCategories.map((categoryName) => { const category = categoryDictionary[categoryName]!; + const overviewLink = overviewLinks.find((link) => link.category === category); return ( + {category.label} + + ) : ( + category.label + ) + } isCollapsible={true} initialIsOpen={getIsCategoryOpen(category.id, storage)} onToggle={(isCategoryOpen) => setIsCategoryOpen(category.id, isCategoryOpen, storage)} @@ -305,45 +336,6 @@ export function CollapsibleNav({ ))} - - {/* Docking button only for larger screens that can support it*/} - - - - { - onIsLockedUpdate(!isLocked); - if (lockRef.current) { - lockRef.current.focus(); - } - }} - iconType={isLocked ? 'lock' : 'lockOpen'} - /> - - - {integrationsLink && ( @@ -355,7 +347,6 @@ export function CollapsibleNav({ link: integrationsLink, navigateToUrl, onClick: closeNav, - dataTestSubj: `collapsibleNavAppButton-${integrationsLink.id}`, })} fill fullWidth diff --git a/src/core/public/chrome/ui/header/header.tsx b/src/core/public/chrome/ui/header/header.tsx index 578c87411e543..40108760cc0be 100644 --- a/src/core/public/chrome/ui/header/header.tsx +++ b/src/core/public/chrome/ui/header/header.tsx @@ -84,7 +84,6 @@ export function Header({ ...observables }: HeaderProps) { const isVisible = useObservable(observables.isVisible$, false); - const isLocked = useObservable(observables.isLocked$, false); const [isNavOpen, setIsNavOpen] = useState(false); const [navId] = useState(htmlIdGenerator()()); const breadcrumbsAppendExtension = useObservable(breadcrumbsAppendExtension$); @@ -160,7 +159,6 @@ export function Header({ : undefined, }), @@ -77,7 +80,7 @@ export function createEuiButtonItem({ navigateToUrl, dataTestSubj, }: Omit) { - const { href, disabled, url } = link; + const { href, disabled, url, id } = link; return { href, @@ -90,7 +93,30 @@ export function createEuiButtonItem({ navigateToUrl(url); }, isDisabled: disabled, - 'data-test-subj': dataTestSubj, + dataTestSubj: `collapsibleNavAppButton-${id}`, + }; +} + +export function createOverviewLink({ + link, + onClick = () => {}, + navigateToUrl, +}: Omit) { + const { href, url } = link; + + return { + href, + /* Use href and onClick to support "open in new tab" and SPA navigation in the same link */ + onClick(event: React.MouseEvent) { + // Prevent the accordions from opening or closing when clicking just the link + event.stopPropagation(); + if (!isModifiedOrPrevented(event)) { + onClick(); + } + event.preventDefault(); + navigateToUrl(url); + }, + 'data-test-subj': `collapsibleNavAppLink-overview`, }; } diff --git a/x-pack/plugins/cloud/public/plugin.test.ts b/x-pack/plugins/cloud/public/plugin.test.ts index c1c94375d7063..43659d137a6e0 100644 --- a/x-pack/plugins/cloud/public/plugin.test.ts +++ b/x-pack/plugins/cloud/public/plugin.test.ts @@ -348,7 +348,7 @@ describe('Cloud Plugin', () => { expect(coreStart.chrome.setCustomNavLink.mock.calls[0]).toMatchInlineSnapshot(` Array [ Object { - "euiIconType": "arrowLeft", + "euiIconType": "logoCloud", "href": "https://cloud.elastic.co/abc123", "title": "Manage this deployment", }, @@ -370,7 +370,7 @@ describe('Cloud Plugin', () => { expect(coreStart.chrome.setCustomNavLink.mock.calls[0]).toMatchInlineSnapshot(` Array [ Object { - "euiIconType": "arrowLeft", + "euiIconType": "logoCloud", "href": "https://cloud.elastic.co/abc123", "title": "Manage this deployment", }, diff --git a/x-pack/plugins/cloud/public/plugin.ts b/x-pack/plugins/cloud/public/plugin.ts index 64b03acdc3ffd..e71b145c438ed 100644 --- a/x-pack/plugins/cloud/public/plugin.ts +++ b/x-pack/plugins/cloud/public/plugin.ts @@ -131,7 +131,7 @@ export class CloudPlugin implements Plugin { title: i18n.translate('xpack.cloud.deploymentLinkLabel', { defaultMessage: 'Manage this deployment', }), - euiIconType: 'arrowLeft', + euiIconType: 'logoCloud', href: getFullCloudUrl(baseUrl, deploymentUrl), }); } diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index 7ab4c7d31d745..857e97daa3515 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -1359,11 +1359,7 @@ "core.ui.primaryNav.pinnedLinksAriaLabel": "ピン留めされたリンク", "core.ui.primaryNav.screenReaderLabel": "プライマリ", "core.ui.primaryNav.toggleNavAriaLabel": "プライマリナビゲーションを切り替える", - "core.ui.primaryNavSection.dockAriaLabel": "プライマリナビゲーションリンクを固定する", - "core.ui.primaryNavSection.dockLabel": "ナビゲーションを固定する", "core.ui.primaryNavSection.screenReaderLabel": "プライマリナビゲーションリンク、{category}", - "core.ui.primaryNavSection.undockAriaLabel": "プライマリナビゲーションリンクの固定を解除する", - "core.ui.primaryNavSection.undockLabel": "ナビゲーションの固定を解除する", "core.ui.publicBaseUrlWarning.configMissingDescription": "{configKey}が見つかりません。本番環境を実行するときに構成してください。一部の機能が正常に動作しない場合があります。", "core.ui.publicBaseUrlWarning.configMissingTitle": "構成がありません", "core.ui.publicBaseUrlWarning.muteWarningButtonLabel": "ミュート警告", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index 1208277001cb9..6c860a5b2cc4d 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -1375,11 +1375,7 @@ "core.ui.primaryNav.pinnedLinksAriaLabel": "置顶链接", "core.ui.primaryNav.screenReaderLabel": "主分片", "core.ui.primaryNav.toggleNavAriaLabel": "切换主导航", - "core.ui.primaryNavSection.dockAriaLabel": "停靠主导航", - "core.ui.primaryNavSection.dockLabel": "停靠导航", "core.ui.primaryNavSection.screenReaderLabel": "主导航链接, {category}", - "core.ui.primaryNavSection.undockAriaLabel": "取消停靠主导航", - "core.ui.primaryNavSection.undockLabel": "取消停靠导航", "core.ui.publicBaseUrlWarning.configMissingDescription": "{configKey} 缺失,在生产环境中运行时应配置。某些功能可能运行不正常。", "core.ui.publicBaseUrlWarning.configMissingTitle": "配置缺失", "core.ui.publicBaseUrlWarning.muteWarningButtonLabel": "静音警告", diff --git a/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts b/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts index ebe76ee52499b..7efa86c3acf28 100644 --- a/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts +++ b/x-pack/test/functional/apps/advanced_settings/feature_controls/advanced_settings_security.ts @@ -177,7 +177,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('does not show Management navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`does not allow navigation to advanced settings; shows "not found" error`, async () => { diff --git a/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts b/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts index 5a73f31c8427f..983a3101b9e31 100644 --- a/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts +++ b/x-pack/test/functional/apps/canvas/feature_controls/canvas_security.ts @@ -67,7 +67,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows canvas navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Canvas']); + expect(navLinks).to.eql(['Canvas']); }); it(`landing page shows "Create new workpad" button`, async () => { @@ -142,7 +142,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows canvas navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Canvas']); + expect(navLinks).to.eql(['Canvas']); }); it(`landing page shows disabled "Create new workpad" button`, async () => { diff --git a/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts b/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts index 624a2cae63b78..e7aa3e6a54e60 100644 --- a/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts +++ b/x-pack/test/functional/apps/dashboard/feature_controls/dashboard_security.ts @@ -89,11 +89,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('only shows the dashboard navlink', async () => { const navLinks = await appsMenu.readLinks(); - expect(navLinks.map((link) => link.text)).to.eql([ - 'Overview', - 'Dashboard', - 'Stack Management', - ]); + expect(navLinks.map((link) => link.text)).to.eql(['Dashboard', 'Stack Management']); }); it(`landing page shows "Create new Dashboard" button`, async () => { @@ -296,7 +292,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows dashboard navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Dashboard']); + expect(navLinks).to.eql(['Dashboard']); }); it(`landing page doesn't show "Create new Dashboard" button`, async () => { @@ -427,7 +423,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows dashboard navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Dashboard']); + expect(navLinks).to.eql(['Dashboard']); }); it(`landing page doesn't show "Create new Dashboard" button`, async () => { diff --git a/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts b/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts index 2010bfd56d2af..8ebf277d63cbe 100644 --- a/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts +++ b/x-pack/test/functional/apps/discover/feature_controls/discover_security.ts @@ -91,7 +91,6 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows discover navlink', async () => { const navLinks = await appsMenu.readLinks(); expect(navLinks.map((link) => link.text)).to.eql([ - 'Overview', 'Discover', 'Stack Management', // because `global_discover_all_role` enables search sessions and reporting ]); @@ -201,7 +200,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows discover navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`doesn't show save button`, async () => { @@ -293,7 +292,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows discover navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`doesn't show save button`, async () => { diff --git a/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts b/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts index 913a5034bacc5..69f2f585d8dba 100644 --- a/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts +++ b/x-pack/test/functional/apps/graph/feature_controls/graph_security.ts @@ -67,7 +67,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows graph navlink', async () => { const navLinks = await appsMenu.readLinks(); - expect(navLinks.map((link) => link.text)).to.eql(['Overview', 'Graph']); + expect(navLinks.map((link) => link.text)).to.eql(['Graph']); }); it('landing page shows "Create new graph" button', async () => { @@ -130,7 +130,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows graph navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Graph']); + expect(navLinks).to.eql(['Graph']); }); it('does not show a "Create new Workspace" button', async () => { diff --git a/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts b/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts index c1610ebe0709f..d04ec8f4d66b4 100644 --- a/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts +++ b/x-pack/test/functional/apps/index_patterns/feature_controls/index_patterns_security.ts @@ -179,7 +179,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('does not show Management navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Discover']); + expect(navLinks).to.eql(['Discover']); }); it(`doesn't show Index Patterns in management side-nav`, async () => { diff --git a/x-pack/test/functional/apps/management/feature_controls/management_security.ts b/x-pack/test/functional/apps/management/feature_controls/management_security.ts index 8235bf6e1e9e2..5366274cd6f58 100644 --- a/x-pack/test/functional/apps/management/feature_controls/management_security.ts +++ b/x-pack/test/functional/apps/management/feature_controls/management_security.ts @@ -36,7 +36,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('should not show the Stack Management nav link', async () => { const links = await appsMenu.readLinks(); - expect(links.map((link) => link.text)).to.eql(['Overview', 'Dashboard']); + expect(links.map((link) => link.text)).to.eql(['Dashboard']); }); it('should render the "application not found" view when navigating to management directly', async () => { diff --git a/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts b/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts index b141aeea16cfe..dcd82ea05ccf3 100644 --- a/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts +++ b/x-pack/test/functional/apps/maps/feature_controls/maps_security.ts @@ -165,7 +165,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows Maps navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Maps']); + expect(navLinks).to.eql(['Maps']); }); it(`does not show create new button`, async () => { diff --git a/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts b/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts index 7bfae9ba36be4..d089ab47c0cf7 100644 --- a/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts +++ b/x-pack/test/functional/apps/visualize/feature_controls/visualize_security.ts @@ -214,7 +214,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows visualize navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Visualize Library']); + expect(navLinks).to.eql(['Visualize Library']); }); it(`landing page shows "Create new Visualization" button`, async () => { @@ -329,7 +329,7 @@ export default function ({ getPageObjects, getService }: FtrProviderContext) { it('shows visualize navlink', async () => { const navLinks = (await appsMenu.readLinks()).map((link) => link.text); - expect(navLinks).to.eql(['Overview', 'Visualize Library']); + expect(navLinks).to.eql(['Visualize Library']); }); it(`landing page shows "Create new Visualization" button`, async () => { From 157a37114fba5b1e88c018492e733ed66c29b231 Mon Sep 17 00:00:00 2001 From: Julia Bardi <90178898+juliaElastic@users.noreply.github.com> Date: Tue, 2 Nov 2021 15:14:28 +0100 Subject: [PATCH 10/53] [Fleet] cypress setup (#113106) * added cypress setup for fleet * updated readme * fixed types * fix unused * starting up fleet server in cypress * added more fleet tests * added package update test * updated readme * trying jenkins run * trying jenkins run * trying jenkins run * fix types, cypress config * example of mocked requests * added getBySel * fix test after refactor * removed duplication * fix tests * added to buildkite * updated tests * starting agent with docker * trying to fix ip address * ifconfig * ip address * ip address * ip address * type fix * remove extra logging * fixed test * fix buildkite * cleanup * cleanup * using docker for fleet_server * fix * fix * trying to fix * update config * test * test * test * test * revert changes * test * test * static ip on linux * docker version * try again * fixed review comments * fixed types Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Patryk Kopycinski --- .../pipelines/pull_request/fleet_cypress.yml | 11 + .../pipelines/pull_request/pipeline.js | 10 + .../scripts/steps/functional/fleet_cypress.sh | 20 + .gitignore | 5 + src/dev/typescript/projects.ts | 3 + test/scripts/jenkins_fleet_cypress.sh | 15 + vars/tasks.groovy | 8 + x-pack/plugins/fleet/.gitignore | 0 x-pack/plugins/fleet/cypress/README.md | 148 +++ x-pack/plugins/fleet/cypress/cypress.json | 19 + .../fixtures/integrations/agent_policies.json | 978 +++++++++++++++ .../fixtures/integrations/agent_policy.json | 644 ++++++++++ .../cypress/fixtures/integrations/apache.json | 1059 +++++++++++++++++ .../create_integration_response.json | 255 ++++ .../cypress/fixtures/integrations/list.json | 260 ++++ .../cypress/integration/fleet_startup.spec.ts | 33 + .../cypress/integration/integrations.spec.ts | 96 ++ x-pack/plugins/fleet/cypress/plugins/index.ts | 28 + x-pack/plugins/fleet/cypress/screens/fleet.ts | 11 + .../fleet/cypress/screens/integrations.ts | 25 + .../fleet/cypress/screens/navigation.ts | 8 + .../plugins/fleet/cypress/support/commands.ts | 17 + x-pack/plugins/fleet/cypress/support/index.ts | 47 + .../fleet/cypress/tasks/integrations.ts | 58 + .../plugins/fleet/cypress/tasks/navigation.ts | 19 + x-pack/plugins/fleet/cypress/tsconfig.json | 17 + x-pack/plugins/fleet/package.json | 8 +- .../components/search_and_filter_bar.tsx | 1 + .../detail/policies/package_policies.tsx | 2 +- .../epm/screens/detail/settings/settings.tsx | 4 +- .../screens/detail/settings/update_button.tsx | 1 + x-pack/scripts/functional_tests_server.js | 0 x-pack/test/fleet_cypress/agent.ts | 114 ++ x-pack/test/fleet_cypress/artifact_manager.ts | 14 + x-pack/test/fleet_cypress/cli_config.ts | 19 + x-pack/test/fleet_cypress/config.ts | 44 + x-pack/test/fleet_cypress/fleet_server.ts | 83 ++ .../fleet_cypress/ftr_provider_context.d.ts | 12 + x-pack/test/fleet_cypress/resource_manager.ts | 24 + x-pack/test/fleet_cypress/runner.ts | 105 ++ x-pack/test/fleet_cypress/services.ts | 8 + x-pack/test/fleet_cypress/visual_config.ts | 19 + 42 files changed, 4248 insertions(+), 4 deletions(-) create mode 100644 .buildkite/pipelines/pull_request/fleet_cypress.yml create mode 100755 .buildkite/scripts/steps/functional/fleet_cypress.sh create mode 100755 test/scripts/jenkins_fleet_cypress.sh create mode 100644 x-pack/plugins/fleet/.gitignore create mode 100644 x-pack/plugins/fleet/cypress/README.md create mode 100644 x-pack/plugins/fleet/cypress/cypress.json create mode 100644 x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policies.json create mode 100644 x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policy.json create mode 100644 x-pack/plugins/fleet/cypress/fixtures/integrations/apache.json create mode 100644 x-pack/plugins/fleet/cypress/fixtures/integrations/create_integration_response.json create mode 100644 x-pack/plugins/fleet/cypress/fixtures/integrations/list.json create mode 100644 x-pack/plugins/fleet/cypress/integration/fleet_startup.spec.ts create mode 100644 x-pack/plugins/fleet/cypress/integration/integrations.spec.ts create mode 100644 x-pack/plugins/fleet/cypress/plugins/index.ts create mode 100644 x-pack/plugins/fleet/cypress/screens/fleet.ts create mode 100644 x-pack/plugins/fleet/cypress/screens/integrations.ts create mode 100644 x-pack/plugins/fleet/cypress/screens/navigation.ts create mode 100644 x-pack/plugins/fleet/cypress/support/commands.ts create mode 100644 x-pack/plugins/fleet/cypress/support/index.ts create mode 100644 x-pack/plugins/fleet/cypress/tasks/integrations.ts create mode 100644 x-pack/plugins/fleet/cypress/tasks/navigation.ts create mode 100644 x-pack/plugins/fleet/cypress/tsconfig.json mode change 100644 => 100755 x-pack/scripts/functional_tests_server.js create mode 100644 x-pack/test/fleet_cypress/agent.ts create mode 100644 x-pack/test/fleet_cypress/artifact_manager.ts create mode 100644 x-pack/test/fleet_cypress/cli_config.ts create mode 100644 x-pack/test/fleet_cypress/config.ts create mode 100644 x-pack/test/fleet_cypress/fleet_server.ts create mode 100644 x-pack/test/fleet_cypress/ftr_provider_context.d.ts create mode 100644 x-pack/test/fleet_cypress/resource_manager.ts create mode 100644 x-pack/test/fleet_cypress/runner.ts create mode 100644 x-pack/test/fleet_cypress/services.ts create mode 100644 x-pack/test/fleet_cypress/visual_config.ts diff --git a/.buildkite/pipelines/pull_request/fleet_cypress.yml b/.buildkite/pipelines/pull_request/fleet_cypress.yml new file mode 100644 index 0000000000000..bfaa3faae7783 --- /dev/null +++ b/.buildkite/pipelines/pull_request/fleet_cypress.yml @@ -0,0 +1,11 @@ +steps: + - command: .buildkite/scripts/steps/functional/fleet_cypress.sh + label: 'Fleet Cypress Tests' + agents: + queue: ci-group-6 + depends_on: build + timeout_in_minutes: 120 + retry: + automatic: + - exit_status: '*' + limit: 1 diff --git a/.buildkite/scripts/pipelines/pull_request/pipeline.js b/.buildkite/scripts/pipelines/pull_request/pipeline.js index c5ed216042b68..d0f38dc773357 100644 --- a/.buildkite/scripts/pipelines/pull_request/pipeline.js +++ b/.buildkite/scripts/pipelines/pull_request/pipeline.js @@ -76,6 +76,16 @@ const uploadPipeline = (pipelineContent) => { pipeline.push(getPipeline('.buildkite/pipelines/pull_request/apm_cypress.yml')); } + if ( + (await doAnyChangesMatch([ + /^x-pack\/plugins\/fleet/, + /^x-pack\/test\/fleet_cypress/, + ])) || + process.env.GITHUB_PR_LABELS.includes('ci:all-cypress-suites') + ) { + pipeline.push(getPipeline('.buildkite/pipelines/pull_request/fleet_cypress.yml')); + } + if (await doAnyChangesMatch([/^x-pack\/plugins\/uptime/])) { pipeline.push(getPipeline('.buildkite/pipelines/pull_request/uptime.yml')); } diff --git a/.buildkite/scripts/steps/functional/fleet_cypress.sh b/.buildkite/scripts/steps/functional/fleet_cypress.sh new file mode 100755 index 0000000000000..3847ffda08822 --- /dev/null +++ b/.buildkite/scripts/steps/functional/fleet_cypress.sh @@ -0,0 +1,20 @@ +#!/usr/bin/env bash + +set -euo pipefail + +source .buildkite/scripts/common/util.sh + +.buildkite/scripts/bootstrap.sh +.buildkite/scripts/download_build_artifacts.sh + +export JOB=kibana-fleet-cypress + +echo "--- Fleet Cypress tests" + +cd "$XPACK_DIR" + +checks-reporter-with-killswitch "Fleet Cypress Tests" \ + node scripts/functional_tests \ + --debug --bail \ + --kibana-install-dir "$KIBANA_BUILD_LOCATION" \ + --config test/fleet_cypress/cli_config.ts diff --git a/.gitignore b/.gitignore index 32c77b20ef204..c08ae529c2c36 100644 --- a/.gitignore +++ b/.gitignore @@ -86,3 +86,8 @@ report.asciidoc /bazel /bazel-* .bazelrc.user + +elastic-agent-* +fleet-server-* +elastic-agent.yml +fleet-server.yml \ No newline at end of file diff --git a/src/dev/typescript/projects.ts b/src/dev/typescript/projects.ts index de432b51c0bbf..e5657dd4663a3 100644 --- a/src/dev/typescript/projects.ts +++ b/src/dev/typescript/projects.ts @@ -63,6 +63,9 @@ export const PROJECTS = [ name: 'apm/ftr_e2e', disableTypeCheck: true, }), + createProject('x-pack/plugins/fleet/cypress/tsconfig.json', { + name: 'fleet/cypress', + }), createProject('x-pack/plugins/uptime/e2e/tsconfig.json', { name: 'uptime/synthetics-e2e-tests', diff --git a/test/scripts/jenkins_fleet_cypress.sh b/test/scripts/jenkins_fleet_cypress.sh new file mode 100755 index 0000000000000..085c78cbf0a41 --- /dev/null +++ b/test/scripts/jenkins_fleet_cypress.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +source test/scripts/jenkins_test_setup_xpack.sh + +echo " -> Running fleet cypress tests" +cd "$XPACK_DIR" + +checks-reporter-with-killswitch "Fleet Cypress Tests" \ + node scripts/functional_tests \ + --debug --bail \ + --kibana-install-dir "$KIBANA_INSTALL_DIR" \ + --config test/fleet_cypress/cli_config.ts + +echo "" +echo "" diff --git a/vars/tasks.groovy b/vars/tasks.groovy index 050b62646fb3b..c6d926287750c 100644 --- a/vars/tasks.groovy +++ b/vars/tasks.groovy @@ -164,6 +164,14 @@ def functionalXpack(Map params = [:]) { task(kibanaPipeline.functionalTestProcess('xpack-UptimePlaywright', './test/scripts/jenkins_uptime_playwright.sh')) } } + + whenChanged([ + 'x-pack/plugins/fleet/', + ]) { + if (githubPr.isPr()) { + task(kibanaPipeline.functionalTestProcess('xpack-FleetCypress', './test/scripts/jenkins_fleet_cypress.sh')) + } + } } } diff --git a/x-pack/plugins/fleet/.gitignore b/x-pack/plugins/fleet/.gitignore new file mode 100644 index 0000000000000..e69de29bb2d1d diff --git a/x-pack/plugins/fleet/cypress/README.md b/x-pack/plugins/fleet/cypress/README.md new file mode 100644 index 0000000000000..085ed7533e036 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/README.md @@ -0,0 +1,148 @@ +# Cypress Tests + +The `fleet/cypress` directory contains functional UI tests that execute using [Cypress](https://www.cypress.io/). + +## Running the tests + +There are currently three ways to run the tests, comprised of two execution modes and two target environments, which will be detailed below. + +### Execution modes + +#### Interactive mode + +When you run Cypress in interactive mode, an interactive runner is displayed that allows you to see commands as they execute while also viewing the application under test. For more information, please see [cypress documentation](https://docs.cypress.io/guides/core-concepts/test-runner.html#Overview). + +#### Headless mode + +A headless browser is a browser simulation program that does not have a user interface. These programs operate like any other browser, but do not display any UI. This is why meanwhile you are executing the tests on this mode you are not going to see the application under test. Just the output of the test is displayed on the terminal once the execution is finished. + +### Target environments + +#### FTR (CI) + +This is the configuration used by CI. It uses the FTR to spawn both a Kibana instance (http://localhost:5620) and an Elasticsearch instance (http://localhost:9220) with a preloaded minimum set of data (see preceding "Test data" section), and then executes cypress against this stack. You can find this configuration in `x-pack/test/fleet_cypress` + +### Test Execution: Examples + +#### FTR + Headless (Chrome) + +Since this is how tests are run on CI, this will likely be the configuration you want to reproduce failures locally, etc. + +```shell +# bootstrap kibana from the project root +yarn kbn bootstrap + +# build the plugins/assets that cypress will execute against +node scripts/build_kibana_platform_plugins + +# launch the cypress test runner +cd x-pack/plugins/fleet +yarn cypress:run-as-ci +``` +#### FTR + Interactive + +This is the preferred mode for developing new tests. + +```shell +# bootstrap kibana from the project root +yarn kbn bootstrap + +# build the plugins/assets that cypress will execute against +node scripts/build_kibana_platform_plugins + +# launch the cypress test runner +cd x-pack/plugins/fleet +yarn cypress:open-as-ci +``` + +Alternatively, kibana test server can be started separately, to pick up changes in UI (e.g. change in data-test-subj selector) + +``` +# launch kibana test server +node scripts/functional_tests_server --config x-pack/test/fleet_cypress/config.ts + +# launch cypress runner +node scripts/functional_test_runner --config x-pack/test/fleet_cypress/visual_config.ts +``` + +Note that you can select the browser you want to use on the top right side of the interactive runner. + +## Folder Structure + +### integration/ + +Cypress convention. Contains the specs that are going to be executed. + +### fixtures/ + +Cypress convention. Fixtures are used as external pieces of static data when we stub responses. + +### plugins/ + +Cypress convention. As a convenience, by default Cypress will automatically include the plugins file cypress/plugins/index.js before every single spec file it runs. + +### screens/ + +Contains the elements we want to interact with in our tests. + +Each file inside the screens folder represents a screen in our application. + +### tasks/ + +_Tasks_ are functions that may be reused across tests. + +Each file inside the tasks folder represents a screen of our application. + +## Test data + +The data the tests need: + +- Is generated on the fly using our application APIs (preferred way) +- Is ingested on the ELS instance using the `es_archive` utility + +### How to generate a new archive + +**Note:** As mentioned above, archives are only meant to contain external data, e.g. beats data. Due to the tendency for archived domain objects (rules, signals) to quickly become out of date, it is strongly suggested that you generate this data within the test, through interaction with either the UI or the API. + +We use es_archiver to manage the data that our Cypress tests need. + +1. Set up a clean instance of kibana and elasticsearch (if this is not possible, try to clean/minimize the data that you are going to archive). +2. With the kibana and elasticsearch instance up and running, create the data that you need for your test. +3. When you are sure that you have all the data you need run the following command from: `x-pack/plugins/fleet` + +```sh +node ../../../scripts/es_archiver save --dir ../../test/fleet_cypress/es_archives --config ../../../test/functional/config.js --es-url http://:@: +``` + +Example: + +```sh +node ../../../scripts/es_archiver save custom_rules ".kibana",".siem-signal*" --dir ../../test/fleet_cypress/es_archives --config ../../../test/functional/config.js --es-url http://elastic:changeme@localhost:9220 +``` + +Note that the command will create the folder if it does not exist. + +## Development Best Practices + +### Clean up the state + +Remember to clean up the state of the test after its execution, typically with the `cleanKibana` function. Be mindful of failure scenarios, as well: if your test fails, will it leave the environment in a recoverable state? + +### Minimize the use of es_archive + +When possible, create all the data that you need for executing the tests using the application APIS or the UI. + +### Speed up test execution time + +Loading the web page takes a big amount of time, in order to minimize that impact, the following points should be +taken into consideration until another solution is implemented: + +- Group the tests that are similar in different contexts. +- For every context login only once, clean the state between tests if needed without re-loading the page. +- All tests in a spec file must be order-independent. + +Remember that minimizing the number of times the web page is loaded, we minimize as well the execution time. + +## Linting + +Optional linting rules for Cypress and linting setup can be found [here](https://github.com/cypress-io/eslint-plugin-cypress#usage) diff --git a/x-pack/plugins/fleet/cypress/cypress.json b/x-pack/plugins/fleet/cypress/cypress.json new file mode 100644 index 0000000000000..158001b045561 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/cypress.json @@ -0,0 +1,19 @@ +{ + "baseUrl": "http://localhost:5620", + "defaultCommandTimeout": 60000, + "requestTimeout": 60000, + "responseTimetout": 60000, + "execTimeout": 120000, + "pageLoadTimeout": 120000, + "nodeVersion": "system", + "retries": { + "runMode": 2 + }, + "screenshotsFolder": "../../../target/kibana-fleet/cypress/screenshots", + "trashAssetsBeforeRuns": false, + "video": false, + "videosFolder": "../../../target/kibana-fleet/cypress/videos", + "viewportHeight": 900, + "viewportWidth": 1440, + "screenshotOnRunFailure": true +} diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policies.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policies.json new file mode 100644 index 0000000000000..ba1360e11a21d --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policies.json @@ -0,0 +1,978 @@ +{ + "items": [ + { + "id": "30e16140-2106-11ec-a289-25321523992d", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 4, + "updated_at": "2021-09-29T09:52:13.879Z", + "updated_by": "elastic", + "package_policies": [ + { + "id": "15785537-fdf2-4e38-bd49-ae0537bbe162", + "version": "WzU5NSwxXQ==", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "30e16140-2106-11ec-a289-25321523992d", + "output_id": "1ffdf460-2106-11ec-a289-25321523992d", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.application-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.security-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.system-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "tags": null + } + } + ], + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + } + } + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-15785537-fdf2-4e38-bd49-ae0537bbe162" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.filesystem-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-15785537-fdf2-4e38-bd49-ae0537bbe162", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-15785537-fdf2-4e38-bd49-ae0537bbe162" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-15785537-fdf2-4e38-bd49-ae0537bbe162" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-15785537-fdf2-4e38-bd49-ae0537bbe162" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2021-09-29T09:18:23.207Z", + "created_by": "system", + "updated_at": "2021-09-29T09:18:23.207Z", + "updated_by": "system" + }, + { + "id": "63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "version": "WzczOSwxXQ==", + "name": "apache-1", + "description": "", + "namespace": "default", + "policy_id": "30e16140-2106-11ec-a289-25321523992d", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "tags": [ + "apache-access" + ], + "exclude_files": [ + ".gz$" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "exclude_files": [ + ".gz$" + ], + "tags": [ + "apache-error" + ], + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "apache", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"access*\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=apache:error OR sourcetype=apache_error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "apache/metrics", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "apache.status" + }, + "vars": { + "period": { + "value": "30s", + "type": "text" + }, + "server_status_path": { + "value": "/server-status", + "type": "text" + } + }, + "id": "apache/metrics-apache.status-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "metricsets": [ + "status" + ], + "hosts": [ + "http://127.0.0.1" + ], + "period": "30s", + "server_status_path": "/server-status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "apache", + "title": "Apache", + "version": "1.1.0" + }, + "revision": 1, + "created_at": "2021-09-29T09:52:12.865Z", + "created_by": "elastic", + "updated_at": "2021-09-29T09:52:12.865Z", + "updated_by": "elastic" + } + ], + "agents": 1 + }, + { + "id": "30e16141-2106-11ec-a289-25321523992d", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default Fleet Server policy", + "description": "Default Fleet Server agent policy created by Kibana", + "is_default": false, + "is_default_fleet_server": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 1, + "updated_at": "2021-09-29T09:18:25.581Z", + "updated_by": "system", + "package_policies": [ + { + "id": "3f79c8a2-ed32-45d9-a7e7-b58852f4cb7d", + "version": "WzU5NywxXQ==", + "name": "fleet_server-1", + "namespace": "default", + "package": { + "name": "fleet_server", + "title": "Fleet Server", + "version": "1.0.1" + }, + "enabled": true, + "policy_id": "30e16141-2106-11ec-a289-25321523992d", + "output_id": "1ffdf460-2106-11ec-a289-25321523992d", + "inputs": [ + { + "type": "fleet-server", + "policy_template": "fleet_server", + "enabled": true, + "streams": [], + "vars": { + "host": { + "value": [ + "0.0.0.0" + ], + "type": "text" + }, + "port": { + "value": [ + 8220 + ], + "type": "integer" + }, + "max_connections": { + "type": "integer" + }, + "custom": { + "value": "", + "type": "yaml" + } + }, + "compiled_input": { + "server": { + "port": 8220, + "host": "0.0.0.0" + } + } + } + ], + "revision": 1, + "created_at": "2021-09-29T09:18:25.204Z", + "created_by": "system", + "updated_at": "2021-09-29T09:18:25.204Z", + "updated_by": "system" + } + ], + "agents": 0 + } + ], + "total": 2, + "page": 1, + "perPage": 20 +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policy.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policy.json new file mode 100644 index 0000000000000..aa6520f513acd --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/agent_policy.json @@ -0,0 +1,644 @@ +{ + "item": { + "id": "30e16140-2106-11ec-a289-25321523992d", + "namespace": "default", + "monitoring_enabled": [ + "logs", + "metrics" + ], + "name": "Default policy", + "description": "Default agent policy created by Kibana", + "is_default": true, + "is_preconfigured": true, + "status": "active", + "is_managed": false, + "revision": 1, + "updated_at": "2021-09-30T10:02:50.389Z", + "updated_by": "system", + "package_policies": [ + { + "id": "4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "version": "WzEyNjQsMV0=", + "name": "system-1", + "namespace": "default", + "package": { + "name": "system", + "title": "System", + "version": "1.4.0" + }, + "enabled": true, + "policy_id": "8f108d20-21d5-11ec-9dad-073c0cd6096b", + "output_id": "4f979e90-21d5-11ec-9dad-073c0cd6096b", + "inputs": [ + { + "type": "logfile", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.auth" + }, + "vars": { + "paths": { + "value": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "type": "text" + } + }, + "id": "logfile-system.auth-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "paths": [ + "/var/log/auth.log*", + "/var/log/secure*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.syslog" + }, + "vars": { + "paths": { + "value": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "type": "text" + } + }, + "id": "logfile-system.syslog-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "paths": [ + "/var/log/messages*", + "/var/log/syslog*" + ], + "exclude_files": [ + ".gz$" + ], + "multiline": { + "pattern": "^\\s", + "match": "after" + }, + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "winlog", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.application-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "name": "Application", + "condition": "${host.platform} == 'windows'", + "ignore_older": "72h", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.security-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "name": "Security", + "condition": "${host.platform} == 'windows'", + "tags": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "event_id": { + "type": "text" + }, + "processors": { + "type": "yaml" + }, + "tags": { + "value": [], + "type": "text" + } + }, + "id": "winlog-system.system-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "name": "System", + "condition": "${host.platform} == 'windows'", + "tags": null + } + } + ], + "vars": { + "preserve_original_event": { + "value": false, + "type": "bool" + } + } + }, + { + "type": "system/metrics", + "policy_template": "system", + "enabled": true, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "metrics", + "dataset": "system.core" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "core.metrics": { + "value": [ + "percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.core-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.cpu" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "cpu.metrics": { + "value": [ + "percentages", + "normalized_percentages" + ], + "type": "text" + } + }, + "id": "system/metrics-system.cpu-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "cpu" + ], + "cpu.metrics": [ + "percentages", + "normalized_percentages" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.diskio" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "diskio.include_devices": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.diskio-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "diskio" + ], + "diskio.include_devices": null, + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.filesystem" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.filesystem.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.filesystem-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "filesystem" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.filesystem.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.fsstat" + }, + "vars": { + "period": { + "value": "1m", + "type": "text" + }, + "processors": { + "value": "- drop_event.when.regexp:\n system.fsstat.mount_point: ^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)\n", + "type": "yaml" + } + }, + "id": "system/metrics-system.fsstat-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "fsstat" + ], + "period": "1m", + "processors": [ + { + "drop_event.when.regexp": { + "system.fsstat.mount_point": "^/(sys|cgroup|proc|dev|etc|host|lib|snap)($|/)" + } + } + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.load" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.load-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "load" + ], + "condition": "${host.platform} != 'windows'", + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.memory" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.memory-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "memory" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.network" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "network.interfaces": { + "value": [], + "type": "text" + } + }, + "id": "system/metrics-system.network-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "network" + ], + "period": "10s", + "network.interfaces": null + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + }, + "process.include_top_n.by_cpu": { + "value": 5, + "type": "integer" + }, + "process.include_top_n.by_memory": { + "value": 5, + "type": "integer" + }, + "process.cmdline.cache.enabled": { + "value": true, + "type": "bool" + }, + "process.cgroups.enabled": { + "value": false, + "type": "bool" + }, + "process.env.whitelist": { + "value": [], + "type": "text" + }, + "process.include_cpu_ticks": { + "value": false, + "type": "bool" + }, + "processes": { + "value": [ + ".*" + ], + "type": "text" + } + }, + "id": "system/metrics-system.process-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "process" + ], + "period": "10s", + "process.include_top_n.by_cpu": 5, + "process.include_top_n.by_memory": 5, + "process.cmdline.cache.enabled": true, + "process.cgroups.enabled": false, + "process.include_cpu_ticks": false, + "processes": [ + ".*" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.process.summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.process.summary-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "process_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.socket_summary" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.socket_summary-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "socket_summary" + ], + "period": "10s" + } + }, + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "system.uptime" + }, + "vars": { + "period": { + "value": "10s", + "type": "text" + } + }, + "id": "system/metrics-system.uptime-4243f6b9-6ce2-48ec-859a-b5df4baa7c11", + "compiled_stream": { + "metricsets": [ + "uptime" + ], + "period": "10s" + } + } + ], + "vars": { + "system.hostfs": { + "type": "text" + } + } + }, + { + "type": "httpjson", + "policy_template": "system", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.application" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Application\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.application-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.security" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:Security\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.security-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "system.system" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"XmlWinEventLog:System\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded" + ], + "type": "text" + } + }, + "id": "httpjson-system.system-4243f6b9-6ce2-48ec-859a-b5df4baa7c11" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + } + ], + "revision": 1, + "created_at": "2021-09-30T10:02:48.904Z", + "created_by": "system", + "updated_at": "2021-09-30T10:02:48.904Z", + "updated_by": "system" + } + ] + } +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/apache.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/apache.json new file mode 100644 index 0000000000000..3b78048fdd83f --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/apache.json @@ -0,0 +1,1059 @@ +{ + "response": { + "name": "apache", + "title": "Apache", + "version": "1.1.0", + "release": "ga", + "description": "This Elastic integration collects logs and metrics from Apache servers", + "type": "integration", + "download": "/epr/apache/apache-1.1.0.zip", + "path": "/package/apache/1.1.0", + "icons": [ + { + "src": "/img/logo_apache.svg", + "path": "/package/apache/1.1.0/img/logo_apache.svg", + "title": "Apache Logo", + "size": "32x32", + "type": "image/svg+xml" + } + ], + "format_version": "1.0.0", + "readme": "/package/apache/1.1.0/docs/README.md", + "license": "basic", + "categories": [ + "web" + ], + "conditions": { + "kibana.version": "^7.14.0" + }, + "screenshots": [ + { + "src": "/img/apache-metrics-overview.png", + "path": "/package/apache/1.1.0/img/apache-metrics-overview.png", + "title": "Apache metrics overview", + "size": "3360x3064", + "type": "image/png" + }, + { + "src": "/img/apache-logs-overview.png", + "path": "/package/apache/1.1.0/img/apache-logs-overview.png", + "title": "Apache logs overview", + "size": "3342x1384", + "type": "image/png" + } + ], + "assets": { + "kibana": { + "dashboard": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "dashboard", + "file": "apache-Logs-Apache-Dashboard.json", + "path": "apache-1.1.0/kibana/dashboard/apache-Logs-Apache-Dashboard.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "dashboard", + "file": "apache-Metrics-Apache-HTTPD-server-status.json", + "path": "apache-1.1.0/kibana/dashboard/apache-Metrics-Apache-HTTPD-server-status.json" + } + ], + "ml_module": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "ml_module", + "file": "apache-Logs-ml.json", + "path": "apache-1.1.0/kibana/ml_module/apache-Logs-ml.json" + } + ], + "search": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "search", + "file": "apache-HTTPD.json", + "path": "apache-1.1.0/kibana/search/apache-HTTPD.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "search", + "file": "apache-access-logs.json", + "path": "apache-1.1.0/kibana/search/apache-access-logs.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "search", + "file": "apache-errors-log.json", + "path": "apache-1.1.0/kibana/search/apache-errors-log.json" + } + ], + "visualization": [ + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-22057f20-3a12-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-22057f20-3a12-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-320cd980-3a36-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-320cd980-3a36-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-47820ce0-3a1d-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-47820ce0-3a1d-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-7724cf20-3a39-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-7724cf20-3a39-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-7d68f730-3a39-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-7d68f730-3a39-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-805d7bb0-3a10-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-805d7bb0-3a10-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-99666080-3a20-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-99666080-3a20-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-HTTPD-CPU.json", + "path": "apache-1.1.0/kibana/visualization/apache-HTTPD-CPU.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-HTTPD-Load1-slash-5-slash-15.json", + "path": "apache-1.1.0/kibana/visualization/apache-HTTPD-Load1-slash-5-slash-15.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-HTTPD-Scoreboard.json", + "path": "apache-1.1.0/kibana/visualization/apache-HTTPD-Scoreboard.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-a45311f0-3a34-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-a45311f0-3a34-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-access-unique-IPs-map.json", + "path": "apache-1.1.0/kibana/visualization/apache-access-unique-IPs-map.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-browsers.json", + "path": "apache-1.1.0/kibana/visualization/apache-browsers.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-ed44f820-3a10-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-ed44f820-3a10-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-error-logs-over-time.json", + "path": "apache-1.1.0/kibana/visualization/apache-error-logs-over-time.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-f4ffec70-3a36-11eb-8946-296aab7b13db.json", + "path": "apache-1.1.0/kibana/visualization/apache-f4ffec70-3a36-11eb-8946-296aab7b13db.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-operating-systems.json", + "path": "apache-1.1.0/kibana/visualization/apache-operating-systems.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-response-codes-of-top-URLs.json", + "path": "apache-1.1.0/kibana/visualization/apache-response-codes-of-top-URLs.json" + }, + { + "pkgkey": "apache-1.1.0", + "service": "kibana", + "type": "visualization", + "file": "apache-response-codes-over-time.json", + "path": "apache-1.1.0/kibana/visualization/apache-response-codes-over-time.json" + } + ] + }, + "elasticsearch": { + "ingest_pipeline": [ + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "default.yml", + "dataset": "access", + "path": "apache-1.1.0/data_stream/access/elasticsearch/ingest_pipeline/default.yml" + }, + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "third-party.yml", + "dataset": "access", + "path": "apache-1.1.0/data_stream/access/elasticsearch/ingest_pipeline/third-party.yml" + }, + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "default.yml", + "dataset": "error", + "path": "apache-1.1.0/data_stream/error/elasticsearch/ingest_pipeline/default.yml" + }, + { + "pkgkey": "apache-1.1.0", + "service": "elasticsearch", + "type": "ingest_pipeline", + "file": "third-party.yml", + "dataset": "error", + "path": "apache-1.1.0/data_stream/error/elasticsearch/ingest_pipeline/third-party.yml" + } + ] + } + }, + "policy_templates": [ + { + "name": "apache", + "title": "Apache logs and metrics", + "description": "Collect logs and metrics from Apache instances", + "inputs": [ + { + "type": "logfile", + "title": "Collect logs from Apache instances", + "description": "Collecting Apache access and error logs" + }, + { + "type": "httpjson", + "vars": [ + { + "name": "url", + "type": "text", + "title": "URL of Splunk Enterprise Server", + "description": "i.e. scheme://host:port, path is automatic", + "multi": false, + "required": true, + "show_user": true, + "default": "https://server.example.com:8089" + }, + { + "name": "username", + "type": "text", + "title": "Splunk REST API Username", + "multi": false, + "required": false, + "show_user": true + }, + { + "name": "password", + "type": "password", + "title": "Splunk REST API Password", + "multi": false, + "required": false, + "show_user": true + }, + { + "name": "token", + "type": "password", + "title": "Splunk Authorization Token", + "description": "Bearer Token or Session Key, e.g. \"Bearer eyJFd3e46...\"\nor \"Splunk 192fd3e...\". Cannot be used with username\nand password.\n", + "multi": false, + "required": false, + "show_user": true + }, + { + "name": "ssl", + "type": "yaml", + "title": "SSL Configuration", + "description": "i.e. certificate_authorities, supported_protocols, verification_mode etc.", + "multi": false, + "required": false, + "show_user": false, + "default": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n" + } + ], + "title": "Collect logs from third-party REST API (experimental)", + "description": "Collect logs from third-party REST API (experimental)" + }, + { + "type": "apache/metrics", + "vars": [ + { + "name": "hosts", + "type": "text", + "title": "Hosts", + "multi": true, + "required": true, + "show_user": true, + "default": [ + "http://127.0.0.1" + ] + } + ], + "title": "Collect metrics from Apache instances", + "description": "Collecting Apache status metrics" + } + ], + "multiple": true + } + ], + "data_streams": [ + { + "type": "logs", + "dataset": "apache.access", + "title": "Apache access logs", + "release": "experimental", + "ingest_pipeline": "default", + "streams": [ + { + "input": "logfile", + "vars": [ + { + "name": "paths", + "type": "text", + "title": "Paths", + "multi": true, + "required": true, + "show_user": true, + "default": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ] + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": true, + "show_user": false, + "default": [ + "apache-access" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "log.yml.hbs", + "title": "Apache access logs", + "description": "Collect Apache access logs", + "enabled": true + }, + { + "input": "httpjson", + "vars": [ + { + "name": "interval", + "type": "text", + "title": "Interval to query Splunk Enterprise REST API", + "description": "Go Duration syntax (eg. 10s)", + "multi": false, + "required": true, + "show_user": true, + "default": "10s" + }, + { + "name": "search", + "type": "text", + "title": "Splunk search string", + "multi": false, + "required": true, + "show_user": true, + "default": "search sourcetype=\"access*\"" + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": false, + "show_user": false, + "default": [ + "forwarded", + "apache-access" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "httpjson.yml.hbs", + "title": "Apache access logs via Splunk Enterprise REST API", + "description": "Collect apache access logs via Splunk Enterprise REST API", + "enabled": false + } + ], + "package": "apache", + "path": "access" + }, + { + "type": "logs", + "dataset": "apache.error", + "title": "Apache error logs", + "release": "experimental", + "ingest_pipeline": "default", + "streams": [ + { + "input": "logfile", + "vars": [ + { + "name": "paths", + "type": "text", + "title": "Paths", + "multi": true, + "required": true, + "show_user": true, + "default": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ] + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": true, + "show_user": false, + "default": [ + "apache-error" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "log.yml.hbs", + "title": "Apache error logs", + "description": "Collect Apache error logs", + "enabled": true + }, + { + "input": "httpjson", + "vars": [ + { + "name": "interval", + "type": "text", + "title": "Interval to query Splunk Enterprise REST API", + "description": "Go Duration syntax (eg. 10s)", + "multi": false, + "required": true, + "show_user": true, + "default": "10s" + }, + { + "name": "search", + "type": "text", + "title": "Splunk search string", + "multi": false, + "required": true, + "show_user": true, + "default": "search sourcetype=apache:error OR sourcetype=apache_error" + }, + { + "name": "tags", + "type": "text", + "title": "Tags", + "multi": true, + "required": false, + "show_user": false, + "default": [ + "forwarded", + "apache-error" + ] + }, + { + "name": "preserve_original_event", + "type": "bool", + "title": "Preserve original event", + "description": "Preserves a raw copy of the original event, added to the field `event.original`", + "multi": false, + "required": true, + "show_user": true, + "default": false + }, + { + "name": "processors", + "type": "yaml", + "title": "Processors", + "description": "Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.\n", + "multi": false, + "required": false, + "show_user": false + } + ], + "template_path": "httpjson.yml.hbs", + "title": "Apache error logs via Splunk Enterprise REST API", + "description": "Collect apache error logs via Splunk Enterprise REST API", + "enabled": false + } + ], + "package": "apache", + "path": "error" + }, + { + "type": "metrics", + "dataset": "apache.status", + "title": "Apache status metrics", + "release": "experimental", + "streams": [ + { + "input": "apache/metrics", + "vars": [ + { + "name": "period", + "type": "text", + "title": "Period", + "multi": false, + "required": true, + "show_user": true, + "default": "30s" + }, + { + "name": "server_status_path", + "type": "text", + "title": "Server Status Path", + "multi": false, + "required": true, + "show_user": false, + "default": "/server-status" + } + ], + "template_path": "stream.yml.hbs", + "title": "Apache status metrics", + "description": "Collect Apache status metrics", + "enabled": true + } + ], + "package": "apache", + "path": "status" + } + ], + "owner": { + "github": "elastic/integrations" + }, + "latestVersion": "1.1.0", + "removable": true, + "status": "installed", + "savedObject": { + "id": "apache", + "type": "epm-packages", + "namespaces": [], + "updated_at": "2021-09-30T10:47:12.961Z", + "version": "WzI1NjgsMV0=", + "attributes": { + "installed_kibana": [ + { + "id": "apache-Logs-Apache-Dashboard", + "type": "dashboard" + }, + { + "id": "apache-Metrics-Apache-HTTPD-server-status", + "type": "dashboard" + }, + { + "id": "apache-22057f20-3a12-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-320cd980-3a36-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-47820ce0-3a1d-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-7724cf20-3a39-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-7d68f730-3a39-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-805d7bb0-3a10-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-99666080-3a20-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-HTTPD-CPU", + "type": "visualization" + }, + { + "id": "apache-HTTPD-Load1-slash-5-slash-15", + "type": "visualization" + }, + { + "id": "apache-HTTPD-Scoreboard", + "type": "visualization" + }, + { + "id": "apache-a45311f0-3a34-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-access-unique-IPs-map", + "type": "visualization" + }, + { + "id": "apache-browsers", + "type": "visualization" + }, + { + "id": "apache-ed44f820-3a10-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-error-logs-over-time", + "type": "visualization" + }, + { + "id": "apache-f4ffec70-3a36-11eb-8946-296aab7b13db", + "type": "visualization" + }, + { + "id": "apache-operating-systems", + "type": "visualization" + }, + { + "id": "apache-response-codes-of-top-URLs", + "type": "visualization" + }, + { + "id": "apache-response-codes-over-time", + "type": "visualization" + }, + { + "id": "apache-HTTPD", + "type": "search" + }, + { + "id": "apache-access-logs", + "type": "search" + }, + { + "id": "apache-errors-log", + "type": "search" + }, + { + "id": "apache-Logs-ml", + "type": "ml-module" + } + ], + "installed_es": [ + { + "id": "logs-apache.access-1.1.0", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.access-1.1.0-third-party", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.error-1.1.0", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.error-1.1.0-third-party", + "type": "ingest_pipeline" + }, + { + "id": "logs-apache.access", + "type": "index_template" + }, + { + "id": "logs-apache.access@settings", + "type": "component_template" + }, + { + "id": "logs-apache.access@custom", + "type": "component_template" + }, + { + "id": "logs-apache.error", + "type": "index_template" + }, + { + "id": "logs-apache.error@settings", + "type": "component_template" + }, + { + "id": "logs-apache.error@custom", + "type": "component_template" + }, + { + "id": "metrics-apache.status", + "type": "index_template" + }, + { + "id": "metrics-apache.status@settings", + "type": "component_template" + }, + { + "id": "metrics-apache.status@custom", + "type": "component_template" + } + ], + "package_assets": [ + { + "id": "c99057a8-c51a-5795-9e00-b4b09237f780", + "type": "epm-packages-assets" + }, + { + "id": "1388d2c7-254a-5cd4-882d-89b3e8b681cd", + "type": "epm-packages-assets" + }, + { + "id": "c3068bcb-5a74-5044-91f6-c8e99eefb003", + "type": "epm-packages-assets" + }, + { + "id": "4cea5f13-0ec6-5ecc-9012-f2dba2c86fab", + "type": "epm-packages-assets" + }, + { + "id": "6f27b654-fc39-502b-bdda-83ed13e775c1", + "type": "epm-packages-assets" + }, + { + "id": "baa6d518-fa85-530f-9cdc-b0f2207599f8", + "type": "epm-packages-assets" + }, + { + "id": "ea0cfbd9-8173-5429-a83b-6168b2cd4f27", + "type": "epm-packages-assets" + }, + { + "id": "3745632e-1306-5ac6-84ee-0fceae577988", + "type": "epm-packages-assets" + }, + { + "id": "079a3007-eec5-504e-a993-8c489ccc992c", + "type": "epm-packages-assets" + }, + { + "id": "625ba117-a66d-5eba-9172-201e4f03fbf0", + "type": "epm-packages-assets" + }, + { + "id": "f0dd03dd-3dee-51da-881b-425e76966139", + "type": "epm-packages-assets" + }, + { + "id": "c356fb2c-395b-595e-bdf4-51c5750d6efe", + "type": "epm-packages-assets" + }, + { + "id": "861a6d88-8e80-5282-8cc4-b74b13da22f8", + "type": "epm-packages-assets" + }, + { + "id": "49186533-1536-5d2d-a45a-b51a4db1eeca", + "type": "epm-packages-assets" + }, + { + "id": "533a5c29-648c-593c-9444-df3d03c4aae0", + "type": "epm-packages-assets" + }, + { + "id": "9d34d784-f5a7-5213-a711-37bf2af21da5", + "type": "epm-packages-assets" + }, + { + "id": "4d5fa019-7503-5a89-95af-a03227622ecd", + "type": "epm-packages-assets" + }, + { + "id": "edc0c10d-f7f4-5523-8dac-ce9c64aff44d", + "type": "epm-packages-assets" + }, + { + "id": "5792421c-b31c-59a3-891c-1566bc85447b", + "type": "epm-packages-assets" + }, + { + "id": "7a72f59a-27a6-5514-9489-1258de496199", + "type": "epm-packages-assets" + }, + { + "id": "69dffce3-96d1-5c71-b4ae-41b6d61fdd4a", + "type": "epm-packages-assets" + }, + { + "id": "0b971e05-221e-5430-87e6-fbebbc8d4a23", + "type": "epm-packages-assets" + }, + { + "id": "5d7fb7e1-e775-5832-95a7-074d692fb176", + "type": "epm-packages-assets" + }, + { + "id": "4a50c74b-e4ce-511c-badd-54997537b6b8", + "type": "epm-packages-assets" + }, + { + "id": "54e21b74-9ea5-537f-8cce-673b10b8ac39", + "type": "epm-packages-assets" + }, + { + "id": "c9fd9a64-722c-59f7-a686-4d92d4395be0", + "type": "epm-packages-assets" + }, + { + "id": "5a53ca55-23ec-59bc-8d04-be12f1776358", + "type": "epm-packages-assets" + }, + { + "id": "b2652216-a523-5183-8eaa-c26f9ba4bbee", + "type": "epm-packages-assets" + }, + { + "id": "97f717d7-78d6-5b8c-acde-edf80aa27201", + "type": "epm-packages-assets" + }, + { + "id": "6b27939a-1f2a-536d-8d84-560ed372d21a", + "type": "epm-packages-assets" + }, + { + "id": "7d68617a-88b0-5d34-8a98-8f51d3c49568", + "type": "epm-packages-assets" + }, + { + "id": "8e212777-acac-5068-acbb-143e0cbfb3eb", + "type": "epm-packages-assets" + }, + { + "id": "436ed6b2-aa68-55d4-912a-346e14903d7b", + "type": "epm-packages-assets" + }, + { + "id": "5169ccd9-75f9-5d84-8116-2f2bac0dd93f", + "type": "epm-packages-assets" + }, + { + "id": "a36f82fe-4aa0-508f-92e4-e33d779c1ed2", + "type": "epm-packages-assets" + }, + { + "id": "96d9ae25-0ee7-59aa-b8a0-4fbb929cce4a", + "type": "epm-packages-assets" + }, + { + "id": "05e1449f-3723-5d3c-a76f-5e307d88c35b", + "type": "epm-packages-assets" + }, + { + "id": "a0e8abee-4777-5a7f-bb9a-c2c60d49d060", + "type": "epm-packages-assets" + }, + { + "id": "4c77c830-b4e2-5c77-a3dd-941249799ce7", + "type": "epm-packages-assets" + }, + { + "id": "e082c4c2-3215-5fb0-a485-b261a774314e", + "type": "epm-packages-assets" + }, + { + "id": "1f4467ca-6aa9-5fcb-a346-f334e018db3f", + "type": "epm-packages-assets" + }, + { + "id": "fc831e85-d43f-5402-8780-c9fb3b040b34", + "type": "epm-packages-assets" + }, + { + "id": "208cc640-7cb1-5dd0-902e-47d82fe273af", + "type": "epm-packages-assets" + }, + { + "id": "65e211ff-9497-5882-88cc-ebfd79578cff", + "type": "epm-packages-assets" + }, + { + "id": "a6ea40cc-bb98-5039-8d52-151ac69cbfb5", + "type": "epm-packages-assets" + }, + { + "id": "d9e1d1e6-1c31-5164-8805-b8b2249bd8b5", + "type": "epm-packages-assets" + }, + { + "id": "aa843dec-f345-5c94-99e3-8bd2bffb9b4e", + "type": "epm-packages-assets" + }, + { + "id": "2b019917-8d4c-5da9-80b2-5005524a1290", + "type": "epm-packages-assets" + }, + { + "id": "617effde-ae31-5f48-928a-acdf7b6bc0bb", + "type": "epm-packages-assets" + }, + { + "id": "10245259-aff6-5cc9-b60b-9d88a230894e", + "type": "epm-packages-assets" + }, + { + "id": "753a2e77-13fe-5aa8-94a7-08e9357e64f0", + "type": "epm-packages-assets" + }, + { + "id": "4132f76c-78bc-5d70-a7cd-421910242f96", + "type": "epm-packages-assets" + }, + { + "id": "74230ee0-f671-57fc-bf3a-1c1be03acf22", + "type": "epm-packages-assets" + }, + { + "id": "a2465b23-c15e-56f9-acad-e2d5387cae48", + "type": "epm-packages-assets" + }, + { + "id": "94586e3f-78a0-5cf8-b4c2-923f4516153a", + "type": "epm-packages-assets" + }, + { + "id": "7b356571-eb79-541c-ba99-e6fdebf74e98", + "type": "epm-packages-assets" + }, + { + "id": "babd82eb-7317-58c0-a5fc-4d14ca1f2d17", + "type": "epm-packages-assets" + }, + { + "id": "aa68dd98-4844-5162-b96f-e6b5eae5f987", + "type": "epm-packages-assets" + } + ], + "es_index_patterns": { + "access": "logs-apache.access-*", + "error": "logs-apache.error-*", + "status": "metrics-apache.status-*" + }, + "name": "apache", + "version": "1.1.0", + "internal": false, + "removable": true, + "install_version": "1.1.0", + "install_status": "installed", + "install_started_at": "2021-09-30T10:46:58.713Z", + "install_source": "registry" + }, + "references": [], + "migrationVersion": { + "epm-packages": "7.14.1" + }, + "coreMigrationVersion": "8.0.0" + } + } +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/create_integration_response.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/create_integration_response.json new file mode 100644 index 0000000000000..6820aadd01fb1 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/create_integration_response.json @@ -0,0 +1,255 @@ +{ + "item": { + "id": "1", + "version": "WzI4NDAsMV0=", + "name": "apache-1", + "description": "", + "namespace": "default", + "policy_id": "9ced27e0-20ff-11ec-b353-dd9d66c6f483", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.access-1c588150-010b-448a-b2b8-820d1b33811e", + "compiled_stream": { + "paths": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "tags": [ + "apache-access" + ], + "exclude_files": [ + ".gz$" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.error-1c588150-010b-448a-b2b8-820d1b33811e", + "compiled_stream": { + "paths": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "exclude_files": [ + ".gz$" + ], + "tags": [ + "apache-error" + ], + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "apache", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"access*\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.access-1c588150-010b-448a-b2b8-820d1b33811e" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=apache:error OR sourcetype=apache_error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.error-1c588150-010b-448a-b2b8-820d1b33811e" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "apache/metrics", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "apache.status" + }, + "vars": { + "period": { + "value": "30s", + "type": "text" + }, + "server_status_path": { + "value": "/server-status", + "type": "text" + } + }, + "id": "apache/metrics-apache.status-1c588150-010b-448a-b2b8-820d1b33811e", + "compiled_stream": { + "metricsets": [ + "status" + ], + "hosts": [ + "http://127.0.0.1" + ], + "period": "30s", + "server_status_path": "/server-status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "apache", + "title": "Apache", + "version": "1.1.0" + }, + "revision": 1, + "created_at": "2021-09-29T09:12:55.869Z", + "created_by": "elastic", + "updated_at": "2021-09-29T09:12:55.869Z", + "updated_by": "elastic" + } +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/fixtures/integrations/list.json b/x-pack/plugins/fleet/cypress/fixtures/integrations/list.json new file mode 100644 index 0000000000000..73c3ff54c5d95 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/fixtures/integrations/list.json @@ -0,0 +1,260 @@ +{ + "items": [ + { + "id": "1", + "version": "WzczOSwxXQ==", + "name": "apache-1", + "description": "", + "namespace": "default", + "policy_id": "30e16140-2106-11ec-a289-25321523992d", + "enabled": true, + "output_id": "", + "inputs": [ + { + "type": "logfile", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/access.log*", + "/var/log/apache2/other_vhosts_access.log*", + "/var/log/httpd/access_log*" + ], + "tags": [ + "apache-access" + ], + "exclude_files": [ + ".gz$" + ] + } + }, + { + "enabled": true, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "paths": { + "value": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "type": "text" + }, + "tags": { + "value": [ + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "logfile-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "paths": [ + "/var/log/apache2/error.log*", + "/var/log/httpd/error_log*" + ], + "exclude_files": [ + ".gz$" + ], + "tags": [ + "apache-error" + ], + "processors": [ + { + "add_locale": null + } + ] + } + } + ] + }, + { + "type": "httpjson", + "policy_template": "apache", + "enabled": false, + "streams": [ + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.access" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=\"access*\"", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-access" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.access-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + }, + { + "enabled": false, + "data_stream": { + "type": "logs", + "dataset": "apache.error" + }, + "vars": { + "interval": { + "value": "10s", + "type": "text" + }, + "search": { + "value": "search sourcetype=apache:error OR sourcetype=apache_error", + "type": "text" + }, + "tags": { + "value": [ + "forwarded", + "apache-error" + ], + "type": "text" + }, + "preserve_original_event": { + "value": false, + "type": "bool" + }, + "processors": { + "type": "yaml" + } + }, + "id": "httpjson-apache.error-63172a6b-4f00-4376-b5e6-fe9b3f00fc79" + } + ], + "vars": { + "url": { + "value": "https://server.example.com:8089", + "type": "text" + }, + "username": { + "type": "text" + }, + "password": { + "type": "password" + }, + "token": { + "type": "password" + }, + "ssl": { + "value": "#certificate_authorities:\n# - |\n# -----BEGIN CERTIFICATE-----\n# MIIDCjCCAfKgAwIBAgITJ706Mu2wJlKckpIvkWxEHvEyijANBgkqhkiG9w0BAQsF\n# ADAUMRIwEAYDVQQDDAlsb2NhbGhvc3QwIBcNMTkwNzIyMTkyOTA0WhgPMjExOTA2\n# MjgxOTI5MDRaMBQxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEB\n# BQADggEPADCCAQoCggEBANce58Y/JykI58iyOXpxGfw0/gMvF0hUQAcUrSMxEO6n\n# fZRA49b4OV4SwWmA3395uL2eB2NB8y8qdQ9muXUdPBWE4l9rMZ6gmfu90N5B5uEl\n# 94NcfBfYOKi1fJQ9i7WKhTjlRkMCgBkWPkUokvBZFRt8RtF7zI77BSEorHGQCk9t\n# /D7BS0GJyfVEhftbWcFEAG3VRcoMhF7kUzYwp+qESoriFRYLeDWv68ZOvG7eoWnP\n# PsvZStEVEimjvK5NSESEQa9xWyJOmlOKXhkdymtcUd/nXnx6UTCFgnkgzSdTWV41\n# CI6B6aJ9svCTI2QuoIq2HxX/ix7OvW1huVmcyHVxyUECAwEAAaNTMFEwHQYDVR0O\n# BBYEFPwN1OceFGm9v6ux8G+DZ3TUDYxqMB8GA1UdIwQYMBaAFPwN1OceFGm9v6ux\n# 8G+DZ3TUDYxqMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAG5D\n# 874A4YI7YUwOVsVAdbWtgp1d0zKcPRR+r2OdSbTAV5/gcS3jgBJ3i1BN34JuDVFw\n# 3DeJSYT3nxy2Y56lLnxDeF8CUTUtVQx3CuGkRg1ouGAHpO/6OqOhwLLorEmxi7tA\n# H2O8mtT0poX5AnOAhzVy7QW0D/k4WaoLyckM5hUa6RtvgvLxOwA0U+VGurCDoctu\n# 8F4QOgTAWyh8EZIwaKCliFRSynDpv3JTUwtfZkxo6K6nce1RhCWFAsMvDZL8Dgc0\n# yvgJ38BRsFOtkRuAGSf6ZUwTO8JJRRIFnpUzXflAnGivK9M13D5GEQMmIl6U9Pvk\n# sxSmbIUfc2SGJGCJD4I=\n# -----END CERTIFICATE-----\n", + "type": "yaml" + } + } + }, + { + "type": "apache/metrics", + "policy_template": "apache", + "enabled": true, + "streams": [ + { + "enabled": true, + "data_stream": { + "type": "metrics", + "dataset": "apache.status" + }, + "vars": { + "period": { + "value": "30s", + "type": "text" + }, + "server_status_path": { + "value": "/server-status", + "type": "text" + } + }, + "id": "apache/metrics-apache.status-63172a6b-4f00-4376-b5e6-fe9b3f00fc79", + "compiled_stream": { + "metricsets": [ + "status" + ], + "hosts": [ + "http://127.0.0.1" + ], + "period": "30s", + "server_status_path": "/server-status" + } + } + ], + "vars": { + "hosts": { + "value": [ + "http://127.0.0.1" + ], + "type": "text" + } + } + } + ], + "package": { + "name": "apache", + "title": "Apache", + "version": "1.1.0" + }, + "revision": 1, + "created_at": "2021-09-29T09:52:12.865Z", + "created_by": "elastic", + "updated_at": "2021-09-29T09:52:12.865Z", + "updated_by": "elastic" + } + ], + "total": 1, + "page": 1, + "perPage": 20 +} \ No newline at end of file diff --git a/x-pack/plugins/fleet/cypress/integration/fleet_startup.spec.ts b/x-pack/plugins/fleet/cypress/integration/fleet_startup.spec.ts new file mode 100644 index 0000000000000..804fe56510c1d --- /dev/null +++ b/x-pack/plugins/fleet/cypress/integration/fleet_startup.spec.ts @@ -0,0 +1,33 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ADD_AGENT_BUTTON, AGENT_POLICIES_TAB, ENROLLMENT_TOKENS_TAB } from '../screens/fleet'; +import { FLEET, navigateTo } from '../tasks/navigation'; + +describe('Fleet startup', () => { + before(() => { + navigateTo(FLEET); + }); + + it('should display Add agent button and Healthy agent once Fleet Agent page loaded', () => { + cy.getBySel(ADD_AGENT_BUTTON).contains('Add agent'); + cy.get('.euiBadge').contains('Healthy'); + }); + + it('should display default agent policies on agent policies tab', () => { + cy.getBySel(AGENT_POLICIES_TAB).click(); + cy.get('.euiLink').contains('Default policy'); + cy.get('.euiLink').contains('Default Fleet Server policy'); + }); + + it('should display default tokens on enrollment tokens tab', () => { + cy.getBySel(ENROLLMENT_TOKENS_TAB).click(); + cy.get('.euiTableRow').should('have.length', 2); + cy.get('.euiTableRowCell').contains('Default policy'); + cy.get('.euiTableRowCell').contains('Default Fleet Server policy'); + }); +}); diff --git a/x-pack/plugins/fleet/cypress/integration/integrations.spec.ts b/x-pack/plugins/fleet/cypress/integration/integrations.spec.ts new file mode 100644 index 0000000000000..88769ece39f2f --- /dev/null +++ b/x-pack/plugins/fleet/cypress/integration/integrations.spec.ts @@ -0,0 +1,96 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { INTEGRATIONS, navigateTo } from '../tasks/navigation'; +import { + addIntegration, + installPackageWithVersion, + deleteIntegrations, + clickIfVisible, +} from '../tasks/integrations'; +import { + CONFIRM_MODAL_BTN, + FLYOUT_CLOSE_BTN_SEL, + INTEGRATIONS_CARD, + INTEGRATION_NAME_LINK, + LATEST_VERSION, + PACKAGE_VERSION, + POLICIES_TAB, + SETTINGS_TAB, + UPDATE_PACKAGE_BTN, +} from '../screens/integrations'; + +describe('Add Integration', () => { + const integration = 'Apache'; + + describe('Real API', () => { + afterEach(() => { + deleteIntegrations(integration); + }); + it('should display Apache integration in the Policies list once installed ', () => { + addAndVerifyIntegration(); + }); + + it('should upgrade policies with integration update', () => { + const oldVersion = '0.3.3'; + installPackageWithVersion('apache', oldVersion); + navigateTo(`app/integrations/detail/apache-${oldVersion}/policies`); + + addIntegration(); + + cy.getBySel(INTEGRATION_NAME_LINK).contains('apache-'); + cy.getBySel(PACKAGE_VERSION).contains(oldVersion); + + clickIfVisible(FLYOUT_CLOSE_BTN_SEL); + + cy.getBySel(SETTINGS_TAB).click(); + cy.getBySel(UPDATE_PACKAGE_BTN).click(); + cy.getBySel(CONFIRM_MODAL_BTN).click(); + + cy.getBySel(LATEST_VERSION).then(($title) => { + const newVersion = $title.text(); + cy.get('#upgradePoliciesCheckbox').should('not.exist'); + cy.getBySel(POLICIES_TAB).click(); + cy.getBySel(PACKAGE_VERSION).contains(oldVersion).should('not.exist'); + cy.getBySel(PACKAGE_VERSION).contains(newVersion); + }); + }); + }); + + function addAndVerifyIntegration() { + cy.intercept('GET', '/api/fleet/epm/packages?*').as('packages'); + navigateTo(INTEGRATIONS); + cy.wait('@packages'); + cy.get('.euiLoadingSpinner').should('not.exist'); + cy.get('input[placeholder="Search for integrations"]').type('Apache'); + cy.get(INTEGRATIONS_CARD).contains(integration).click(); + addIntegration(); + cy.getBySel(INTEGRATION_NAME_LINK).contains('apache-'); + } + + it.skip('[Mocked requests] should display Apache integration in the Policies list once installed ', () => { + cy.intercept('POST', '/api/fleet/package_policies', { + fixture: 'integrations/create_integration_response.json', + }); + cy.intercept( + 'GET', + '/api/fleet/package_policies?page=1&perPage=20&kuery=ingest-package-policies.package.name%3A%20apache', + { fixture: 'integrations/list.json' } + ); + cy.intercept('GET', '/api/fleet/agent_policies?*', { + fixture: 'integrations/agent_policies.json', + }); + cy.intercept('GET', '/api/fleet/agent_policies/30e16140-2106-11ec-a289-25321523992d', { + fixture: 'integrations/agent_policy.json', + }); + // TODO fixture includes 1 package policy, should be empty initially + cy.intercept('GET', '/api/fleet/epm/packages/apache-1.1.0', { + fixture: 'integrations/apache.json', + }); + addAndVerifyIntegration(); + }); +}); diff --git a/x-pack/plugins/fleet/cypress/plugins/index.ts b/x-pack/plugins/fleet/cypress/plugins/index.ts new file mode 100644 index 0000000000000..a30fd07912cf8 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/plugins/index.ts @@ -0,0 +1,28 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// / +// *********************************************************** +// This example plugins/index.js can be used to load plugins +// +// You can change the location of this file or turn off loading +// the plugins file with the 'pluginsFile' configuration option. +// +// You can read more here: +// https://on.cypress.io/plugins-guide +// *********************************************************** + +// This function is called when a project is opened or re-opened (e.g. due to +// the project's config changing) + +/** + * @type {Cypress.PluginConfig} + */ +module.exports = (_on: any, _config: any) => { + // `on` is used to hook into various events Cypress emits + // `config` is the resolved Cypress config +}; diff --git a/x-pack/plugins/fleet/cypress/screens/fleet.ts b/x-pack/plugins/fleet/cypress/screens/fleet.ts new file mode 100644 index 0000000000000..6be51e5ed24bc --- /dev/null +++ b/x-pack/plugins/fleet/cypress/screens/fleet.ts @@ -0,0 +1,11 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const ADD_AGENT_BUTTON = 'addAgentButton'; + +export const AGENT_POLICIES_TAB = 'fleet-agent-policies-tab'; +export const ENROLLMENT_TOKENS_TAB = 'fleet-enrollment-tokens-tab'; diff --git a/x-pack/plugins/fleet/cypress/screens/integrations.ts b/x-pack/plugins/fleet/cypress/screens/integrations.ts new file mode 100644 index 0000000000000..d42fb904b3224 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/screens/integrations.ts @@ -0,0 +1,25 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const ADD_POLICY_BTN = 'addIntegrationPolicyButton'; +export const CREATE_PACKAGE_POLICY_SAVE_BTN = 'createPackagePolicySaveButton'; +export const INTEGRATIONS_CARD = '.euiCard__titleAnchor'; + +export const INTEGRATION_NAME_LINK = 'integrationNameLink'; + +export const CONFIRM_MODAL_BTN = 'confirmModalConfirmButton'; +export const CONFIRM_MODAL_BTN_SEL = `[data-test-subj=${CONFIRM_MODAL_BTN}]`; + +export const FLYOUT_CLOSE_BTN_SEL = '[data-test-subj="euiFlyoutCloseButton"]'; + +export const SETTINGS_TAB = 'tab-settings'; +export const POLICIES_TAB = 'tab-policies'; + +export const UPDATE_PACKAGE_BTN = 'updatePackageBtn'; +export const LATEST_VERSION = 'latestVersion'; + +export const PACKAGE_VERSION = 'packageVersionText'; diff --git a/x-pack/plugins/fleet/cypress/screens/navigation.ts b/x-pack/plugins/fleet/cypress/screens/navigation.ts new file mode 100644 index 0000000000000..fee38161b6b2b --- /dev/null +++ b/x-pack/plugins/fleet/cypress/screens/navigation.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export const TOGGLE_NAVIGATION_BTN = '[data-test-subj="toggleNavButton"]'; diff --git a/x-pack/plugins/fleet/cypress/support/commands.ts b/x-pack/plugins/fleet/cypress/support/commands.ts new file mode 100644 index 0000000000000..54cc44f0057f3 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/support/commands.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// *********************************************** +// This example commands.js shows you how to +// create various custom commands and overwrite +// existing commands. +// +// For more comprehensive examples of custom +// commands please read more here: +// https://on.cypress.io/custom-commands +// *********************************************** +// diff --git a/x-pack/plugins/fleet/cypress/support/index.ts b/x-pack/plugins/fleet/cypress/support/index.ts new file mode 100644 index 0000000000000..f074e424d93c3 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/support/index.ts @@ -0,0 +1,47 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +// / + +// *********************************************************** +// This example support/index.js is processed and +// loaded automatically before your test files. +// +// This is a great place to put global configuration and +// behavior that modifies Cypress. +// +// You can change the location of this file or turn off +// automatically serving support files with the +// 'supportFile' configuration option. +// +// You can read more here: +// https://on.cypress.io/configuration +// *********************************************************** + +// Import commands.js using ES2015 syntax: +import './commands'; + +declare global { + // eslint-disable-next-line @typescript-eslint/no-namespace + namespace Cypress { + interface Chainable { + getBySel(value: string): Chainable; + } + } +} + +function getBySel(selector: string, ...args: any[]) { + return cy.get(`[data-test-subj=${selector}]`, ...args); +} + +Cypress.Commands.add('getBySel', getBySel); + +// Alternatively you can use CommonJS syntax: +// require('./commands') +Cypress.on('uncaught:exception', () => { + return false; +}); diff --git a/x-pack/plugins/fleet/cypress/tasks/integrations.ts b/x-pack/plugins/fleet/cypress/tasks/integrations.ts new file mode 100644 index 0000000000000..f1c891fa1186c --- /dev/null +++ b/x-pack/plugins/fleet/cypress/tasks/integrations.ts @@ -0,0 +1,58 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { + ADD_POLICY_BTN, + CONFIRM_MODAL_BTN, + CREATE_PACKAGE_POLICY_SAVE_BTN, + FLYOUT_CLOSE_BTN_SEL, + INTEGRATION_NAME_LINK, +} from '../screens/integrations'; + +export const addIntegration = () => { + cy.getBySel(ADD_POLICY_BTN).click(); + cy.getBySel(CREATE_PACKAGE_POLICY_SAVE_BTN).click(); + // sometimes agent is assigned to default policy, sometimes not + cy.getBySel(CONFIRM_MODAL_BTN).click(); + + cy.getBySel(CREATE_PACKAGE_POLICY_SAVE_BTN).should('not.exist'); + clickIfVisible(FLYOUT_CLOSE_BTN_SEL); +}; + +export function clickIfVisible(selector: string) { + cy.get('body').then(($body) => { + if ($body.find(selector).length) { + cy.get(selector).click(); + } + }); +} + +export const deleteIntegrations = async (integration: string) => { + const ids: string[] = []; + cy.getBySel(INTEGRATION_NAME_LINK) + .each(($a) => { + const href = $a.attr('href') as string; + ids.push(href.substr(href.lastIndexOf('/') + 1)); + }) + .then(() => { + cy.request({ + url: `/api/fleet/package_policies/delete`, + headers: { 'kbn-xsrf': 'cypress' }, + body: `{ "packagePolicyIds": ${JSON.stringify(ids)} }`, + method: 'POST', + }); + }); +}; + +export const installPackageWithVersion = (integration: string, version: string) => { + cy.request({ + url: `/api/fleet/epm/packages/${integration}-${version}`, + headers: { 'kbn-xsrf': 'cypress' }, + body: '{ "force": true }', + method: 'POST', + }); +}; diff --git a/x-pack/plugins/fleet/cypress/tasks/navigation.ts b/x-pack/plugins/fleet/cypress/tasks/navigation.ts new file mode 100644 index 0000000000000..a2dd131b647a6 --- /dev/null +++ b/x-pack/plugins/fleet/cypress/tasks/navigation.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { TOGGLE_NAVIGATION_BTN } from '../screens/navigation'; + +export const INTEGRATIONS = 'app/integrations#/'; +export const FLEET = 'app/fleet/'; + +export const navigateTo = (page: string) => { + cy.visit(page); +}; + +export const openNavigationFlyout = () => { + cy.get(TOGGLE_NAVIGATION_BTN).click(); +}; diff --git a/x-pack/plugins/fleet/cypress/tsconfig.json b/x-pack/plugins/fleet/cypress/tsconfig.json new file mode 100644 index 0000000000000..1adb067fe682e --- /dev/null +++ b/x-pack/plugins/fleet/cypress/tsconfig.json @@ -0,0 +1,17 @@ +{ + "extends": "../../../../tsconfig.base.json", + "include": [ + "**/*" + ], + "exclude": [ + "target/**/*" + ], + "compilerOptions": { + "outDir": "target/types", + "types": [ + "cypress", + "node" + ], + "resolveJsonModule": true, + }, + } diff --git a/x-pack/plugins/fleet/package.json b/x-pack/plugins/fleet/package.json index e374dabb82458..ef15c2fc6bb66 100644 --- a/x-pack/plugins/fleet/package.json +++ b/x-pack/plugins/fleet/package.json @@ -3,5 +3,11 @@ "name": "fleet", "version": "8.0.0", "private": true, - "license": "Elastic-License" + "license": "Elastic-License", + "scripts": { + "cypress:open": "../../../node_modules/.bin/cypress open --config-file ./cypress/cypress.json", + "cypress:open-as-ci": "node ../../../scripts/functional_tests --config ../../test/fleet_cypress/visual_config.ts", + "cypress:run": "../../../node_modules/.bin/cypress run --config-file ./cypress/cypress.json", + "cypress:run-as-ci": "node ../../../scripts/functional_tests --config ../../test/fleet_cypress/cli_config.ts" + } } diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx index d6a6210bc8673..5fa60eb72b2e5 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agents/agent_list_page/components/search_and_filter_bar.tsx @@ -224,6 +224,7 @@ export const SearchAndFilterBar: React.FunctionComponent<{ fill iconType="plusInCircle" onClick={() => setIsEnrollmentFlyoutOpen(true)} + data-test-subj="addAgentButton" > diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx index 69487454dcb94..425781e81483d 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/policies/package_policies.tsx @@ -226,7 +226,7 @@ export const PackagePoliciesPage = ({ name, version }: PackagePoliciesPanelProps return ( - + = memo(({ packageInfo }: Props) => { /> - + {installedVersion} @@ -262,7 +262,7 @@ export const SettingsPage: React.FC = memo(({ packageInfo }: Props) => { /> - + {latestVersion} diff --git a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx index b5a8394fa2cb2..48d4ef5d846d4 100644 --- a/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx +++ b/x-pack/plugins/fleet/public/applications/integrations/sections/epm/screens/detail/settings/update_button.tsx @@ -289,6 +289,7 @@ export const UpdateButton: React.FunctionComponent = ({ onClick={ upgradePackagePolicies ? () => setIsUpdateModalVisible(true) : handleClickUpdate } + data-test-subj="updatePackageBtn" > setTimeout(r, 5000)); + const { data: agents } = await axios.get( + `${this.params.kibanaUrl}/api/fleet/agents`, + this.requestOptions + ); + done = agents.list[0]?.status === 'online'; + if (++retries > 12) { + this.log.error('Giving up on enrolling the agent after a minute'); + throw new Error('Agent timed out while coming online'); + } + } + + return { policyId: policy.policy_id as string }; + } + + protected _cleanup() { + this.log.info('Cleaning up the agent process'); + if (this.agentProcess) { + if (!this.agentProcess.kill(9)) { + this.log.warning('Unable to kill agent process'); + } + + this.agentProcess.on('close', () => { + this.log.info('Agent process closed'); + }); + delete this.agentProcess; + } + return; + } +} diff --git a/x-pack/test/fleet_cypress/artifact_manager.ts b/x-pack/test/fleet_cypress/artifact_manager.ts new file mode 100644 index 0000000000000..aea0eb8bbec86 --- /dev/null +++ b/x-pack/test/fleet_cypress/artifact_manager.ts @@ -0,0 +1,14 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import axios from 'axios'; +import { last } from 'lodash'; + +export async function getLatestVersion(): Promise { + const response: any = await axios('https://artifacts-api.elastic.co/v1/versions'); + return last(response.data.versions as string[]) || '8.0.0-SNAPSHOT'; +} diff --git a/x-pack/test/fleet_cypress/cli_config.ts b/x-pack/test/fleet_cypress/cli_config.ts new file mode 100644 index 0000000000000..b8eb78e6a4abc --- /dev/null +++ b/x-pack/test/fleet_cypress/cli_config.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +import { FleetCypressCliTestRunner } from './runner'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const cypressConfig = await readConfigFile(require.resolve('./config.ts')); + return { + ...cypressConfig.getAll(), + + testRunner: FleetCypressCliTestRunner, + }; +} diff --git a/x-pack/test/fleet_cypress/config.ts b/x-pack/test/fleet_cypress/config.ts new file mode 100644 index 0000000000000..14898f81aac12 --- /dev/null +++ b/x-pack/test/fleet_cypress/config.ts @@ -0,0 +1,44 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +import { CA_CERT_PATH } from '@kbn/dev-utils'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const kibanaCommonTestsConfig = await readConfigFile( + require.resolve('../../../test/common/config.js') + ); + const xpackFunctionalTestsConfig = await readConfigFile( + require.resolve('../functional/config.js') + ); + + return { + ...kibanaCommonTestsConfig.getAll(), + + esTestCluster: { + ...xpackFunctionalTestsConfig.get('esTestCluster'), + serverArgs: [ + ...xpackFunctionalTestsConfig.get('esTestCluster.serverArgs'), + // define custom es server here + // API Keys is enabled at the top level + 'xpack.security.enabled=true', + 'http.host=0.0.0.0', + ], + }, + + kbnTestServer: { + ...xpackFunctionalTestsConfig.get('kbnTestServer'), + serverArgs: [ + ...xpackFunctionalTestsConfig.get('kbnTestServer.serverArgs'), + '--csp.strict=false', + // define custom kibana server args here + `--elasticsearch.ssl.certificateAuthorities=${CA_CERT_PATH}`, + ], + }, + }; +} diff --git a/x-pack/test/fleet_cypress/fleet_server.ts b/x-pack/test/fleet_cypress/fleet_server.ts new file mode 100644 index 0000000000000..fe2b8c7459229 --- /dev/null +++ b/x-pack/test/fleet_cypress/fleet_server.ts @@ -0,0 +1,83 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { ChildProcess, spawn } from 'child_process'; +import { ToolingLog } from '@kbn/dev-utils'; +import axios from 'axios'; +import { Manager } from './resource_manager'; +import { getLatestVersion } from './artifact_manager'; + +export interface ElasticsearchConfig { + esHost: string; + user: string; + password: string; + port: string; +} + +export class FleetManager extends Manager { + private fleetProcess?: ChildProcess; + private esConfig: ElasticsearchConfig; + private log: ToolingLog; + constructor(esConfig: ElasticsearchConfig, log: ToolingLog) { + super(); + this.esConfig = esConfig; + this.log = log; + } + public async setup(): Promise { + this.log.info('Setting fleet up'); + return new Promise(async (res, rej) => { + try { + const response = await axios.post( + `${this.esConfig.esHost}/_security/service/elastic/fleet-server/credential/token` + ); + const serviceToken = response.data.token.value; + const artifact = `docker.elastic.co/beats/elastic-agent:${await getLatestVersion()}`; + this.log.info(artifact); + + const host = 'host.docker.internal'; + + const args = [ + 'run', + '-p', + `8220:8220`, + '--add-host', + 'host.docker.internal:host-gateway', + '--env', + 'FLEET_SERVER_ENABLE=true', + '--env', + `FLEET_SERVER_ELASTICSEARCH_HOST=http://${host}:${this.esConfig.port}`, + '--env', + `FLEET_SERVER_SERVICE_TOKEN=${serviceToken}`, + '--rm', + artifact, + ]; + this.fleetProcess = spawn('docker', args, { + stdio: 'inherit', + }); + this.fleetProcess.on('error', rej); + setTimeout(res, 15000); + } catch (error) { + rej(error); + } + }); + } + + protected _cleanup() { + this.log.info('Removing old fleet config'); + if (this.fleetProcess) { + this.log.info('Closing fleet process'); + if (!this.fleetProcess.kill(9)) { + this.log.warning('Unable to kill fleet server process'); + } + + this.fleetProcess.on('close', () => { + this.log.info('Fleet server process closed'); + }); + delete this.fleetProcess; + } + } +} diff --git a/x-pack/test/fleet_cypress/ftr_provider_context.d.ts b/x-pack/test/fleet_cypress/ftr_provider_context.d.ts new file mode 100644 index 0000000000000..aa56557c09df8 --- /dev/null +++ b/x-pack/test/fleet_cypress/ftr_provider_context.d.ts @@ -0,0 +1,12 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { GenericFtrProviderContext } from '@kbn/test'; + +import { services } from './services'; + +export type FtrProviderContext = GenericFtrProviderContext; diff --git a/x-pack/test/fleet_cypress/resource_manager.ts b/x-pack/test/fleet_cypress/resource_manager.ts new file mode 100644 index 0000000000000..e892021155417 --- /dev/null +++ b/x-pack/test/fleet_cypress/resource_manager.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +const CLEANUP_EVENTS = ['SIGINT', 'exit', 'uncaughtException', 'unhandledRejection']; +export class Manager { + private cleaned = false; + constructor() { + const cleanup = () => this.cleanup(); + CLEANUP_EVENTS.forEach((ev) => process.on(ev, cleanup)); + } + // This must be a synchronous method because it is used in the unhandledException and exit event handlers + public cleanup() { + // Since this can be called multiple places we proxy it with some protection + if (this._cleanup && !this.cleaned) { + this.cleaned = true; + this._cleanup(); + } + } + protected _cleanup?(): void; +} diff --git a/x-pack/test/fleet_cypress/runner.ts b/x-pack/test/fleet_cypress/runner.ts new file mode 100644 index 0000000000000..b49bfbdc091e2 --- /dev/null +++ b/x-pack/test/fleet_cypress/runner.ts @@ -0,0 +1,105 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { resolve } from 'path'; +import Url from 'url'; + +import { withProcRunner } from '@kbn/dev-utils'; + +import { FtrProviderContext } from './ftr_provider_context'; + +import { AgentManager } from './agent'; +import { FleetManager } from './fleet_server'; + +async function withFleetAgent( + { getService }: FtrProviderContext, + runner: (runnerEnv: Record) => Promise +) { + const log = getService('log'); + const config = getService('config'); + + const esHost = Url.format(config.get('servers.elasticsearch')); + const esConfig = { + user: config.get('servers.elasticsearch.username'), + password: config.get('servers.elasticsearch.password'), + esHost, + port: config.get('servers.elasticsearch.port'), + }; + const fleetManager = new FleetManager(esConfig, log); + + const agentManager = new AgentManager( + { + ...esConfig, + kibanaUrl: Url.format({ + protocol: config.get('servers.kibana.protocol'), + hostname: config.get('servers.kibana.hostname'), + port: config.get('servers.kibana.port'), + }), + }, + log + ); + + // Since the managers will create uncaughtException event handlers we need to exit manually + process.on('uncaughtException', (err) => { + // eslint-disable-next-line no-console + console.error('Encountered error; exiting after cleanup.', err); + process.exit(1); + }); + + await agentManager.setup(); + await fleetManager.setup(); + try { + await runner({}); + } finally { + fleetManager.cleanup(); + agentManager.cleanup(); + } +} + +export async function FleetCypressCliTestRunner(context: FtrProviderContext) { + await startFleetAgent(context, 'run'); +} + +export async function FleetCypressVisualTestRunner(context: FtrProviderContext) { + await startFleetAgent(context, 'open'); +} + +function startFleetAgent(context: FtrProviderContext, cypressCommand: string) { + const log = context.getService('log'); + const config = context.getService('config'); + return withFleetAgent(context, (runnerEnv) => + withProcRunner(log, async (procs) => { + await procs.run('cypress', { + cmd: 'yarn', + args: [`cypress:${cypressCommand}`], + cwd: resolve(__dirname, '../../plugins/fleet'), + env: { + FORCE_COLOR: '1', + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_baseUrl: Url.format(config.get('servers.kibana')), + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_protocol: config.get('servers.kibana.protocol'), + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_hostname: config.get('servers.kibana.hostname'), + // eslint-disable-next-line @typescript-eslint/naming-convention + CYPRESS_configport: config.get('servers.kibana.port'), + CYPRESS_ELASTICSEARCH_URL: Url.format(config.get('servers.elasticsearch')), + CYPRESS_ELASTICSEARCH_USERNAME: config.get('servers.elasticsearch.username'), + CYPRESS_ELASTICSEARCH_PASSWORD: config.get('servers.elasticsearch.password'), + CYPRESS_KIBANA_URL: Url.format({ + protocol: config.get('servers.kibana.protocol'), + hostname: config.get('servers.kibana.hostname'), + port: config.get('servers.kibana.port'), + }), + ...runnerEnv, + ...process.env, + }, + wait: true, + }); + }) + ); +} diff --git a/x-pack/test/fleet_cypress/services.ts b/x-pack/test/fleet_cypress/services.ts new file mode 100644 index 0000000000000..5e063134081ad --- /dev/null +++ b/x-pack/test/fleet_cypress/services.ts @@ -0,0 +1,8 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +export * from '../../../test/common/services'; diff --git a/x-pack/test/fleet_cypress/visual_config.ts b/x-pack/test/fleet_cypress/visual_config.ts new file mode 100644 index 0000000000000..1a343b52c1161 --- /dev/null +++ b/x-pack/test/fleet_cypress/visual_config.ts @@ -0,0 +1,19 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { FtrConfigProviderContext } from '@kbn/test'; + +import { FleetCypressVisualTestRunner } from './runner'; + +export default async function ({ readConfigFile }: FtrConfigProviderContext) { + const cypressConfig = await readConfigFile(require.resolve('./config.ts')); + return { + ...cypressConfig.getAll(), + + testRunner: FleetCypressVisualTestRunner, + }; +} From 4bdc17039b32174bd295a48ae45ecb943ea83de1 Mon Sep 17 00:00:00 2001 From: Frank Hassanabad Date: Tue, 2 Nov 2021 08:28:48 -0600 Subject: [PATCH 11/53] [Security Solutions] end to end tests, adds more console logging, removes 200 expect statements (#116987) ## Summary e2e tests are still seeing flake with conflicts and it looks like it _might_ be with querying and not with inserting data. Hard to tell. This PR: * Adds more console logging when the response is not a 200 * Removes the 200 expect statement and hopes for the best but should blow up if it's not 200 in a different way and we will get the console logging statements. * Fixes one other flake with the matrix histogram having different counts. We have encountered this before and are applying the same fix which is to just have it check > 0. * This does fix the timeouts seen where 1 in every 1k rule runs, a rule will not fire until _after_ the 5 minute mark. The timeouts were seen when running the flake runner. Flake failures around `conflict`: https://github.com/elastic/kibana/issues/116926 https://github.com/elastic/kibana/issues/116904 https://github.com/elastic/kibana/issues/116231 Not saying this is going to fix those yet, but it's the last 200 ok's we did an expect on, so it might if we are ignoring the conflict. If it fails again I am hopeful beyond hope that we get the body message and line number within the utilities to determine where/why we are getting these from time to time. It does look to fix the timeouts when a rule misfires and slows down the rate at which we continuously query for rule results. Failure around matrix histogram (The error messages are slightly different on CI each time): https://github.com/elastic/kibana/issues/97365 Ran this with the flake runner across groups 11 and 12 100 times each and did not see the conflict crop up: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/128 https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/129 The 1 failure in each of those runs were due to something on startup that prevented it from running. ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --- .../security_solution/matrix_dns_histogram.ts | 6 +- .../detection_engine_api_integration/utils.ts | 246 +++++++++++++----- x-pack/test/lists_api_integration/utils.ts | 48 +++- 3 files changed, 226 insertions(+), 74 deletions(-) diff --git a/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts b/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts index c7b6bbb84436f..24cf4699d952c 100644 --- a/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts +++ b/x-pack/test/api_integration/apis/security_solution/matrix_dns_histogram.ts @@ -58,7 +58,11 @@ export default function ({ getService }: FtrProviderContext) { }, strategy: 'securitySolutionSearchStrategy', }); - expect(networkDns.rawResponse.aggregations?.dns_count).to.eql({ value: 6604 }); + // This can have a odd unknown flake if we do anything more strict than this. + const dnsCount = networkDns.rawResponse.aggregations?.dns_count as unknown as { + value: number; + }; + expect(dnsCount.value).to.be.above(0); }); }); }); diff --git a/x-pack/test/detection_engine_api_integration/utils.ts b/x-pack/test/detection_engine_api_integration/utils.ts index ae769bd01b52d..848dbc8fd50af 100644 --- a/x-pack/test/detection_engine_api_integration/utils.ts +++ b/x-pack/test/detection_engine_api_integration/utils.ts @@ -809,16 +809,18 @@ export const getSimpleRuleOutputWithWebHookAction = (actionId: string): Partial< export const waitFor = async ( functionToTest: () => Promise, functionName: string, - maxTimeout: number = 20000, - timeoutWait: number = 10 + maxTimeout: number = 800000, + timeoutWait: number = 250 ): Promise => { let found = false; let numberOfTries = 0; - - while (!found && numberOfTries < Math.floor(maxTimeout / timeoutWait)) { + const maxTries = Math.floor(maxTimeout / timeoutWait); + while (!found && numberOfTries < maxTries) { if (await functionToTest()) { found = true; } else { + // eslint-disable-next-line no-console + console.log(`Try number ${numberOfTries} out of ${maxTries} for function ${functionName}`); numberOfTries++; } @@ -940,9 +942,9 @@ export const createRule = async ( if (rule.rule_id != null) { // eslint-disable-next-line no-console console.log( - `When creating a rule found an unexpected conflict (409), will attempt a cleanup and one time re-try. This usually indicates a bad cleanup or race condition within the tests: ${JSON.stringify( + `Did not get an expected 200 "ok" when creating a rule (createRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body - )}` + )}, status: ${JSON.stringify(response.status)}` ); await deleteRule(supertest, rule.rule_id); const secondResponseTry = await supertest @@ -986,7 +988,7 @@ export const deleteRule = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" when deleting the rule. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" when deleting the rule (deleteRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -1023,12 +1025,19 @@ export const updateRule = async ( supertest: SuperTest.SuperTest, updatedRule: UpdateRulesSchema ): Promise => { - const { body } = await supertest + const response = await supertest .put(DETECTION_ENGINE_RULES_URL) .set('kbn-xsrf', 'true') - .send(updatedRule) - .expect(200); - return body; + .send(updatedRule); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when updating a rule (updateRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1037,12 +1046,19 @@ export const updateRule = async ( * @param supertest The supertest deps */ export const createNewAction = async (supertest: SuperTest.SuperTest) => { - const { body } = await supertest + const response = await supertest .post('/api/actions/action') .set('kbn-xsrf', 'true') - .send(getWebHookAction()) - .expect(200); - return body; + .send(getWebHookAction()); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when creating a new action. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1059,14 +1075,21 @@ export const findImmutableRuleById = async ( total: number; data: FullResponseSchema[]; }> => { - const { body } = await supertest + const response = await supertest .get( `${DETECTION_ENGINE_RULES_URL}/_find?filter=alert.attributes.tags: "${INTERNAL_IMMUTABLE_KEY}:true" AND alert.attributes.tags: "${INTERNAL_RULE_ID_KEY}:${ruleId}"` ) .set('kbn-xsrf', 'true') - .send() - .expect(200); - return body; + .send(); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when finding an immutable rule by id (findImmutableRuleById). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1077,12 +1100,20 @@ export const findImmutableRuleById = async ( export const getPrePackagedRulesStatus = async ( supertest: SuperTest.SuperTest ): Promise => { - const { body } = await supertest + const response = await supertest .get(`${DETECTION_ENGINE_PREPACKAGED_URL}/_status`) .set('kbn-xsrf', 'true') - .send() - .expect(200); - return body; + .send(); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a pre-packaged rule status. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; /** @@ -1104,9 +1135,9 @@ export const createExceptionList = async ( if (exceptionList.list_id != null) { // eslint-disable-next-line no-console console.log( - `When creating an exception list found an unexpected conflict (409), will attempt a cleanup and one time re-try. This usually indicates a bad cleanup or race condition within the tests: ${JSON.stringify( + `When creating an exception list found an unexpected conflict (409) creating an exception list (createExceptionList), will attempt a cleanup and one time re-try. This usually indicates a bad cleanup or race condition within the tests: ${JSON.stringify( response.body - )}` + )}, status: ${JSON.stringify(response.status)}` ); await deleteExceptionList(supertest, exceptionList.list_id); const secondResponseTry = await supertest @@ -1152,7 +1183,7 @@ export const deleteExceptionList = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" when deleting an exception list. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" when deleting an exception list (deleteExceptionList). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -1179,7 +1210,7 @@ export const createExceptionListItem = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" when creating an exception list item. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" when creating an exception list item (createExceptionListItem). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -1197,11 +1228,19 @@ export const getRule = async ( supertest: SuperTest.SuperTest, ruleId: string ): Promise => { - const { body } = await supertest + const response = await supertest .get(`${DETECTION_ENGINE_RULES_URL}?rule_id=${ruleId}`) - .set('kbn-xsrf', 'true') - .expect(200); - return body; + .set('kbn-xsrf', 'true'); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a rule (getRule). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body; }; export const waitForAlertToComplete = async ( @@ -1209,11 +1248,16 @@ export const waitForAlertToComplete = async ( id: string ): Promise => { await waitFor(async () => { - const { body: alertBody } = await supertest - .get(`/api/alerts/alert/${id}/state`) - .set('kbn-xsrf', 'true') - .expect(200); - return alertBody.previousStartedAt != null; + const response = await supertest.get(`/api/alerts/alert/${id}/state`).set('kbn-xsrf', 'true'); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for an alert to complete (waitForAlertToComplete). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + return response.body.previousStartedAt != null; }, 'waitForAlertToComplete'); }; @@ -1229,12 +1273,28 @@ export const waitForRuleSuccessOrStatus = async ( ): Promise => { await waitFor(async () => { try { - const { body } = await supertest + const response = await supertest .post(`${DETECTION_ENGINE_RULES_URL}/_find_statuses`) .set('kbn-xsrf', 'true') - .send({ ids: [id] }) - .expect(200); - return body[id]?.current_status?.status === status; + .send({ ids: [id] }); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for a rule success or status (waitForRuleSuccessOrStatus). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + if (response.body[id]?.current_status?.status !== status) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected status of ${status} while waiting for a rule success or status for rule id ${id} (waitForRuleSuccessOrStatus). Will continue retrying until status is found. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + + return response.body[id]?.current_status?.status === status; } catch (e) { if ((e as Error).message.includes('got 503 "Service Unavailable"')) { return false; @@ -1274,11 +1334,21 @@ export const getSignalsByRuleIds = async ( supertest: SuperTest.SuperTest, ruleIds: string[] ): Promise> => { - const { body: signalsOpen }: { body: estypes.SearchResponse } = await supertest + const response = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalsRuleId(ruleIds)) - .expect(200); + .send(getQuerySignalsRuleId(ruleIds)); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a signal by rule_id (getSignalsByRuleIds). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + + const { body: signalsOpen }: { body: estypes.SearchResponse } = response; return signalsOpen; }; @@ -1293,11 +1363,20 @@ export const getSignalsByIds = async ( ids: string[], size?: number ): Promise> => { - const { body: signalsOpen }: { body: estypes.SearchResponse } = await supertest + const response = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalsId(ids, size)) - .expect(200); + .send(getQuerySignalsId(ids, size)); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting a signal by id. CI issues could happen (getSignalsByIds). Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + const { body: signalsOpen }: { body: estypes.SearchResponse } = response; return signalsOpen; }; @@ -1310,11 +1389,20 @@ export const getSignalsById = async ( supertest: SuperTest.SuperTest, id: string ): Promise> => { - const { body: signalsOpen }: { body: estypes.SearchResponse } = await supertest + const response = await supertest .post(DETECTION_ENGINE_QUERY_SIGNALS_URL) .set('kbn-xsrf', 'true') - .send(getQuerySignalsId([id])) - .expect(200); + .send(getQuerySignalsId([id])); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when getting signals by id (getSignalsById). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } + const { body: signalsOpen }: { body: estypes.SearchResponse } = response; return signalsOpen; }; @@ -1322,10 +1410,19 @@ export const installPrePackagedRules = async ( supertest: SuperTest.SuperTest ): Promise => { await countDownTest(async () => { - const { status } = await supertest + const { status, body } = await supertest .put(DETECTION_ENGINE_PREPACKAGED_URL) .set('kbn-xsrf', 'true') .send(); + if (status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when installing pre-packaged rules (installPrePackagedRules) yet. Retrying until we get a 200 "ok". body: ${JSON.stringify( + body + )}, status: ${JSON.stringify(status)}` + ); + } + return status === 200; }, 'installPrePackagedRules'); }; @@ -1480,12 +1577,19 @@ export const createRuleWithExceptionEntries = async ( exceptions_list: [...maybeExceptionList, ...maybeEndpointList], }; const ruleResponse = await createRule(supertest, ruleWithException); - await supertest + const response = await supertest .patch(DETECTION_ENGINE_RULES_URL) .set('kbn-xsrf', 'true') - .send({ rule_id: ruleResponse.rule_id, enabled: true }) - .expect(200); + .send({ rule_id: ruleResponse.rule_id, enabled: true }); + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when patching a rule with exception entries (createRuleWithExceptionEntries). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } return ruleResponse; }; @@ -1542,14 +1646,22 @@ export const startSignalsMigration = async ({ supertest: SuperTest.SuperTest; indices: string[]; }): Promise => { - const { - body: { indices: created }, - }: { body: { indices: CreateMigrationResponse[] } } = await supertest + const response = await supertest .post(DETECTION_ENGINE_SIGNALS_MIGRATION_URL) .set('kbn-xsrf', 'true') - .send({ index: indices }) - .expect(200); + .send({ index: indices }); + const { + body: { indices: created }, + }: { body: { indices: CreateMigrationResponse[] } } = response; + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when starting a signals migration (startSignalsMigration). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } return created; }; @@ -1566,14 +1678,22 @@ export const finalizeSignalsMigration = async ({ supertest: SuperTest.SuperTest; migrationIds: string[]; }): Promise => { - const { - body: { migrations }, - }: { body: { migrations: FinalizeMigrationResponse[] } } = await supertest + const response = await supertest .post(DETECTION_ENGINE_SIGNALS_FINALIZE_MIGRATION_URL) .set('kbn-xsrf', 'true') - .send({ migration_ids: migrationIds }) - .expect(200); + .send({ migration_ids: migrationIds }); + const { + body: { migrations }, + }: { body: { migrations: FinalizeMigrationResponse[] } } = response; + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when finalizing signals migration (finalizeSignalsMigration). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } return migrations; }; diff --git a/x-pack/test/lists_api_integration/utils.ts b/x-pack/test/lists_api_integration/utils.ts index eda32c7fe9fb8..8a2a7a8ca65ff 100644 --- a/x-pack/test/lists_api_integration/utils.ts +++ b/x-pack/test/lists_api_integration/utils.ts @@ -116,20 +116,25 @@ export const removeExceptionListServerGeneratedProperties = ( export const waitFor = async ( functionToTest: () => Promise, functionName: string, - maxTimeout: number = 5000, - timeoutWait: number = 10 + maxTimeout: number = 800000, + timeoutWait: number = 250 ) => { await new Promise(async (resolve, reject) => { try { let found = false; let numberOfTries = 0; + const maxTries = Math.floor(maxTimeout / timeoutWait); - while (!found && numberOfTries < Math.floor(maxTimeout / timeoutWait)) { + while (!found && numberOfTries < maxTries) { const itPasses = await functionToTest(); if (itPasses) { found = true; } else { + // eslint-disable-next-line no-console + console.log( + `Try number ${numberOfTries} out of ${maxTries} for function ${functionName}` + ); numberOfTries++; } @@ -219,7 +224,7 @@ export const importFile = async ( if (response.status !== 200) { // eslint-disable-next-line no-console console.log( - `Did not get an expected 200 "ok" When importing a file. CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + `Did not get an expected 200 "ok" When importing a file (importFile). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( response.body )}, status: ${JSON.stringify(response.status)}` ); @@ -246,12 +251,20 @@ export const importTextFile = async ( contents: string[], fileName: string ): Promise => { - await supertest + const response = await supertest .post(`${LIST_ITEM_URL}/_import?type=${type}`) .set('kbn-xsrf', 'true') .attach('file', getImportListItemAsBuffer(contents), fileName) - .expect('Content-Type', 'application/json; charset=utf-8') - .expect(200); + .expect('Content-Type', 'application/json; charset=utf-8'); + + if (response.status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when importing a text file (importTextFile). CI issues could happen. Suspect this line if you are seeing CI issues. body: ${JSON.stringify( + response.body + )}, status: ${JSON.stringify(response.status)}` + ); + } // although we have pushed the list and its items, it is async so we // have to wait for the contents before continuing @@ -271,10 +284,17 @@ export const waitForListItem = async ( fileName: string ): Promise => { await waitFor(async () => { - const { status } = await supertest + const { status, body } = await supertest .get(`${LIST_ITEM_URL}?list_id=${fileName}&value=${itemValue}`) .send(); - + if (status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for a list item (waitForListItem) yet. Retrying until we get a 200 "ok". body: ${JSON.stringify( + body + )}, status: ${JSON.stringify(status)}` + ); + } return status === 200; }, `waitForListItem fileName: "${fileName}" itemValue: "${itemValue}"`); }; @@ -310,9 +330,17 @@ export const waitForTextListItem = async ( await waitFor(async () => { const promises = await Promise.all( tokens.map(async (token) => { - const { status } = await supertest + const { status, body } = await supertest .get(`${LIST_ITEM_URL}?list_id=${fileName}&value=${token}`) .send(); + if (status !== 200) { + // eslint-disable-next-line no-console + console.log( + `Did not get an expected 200 "ok" when waiting for a text list item (waitForTextListItem) yet. Retrying until we get a 200 "ok". body: ${JSON.stringify( + body + )}, status: ${JSON.stringify(status)}` + ); + } return status === 200; }) ); From 4eca663c083e72878be33772e0f54d8fc4328416 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Tue, 2 Nov 2021 10:34:22 -0400 Subject: [PATCH 12/53] [APM] Error distribution chart comparison label and layout fix (#117004) * fixing bucket size when no data available * fixing layout * removing import Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../app/error_group_overview/index.tsx | 45 ++++---- .../lib/errors/distribution/get_buckets.ts | 5 +- .../tests/errors/distribution.ts | 105 ++++++++++++------ 3 files changed, 94 insertions(+), 61 deletions(-) diff --git a/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx b/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx index 5e9095def6e55..9e113b37a1394 100644 --- a/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx +++ b/x-pack/plugins/apm/public/components/app/error_group_overview/index.tsx @@ -7,7 +7,6 @@ import { EuiFlexGroup, - EuiFlexGrid, EuiFlexItem, EuiPanel, EuiSpacer, @@ -73,28 +72,30 @@ export function ErrorGroupOverview() { return ( - - - - - + + + + + + + + + - - - - - - - + + + + diff --git a/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts b/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts index a2d22a2c8f6ad..dce8a3f397eaa 100644 --- a/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts +++ b/x-pack/plugins/apm/server/lib/errors/distribution/get_buckets.ts @@ -84,8 +84,5 @@ export async function getBuckets({ y: bucket.doc_count, }) ); - - return { - buckets: resp.hits.total.value > 0 ? buckets : [], - }; + return { buckets }; } diff --git a/x-pack/test/apm_api_integration/tests/errors/distribution.ts b/x-pack/test/apm_api_integration/tests/errors/distribution.ts index 4f4b457de86bd..666c5c2ea2975 100644 --- a/x-pack/test/apm_api_integration/tests/errors/distribution.ts +++ b/x-pack/test/apm_api_integration/tests/errors/distribution.ts @@ -154,48 +154,83 @@ export default function ApiTest({ getService }: FtrProviderContext) { }); describe('with comparison', () => { - let errorsDistribution: ErrorsDistribution; - before(async () => { - const fiveMinutes = 5 * 60 * 1000; - const response = await callApi({ - query: { - start: new Date(end - fiveMinutes).toISOString(), - end: new Date(end).toISOString(), - comparisonStart: new Date(start).toISOString(), - comparisonEnd: new Date(start + fiveMinutes).toISOString(), - }, + describe('when data is returned', () => { + let errorsDistribution: ErrorsDistribution; + before(async () => { + const fiveMinutes = 5 * 60 * 1000; + const response = await callApi({ + query: { + start: new Date(end - fiveMinutes).toISOString(), + end: new Date(end).toISOString(), + comparisonStart: new Date(start).toISOString(), + comparisonEnd: new Date(start + fiveMinutes).toISOString(), + }, + }); + errorsDistribution = response.body; }); - errorsDistribution = response.body; - }); - it('returns some data', () => { - const hasCurrentPeriodData = errorsDistribution.currentPeriod.some(({ y }) => - isFiniteNumber(y) - ); + it('returns some data', () => { + const hasCurrentPeriodData = errorsDistribution.currentPeriod.some(({ y }) => + isFiniteNumber(y) + ); - const hasPreviousPeriodData = errorsDistribution.previousPeriod.some(({ y }) => - isFiniteNumber(y) - ); + const hasPreviousPeriodData = errorsDistribution.previousPeriod.some(({ y }) => + isFiniteNumber(y) + ); - expect(hasCurrentPeriodData).to.equal(true); - expect(hasPreviousPeriodData).to.equal(true); - }); + expect(hasCurrentPeriodData).to.equal(true); + expect(hasPreviousPeriodData).to.equal(true); + }); - it('has same start time for both periods', () => { - expect(first(errorsDistribution.currentPeriod)?.x).to.equal( - first(errorsDistribution.previousPeriod)?.x - ); - }); + it('has same start time for both periods', () => { + expect(first(errorsDistribution.currentPeriod)?.x).to.equal( + first(errorsDistribution.previousPeriod)?.x + ); + }); - it('has same end time for both periods', () => { - expect(last(errorsDistribution.currentPeriod)?.x).to.equal( - last(errorsDistribution.previousPeriod)?.x - ); + it('has same end time for both periods', () => { + expect(last(errorsDistribution.currentPeriod)?.x).to.equal( + last(errorsDistribution.previousPeriod)?.x + ); + }); + + it('returns same number of buckets for both periods', () => { + expect(errorsDistribution.currentPeriod.length).to.equal( + errorsDistribution.previousPeriod.length + ); + }); }); - it('returns same number of buckets for both periods', () => { - expect(errorsDistribution.currentPeriod.length).to.equal( - errorsDistribution.previousPeriod.length - ); + describe('when no data is returned', () => { + let errorsDistribution: ErrorsDistribution; + before(async () => { + const response = await callApi({ + query: { + start: '2021-01-03T00:00:00.000Z', + end: '2021-01-03T00:15:00.000Z', + comparisonStart: '2021-01-02T00:00:00.000Z', + comparisonEnd: '2021-01-02T00:15:00.000Z', + }, + }); + errorsDistribution = response.body; + }); + + it('has same start time for both periods', () => { + expect(first(errorsDistribution.currentPeriod)?.x).to.equal( + first(errorsDistribution.previousPeriod)?.x + ); + }); + + it('has same end time for both periods', () => { + expect(last(errorsDistribution.currentPeriod)?.x).to.equal( + last(errorsDistribution.previousPeriod)?.x + ); + }); + + it('returns same number of buckets for both periods', () => { + expect(errorsDistribution.currentPeriod.length).to.equal( + errorsDistribution.previousPeriod.length + ); + }); }); }); }); From 480262350271cf74f83ac83450d99db7dc88494b Mon Sep 17 00:00:00 2001 From: Alexey Antonov Date: Tue, 2 Nov 2021 17:42:22 +0300 Subject: [PATCH 13/53] [TSVB] [Timelion] Brushing is broken for the string mode (#117106) Closes: #116734 --- .../timelion/public/timelion_vis_renderer.tsx | 6 ++++-- .../components/timeseries_visualization.tsx | 10 ++++++---- 2 files changed, 10 insertions(+), 6 deletions(-) diff --git a/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx b/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx index c74c0f2ee6c2d..633f15a9824ea 100644 --- a/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx +++ b/src/plugins/vis_types/timelion/public/timelion_vis_renderer.tsx @@ -45,8 +45,10 @@ export const getTimelionVisRenderer: ( timeFieldName: '*', filters: [ { - range: { - '*': rangeFilterParams, + query: { + range: { + '*': rangeFilterParams, + }, }, }, ], diff --git a/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx b/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx index 886b569671a6b..0916892cfda46 100644 --- a/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx +++ b/src/plugins/vis_types/timeseries/public/application/components/timeseries_visualization.tsx @@ -81,10 +81,12 @@ function TimeseriesVisualization({ timeFieldName: '*', filters: [ { - range: { - '*': { - gte, - lte, + query: { + range: { + '*': { + gte, + lte, + }, }, }, }, From 089505956d1ad004752411113541575b01a00c80 Mon Sep 17 00:00:00 2001 From: Madison Caldwell Date: Tue, 2 Nov 2021 10:54:07 -0400 Subject: [PATCH 14/53] Implement suggestions from PR #116491 (#117014) --- .../schedule_notification_actions.ts | 2 +- .../rule_types/utils/expand_dotted.test.ts | 17 +++++++ .../rule_types/utils/expand_dotted.ts | 3 ++ .../detection_engine/signals/utils.test.ts | 50 +++++++++++++++++++ .../lib/detection_engine/signals/utils.ts | 2 +- 5 files changed, 72 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/schedule_notification_actions.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/schedule_notification_actions.ts index 744742f64eb4a..2362a6a392a56 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/schedule_notification_actions.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/notifications/schedule_notification_actions.ts @@ -34,7 +34,7 @@ const convertToLegacyAlert = (alert: RACAlert) => * Formats alerts before sending to `scheduleActions`. We augment the context with * the equivalent "legacy" alert context so that pre-8.0 actions will continue to work. */ -const formatAlertsForNotificationActions = (alerts: unknown[]) => { +const formatAlertsForNotificationActions = (alerts: unknown[]): unknown[] => { return alerts.map((alert) => isRACAlert(alert) ? { diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts index efdaf2377872c..018220e400937 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.test.ts @@ -69,4 +69,21 @@ describe('Expand Dotted', () => { flat: 'yep', }); }); + + it('expands non dotted field without changing it other than reference', () => { + const simpleDottedObj = { + test: { value: '123' }, + }; + expect(expandDottedObject(simpleDottedObj)).toEqual(simpleDottedObj); + }); + + it('expands empty object without changing it other than reference', () => { + const simpleDottedObj = {}; + expect(expandDottedObject(simpleDottedObj)).toEqual(simpleDottedObj); + }); + + it('if we allow arrays as a type, it should not touch them', () => { + const simpleDottedObj: string[] = ['hello']; + expect(expandDottedObject(simpleDottedObj)).toEqual(simpleDottedObj); + }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts index 69a9cb8236cbc..f90f589486ff5 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/expand_dotted.ts @@ -45,6 +45,9 @@ const expandDottedField = (dottedFieldName: string, val: unknown): object => { * } */ export const expandDottedObject = (dottedObj: object) => { + if (Array.isArray(dottedObj)) { + return dottedObj; + } return Object.entries(dottedObj).reduce( (acc, [key, val]) => merge(acc, expandDottedField(key, val)), {} diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts index 48def86203e95..8da9267daabac 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts @@ -8,6 +8,7 @@ import moment from 'moment'; import sinon from 'sinon'; import { TransportResult } from '@elastic/elasticsearch'; +import { ALERT_UUID } from '@kbn/rule-data-utils'; import { alertsMock, AlertServicesMock } from '../../../../../alerting/server/mocks'; import { listMock } from '../../../../../lists/server/mocks'; @@ -41,6 +42,7 @@ import { getValidDateFromDoc, calculateTotal, getTotalHitsValue, + isRACAlert, } from './utils'; import { BulkResponseErrorAggregation, SearchAfterAndBulkCreateReturnType } from './types'; import { @@ -1519,4 +1521,52 @@ describe('utils', () => { expect(calculateTotal(undefined, 2)).toBe(-1); }); }); + + describe('isRACAlert', () => { + test('alert with dotted fields returns true', () => { + expect( + isRACAlert({ + [ALERT_UUID]: '123', + }) + ).toEqual(true); + }); + + test('alert with nested fields returns true', () => { + expect( + isRACAlert({ + kibana: { + alert: { uuid: '123' }, + }, + }) + ).toEqual(true); + }); + + test('undefined returns false', () => { + expect(isRACAlert(undefined)).toEqual(false); + }); + + test('null returns false', () => { + expect(isRACAlert(null)).toEqual(false); + }); + + test('number returns false', () => { + expect(isRACAlert(5)).toEqual(false); + }); + + test('string returns false', () => { + expect(isRACAlert('a')).toEqual(false); + }); + + test('array returns false', () => { + expect(isRACAlert([])).toEqual(false); + }); + + test('empty object returns false', () => { + expect(isRACAlert({})).toEqual(false); + }); + + test('alert with null value returns false', () => { + expect(isRACAlert({ 'kibana.alert.uuid': null })).toEqual(false); + }); + }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts index 7cdcae96490a9..8a59d71fe74ec 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts @@ -986,7 +986,7 @@ export const isWrappedRACAlert = (event: SimpleHit): event is WrappedRACAlert => }; export const isRACAlert = (event: unknown): event is RACAlert => { - return (event as RACAlert)?.[ALERT_UUID] != null; + return get(event, ALERT_UUID) != null; }; export const racFieldMappings: Record = { From 3742d46b0f4ea24974fe9745053a20ba95bf1010 Mon Sep 17 00:00:00 2001 From: Corey Robertson Date: Tue, 2 Nov 2021 11:07:08 -0400 Subject: [PATCH 15/53] Fix shortcut docs (#114115) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- x-pack/plugins/canvas/public/application.tsx | 9 ++++++++- .../function_reference_generator.tsx | 7 ++++--- .../canvas/public/components/help_menu/help_menu.tsx | 9 +++++++-- 3 files changed, 19 insertions(+), 6 deletions(-) diff --git a/x-pack/plugins/canvas/public/application.tsx b/x-pack/plugins/canvas/public/application.tsx index 04d3958b68e36..937c9f56f948c 100644 --- a/x-pack/plugins/canvas/public/application.tsx +++ b/x-pack/plugins/canvas/public/application.tsx @@ -37,6 +37,7 @@ import { services, LegacyServicesProvider, CanvasPluginServices, + pluginServices as canvasServices, } from './services'; import { initFunctions } from './functions'; // @ts-expect-error untyped local @@ -151,7 +152,13 @@ export const initializeCanvas = async ( }, ], content: (domNode) => { - ReactDOM.render(, domNode); + ReactDOM.render( + , + domNode + ); return () => ReactDOM.unmountComponentAtNode(domNode); }, }); diff --git a/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx b/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx index b4d22d8e6e6db..49b5aaaf1b209 100644 --- a/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx +++ b/x-pack/plugins/canvas/public/components/function_reference_generator/function_reference_generator.tsx @@ -9,15 +9,16 @@ import React, { FC } from 'react'; import { ExpressionFunction } from 'src/plugins/expressions'; import { EuiButtonEmpty } from '@elastic/eui'; import copy from 'copy-to-clipboard'; -import { useNotifyService } from '../../services'; +import { CanvasPluginServices } from '../../services'; + import { generateFunctionReference } from './generate_function_reference'; interface Props { functionRegistry: Record; + notifyService: CanvasPluginServices['notify']; } -export const FunctionReferenceGenerator: FC = ({ functionRegistry }) => { - const notifyService = useNotifyService(); +export const FunctionReferenceGenerator: FC = ({ functionRegistry, notifyService }) => { const functionDefinitions = Object.values(functionRegistry); const copyDocs = () => { diff --git a/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx b/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx index af1850beb5290..9331de3fcad4b 100644 --- a/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx +++ b/x-pack/plugins/canvas/public/components/help_menu/help_menu.tsx @@ -11,6 +11,7 @@ import { i18n } from '@kbn/i18n'; import { ExpressionFunction } from 'src/plugins/expressions'; import { KeyboardShortcutsDoc } from '../keyboard_shortcuts_doc'; +import { CanvasPluginServices } from '../../services/'; let FunctionReferenceGenerator: null | React.LazyExoticComponent = null; @@ -31,9 +32,10 @@ const strings = { interface Props { functionRegistry: Record; + notifyService: CanvasPluginServices['notify']; } -export const HelpMenu: FC = ({ functionRegistry }) => { +export const HelpMenu: FC = ({ functionRegistry, notifyService }) => { const [isFlyoutVisible, setFlyoutVisible] = useState(false); const showFlyout = () => { @@ -53,7 +55,10 @@ export const HelpMenu: FC = ({ functionRegistry }) => { {FunctionReferenceGenerator ? ( - + ) : null} From 441d77853f7af2b20e54f948c8e72c08c005e8d3 Mon Sep 17 00:00:00 2001 From: Jason Stoltzfus Date: Tue, 2 Nov 2021 11:21:45 -0400 Subject: [PATCH 16/53] Remove analytics event (#116995) --- .../components/curations/curation/curation_logic.test.ts | 1 + .../app_search/components/curations/curation/curation_logic.ts | 1 + .../enterprise_search/server/routes/app_search/curations.ts | 3 +++ 3 files changed, 5 insertions(+) diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts index b1f16944c985b..260ac77774fa7 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts @@ -412,6 +412,7 @@ describe('CurationLogic', () => { expect(http.put).toHaveBeenCalledWith( '/internal/app_search/engines/some-engine/curations/cur-123456789', { + query: { skip_record_analytics: 'true' }, body: '{"queries":["a","b","c"],"query":"b","promoted":["d","e","f"],"hidden":["g"]}', // Uses state currently in CurationLogic } ); diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts index b5aecc417003e..a325a53f472a9 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts @@ -251,6 +251,7 @@ export const CurationLogic = kea( `/internal/app_search/engines/${engineName}/curations/${props.curationId}`, { + query: { skip_record_analytics: 'true' }, body: JSON.stringify({ queries: values.queries, query: values.activeQuery, diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts index b6ef8c8acafa5..a7282e5dc6cc4 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/curations.ts @@ -85,6 +85,9 @@ export function registerCurationsRoutes({ { path: '/internal/app_search/engines/{engineName}/curations/{curationId}', validate: { + query: schema.object({ + skip_record_analytics: schema.string(), + }), params: schema.object({ engineName: schema.string(), curationId: schema.string(), From a749f2152630cce003181d58187d3b9aca880863 Mon Sep 17 00:00:00 2001 From: Nathan Reese Date: Tue, 2 Nov 2021 09:24:52 -0600 Subject: [PATCH 17/53] =?UTF-8?q?[Maps]=20fix=20unable=20to=20pluck=20styl?= =?UTF-8?q?e=20meta=20from=20local=20data=20for=20geo=5Fgrid=20ve=E2=80=A6?= =?UTF-8?q?=20(#117033)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Maps] fix unable to pluck style meta from local data for geo_grid vector tiles for any property other then count * use metric instead of field value to be more precise Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../layer_descriptor_types.ts | 7 ++ .../public/classes/fields/agg/agg_field.ts | 14 +++ .../classes/fields/agg/count_agg_field.ts | 14 +++ .../fields/agg/top_term_percentage_field.ts | 5 + .../maps/public/classes/fields/field.ts | 7 ++ .../properties/dynamic_style_property.tsx | 17 +--- x-pack/test/functional/apps/maps/index.js | 2 +- ...{mvt_super_fine.js => mvt_geotile_grid.js} | 96 ++++++++++++++++++- .../fixtures/kbn_archiver/maps.json | 52 +++++++++- 9 files changed, 197 insertions(+), 17 deletions(-) rename x-pack/test/functional/apps/maps/{mvt_super_fine.js => mvt_geotile_grid.js} (52%) diff --git a/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts b/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts index 8f681cc9de70d..4d687969308bb 100644 --- a/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts +++ b/x-pack/plugins/maps/common/descriptor_types/layer_descriptor_types.ts @@ -32,6 +32,13 @@ export type TileMetaFeature = Feature & { properties: { 'hits.total.relation': string; 'hits.total.value': number; + + // For _mvt requests with "aggs" property in request: aggregation statistics returned in the pattern outined below + // aggregations._count.min + // aggregations._count.max + // aggregations..min + // aggregations..max + [key: string]: number | string; }; }; diff --git a/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts b/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts index aba25a6d0babf..ed8830a7c56b6 100644 --- a/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts +++ b/x-pack/plugins/maps/public/classes/fields/agg/agg_field.ts @@ -7,6 +7,7 @@ import { IndexPattern } from 'src/plugins/data/public'; import { AGG_TYPE } from '../../../../common/constants'; +import { TileMetaFeature } from '../../../../common/descriptor_types'; import { CountAggField } from './count_agg_field'; import { isMetricCountable } from '../../util/is_metric_countable'; import { CountAggFieldParams } from './agg_field_types'; @@ -104,4 +105,17 @@ export class AggField extends CountAggField { async getCategoricalFieldMetaRequest(size: number): Promise { return this._esDocField ? await this._esDocField.getCategoricalFieldMetaRequest(size) : null; } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + const minField = `aggregations.${this.getName()}.min`; + const maxField = `aggregations.${this.getName()}.max`; + return metaFeature.properties && + typeof metaFeature.properties[minField] === 'number' && + typeof metaFeature.properties[maxField] === 'number' + ? { + min: metaFeature.properties[minField] as number, + max: metaFeature.properties[maxField] as number, + } + : null; + } } diff --git a/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts b/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts index d8301ccd35353..7f38379c1075b 100644 --- a/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts +++ b/x-pack/plugins/maps/public/classes/fields/agg/count_agg_field.ts @@ -9,6 +9,7 @@ import { IndexPattern } from 'src/plugins/data/public'; import { IESAggSource } from '../../sources/es_agg_source'; import { IVectorSource } from '../../sources/vector_source'; import { AGG_TYPE, FIELD_ORIGIN } from '../../../../common/constants'; +import { TileMetaFeature } from '../../../../common/descriptor_types'; import { ITooltipProperty, TooltipProperty } from '../../tooltips/tooltip_property'; import { ESAggTooltipProperty } from '../../tooltips/es_agg_tooltip_property'; import { IESAggField, CountAggFieldParams } from './agg_field_types'; @@ -109,4 +110,17 @@ export class CountAggField implements IESAggField { isEqual(field: IESAggField) { return field.getName() === this.getName(); } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + const minField = `aggregations._count.min`; + const maxField = `aggregations._count.max`; + return metaFeature.properties && + typeof metaFeature.properties[minField] === 'number' && + typeof metaFeature.properties[maxField] === 'number' + ? { + min: metaFeature.properties[minField] as number, + max: metaFeature.properties[maxField] as number, + } + : null; + } } diff --git a/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts b/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts index ccb1cae201548..d0618f64a5e71 100644 --- a/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts +++ b/x-pack/plugins/maps/public/classes/fields/agg/top_term_percentage_field.ts @@ -9,6 +9,7 @@ import { IESAggField } from './agg_field_types'; import { IVectorSource } from '../../sources/vector_source'; import { ITooltipProperty, TooltipProperty } from '../../tooltips/tooltip_property'; import { TOP_TERM_PERCENTAGE_SUFFIX, FIELD_ORIGIN } from '../../../../common/constants'; +import { TileMetaFeature } from '../../../../common/descriptor_types'; export class TopTermPercentageField implements IESAggField { private readonly _topTermAggField: IESAggField; @@ -90,4 +91,8 @@ export class TopTermPercentageField implements IESAggField { isEqual(field: IESAggField) { return field.getName() === this.getName(); } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + return null; + } } diff --git a/x-pack/plugins/maps/public/classes/fields/field.ts b/x-pack/plugins/maps/public/classes/fields/field.ts index dcf6ac54dc836..96d42a91319e1 100644 --- a/x-pack/plugins/maps/public/classes/fields/field.ts +++ b/x-pack/plugins/maps/public/classes/fields/field.ts @@ -5,6 +5,7 @@ * 2.0. */ +import { TileMetaFeature } from '../../../common/descriptor_types'; import { FIELD_ORIGIN } from '../../../common/constants'; import { IVectorSource } from '../sources/vector_source'; import { ITooltipProperty, TooltipProperty } from '../tooltips/tooltip_property'; @@ -39,6 +40,8 @@ export interface IField { supportsFieldMetaFromEs(): boolean; isEqual(field: IField): boolean; + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature): { min: number; max: number } | null; } export class AbstractField implements IField { @@ -114,4 +117,8 @@ export class AbstractField implements IField { isEqual(field: IField) { return this._origin === field.getOrigin() && this._fieldName === field.getName(); } + + pluckRangeFromTileMetaFeature(metaFeature: TileMetaFeature) { + return null; + } } diff --git a/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx b/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx index adf92a307a552..577fe60aa2e13 100644 --- a/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx +++ b/x-pack/plugins/maps/public/classes/styles/vector/properties/dynamic_style_property.tsx @@ -309,24 +309,17 @@ export class DynamicStyleProperty pluckOrdinalStyleMetaFromTileMetaFeatures( metaFeatures: TileMetaFeature[] ): RangeFieldMeta | null { - if (!this.isOrdinal()) { + if (!this._field || !this.isOrdinal()) { return null; } - const mbFieldName = this.getMbFieldName(); let min = Infinity; let max = -Infinity; for (let i = 0; i < metaFeatures.length; i++) { - const fieldMeta = metaFeatures[i].properties; - const minField = `aggregations.${mbFieldName}.min`; - const maxField = `aggregations.${mbFieldName}.max`; - if ( - fieldMeta && - typeof fieldMeta[minField] === 'number' && - typeof fieldMeta[maxField] === 'number' - ) { - min = Math.min(fieldMeta[minField] as number, min); - max = Math.max(fieldMeta[maxField] as number, max); + const range = this._field.pluckRangeFromTileMetaFeature(metaFeatures[i]); + if (range) { + min = Math.min(range.min, min); + max = Math.max(range.max, max); } } diff --git a/x-pack/test/functional/apps/maps/index.js b/x-pack/test/functional/apps/maps/index.js index 33184f2d35213..6a2a843682f26 100644 --- a/x-pack/test/functional/apps/maps/index.js +++ b/x-pack/test/functional/apps/maps/index.js @@ -79,7 +79,7 @@ export default function ({ loadTestFile, getService }) { loadTestFile(require.resolve('./joins')); loadTestFile(require.resolve('./mapbox_styles')); loadTestFile(require.resolve('./mvt_scaling')); - loadTestFile(require.resolve('./mvt_super_fine')); + loadTestFile(require.resolve('./mvt_geotile_grid')); loadTestFile(require.resolve('./add_layer_panel')); loadTestFile(require.resolve('./import_geojson')); loadTestFile(require.resolve('./layer_errors')); diff --git a/x-pack/test/functional/apps/maps/mvt_super_fine.js b/x-pack/test/functional/apps/maps/mvt_geotile_grid.js similarity index 52% rename from x-pack/test/functional/apps/maps/mvt_super_fine.js rename to x-pack/test/functional/apps/maps/mvt_geotile_grid.js index 6c5065a77c1d2..ffda75f8bf98a 100644 --- a/x-pack/test/functional/apps/maps/mvt_super_fine.js +++ b/x-pack/test/functional/apps/maps/mvt_geotile_grid.js @@ -14,13 +14,12 @@ export default function ({ getPageObjects, getService }) { const inspector = getService('inspector'); const security = getService('security'); - describe('mvt grid layer', () => { + describe('mvt geotile grid layer', () => { before(async () => { await security.testUser.setRoles( ['global_maps_all', 'test_logstash_reader', 'geoshape_data_reader'], false ); - await PageObjects.maps.loadSavedMap('geo grid vector grid example SUPER_FINE resolution'); }); after(async () => { @@ -28,7 +27,8 @@ export default function ({ getPageObjects, getService }) { await security.testUser.restoreDefaults(); }); - it('should render with mvt-source', async () => { + it('should render with mvt-source (style meta from ES)', async () => { + await PageObjects.maps.loadSavedMap('MVT geotile grid (style meta from ES)'); const mapboxStyle = await PageObjects.maps.getMapboxStyle(); //Source should be correct @@ -79,5 +79,95 @@ export default function ({ getPageObjects, getService }) { 'fill-opacity': 0.75, }); }); + + it('should render with mvt-source (style meta from local - count)', async () => { + await PageObjects.maps.loadSavedMap('MVT geotile grid (style meta from local - count)'); + const mapboxStyle = await PageObjects.maps.getMapboxStyle(); + + const fillLayer = mapboxStyle.layers.find( + (layer) => layer.id === MB_VECTOR_SOURCE_ID + '_fill' + ); + + expect(fillLayer.paint).to.eql({ + 'fill-color': [ + 'interpolate', + ['linear'], + [ + 'coalesce', + [ + 'case', + ['==', ['get', '_count'], null], + 0, + ['max', ['min', ['to-number', ['get', '_count']], 10], 1], + ], + 0, + ], + 0, + 'rgba(0,0,0,0)', + 1, + '#ecf1f7', + 2.125, + '#d9e3ef', + 3.25, + '#c5d5e7', + 4.375, + '#b2c7df', + 5.5, + '#9eb9d8', + 6.625, + '#8bacd0', + 7.75, + '#769fc8', + 8.875, + '#6092c0', + ], + 'fill-opacity': 0.75, + }); + }); + + it('should render with mvt-source (style meta from local - metric)', async () => { + await PageObjects.maps.loadSavedMap('MVT geotile grid (style meta from local - metric)'); + const mapboxStyle = await PageObjects.maps.getMapboxStyle(); + + const fillLayer = mapboxStyle.layers.find( + (layer) => layer.id === MB_VECTOR_SOURCE_ID + '_fill' + ); + + expect(fillLayer.paint).to.eql({ + 'fill-color': [ + 'interpolate', + ['linear'], + [ + 'coalesce', + [ + 'case', + ['==', ['get', 'sum_of_bytes.value'], null], + -1, + ['max', ['min', ['to-number', ['get', 'sum_of_bytes.value']], 14941], 0], + ], + -1, + ], + -1, + 'rgba(0,0,0,0)', + 0, + '#ecf1f7', + 1867.625, + '#d9e3ef', + 3735.25, + '#c5d5e7', + 5602.875, + '#b2c7df', + 7470.5, + '#9eb9d8', + 9338.125, + '#8bacd0', + 11205.75, + '#769fc8', + 13073.375, + '#6092c0', + ], + 'fill-opacity': 0.75, + }); + }); }); } diff --git a/x-pack/test/functional/fixtures/kbn_archiver/maps.json b/x-pack/test/functional/fixtures/kbn_archiver/maps.json index 78e49997d5c9e..94ab038ae973b 100644 --- a/x-pack/test/functional/fixtures/kbn_archiver/maps.json +++ b/x-pack/test/functional/fixtures/kbn_archiver/maps.json @@ -725,7 +725,7 @@ "description": "", "layerListJSON": "[{\"id\":\"g1xkv\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"sourceDescriptor\":{\"resolution\":\"SUPER_FINE\",\"type\":\"ES_GEO_GRID\",\"id\":\"9305f6ea-4518-4c06-95b9-33321aa38d6a\",\"geoField\":\"geo.coordinates\",\"requestType\":\"grid\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"max\",\"field\":\"bytes\"}],\"indexPatternRefName\":\"layer_0_source_index_pattern\",\"applyGlobalQuery\":true},\"visible\":true,\"temporary\":false,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"max of bytes\",\"name\":\"max_of_bytes\",\"origin\":\"source\"},\"color\":\"Blues\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#cccccc\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32}}},\"temporary\":true,\"previousStyle\":null},\"type\":\"TILED_VECTOR\"}]", "mapStateJSON": "{\"zoom\":3.59,\"center\":{\"lon\":-98.05765,\"lat\":38.32288},\"timeFilters\":{\"from\":\"2015-09-20T00:00:00.000Z\",\"to\":\"2015-09-20T01:00:00.000Z\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":1000},\"settings\":{\"autoFitToDataBounds\":false}}", - "title": "geo grid vector grid example SUPER_FINE resolution", + "title": "MVT geotile grid (style meta from ES)", "uiStateJSON": "{\"isDarkMode\":false}" }, "coreMigrationVersion": "8.0.0", @@ -744,6 +744,56 @@ "version": "WzU1LDJd" } +{ + "attributes": { + "description":"", + "layerListJSON":"[{\"id\":\"g1xkv\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"sourceDescriptor\":{\"resolution\":\"SUPER_FINE\",\"type\":\"ES_GEO_GRID\",\"id\":\"9305f6ea-4518-4c06-95b9-33321aa38d6a\",\"geoField\":\"geo.coordinates\",\"requestType\":\"grid\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"max\",\"field\":\"bytes\"}],\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_0_source_index_pattern\"},\"visible\":true,\"temporary\":false,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"type\":\"ORDINAL\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#cccccc\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"TILED_VECTOR\"}]", + "mapStateJSON":"{\"zoom\":3.59,\"center\":{\"lon\":-98.05765,\"lat\":38.32288},\"timeFilters\":{\"from\":\"2015-09-20T00:00:00.000Z\",\"to\":\"2015-09-21T01:00:00.000Z\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":1000},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title":"MVT geotile grid (style meta from local - count)", + "uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[\"g1xkv\"]}" + }, + "coreMigrationVersion":"8.1.0", + "id":"943443a0-3b48-11ec-8a0d-af01166a5cc3", + "migrationVersion": { + "map":"8.0.0" + }, + "references": [ + { + "id":"c698b940-e149-11e8-a35a-370a8516603a", + "name":"layer_0_source_index_pattern", + "type":"index-pattern" + } + ], + "type":"map", + "updated_at":"2021-11-01T19:20:50.287Z", + "version":"WzkwLDFd" +} + +{ + "attributes": { + "description":"", + "layerListJSON":"[{\"id\":\"g1xkv\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"sourceDescriptor\":{\"resolution\":\"SUPER_FINE\",\"type\":\"ES_GEO_GRID\",\"id\":\"9305f6ea-4518-4c06-95b9-33321aa38d6a\",\"geoField\":\"geo.coordinates\",\"requestType\":\"grid\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"bytes\"}],\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_0_source_index_pattern\"},\"visible\":true,\"temporary\":false,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"origin\":\"source\",\"name\":\"sum_of_bytes\"},\"color\":\"Blues\",\"fieldMetaOptions\":{\"isEnabled\":false}}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#cccccc\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"Count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"TILED_VECTOR\"}]", + "mapStateJSON":"{\"zoom\":3.59,\"center\":{\"lon\":-98.05765,\"lat\":38.32288},\"timeFilters\":{\"from\":\"2015-09-20T00:00:00.000Z\",\"to\":\"2015-09-20T04:00:00.000Z\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":1000},\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title":"MVT geotile grid (style meta from local - metric)", + "uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[\"g1xkv\"]}" + }, + "coreMigrationVersion":"8.1.0", + "id":"9ff6f170-3b56-11ec-9cfb-57b0ede90800", + "migrationVersion": { + "map":"8.0.0" + }, + "references": [ + { + "id":"c698b940-e149-11e8-a35a-370a8516603a", + "name":"layer_0_source_index_pattern", + "type":"index-pattern" + } + ], + "type":"map", + "updated_at":"2021-11-01T21:01:40.951Z", + "version":"WzkyLDFd" +} + { "attributes": { "description": "", From 0c5952a7d30c753cc9f22b3451344a2c5463b236 Mon Sep 17 00:00:00 2001 From: Byron Hulcher Date: Tue, 2 Nov 2021 11:32:40 -0400 Subject: [PATCH 18/53] [App Search] Update API namespace and routes for Search Relevance Suggestions/Adaptive Relevance (#116994) --- .../components/suggestions_logic.test.tsx | 2 +- .../components/suggestions_logic.tsx | 2 +- .../curations/curation/curation_logic.test.ts | 2 +- .../curations/curation/curation_logic.ts | 21 ++++++------ .../curation_suggestion_logic.test.ts | 10 +++--- .../curation_suggestion_logic.ts | 4 +-- .../ignored_queries_logic.test.ts | 4 +-- .../ignored_queries_logic.ts | 4 +-- .../curations_settings_logic.test.ts | 4 +-- .../curations_settings_logic.ts | 4 +-- ...ons.test.ts => adaptive_relevance.test.ts} | 32 +++++++++---------- ...e_suggestions.ts => adaptive_relevance.ts} | 20 ++++++------ .../server/routes/app_search/index.ts | 2 +- 13 files changed, 57 insertions(+), 54 deletions(-) rename x-pack/plugins/enterprise_search/server/routes/app_search/{search_relevance_suggestions.test.ts => adaptive_relevance.test.ts} (67%) rename x-pack/plugins/enterprise_search/server/routes/app_search/{search_relevance_suggestions.ts => adaptive_relevance.ts} (70%) diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx index 4248eb62e33f1..3e12aa7b629f0 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.test.tsx @@ -122,7 +122,7 @@ describe('SuggestionsLogic', () => { await nextTick(); expect(http.post).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify({ page: { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx index f0100fcafac4e..16c32c9bb0545 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/components/suggestions_logic.tsx @@ -75,7 +75,7 @@ export const SuggestionsLogic = kea( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions`, { body: JSON.stringify({ page: { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts index 260ac77774fa7..2b51cbb884ff9 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.test.ts @@ -295,7 +295,7 @@ describe('CurationLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts index a325a53f472a9..08bf8cfd179eb 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/curation/curation_logic.ts @@ -194,15 +194,18 @@ export const CurationLogic = kea { await nextTick(); expect(http.get).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions/foo-query', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions/foo-query', { query: { type: 'curation', @@ -297,7 +297,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { @@ -380,7 +380,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { @@ -463,7 +463,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { @@ -508,7 +508,7 @@ describe('CurationSuggestionLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts index 5c51272baea8b..0e774d811f3be 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curation_suggestion/curation_suggestion_logic.ts @@ -81,7 +81,7 @@ export const CurationSuggestionLogic = kea< try { // eslint-disable-next-line @typescript-eslint/no-explicit-any const suggestionResponse = await http.get( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions/${props.query}`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions/${props.query}`, { query: { type: 'curation', @@ -251,7 +251,7 @@ const updateSuggestion = async ( status: string ) => { const response = await http.put<{ results: Array }>( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions`, { body: JSON.stringify([ { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts index 83a200943256b..8c2545fad651a 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.test.ts @@ -114,7 +114,7 @@ describe('IgnoredQueriesLogic', () => { await nextTick(); expect(http.post).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify({ page: { @@ -170,7 +170,7 @@ describe('IgnoredQueriesLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions', + '/internal/app_search/engines/some-engine/adaptive_relevance/suggestions', { body: JSON.stringify([ { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts index e36b5bc156b46..798117ec353d4 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_history/components/ignored_queries_panel/ignored_queries_logic.ts @@ -89,7 +89,7 @@ export const IgnoredQueriesLogic = kea; - }>(`/internal/app_search/engines/${engineName}/search_relevance_suggestions`, { + }>(`/internal/app_search/engines/${engineName}/adaptive_relevance/suggestions`, { body: JSON.stringify([ { query: ignoredQuery, diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts index b8aae9c39174d..0d09f2d28f396 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.test.ts @@ -97,7 +97,7 @@ describe('CurationsSettingsLogic', () => { await nextTick(); expect(http.get).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions/settings' + '/internal/app_search/engines/some-engine/adaptive_relevance/settings' ); expect(CurationsSettingsLogic.actions.onCurationsSettingsLoad).toHaveBeenCalledWith({ enabled: true, @@ -204,7 +204,7 @@ describe('CurationsSettingsLogic', () => { await nextTick(); expect(http.put).toHaveBeenCalledWith( - '/internal/app_search/engines/some-engine/search_relevance_suggestions/settings', + '/internal/app_search/engines/some-engine/adaptive_relevance/settings', { body: JSON.stringify({ curation: { diff --git a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts index 3d090653ca74a..692d893a8e22f 100644 --- a/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts +++ b/x-pack/plugins/enterprise_search/public/applications/app_search/components/curations/views/curations_settings/curations_settings_logic.ts @@ -72,7 +72,7 @@ export const CurationsSettingsLogic = kea< try { const response = await http.get<{ curation: CurationsSettings }>( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions/settings` + `/internal/app_search/engines/${engineName}/adaptive_relevance/settings` ); actions.onCurationsSettingsLoad(response.curation); } catch (e) { @@ -96,7 +96,7 @@ export const CurationsSettingsLogic = kea< const { engineName } = EngineLogic.values; try { const response = await http.put<{ curation: CurationsSettings }>( - `/internal/app_search/engines/${engineName}/search_relevance_suggestions/settings`, + `/internal/app_search/engines/${engineName}/adaptive_relevance/settings`, { body: JSON.stringify({ curation: currationsSetting }), } diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.test.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.test.ts similarity index 67% rename from x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.test.ts rename to x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.test.ts index daab7c35596bf..cec2262c95a2e 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.test.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.test.ts @@ -7,17 +7,17 @@ import { MockRouter, mockRequestHandler, mockDependencies } from '../../__mocks__'; -import { registerSearchRelevanceSuggestionsRoutes } from './search_relevance_suggestions'; +import { registerSearchRelevanceSuggestionsRoutes } from './adaptive_relevance'; describe('search relevance insights routes', () => { beforeEach(() => { jest.clearAllMocks(); }); - describe('POST /internal/app_search/engines/{name}/search_relevance_suggestions', () => { + describe('POST /internal/app_search/engines/{name}/adaptive_relevance/suggestions', () => { const mockRouter = new MockRouter({ method: 'post', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', }); beforeEach(() => { @@ -33,15 +33,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }); }); }); - describe('PUT /internal/app_search/engines/{name}/search_relevance_suggestions', () => { + describe('PUT /internal/app_search/engines/{name}/adaptive_relevance/suggestions', () => { const mockRouter = new MockRouter({ method: 'put', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', }); beforeEach(() => { @@ -62,15 +62,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }); }); }); - describe('GET /internal/app_search/engines/{name}/search_relevance_suggestions/settings', () => { + describe('GET /internal/app_search/engines/{name}/adaptive_relevance/settings', () => { const mockRouter = new MockRouter({ method: 'get', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', }); beforeEach(() => { @@ -86,15 +86,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }); }); }); - describe('PUT /internal/app_search/engines/{name}/search_relevance_suggestions/settings', () => { + describe('PUT /internal/app_search/engines/{name}/adaptive_relevance/settings', () => { const mockRouter = new MockRouter({ method: 'put', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', }); beforeEach(() => { @@ -111,15 +111,15 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }); }); }); - describe('GET /internal/app_search/engines/{engineName}/search_relevance_suggestions/{query}', () => { + describe('GET /internal/app_search/engines/{engineName}/adaptive_relevance/suggestions/{query}', () => { const mockRouter = new MockRouter({ method: 'get', - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/{query}', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions/{query}', }); beforeEach(() => { @@ -136,7 +136,7 @@ describe('search relevance insights routes', () => { }); expect(mockRequestHandler.createRequest).toHaveBeenCalledWith({ - path: '/as/engines/:engineName/search_relevance_suggestions/:query', + path: '/as/engines/:engineName/adaptive_relevance/suggestions/:query', }); }); }); diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.ts similarity index 70% rename from x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.ts rename to x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.ts index 95b50a9c4971e..02260d19186da 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/search_relevance_suggestions.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/adaptive_relevance.ts @@ -17,7 +17,7 @@ export function registerSearchRelevanceSuggestionsRoutes({ }: RouteDependencies) { router.post( { - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', validate: { params: schema.object({ engineName: schema.string(), @@ -35,13 +35,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }, enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }) ); router.put( skipBodyValidation({ - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions', validate: { params: schema.object({ engineName: schema.string(), @@ -49,13 +49,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }), enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/suggestions', }) ); router.get( { - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', validate: { params: schema.object({ engineName: schema.string(), @@ -63,13 +63,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }, enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }) ); router.put( skipBodyValidation({ - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/settings', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/settings', validate: { params: schema.object({ engineName: schema.string(), @@ -77,13 +77,13 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }), enterpriseSearchRequestHandler.createRequest({ - path: '/api/as/v0/engines/:engineName/search_relevance_suggestions/settings', + path: '/api/as/v0/engines/:engineName/adaptive_relevance/settings', }) ); router.get( { - path: '/internal/app_search/engines/{engineName}/search_relevance_suggestions/{query}', + path: '/internal/app_search/engines/{engineName}/adaptive_relevance/suggestions/{query}', validate: { params: schema.object({ engineName: schema.string(), @@ -95,7 +95,7 @@ export function registerSearchRelevanceSuggestionsRoutes({ }, }, enterpriseSearchRequestHandler.createRequest({ - path: '/as/engines/:engineName/search_relevance_suggestions/:query', + path: '/as/engines/:engineName/adaptive_relevance/suggestions/:query', }) ); } diff --git a/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts b/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts index 737b21e6f5a92..602d8c48d520e 100644 --- a/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts +++ b/x-pack/plugins/enterprise_search/server/routes/app_search/index.ts @@ -7,6 +7,7 @@ import { RouteDependencies } from '../../plugin'; +import { registerSearchRelevanceSuggestionsRoutes } from './adaptive_relevance'; import { registerAnalyticsRoutes } from './analytics'; import { registerApiLogsRoutes } from './api_logs'; import { registerCrawlerRoutes } from './crawler'; @@ -22,7 +23,6 @@ import { registerResultSettingsRoutes } from './result_settings'; import { registerRoleMappingsRoutes } from './role_mappings'; import { registerSchemaRoutes } from './schema'; import { registerSearchRoutes } from './search'; -import { registerSearchRelevanceSuggestionsRoutes } from './search_relevance_suggestions'; import { registerSearchSettingsRoutes } from './search_settings'; import { registerSearchUIRoutes } from './search_ui'; import { registerSettingsRoutes } from './settings'; From da5371dee59e211da6ac16eedd787ce3594723c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patryk=20Kopyci=C5=84ski?= Date: Tue, 2 Nov 2021 16:37:15 +0100 Subject: [PATCH 19/53] [Osquery] Fix 7.16.0 BC3 issues (#117105) --- .../osquery/common/schemas/common/schemas.ts | 3 +- .../action_results/action_results_summary.tsx | 48 +- .../action_results/use_action_results.ts | 4 + .../public/common/schemas/ecs/v1.12.1.json | 2 +- ...managed_policy_create_import_extension.tsx | 20 +- .../osquery/public/packs/form/index.tsx | 7 +- .../packs/pack_queries_status_table.tsx | 142 ++- .../osquery/public/packs/packs_table.tsx | 2 +- .../queries/ecs_mapping_editor_field.tsx | 908 +++++++++++------- .../packs/use_pack_query_last_results.ts | 19 +- .../osquery/public/results/results_table.tsx | 16 +- .../public/routes/packs/list/index.tsx | 10 + .../public/saved_queries/use_saved_queries.ts | 1 + .../public/saved_queries/use_saved_query.ts | 1 + .../scripts/schema_formatter/ecs_formatter.ts | 2 +- .../lib/saved_query/saved_object_mappings.ts | 10 + .../saved_query/read_saved_query_route.ts | 2 +- .../saved_query/update_saved_query_route.ts | 3 +- x-pack/plugins/osquery/server/routes/utils.ts | 14 +- .../results/query.action_results.dsl.ts | 5 + 20 files changed, 737 insertions(+), 482 deletions(-) diff --git a/x-pack/plugins/osquery/common/schemas/common/schemas.ts b/x-pack/plugins/osquery/common/schemas/common/schemas.ts index 2ffb6c5feae54..4547db731ce1b 100644 --- a/x-pack/plugins/osquery/common/schemas/common/schemas.ts +++ b/x-pack/plugins/osquery/common/schemas/common/schemas.ts @@ -55,8 +55,9 @@ export type SavedQueryIdOrUndefined = t.TypeOf; export const ecsMapping = t.record( t.string, - t.type({ + t.partial({ field: t.string, + value: t.string, }) ); export type ECSMapping = t.TypeOf; diff --git a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx index 9da9ac72f273a..e04f783608420 100644 --- a/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx +++ b/x-pack/plugins/osquery/public/action_results/action_results_summary.tsx @@ -13,7 +13,6 @@ import React, { useCallback, useEffect, useMemo, useState } from 'react'; import { AgentIdToName } from '../agents/agent_id_to_name'; import { useActionResults } from './use_action_results'; -import { useAllResults } from '../results/use_all_results'; import { Direction } from '../../common/search_strategy'; import { useActionResultsPrivileges } from './use_action_privileges'; @@ -70,38 +69,8 @@ const ActionResultsSummaryComponent: React.FC = ({ }); } - const { data: logsResults } = useAllResults({ - actionId, - activePage: pageIndex, - limit: pageSize, - sort: [ - { - field: '@timestamp', - direction: Direction.asc, - }, - ], - isLive, - skip: !hasActionResultsPrivileges, - }); - const renderAgentIdColumn = useCallback((agentId) => , []); - - const renderRowsColumn = useCallback( - (_, item) => { - if (!logsResults) return '-'; - const agentId = item.fields.agent_id[0]; - - return ( - // @ts-expect-error update types - logsResults?.rawResponse?.aggregations?.count_by_agent_id?.buckets?.find( - // @ts-expect-error update types - (bucket) => bucket.key === agentId - )?.doc_count ?? '-' - ); - }, - [logsResults] - ); - + const renderRowsColumn = useCallback((rowsCount) => rowsCount ?? '-', []); const renderStatusColumn = useCallback( (_, item) => { if (!item.fields.completed_at) { @@ -145,7 +114,7 @@ const ActionResultsSummaryComponent: React.FC = ({ render: renderAgentIdColumn, }, { - field: 'fields.rows[0]', + field: '_source.action_response.osquery.count', name: i18n.translate( 'xpack.osquery.liveQueryActionResults.table.resultRowsNumberColumnTitle', { @@ -177,18 +146,9 @@ const ActionResultsSummaryComponent: React.FC = ({ setIsLive(() => { if (!agentIds?.length || expired) return false; - const uniqueAgentsRepliedCount = - // @ts-expect-error update types - logsResults?.rawResponse.aggregations?.unique_agents.value ?? 0; - - return !!(uniqueAgentsRepliedCount !== agentIds?.length - aggregations.failed); + return !!(aggregations.totalResponded !== agentIds?.length); }); - }, [ - agentIds?.length, - aggregations.failed, - expired, - logsResults?.rawResponse.aggregations?.unique_agents, - ]); + }, [agentIds?.length, aggregations.totalResponded, expired]); return edges.length ? ( diff --git a/x-pack/plugins/osquery/public/action_results/use_action_results.ts b/x-pack/plugins/osquery/public/action_results/use_action_results.ts index 29bff0819956a..e4b6ef14eb1e9 100644 --- a/x-pack/plugins/osquery/public/action_results/use_action_results.ts +++ b/x-pack/plugins/osquery/public/action_results/use_action_results.ts @@ -84,6 +84,9 @@ export const useActionResults = ({ const totalResponded = // @ts-expect-error update types responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.doc_count ?? 0; + const totalRowCount = + // @ts-expect-error update types + responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.rows_count?.value ?? 0; const aggsBuckets = // @ts-expect-error update types responseData.rawResponse?.aggregations?.aggs.responses_by_action_id?.responses.buckets; @@ -100,6 +103,7 @@ export const useActionResults = ({ ...responseData, edges: reverse(uniqBy('fields.agent_id[0]', flatten([responseData.edges, previousEdges]))), aggregations: { + totalRowCount, totalResponded, // @ts-expect-error update types successful: aggsBuckets?.find((bucket) => bucket.key === 'success')?.doc_count ?? 0, diff --git a/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json b/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json index 2b4a3c8c92f2f..a613c8b576524 100644 --- a/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json +++ b/x-pack/plugins/osquery/public/common/schemas/ecs/v1.12.1.json @@ -1 +1 @@ -[{"field":"labels","type":"object","description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","description":"Client network address."},{"field":"client.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"client.bytes","type":"long","description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","description":"Client domain."},{"field":"client.geo.city_name","type":"keyword","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","description":"Country name."},{"field":"client.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","description":"Time zone."},{"field":"client.ip","type":"ip","description":"IP address of the client."},{"field":"client.mac","type":"keyword","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","description":"Client NAT port"},{"field":"client.packets","type":"long","description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","description":"User email address."},{"field":"client.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","description":"Machine type of the host machine."},{"field":"cloud.project.id","type":"keyword","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","description":"The cloud service name."},{"field":"container.id","type":"keyword","description":"Unique container id."},{"field":"container.image.name","type":"keyword","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","description":"Container image tags."},{"field":"container.labels","type":"object","description":"Image labels."},{"field":"container.name","type":"keyword","description":"Container name."},{"field":"container.runtime","type":"keyword","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","description":"Destination network address."},{"field":"destination.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"destination.bytes","type":"long","description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","description":"Destination domain."},{"field":"destination.geo.city_name","type":"keyword","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","description":"Time zone."},{"field":"destination.ip","type":"ip","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"dll.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"dll.name","type":"keyword","description":"Name of the library."},{"field":"dll.path","type":"keyword","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","description":"Process name."},{"field":"dll.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"dll.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"dns.answers","type":"object","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","description":"The DNS response code."},{"field":"dns.type","type":"keyword","description":"The type of DNS event captured, query or answer."},{"field":"error.code","type":"keyword","description":"Error code describing the error."},{"field":"error.id","type":"keyword","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","description":"The action captured by the event."},{"field":"event.category","type":"keyword","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","description":"Identification code for this event."},{"field":"event.created","type":"date","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","description":"Name of the dataset."},{"field":"event.duration","type":"long","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","description":"Source of the event."},{"field":"event.reason","type":"keyword","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","description":"Event reference URL"},{"field":"event.risk_score","type":"float","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","description":"Sequence number of the event."},{"field":"event.severity","type":"long","description":"Numeric severity of the event."},{"field":"event.start","type":"date","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","description":"Event time zone."},{"field":"event.type","type":"keyword","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","description":"Event investigation URL"},{"field":"file.accessed","type":"date","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","description":"File creation time."},{"field":"file.ctime","type":"date","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"file.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"file.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"file.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"file.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"file.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"file.inode","type":"keyword","description":"Inode representing the file in the filesystem."},{"field":"file.mime_type","type":"keyword","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","description":"File owner's username."},{"field":"file.path","type":"keyword","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","description":"Process name."},{"field":"file.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"file.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"file.size","type":"long","description":"File size in bytes."},{"field":"file.target_path","type":"keyword","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","description":"Name of the group."},{"field":"host.cpu.usage","type":"scaled_float","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","description":"Country name."},{"field":"host.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","description":"Time zone."},{"field":"host.name","type":"keyword","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.type","type":"keyword","description":"Type of host."},{"field":"host.uptime","type":"long","description":"Seconds the host has been up."},{"field":"host.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"host.user.email","type":"keyword","description":"User email address."},{"field":"host.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"host.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"host.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"host.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"host.user.group.name","type":"keyword","description":"Name of the group."},{"field":"host.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"host.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"host.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"host.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"host.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"http.request.body.bytes","type":"long","description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","description":"HTTP response status code."},{"field":"http.version","type":"keyword","description":"HTTP version."},{"field":"log.file.path","type":"keyword","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","description":"Name of the logger."},{"field":"log.origin.file.line","type":"integer","description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","description":"The function which originated the log event."},{"field":"log.original","type":"keyword","description":"Deprecated original log message with light interpretation only (encoding, newlines)."},{"field":"log.syslog","type":"object","description":"Syslog metadata"},{"field":"log.syslog.facility.code","type":"long","description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","description":"Syslog text-based facility of the event."},{"field":"log.syslog.priority","type":"long","description":"Syslog priority of the event."},{"field":"log.syslog.severity.code","type":"long","description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","description":"Syslog text-based severity of the event."},{"field":"network.application","type":"keyword","description":"Application level protocol name."},{"field":"network.bytes","type":"long","description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","description":"IANA Protocol Number."},{"field":"network.inner","type":"object","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","description":"L7 Network protocol name."},{"field":"network.transport","type":"keyword","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","description":"Time zone."},{"field":"observer.hostname","type":"keyword","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"observer.os.version","type":"keyword","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","description":"Observer serial number."},{"field":"observer.type","type":"keyword","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.name","type":"keyword","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.name","type":"keyword","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.type","type":"keyword","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"package.architecture","type":"keyword","description":"Package architecture."},{"field":"package.build_version","type":"keyword","description":"Build version information"},{"field":"package.checksum","type":"keyword","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","description":"Time when package was installed."},{"field":"package.license","type":"keyword","description":"Package license"},{"field":"package.name","type":"keyword","description":"Package name"},{"field":"package.path","type":"keyword","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","description":"Package home page or reference URL"},{"field":"package.size","type":"long","description":"Package size in bytes."},{"field":"package.type","type":"keyword","description":"Package type"},{"field":"package.version","type":"keyword","description":"Package version"},{"field":"process.args","type":"keyword","description":"Array of process arguments."},{"field":"process.args_count","type":"long","description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"process.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"process.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"process.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"process.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","description":"Unique identifier for the process."},{"field":"process.executable","type":"keyword","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","description":"The exit code of the process."},{"field":"process.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"process.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"process.name","type":"keyword","description":"Process name."},{"field":"process.name.text","type":"match_only_text","description":"Process name."},{"field":"process.parent.args","type":"keyword","description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"process.parent.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"process.parent.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"process.parent.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","description":"The exit code of the process."},{"field":"process.parent.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"process.parent.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"process.parent.name","type":"keyword","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","description":"Process name."},{"field":"process.parent.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pgid","type":"long","description":"Identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","description":"Process id."},{"field":"process.parent.ppid","type":"long","description":"Parent process' pid."},{"field":"process.parent.start","type":"date","description":"The time the process started."},{"field":"process.parent.thread.id","type":"long","description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","description":"Thread name."},{"field":"process.parent.title","type":"keyword","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","description":"Process title."},{"field":"process.parent.uptime","type":"long","description":"Seconds the process has been up."},{"field":"process.parent.working_directory","type":"keyword","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","description":"Process name."},{"field":"process.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"process.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pgid","type":"long","description":"Identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","description":"Process id."},{"field":"process.ppid","type":"long","description":"Parent process' pid."},{"field":"process.start","type":"date","description":"The time the process started."},{"field":"process.thread.id","type":"long","description":"Thread ID."},{"field":"process.thread.name","type":"keyword","description":"Thread name."},{"field":"process.title","type":"keyword","description":"Process title."},{"field":"process.title.text","type":"match_only_text","description":"Process title."},{"field":"process.uptime","type":"long","description":"Seconds the process has been up."},{"field":"process.working_directory","type":"keyword","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","description":"Name of the value written."},{"field":"related.hash","type":"keyword","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","description":"Rule author"},{"field":"rule.category","type":"keyword","description":"Rule category"},{"field":"rule.description","type":"keyword","description":"Rule description"},{"field":"rule.id","type":"keyword","description":"Rule ID"},{"field":"rule.license","type":"keyword","description":"Rule license"},{"field":"rule.name","type":"keyword","description":"Rule name"},{"field":"rule.reference","type":"keyword","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","description":"Rule UUID"},{"field":"rule.version","type":"keyword","description":"Rule version"},{"field":"server.address","type":"keyword","description":"Server network address."},{"field":"server.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"server.bytes","type":"long","description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","description":"Server domain."},{"field":"server.geo.city_name","type":"keyword","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","description":"Country name."},{"field":"server.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","description":"Time zone."},{"field":"server.ip","type":"ip","description":"IP address of the server."},{"field":"server.mac","type":"keyword","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","description":"Server NAT port"},{"field":"server.packets","type":"long","description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","description":"User email address."},{"field":"server.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","description":"Address of this service."},{"field":"service.environment","type":"keyword","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","description":"Name of the service."},{"field":"service.node.name","type":"keyword","description":"Name of the service node."},{"field":"service.state","type":"keyword","description":"Current state of the service."},{"field":"service.type","type":"keyword","description":"The type of the service."},{"field":"service.version","type":"keyword","description":"Version of the service."},{"field":"source.address","type":"keyword","description":"Source network address."},{"field":"source.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"source.bytes","type":"long","description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","description":"Source domain."},{"field":"source.geo.city_name","type":"keyword","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","description":"Country name."},{"field":"source.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","description":"Time zone."},{"field":"source.ip","type":"ip","description":"IP address of the source."},{"field":"source.mac","type":"keyword","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","description":"Source NAT port"},{"field":"source.packets","type":"long","description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","description":"User email address."},{"field":"source.user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.size","type":"long","description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.modified_at","type":"date","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.port","type":"long","description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","description":"Matched indicator index"},{"field":"threat.enrichments.matched.type","type":"keyword","description":"Type of indicator match"},{"field":"threat.framework","type":"keyword","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.imports","type":"flattened","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","description":"SSDEEP hash."},{"field":"threat.indicator.file.inode","type":"keyword","description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","description":"Process name."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.product","type":"keyword","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.size","type":"long","description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","description":"Indicator TLP marking"},{"field":"threat.indicator.modified_at","type":"date","description":"Date/time indicator was last updated."},{"field":"threat.indicator.port","type":"long","description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","description":"List of country (C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","description":"List of country (C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","description":"Version of x509 format."},{"field":"tls.version","type":"keyword","description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","description":"Domain of the url."},{"field":"url.extension","type":"keyword","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","description":"Password of the request."},{"field":"url.path","type":"wildcard","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","description":"User email address."},{"field":"user.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","description":"Name of the group."},{"field":"user.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","description":"User email address."},{"field":"user.target.full_name","type":"keyword","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"user_agent.os.version","type":"keyword","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","description":"Severity of the vulnerability."}] \ No newline at end of file +[{"field":"labels","type":"object","normalization":"","example":{"application":"foo-bar","env":"production"},"description":"Custom key/value pairs."},{"field":"message","type":"match_only_text","normalization":"","example":"Hello World","description":"Log message optimized for viewing in a log viewer."},{"field":"tags","type":"keyword","normalization":"array","example":["production","env2"],"description":"List of keywords used to tag each event."},{"field":"agent.build.original","type":"keyword","normalization":"","example":"metricbeat version 7.6.0 (amd64), libbeat 7.6.0 [6a23e8f8f30f5001ba344e4e54d8d9cb82cb107c built 2020-02-05 23:10:10 +0000 UTC]","description":"Extended build information for the agent."},{"field":"client.address","type":"keyword","normalization":"","example":"","description":"Client network address."},{"field":"client.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"client.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"client.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the client to the server."},{"field":"client.domain","type":"keyword","normalization":"","example":"","description":"Client domain."},{"field":"client.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"client.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"client.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"client.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"client.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"client.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"client.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"client.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"client.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"client.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"client.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"client.ip","type":"ip","normalization":"","example":"","description":"IP address of the client."},{"field":"client.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the client."},{"field":"client.nat.ip","type":"ip","normalization":"","example":"","description":"Client NAT ip address"},{"field":"client.nat.port","type":"long","normalization":"","example":"","description":"Client NAT port"},{"field":"client.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the client to the server."},{"field":"client.port","type":"long","normalization":"","example":"","description":"Port of the client."},{"field":"client.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered client domain, stripped of the subdomain."},{"field":"client.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"client.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"client.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"client.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"client.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"client.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"client.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"client.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"client.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"client.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"client.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"client.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"cloud.account.id","type":"keyword","normalization":"","example":666777888999,"description":"The cloud account or organization id."},{"field":"cloud.account.name","type":"keyword","normalization":"","example":"elastic-dev","description":"The cloud account name."},{"field":"cloud.availability_zone","type":"keyword","normalization":"","example":"us-east-1c","description":"Availability zone in which this host, resource, or service is located."},{"field":"cloud.instance.id","type":"keyword","normalization":"","example":"i-1234567890abcdef0","description":"Instance ID of the host machine."},{"field":"cloud.instance.name","type":"keyword","normalization":"","example":"","description":"Instance name of the host machine."},{"field":"cloud.machine.type","type":"keyword","normalization":"","example":"t2.medium","description":"Machine type of the host machine."},{"field":"cloud.project.id","type":"keyword","normalization":"","example":"my-project","description":"The cloud project id."},{"field":"cloud.project.name","type":"keyword","normalization":"","example":"my project","description":"The cloud project name."},{"field":"cloud.provider","type":"keyword","normalization":"","example":"aws","description":"Name of the cloud provider."},{"field":"cloud.region","type":"keyword","normalization":"","example":"us-east-1","description":"Region in which this host, resource, or service is located."},{"field":"cloud.service.name","type":"keyword","normalization":"","example":"lambda","description":"The cloud service name."},{"field":"container.id","type":"keyword","normalization":"","example":"","description":"Unique container id."},{"field":"container.image.name","type":"keyword","normalization":"","example":"","description":"Name of the image the container was built on."},{"field":"container.image.tag","type":"keyword","normalization":"array","example":"","description":"Container image tags."},{"field":"container.labels","type":"object","normalization":"","example":"","description":"Image labels."},{"field":"container.name","type":"keyword","normalization":"","example":"","description":"Container name."},{"field":"container.runtime","type":"keyword","normalization":"","example":"docker","description":"Runtime managing this container."},{"field":"data_stream.dataset","type":"constant_keyword","normalization":"","example":"nginx.access","description":"The field can contain anything that makes sense to signify the source of the data."},{"field":"data_stream.namespace","type":"constant_keyword","normalization":"","example":"production","description":"A user defined namespace. Namespaces are useful to allow grouping of data."},{"field":"data_stream.type","type":"constant_keyword","normalization":"","example":"logs","description":"An overarching type for the data stream."},{"field":"destination.address","type":"keyword","normalization":"","example":"","description":"Destination network address."},{"field":"destination.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"destination.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"destination.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the destination to the source."},{"field":"destination.domain","type":"keyword","normalization":"","example":"","description":"Destination domain."},{"field":"destination.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"destination.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"destination.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"destination.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"destination.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"destination.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"destination.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"destination.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"destination.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"destination.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"destination.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"destination.ip","type":"ip","normalization":"","example":"","description":"IP address of the destination."},{"field":"destination.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the destination."},{"field":"destination.nat.ip","type":"ip","normalization":"","example":"","description":"Destination NAT ip"},{"field":"destination.nat.port","type":"long","normalization":"","example":"","description":"Destination NAT Port"},{"field":"destination.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the destination to the source."},{"field":"destination.port","type":"long","normalization":"","example":"","description":"Port of the destination."},{"field":"destination.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered destination domain, stripped of the subdomain."},{"field":"destination.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"destination.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"destination.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"destination.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"destination.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"destination.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"destination.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"destination.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"destination.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"destination.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"destination.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"destination.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"dll.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"dll.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"dll.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"dll.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"dll.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"dll.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"dll.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"dll.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"dll.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"dll.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"dll.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"dll.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"dll.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"dll.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"dll.name","type":"keyword","normalization":"","example":"kernel32.dll","description":"Name of the library."},{"field":"dll.path","type":"keyword","normalization":"","example":"C:\\Windows\\System32\\kernel32.dll","description":"Full file path of the library."},{"field":"dll.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"dll.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"dll.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"dll.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"dll.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"dll.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"dll.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"dns.answers","type":"object","normalization":"array","example":"","description":"Array of DNS answers."},{"field":"dns.answers.class","type":"keyword","normalization":"","example":"IN","description":"The class of DNS data contained in this resource record."},{"field":"dns.answers.data","type":"keyword","normalization":"","example":"10.10.10.10","description":"The data describing the resource."},{"field":"dns.answers.name","type":"keyword","normalization":"","example":"www.example.com","description":"The domain name to which this resource record pertains."},{"field":"dns.answers.ttl","type":"long","normalization":"","example":180,"description":"The time interval in seconds that this resource record may be cached before it should be discarded."},{"field":"dns.answers.type","type":"keyword","normalization":"","example":"CNAME","description":"The type of data contained in this resource record."},{"field":"dns.header_flags","type":"keyword","normalization":"array","example":["RD","RA"],"description":"Array of DNS header flags."},{"field":"dns.id","type":"keyword","normalization":"","example":62111,"description":"The DNS packet identifier assigned by the program that generated the query. The identifier is copied to the response."},{"field":"dns.op_code","type":"keyword","normalization":"","example":"QUERY","description":"The DNS operation code that specifies the kind of query in the message."},{"field":"dns.question.class","type":"keyword","normalization":"","example":"IN","description":"The class of records being queried."},{"field":"dns.question.name","type":"keyword","normalization":"","example":"www.example.com","description":"The name being queried."},{"field":"dns.question.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered domain, stripped of the subdomain."},{"field":"dns.question.subdomain","type":"keyword","normalization":"","example":"www","description":"The subdomain of the domain."},{"field":"dns.question.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"dns.question.type","type":"keyword","normalization":"","example":"AAAA","description":"The type of record being queried."},{"field":"dns.resolved_ip","type":"ip","normalization":"array","example":["10.10.10.10","10.10.10.11"],"description":"Array containing all IPs seen in answers.data"},{"field":"dns.response_code","type":"keyword","normalization":"","example":"NOERROR","description":"The DNS response code."},{"field":"dns.type","type":"keyword","normalization":"","example":"answer","description":"The type of DNS event captured, query or answer."},{"field":"error.code","type":"keyword","normalization":"","example":"","description":"Error code describing the error."},{"field":"error.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the error."},{"field":"error.message","type":"match_only_text","normalization":"","example":"","description":"Error message."},{"field":"error.stack_trace","type":"wildcard","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.stack_trace.text","type":"match_only_text","normalization":"","example":"","description":"The stack trace of this error in plain text."},{"field":"error.type","type":"keyword","normalization":"","example":"java.lang.NullPointerException","description":"The type of the error, for example the class name of the exception."},{"field":"event.action","type":"keyword","normalization":"","example":"user-password-change","description":"The action captured by the event."},{"field":"event.category","type":"keyword","normalization":"array","example":"authentication","description":"Event category. The second categorization field in the hierarchy."},{"field":"event.code","type":"keyword","normalization":"","example":4648,"description":"Identification code for this event."},{"field":"event.created","type":"date","normalization":"","example":"2016-05-23T08:05:34.857Z","description":"Time when the event was first read by an agent or by your pipeline."},{"field":"event.dataset","type":"keyword","normalization":"","example":"apache.access","description":"Name of the dataset."},{"field":"event.duration","type":"long","normalization":"","example":"","description":"Duration of the event in nanoseconds."},{"field":"event.end","type":"date","normalization":"","example":"","description":"event.end contains the date when the event ended or when the activity was last observed."},{"field":"event.hash","type":"keyword","normalization":"","example":"123456789012345678901234567890ABCD","description":"Hash (perhaps logstash fingerprint) of raw field to be able to demonstrate log integrity."},{"field":"event.id","type":"keyword","normalization":"","example":"8a4f500d","description":"Unique ID to describe the event."},{"field":"event.kind","type":"keyword","normalization":"","example":"alert","description":"The kind of the event. The highest categorization field in the hierarchy."},{"field":"event.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 host CEF:0|Security| threatmanager|1.0|100| worm successfully stopped|10|src=10.0.0.1 dst=2.1.2.2spt=1232","description":"Raw text message of entire event."},{"field":"event.outcome","type":"keyword","normalization":"","example":"success","description":"The outcome of the event. The lowest level categorization field in the hierarchy."},{"field":"event.provider","type":"keyword","normalization":"","example":"kernel","description":"Source of the event."},{"field":"event.reason","type":"keyword","normalization":"","example":"Terminated an unexpected process","description":"Reason why this event happened, according to the source"},{"field":"event.reference","type":"keyword","normalization":"","example":"https://system.example.com/event/#0001234","description":"Event reference URL"},{"field":"event.risk_score","type":"float","normalization":"","example":"","description":"Risk score or priority of the event (e.g. security solutions). Use your system's original value here."},{"field":"event.risk_score_norm","type":"float","normalization":"","example":"","description":"Normalized risk score or priority of the event (0-100)."},{"field":"event.sequence","type":"long","normalization":"","example":"","description":"Sequence number of the event."},{"field":"event.severity","type":"long","normalization":"","example":7,"description":"Numeric severity of the event."},{"field":"event.start","type":"date","normalization":"","example":"","description":"event.start contains the date when the event started or when the activity was first observed."},{"field":"event.timezone","type":"keyword","normalization":"","example":"","description":"Event time zone."},{"field":"event.type","type":"keyword","normalization":"array","example":"","description":"Event type. The third categorization field in the hierarchy."},{"field":"event.url","type":"keyword","normalization":"","example":"https://mysystem.example.com/alert/5271dedb-f5b0-4218-87f0-4ac4870a38fe","description":"Event investigation URL"},{"field":"file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.cpu.usage","type":"scaled_float","normalization":"","example":"","description":"Percent CPU used, between 0 and 1."},{"field":"host.disk.read.bytes","type":"long","normalization":"","example":"","description":"The number of bytes read by all disks."},{"field":"host.disk.write.bytes","type":"long","normalization":"","example":"","description":"The number of bytes written on all disks."},{"field":"host.domain","type":"keyword","normalization":"","example":"CONTOSO","description":"Name of the directory the group is a member of."},{"field":"host.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"host.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"host.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"host.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"host.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"host.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"host.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"host.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"host.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"host.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"host.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"host.name","type":"keyword","normalization":"","example":"","description":"Name of the host."},{"field":"host.network.egress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes sent on all network interfaces."},{"field":"host.network.egress.packets","type":"long","normalization":"","example":"","description":"The number of packets sent on all network interfaces."},{"field":"host.network.ingress.bytes","type":"long","normalization":"","example":"","description":"The number of bytes received on all network interfaces."},{"field":"host.network.ingress.packets","type":"long","normalization":"","example":"","description":"The number of packets received on all network interfaces."},{"field":"host.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"host.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"host.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"host.type","type":"keyword","normalization":"","example":"","description":"Type of host."},{"field":"host.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the host has been up."},{"field":"host.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"host.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"host.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"host.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"host.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"host.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"host.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"host.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"host.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"host.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"host.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"host.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"http.request.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the request body."},{"field":"http.request.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP request body."},{"field":"http.request.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the request (body and headers)."},{"field":"http.request.id","type":"keyword","normalization":"","example":"123e4567-e89b-12d3-a456-426614174000","description":"HTTP request ID."},{"field":"http.request.method","type":"keyword","normalization":"","example":"GET, POST, PUT, PoST","description":"HTTP request method."},{"field":"http.request.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the request."},{"field":"http.request.referrer","type":"keyword","normalization":"","example":"https://blog.example.com/","description":"Referrer for this HTTP request."},{"field":"http.response.body.bytes","type":"long","normalization":"","example":887,"description":"Size in bytes of the response body."},{"field":"http.response.body.content","type":"wildcard","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.body.content.text","type":"match_only_text","normalization":"","example":"Hello world","description":"The full HTTP response body."},{"field":"http.response.bytes","type":"long","normalization":"","example":1437,"description":"Total size in bytes of the response (body and headers)."},{"field":"http.response.mime_type","type":"keyword","normalization":"","example":"image/gif","description":"Mime type of the body of the response."},{"field":"http.response.status_code","type":"long","normalization":"","example":404,"description":"HTTP response status code."},{"field":"http.version","type":"keyword","normalization":"","example":1.1,"description":"HTTP version."},{"field":"log.file.path","type":"keyword","normalization":"","example":"/var/log/fun-times.log","description":"Full path to the log file this event came from."},{"field":"log.level","type":"keyword","normalization":"","example":"error","description":"Log level of the log event."},{"field":"log.logger","type":"keyword","normalization":"","example":"org.elasticsearch.bootstrap.Bootstrap","description":"Name of the logger."},{"field":"log.origin.file.line","type":"integer","normalization":"","example":42,"description":"The line number of the file which originated the log event."},{"field":"log.origin.file.name","type":"keyword","normalization":"","example":"Bootstrap.java","description":"The code file which originated the log event."},{"field":"log.origin.function","type":"keyword","normalization":"","example":"init","description":"The function which originated the log event."},{"field":"log.original","type":"keyword","normalization":"","example":"Sep 19 08:26:10 localhost My log","description":"Deprecated original log message with light interpretation only (encoding, newlines)."},{"field":"log.syslog","type":"object","normalization":"","example":"","description":"Syslog metadata"},{"field":"log.syslog.facility.code","type":"long","normalization":"","example":23,"description":"Syslog numeric facility of the event."},{"field":"log.syslog.facility.name","type":"keyword","normalization":"","example":"local7","description":"Syslog text-based facility of the event."},{"field":"log.syslog.priority","type":"long","normalization":"","example":135,"description":"Syslog priority of the event."},{"field":"log.syslog.severity.code","type":"long","normalization":"","example":3,"description":"Syslog numeric severity of the event."},{"field":"log.syslog.severity.name","type":"keyword","normalization":"","example":"Error","description":"Syslog text-based severity of the event."},{"field":"network.application","type":"keyword","normalization":"","example":"aim","description":"Application level protocol name."},{"field":"network.bytes","type":"long","normalization":"","example":368,"description":"Total bytes transferred in both directions."},{"field":"network.community_id","type":"keyword","normalization":"","example":"1:hO+sN4H+MG5MY/8hIrXPqc4ZQz0=","description":"A hash of source and destination IPs and ports."},{"field":"network.direction","type":"keyword","normalization":"","example":"inbound","description":"Direction of the network traffic."},{"field":"network.forwarded_ip","type":"ip","normalization":"","example":"192.1.1.2","description":"Host IP address when the source IP address is the proxy."},{"field":"network.iana_number","type":"keyword","normalization":"","example":6,"description":"IANA Protocol Number."},{"field":"network.inner","type":"object","normalization":"","example":"","description":"Inner VLAN tag information"},{"field":"network.inner.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.inner.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"network.name","type":"keyword","normalization":"","example":"Guest Wifi","description":"Name given by operators to sections of their network."},{"field":"network.packets","type":"long","normalization":"","example":24,"description":"Total packets transferred in both directions."},{"field":"network.protocol","type":"keyword","normalization":"","example":"http","description":"L7 Network protocol name."},{"field":"network.transport","type":"keyword","normalization":"","example":"tcp","description":"Protocol Name corresponding to the field `iana_number`."},{"field":"network.type","type":"keyword","normalization":"","example":"ipv4","description":"In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc"},{"field":"network.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"network.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress","type":"object","normalization":"","example":"","description":"Object field for egress information"},{"field":"observer.egress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.egress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.egress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.egress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.egress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.egress.zone","type":"keyword","normalization":"","example":"Public_Internet","description":"Observer Egress zone"},{"field":"observer.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"observer.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"observer.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"observer.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"observer.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"observer.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"observer.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"observer.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"observer.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"observer.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"observer.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"observer.hostname","type":"keyword","normalization":"","example":"","description":"Hostname of the observer."},{"field":"observer.ingress","type":"object","normalization":"","example":"","description":"Object field for ingress information"},{"field":"observer.ingress.interface.alias","type":"keyword","normalization":"","example":"outside","description":"Interface alias"},{"field":"observer.ingress.interface.id","type":"keyword","normalization":"","example":10,"description":"Interface ID"},{"field":"observer.ingress.interface.name","type":"keyword","normalization":"","example":"eth0","description":"Interface name"},{"field":"observer.ingress.vlan.id","type":"keyword","normalization":"","example":10,"description":"VLAN ID as reported by the observer."},{"field":"observer.ingress.vlan.name","type":"keyword","normalization":"","example":"outside","description":"Optional VLAN name as reported by the observer."},{"field":"observer.ingress.zone","type":"keyword","normalization":"","example":"DMZ","description":"Observer ingress zone"},{"field":"observer.ip","type":"ip","normalization":"array","example":"","description":"IP addresses of the observer."},{"field":"observer.mac","type":"keyword","normalization":"array","example":["00-00-5E-00-53-23","00-00-5E-00-53-24"],"description":"MAC addresses of the observer."},{"field":"observer.name","type":"keyword","normalization":"","example":"1_proxySG","description":"Custom name of the observer."},{"field":"observer.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"observer.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"observer.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"observer.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"observer.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"observer.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"observer.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"observer.product","type":"keyword","normalization":"","example":"s200","description":"The product name of the observer."},{"field":"observer.serial_number","type":"keyword","normalization":"","example":"","description":"Observer serial number."},{"field":"observer.type","type":"keyword","normalization":"","example":"firewall","description":"The type of the observer the data is coming from."},{"field":"observer.vendor","type":"keyword","normalization":"","example":"Symantec","description":"Vendor name of the observer."},{"field":"observer.version","type":"keyword","normalization":"","example":"","description":"Observer version."},{"field":"orchestrator.api_version","type":"keyword","normalization":"","example":"v1beta1","description":"API version being used to carry out the action"},{"field":"orchestrator.cluster.name","type":"keyword","normalization":"","example":"","description":"Name of the cluster."},{"field":"orchestrator.cluster.url","type":"keyword","normalization":"","example":"","description":"URL of the API used to manage the cluster."},{"field":"orchestrator.cluster.version","type":"keyword","normalization":"","example":"","description":"The version of the cluster."},{"field":"orchestrator.namespace","type":"keyword","normalization":"","example":"kube-system","description":"Namespace in which the action is taking place."},{"field":"orchestrator.organization","type":"keyword","normalization":"","example":"elastic","description":"Organization affected by the event (for multi-tenant orchestrator setups)."},{"field":"orchestrator.resource.name","type":"keyword","normalization":"","example":"test-pod-cdcws","description":"Name of the resource being acted upon."},{"field":"orchestrator.resource.type","type":"keyword","normalization":"","example":"service","description":"Type of resource being acted upon."},{"field":"orchestrator.type","type":"keyword","normalization":"","example":"kubernetes","description":"Orchestrator cluster type (e.g. kubernetes, nomad or cloudfoundry)."},{"field":"organization.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the organization."},{"field":"organization.name","type":"keyword","normalization":"","example":"","description":"Organization name."},{"field":"organization.name.text","type":"match_only_text","normalization":"","example":"","description":"Organization name."},{"field":"package.architecture","type":"keyword","normalization":"","example":"x86_64","description":"Package architecture."},{"field":"package.build_version","type":"keyword","normalization":"","example":"36f4f7e89dd61b0988b12ee000b98966867710cd","description":"Build version information"},{"field":"package.checksum","type":"keyword","normalization":"","example":"68b329da9893e34099c7d8ad5cb9c940","description":"Checksum of the installed package for verification."},{"field":"package.description","type":"keyword","normalization":"","example":"Open source programming language to build simple/reliable/efficient software.","description":"Description of the package."},{"field":"package.install_scope","type":"keyword","normalization":"","example":"global","description":"Indicating how the package was installed, e.g. user-local, global."},{"field":"package.installed","type":"date","normalization":"","example":"","description":"Time when package was installed."},{"field":"package.license","type":"keyword","normalization":"","example":"Apache License 2.0","description":"Package license"},{"field":"package.name","type":"keyword","normalization":"","example":"go","description":"Package name"},{"field":"package.path","type":"keyword","normalization":"","example":"/usr/local/Cellar/go/1.12.9/","description":"Path where the package is installed."},{"field":"package.reference","type":"keyword","normalization":"","example":"https://golang.org","description":"Package home page or reference URL"},{"field":"package.size","type":"long","normalization":"","example":62231,"description":"Package size in bytes."},{"field":"package.type","type":"keyword","normalization":"","example":"rpm","description":"Package type"},{"field":"package.version","type":"keyword","normalization":"","example":"1.12.9","description":"Package version"},{"field":"process.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.args","type":"keyword","normalization":"array","example":["/usr/bin/ssh","-l","user","10.0.0.16"],"description":"Array of process arguments."},{"field":"process.parent.args_count","type":"long","normalization":"","example":4,"description":"Length of the process.args array."},{"field":"process.parent.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"process.parent.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"process.parent.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"process.parent.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"process.parent.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"process.parent.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"process.parent.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"process.parent.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"process.parent.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"process.parent.command_line","type":"wildcard","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.command_line.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh -l user 10.0.0.16","description":"Full command line that started the process."},{"field":"process.parent.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"process.parent.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"process.parent.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"process.parent.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"process.parent.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"process.parent.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"process.parent.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"process.parent.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"process.parent.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"process.parent.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"process.parent.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"process.parent.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"process.parent.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"process.parent.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"process.parent.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"process.parent.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"process.parent.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"process.parent.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"process.parent.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"process.parent.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"process.parent.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"process.parent.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"process.parent.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"process.parent.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"process.parent.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"process.parent.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"process.parent.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"process.parent.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"process.parent.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"process.parent.end","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process ended."},{"field":"process.parent.entity_id","type":"keyword","normalization":"","example":"c2c455d9f99375d","description":"Unique identifier for the process."},{"field":"process.parent.executable","type":"keyword","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.executable.text","type":"match_only_text","normalization":"","example":"/usr/bin/ssh","description":"Absolute path to the process executable."},{"field":"process.parent.exit_code","type":"long","normalization":"","example":137,"description":"The exit code of the process."},{"field":"process.parent.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"process.parent.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"process.parent.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"process.parent.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"process.parent.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"process.parent.name","type":"keyword","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.name.text","type":"match_only_text","normalization":"","example":"ssh","description":"Process name."},{"field":"process.parent.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.parent.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.parent.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.parent.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.parent.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.parent.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.parent.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.parent.pgid","type":"long","normalization":"","example":"","description":"Identifier of the group of processes the process belongs to."},{"field":"process.parent.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.parent.ppid","type":"long","normalization":"","example":4241,"description":"Parent process' pid."},{"field":"process.parent.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.parent.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.parent.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.parent.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.parent.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.parent.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.parent.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.parent.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"process.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"process.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"process.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"process.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"process.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"process.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"process.pgid","type":"long","normalization":"","example":"","description":"Identifier of the group of processes the process belongs to."},{"field":"process.pid","type":"long","normalization":"","example":4242,"description":"Process id."},{"field":"process.ppid","type":"long","normalization":"","example":4241,"description":"Parent process' pid."},{"field":"process.start","type":"date","normalization":"","example":"2016-05-23T08:05:34.853Z","description":"The time the process started."},{"field":"process.thread.id","type":"long","normalization":"","example":4242,"description":"Thread ID."},{"field":"process.thread.name","type":"keyword","normalization":"","example":"thread-0","description":"Thread name."},{"field":"process.title","type":"keyword","normalization":"","example":"","description":"Process title."},{"field":"process.title.text","type":"match_only_text","normalization":"","example":"","description":"Process title."},{"field":"process.uptime","type":"long","normalization":"","example":1325,"description":"Seconds the process has been up."},{"field":"process.working_directory","type":"keyword","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"process.working_directory.text","type":"match_only_text","normalization":"","example":"/home/alice","description":"The working directory of the process."},{"field":"registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"related.hash","type":"keyword","normalization":"array","example":"","description":"All the hashes seen on your event."},{"field":"related.hosts","type":"keyword","normalization":"array","example":"","description":"All the host identifiers seen on your event."},{"field":"related.ip","type":"ip","normalization":"array","example":"","description":"All of the IPs seen on your event."},{"field":"related.user","type":"keyword","normalization":"array","example":"","description":"All the user names or other user identifiers seen on the event."},{"field":"rule.author","type":"keyword","normalization":"array","example":["Star-Lord"],"description":"Rule author"},{"field":"rule.category","type":"keyword","normalization":"","example":"Attempted Information Leak","description":"Rule category"},{"field":"rule.description","type":"keyword","normalization":"","example":"Block requests to public DNS over HTTPS / TLS protocols","description":"Rule description"},{"field":"rule.id","type":"keyword","normalization":"","example":101,"description":"Rule ID"},{"field":"rule.license","type":"keyword","normalization":"","example":"Apache 2.0","description":"Rule license"},{"field":"rule.name","type":"keyword","normalization":"","example":"BLOCK_DNS_over_TLS","description":"Rule name"},{"field":"rule.reference","type":"keyword","normalization":"","example":"https://en.wikipedia.org/wiki/DNS_over_TLS","description":"Rule reference URL"},{"field":"rule.ruleset","type":"keyword","normalization":"","example":"Standard_Protocol_Filters","description":"Rule ruleset"},{"field":"rule.uuid","type":"keyword","normalization":"","example":1100110011,"description":"Rule UUID"},{"field":"rule.version","type":"keyword","normalization":"","example":1.1,"description":"Rule version"},{"field":"server.address","type":"keyword","normalization":"","example":"","description":"Server network address."},{"field":"server.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"server.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"server.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the server to the client."},{"field":"server.domain","type":"keyword","normalization":"","example":"","description":"Server domain."},{"field":"server.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"server.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"server.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"server.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"server.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"server.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"server.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"server.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"server.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"server.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"server.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"server.ip","type":"ip","normalization":"","example":"","description":"IP address of the server."},{"field":"server.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the server."},{"field":"server.nat.ip","type":"ip","normalization":"","example":"","description":"Server NAT ip"},{"field":"server.nat.port","type":"long","normalization":"","example":"","description":"Server NAT port"},{"field":"server.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the server to the client."},{"field":"server.port","type":"long","normalization":"","example":"","description":"Port of the server."},{"field":"server.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered server domain, stripped of the subdomain."},{"field":"server.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"server.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"server.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"server.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"server.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"server.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"server.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"server.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"server.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"server.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"server.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"server.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"service.address","type":"keyword","normalization":"","example":"172.26.0.2:5432","description":"Address of this service."},{"field":"service.environment","type":"keyword","normalization":"","example":"production","description":"Environment of the service."},{"field":"service.ephemeral_id","type":"keyword","normalization":"","example":"8a4f500f","description":"Ephemeral identifier of this service."},{"field":"service.id","type":"keyword","normalization":"","example":"d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6","description":"Unique identifier of the running service."},{"field":"service.name","type":"keyword","normalization":"","example":"elasticsearch-metrics","description":"Name of the service."},{"field":"service.node.name","type":"keyword","normalization":"","example":"instance-0000000016","description":"Name of the service node."},{"field":"service.state","type":"keyword","normalization":"","example":"","description":"Current state of the service."},{"field":"service.type","type":"keyword","normalization":"","example":"elasticsearch","description":"The type of the service."},{"field":"service.version","type":"keyword","normalization":"","example":"3.2.4","description":"Version of the service."},{"field":"source.address","type":"keyword","normalization":"","example":"","description":"Source network address."},{"field":"source.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"source.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"source.bytes","type":"long","normalization":"","example":184,"description":"Bytes sent from the source to the destination."},{"field":"source.domain","type":"keyword","normalization":"","example":"","description":"Source domain."},{"field":"source.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"source.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"source.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"source.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"source.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"source.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"source.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"source.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"source.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"source.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"source.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"source.ip","type":"ip","normalization":"","example":"","description":"IP address of the source."},{"field":"source.mac","type":"keyword","normalization":"","example":"00-00-5E-00-53-23","description":"MAC address of the source."},{"field":"source.nat.ip","type":"ip","normalization":"","example":"","description":"Source NAT ip"},{"field":"source.nat.port","type":"long","normalization":"","example":"","description":"Source NAT port"},{"field":"source.packets","type":"long","normalization":"","example":12,"description":"Packets sent from the source to the destination."},{"field":"source.port","type":"long","normalization":"","example":"","description":"Port of the source."},{"field":"source.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered source domain, stripped of the subdomain."},{"field":"source.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"source.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"source.user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"source.user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"source.user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"source.user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"source.user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"source.user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"source.user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"source.user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"source.user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"source.user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"span.id","type":"keyword","normalization":"","example":"3ff9a8981b7ccd5a","description":"Unique identifier of the span within the scope of its trace."},{"field":"threat.enrichments","type":"nested","normalization":"array","example":"","description":"List of objects containing indicators enriching the event."},{"field":"threat.enrichments.indicator","type":"object","normalization":"","example":"","description":"Object containing indicators enriching the event."},{"field":"threat.enrichments.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.enrichments.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.enrichments.indicator.confidence","type":"keyword","normalization":"","example":"High","description":"Indicator confidence rating"},{"field":"threat.enrichments.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.enrichments.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.enrichments.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.enrichments.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.enrichments.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.enrichments.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.enrichments.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.enrichments.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.enrichments.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.enrichments.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.enrichments.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.enrichments.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.enrichments.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.enrichments.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.enrichments.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.enrichments.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.enrichments.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.enrichments.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.enrichments.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.enrichments.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.enrichments.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.enrichments.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.enrichments.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.enrichments.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.enrichments.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.enrichments.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.enrichments.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.enrichments.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.enrichments.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.enrichments.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.enrichments.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.enrichments.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.enrichments.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.enrichments.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.enrichments.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.enrichments.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.enrichments.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.enrichments.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.enrichments.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.enrichments.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.enrichments.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.enrichments.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.enrichments.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.enrichments.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.enrichments.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.enrichments.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.enrichments.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.enrichments.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.enrichments.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.enrichments.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.enrichments.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.enrichments.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.enrichments.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.enrichments.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.enrichments.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.enrichments.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.enrichments.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.enrichments.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.enrichments.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.enrichments.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.enrichments.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.enrichments.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.enrichments.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.enrichments.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.enrichments.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.enrichments.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.enrichments.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.enrichments.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.enrichments.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.enrichments.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.enrichments.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.enrichments.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.enrichments.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.enrichments.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.enrichments.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.enrichments.indicator.marking.tlp","type":"keyword","normalization":"","example":"White","description":"Indicator TLP marking"},{"field":"threat.enrichments.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.enrichments.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.enrichments.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.enrichments.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.enrichments.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.enrichments.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.enrichments.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.enrichments.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.enrichments.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.enrichments.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.enrichments.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.enrichments.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.enrichments.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.enrichments.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.enrichments.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.enrichments.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.enrichments.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.enrichments.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.enrichments.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.enrichments.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.enrichments.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.enrichments.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.enrichments.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.enrichments.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.enrichments.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.enrichments.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.enrichments.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.enrichments.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.enrichments.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.enrichments.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.enrichments.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.enrichments.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.enrichments.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.enrichments.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.enrichments.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.enrichments.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.enrichments.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.enrichments.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.enrichments.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.enrichments.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.enrichments.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.enrichments.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.enrichments.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.enrichments.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.enrichments.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.enrichments.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.enrichments.matched.atomic","type":"keyword","normalization":"","example":"bad-domain.com","description":"Matched indicator value"},{"field":"threat.enrichments.matched.field","type":"keyword","normalization":"","example":"file.hash.sha256","description":"Matched indicator field"},{"field":"threat.enrichments.matched.id","type":"keyword","normalization":"","example":"ff93aee5-86a1-4a61-b0e6-0cdc313d01b5","description":"Matched indicator identifier"},{"field":"threat.enrichments.matched.index","type":"keyword","normalization":"","example":"filebeat-8.0.0-2021.05.23-000011","description":"Matched indicator index"},{"field":"threat.enrichments.matched.type","type":"keyword","normalization":"","example":"indicator_match_rule","description":"Type of indicator match"},{"field":"threat.framework","type":"keyword","normalization":"","example":"MITRE ATT&CK","description":"Threat classification framework."},{"field":"threat.group.alias","type":"keyword","normalization":"array","example":["Magecart Group 6"],"description":"Alias of the group."},{"field":"threat.group.id","type":"keyword","normalization":"","example":"G0037","description":"ID of the group."},{"field":"threat.group.name","type":"keyword","normalization":"","example":"FIN6","description":"Name of the group."},{"field":"threat.group.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/groups/G0037/","description":"Reference URL of the group."},{"field":"threat.indicator.as.number","type":"long","normalization":"","example":15169,"description":"Unique number allocated to the autonomous system."},{"field":"threat.indicator.as.organization.name","type":"keyword","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.as.organization.name.text","type":"match_only_text","normalization":"","example":"Google LLC","description":"Organization name."},{"field":"threat.indicator.confidence","type":"keyword","normalization":"","example":"High","description":"Indicator confidence rating"},{"field":"threat.indicator.description","type":"keyword","normalization":"","example":"IP x.x.x.x was observed delivering the Angler EK.","description":"Indicator description"},{"field":"threat.indicator.email.address","type":"keyword","normalization":"","example":"phish@example.com","description":"Indicator email address"},{"field":"threat.indicator.file.accessed","type":"date","normalization":"","example":"","description":"Last time the file was accessed."},{"field":"threat.indicator.file.attributes","type":"keyword","normalization":"array","example":["readonly","system"],"description":"Array of file attributes."},{"field":"threat.indicator.file.code_signature.digest_algorithm","type":"keyword","normalization":"","example":"sha256","description":"Hashing algorithm used to sign the process."},{"field":"threat.indicator.file.code_signature.exists","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if a signature is present."},{"field":"threat.indicator.file.code_signature.signing_id","type":"keyword","normalization":"","example":"com.apple.xpc.proxy","description":"The identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.status","type":"keyword","normalization":"","example":"ERROR_UNTRUSTED_ROOT","description":"Additional information about the certificate status."},{"field":"threat.indicator.file.code_signature.subject_name","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Subject name of the code signer"},{"field":"threat.indicator.file.code_signature.team_id","type":"keyword","normalization":"","example":"EQHXZ8M8AV","description":"The team identifier used to sign the process."},{"field":"threat.indicator.file.code_signature.timestamp","type":"date","normalization":"","example":"2021-01-01T12:10:30Z","description":"When the signature was generated and signed."},{"field":"threat.indicator.file.code_signature.trusted","type":"boolean","normalization":"","example":true,"description":"Stores the trust status of the certificate chain."},{"field":"threat.indicator.file.code_signature.valid","type":"boolean","normalization":"","example":true,"description":"Boolean to capture if the digital signature is verified against the binary content."},{"field":"threat.indicator.file.created","type":"date","normalization":"","example":"","description":"File creation time."},{"field":"threat.indicator.file.ctime","type":"date","normalization":"","example":"","description":"Last time the file attributes or metadata changed."},{"field":"threat.indicator.file.device","type":"keyword","normalization":"","example":"sda","description":"Device that is the source of the file."},{"field":"threat.indicator.file.directory","type":"keyword","normalization":"","example":"/home/alice","description":"Directory where the file is located."},{"field":"threat.indicator.file.drive_letter","type":"keyword","normalization":"","example":"C","description":"Drive letter where the file is located."},{"field":"threat.indicator.file.elf.architecture","type":"keyword","normalization":"","example":"x86-64","description":"Machine architecture of the ELF file."},{"field":"threat.indicator.file.elf.byte_order","type":"keyword","normalization":"","example":"Little Endian","description":"Byte sequence of ELF file."},{"field":"threat.indicator.file.elf.cpu_type","type":"keyword","normalization":"","example":"Intel","description":"CPU type of the ELF file."},{"field":"threat.indicator.file.elf.creation_date","type":"date","normalization":"","example":"","description":"Build or compile date."},{"field":"threat.indicator.file.elf.exports","type":"flattened","normalization":"array","example":"","description":"List of exported element names and types."},{"field":"threat.indicator.file.elf.header.abi_version","type":"keyword","normalization":"","example":"","description":"Version of the ELF Application Binary Interface (ABI)."},{"field":"threat.indicator.file.elf.header.class","type":"keyword","normalization":"","example":"","description":"Header class of the ELF file."},{"field":"threat.indicator.file.elf.header.data","type":"keyword","normalization":"","example":"","description":"Data table of the ELF header."},{"field":"threat.indicator.file.elf.header.entrypoint","type":"long","normalization":"","example":"","description":"Header entrypoint of the ELF file."},{"field":"threat.indicator.file.elf.header.object_version","type":"keyword","normalization":"","example":"","description":"0x1\" for original ELF files."},{"field":"threat.indicator.file.elf.header.os_abi","type":"keyword","normalization":"","example":"","description":"Application Binary Interface (ABI) of the Linux OS."},{"field":"threat.indicator.file.elf.header.type","type":"keyword","normalization":"","example":"","description":"Header type of the ELF file."},{"field":"threat.indicator.file.elf.header.version","type":"keyword","normalization":"","example":"","description":"Version of the ELF header."},{"field":"threat.indicator.file.elf.imports","type":"flattened","normalization":"array","example":"","description":"List of imported element names and types."},{"field":"threat.indicator.file.elf.sections","type":"nested","normalization":"array","example":"","description":"Section information of the ELF file."},{"field":"threat.indicator.file.elf.sections.chi2","type":"long","normalization":"","example":"","description":"Chi-square probability distribution of the section."},{"field":"threat.indicator.file.elf.sections.entropy","type":"long","normalization":"","example":"","description":"Shannon entropy calculation from the section."},{"field":"threat.indicator.file.elf.sections.flags","type":"keyword","normalization":"","example":"","description":"ELF Section List flags."},{"field":"threat.indicator.file.elf.sections.name","type":"keyword","normalization":"","example":"","description":"ELF Section List name."},{"field":"threat.indicator.file.elf.sections.physical_offset","type":"keyword","normalization":"","example":"","description":"ELF Section List offset."},{"field":"threat.indicator.file.elf.sections.physical_size","type":"long","normalization":"","example":"","description":"ELF Section List physical size."},{"field":"threat.indicator.file.elf.sections.type","type":"keyword","normalization":"","example":"","description":"ELF Section List type."},{"field":"threat.indicator.file.elf.sections.virtual_address","type":"long","normalization":"","example":"","description":"ELF Section List virtual address."},{"field":"threat.indicator.file.elf.sections.virtual_size","type":"long","normalization":"","example":"","description":"ELF Section List virtual size."},{"field":"threat.indicator.file.elf.segments","type":"nested","normalization":"array","example":"","description":"ELF object segment list."},{"field":"threat.indicator.file.elf.segments.sections","type":"keyword","normalization":"","example":"","description":"ELF object segment sections."},{"field":"threat.indicator.file.elf.segments.type","type":"keyword","normalization":"","example":"","description":"ELF object segment type."},{"field":"threat.indicator.file.elf.shared_libraries","type":"keyword","normalization":"array","example":"","description":"List of shared libraries used by this ELF object."},{"field":"threat.indicator.file.elf.telfhash","type":"keyword","normalization":"","example":"","description":"telfhash hash for ELF file."},{"field":"threat.indicator.file.extension","type":"keyword","normalization":"","example":"png","description":"File extension, excluding the leading dot."},{"field":"threat.indicator.file.fork_name","type":"keyword","normalization":"","example":"Zone.Identifer","description":"A fork is additional data associated with a filesystem object."},{"field":"threat.indicator.file.gid","type":"keyword","normalization":"","example":1001,"description":"Primary group ID (GID) of the file."},{"field":"threat.indicator.file.group","type":"keyword","normalization":"","example":"alice","description":"Primary group name of the file."},{"field":"threat.indicator.file.hash.md5","type":"keyword","normalization":"","example":"","description":"MD5 hash."},{"field":"threat.indicator.file.hash.sha1","type":"keyword","normalization":"","example":"","description":"SHA1 hash."},{"field":"threat.indicator.file.hash.sha256","type":"keyword","normalization":"","example":"","description":"SHA256 hash."},{"field":"threat.indicator.file.hash.sha512","type":"keyword","normalization":"","example":"","description":"SHA512 hash."},{"field":"threat.indicator.file.hash.ssdeep","type":"keyword","normalization":"","example":"","description":"SSDEEP hash."},{"field":"threat.indicator.file.inode","type":"keyword","normalization":"","example":256383,"description":"Inode representing the file in the filesystem."},{"field":"threat.indicator.file.mime_type","type":"keyword","normalization":"","example":"","description":"Media type of file, document, or arrangement of bytes."},{"field":"threat.indicator.file.mode","type":"keyword","normalization":"","example":"0640","description":"Mode of the file in octal representation."},{"field":"threat.indicator.file.mtime","type":"date","normalization":"","example":"","description":"Last time the file content was modified."},{"field":"threat.indicator.file.name","type":"keyword","normalization":"","example":"example.png","description":"Name of the file including the extension, without the directory."},{"field":"threat.indicator.file.owner","type":"keyword","normalization":"","example":"alice","description":"File owner's username."},{"field":"threat.indicator.file.path","type":"keyword","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.path.text","type":"match_only_text","normalization":"","example":"/home/alice/example.png","description":"Full path to the file, including the file name."},{"field":"threat.indicator.file.pe.architecture","type":"keyword","normalization":"","example":"x64","description":"CPU architecture target for the file."},{"field":"threat.indicator.file.pe.company","type":"keyword","normalization":"","example":"Microsoft Corporation","description":"Internal company name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.description","type":"keyword","normalization":"","example":"Paint","description":"Internal description of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.file_version","type":"keyword","normalization":"","example":"6.3.9600.17415","description":"Process name."},{"field":"threat.indicator.file.pe.imphash","type":"keyword","normalization":"","example":"0c6803c4e922103c4dca5963aad36ddf","description":"A hash of the imports in a PE file."},{"field":"threat.indicator.file.pe.original_file_name","type":"keyword","normalization":"","example":"MSPAINT.EXE","description":"Internal name of the file, provided at compile-time."},{"field":"threat.indicator.file.pe.product","type":"keyword","normalization":"","example":"Microsoft® Windows® Operating System","description":"Internal product name of the file, provided at compile-time."},{"field":"threat.indicator.file.size","type":"long","normalization":"","example":16384,"description":"File size in bytes."},{"field":"threat.indicator.file.target_path","type":"keyword","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.target_path.text","type":"match_only_text","normalization":"","example":"","description":"Target path for symlinks."},{"field":"threat.indicator.file.type","type":"keyword","normalization":"","example":"file","description":"File type (file, dir, or symlink)."},{"field":"threat.indicator.file.uid","type":"keyword","normalization":"","example":1001,"description":"The user ID (UID) or security identifier (SID) of the file owner."},{"field":"threat.indicator.file.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.file.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.file.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.file.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.file.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.file.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.file.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.file.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.file.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.file.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.file.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.file.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.file.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.file.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.file.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.file.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.file.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.file.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.indicator.first_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was first reported."},{"field":"threat.indicator.geo.city_name","type":"keyword","normalization":"","example":"Montreal","description":"City name."},{"field":"threat.indicator.geo.continent_code","type":"keyword","normalization":"","example":"NA","description":"Continent code."},{"field":"threat.indicator.geo.continent_name","type":"keyword","normalization":"","example":"North America","description":"Name of the continent."},{"field":"threat.indicator.geo.country_iso_code","type":"keyword","normalization":"","example":"CA","description":"Country ISO code."},{"field":"threat.indicator.geo.country_name","type":"keyword","normalization":"","example":"Canada","description":"Country name."},{"field":"threat.indicator.geo.location","type":"geo_point","normalization":"","example":{"lon":-73.61483,"lat":45.505918},"description":"Longitude and latitude."},{"field":"threat.indicator.geo.name","type":"keyword","normalization":"","example":"boston-dc","description":"User-defined description of a location."},{"field":"threat.indicator.geo.postal_code","type":"keyword","normalization":"","example":94040,"description":"Postal code."},{"field":"threat.indicator.geo.region_iso_code","type":"keyword","normalization":"","example":"CA-QC","description":"Region ISO code."},{"field":"threat.indicator.geo.region_name","type":"keyword","normalization":"","example":"Quebec","description":"Region name."},{"field":"threat.indicator.geo.timezone","type":"keyword","normalization":"","example":"America/Argentina/Buenos_Aires","description":"Time zone."},{"field":"threat.indicator.ip","type":"ip","normalization":"","example":"1.2.3.4","description":"Indicator IP address"},{"field":"threat.indicator.last_seen","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last reported."},{"field":"threat.indicator.marking.tlp","type":"keyword","normalization":"","example":"WHITE","description":"Indicator TLP marking"},{"field":"threat.indicator.modified_at","type":"date","normalization":"","example":"2020-11-05T17:25:47.000Z","description":"Date/time indicator was last updated."},{"field":"threat.indicator.port","type":"long","normalization":"","example":443,"description":"Indicator port"},{"field":"threat.indicator.provider","type":"keyword","normalization":"","example":"lrz_urlhaus","description":"Indicator provider"},{"field":"threat.indicator.reference","type":"keyword","normalization":"","example":"https://system.example.com/indicator/0001234","description":"Indicator reference URL"},{"field":"threat.indicator.registry.data.bytes","type":"keyword","normalization":"","example":"ZQBuAC0AVQBTAAAAZQBuAAAAAAA=","description":"Original bytes written with base64 encoding."},{"field":"threat.indicator.registry.data.strings","type":"wildcard","normalization":"array","example":"[\"C:\\rta\\red_ttp\\bin\\myapp.exe\"]","description":"List of strings representing what was written to the registry."},{"field":"threat.indicator.registry.data.type","type":"keyword","normalization":"","example":"REG_SZ","description":"Standard registry type for encoding contents"},{"field":"threat.indicator.registry.hive","type":"keyword","normalization":"","example":"HKLM","description":"Abbreviated name for the hive."},{"field":"threat.indicator.registry.key","type":"keyword","normalization":"","example":"SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe","description":"Hive-relative path of keys."},{"field":"threat.indicator.registry.path","type":"keyword","normalization":"","example":"HKLM\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options\\winword.exe\\Debugger","description":"Full path, including hive, key and value"},{"field":"threat.indicator.registry.value","type":"keyword","normalization":"","example":"Debugger","description":"Name of the value written."},{"field":"threat.indicator.scanner_stats","type":"long","normalization":"","example":4,"description":"Scanner statistics"},{"field":"threat.indicator.sightings","type":"long","normalization":"","example":20,"description":"Number of times indicator observed"},{"field":"threat.indicator.type","type":"keyword","normalization":"","example":"ipv4-addr","description":"Type of indicator"},{"field":"threat.indicator.url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"threat.indicator.url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"threat.indicator.url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"threat.indicator.url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"threat.indicator.url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"threat.indicator.url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"threat.indicator.url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"threat.indicator.url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"threat.indicator.url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"threat.indicator.url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"threat.indicator.url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"threat.indicator.url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"threat.indicator.url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"threat.indicator.url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"threat.indicator.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"threat.indicator.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"threat.indicator.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"threat.indicator.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"threat.indicator.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"threat.indicator.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"threat.indicator.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"threat.indicator.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"threat.indicator.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"threat.indicator.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"threat.indicator.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"threat.indicator.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"threat.indicator.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"threat.indicator.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"threat.indicator.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"threat.indicator.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"threat.indicator.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"threat.indicator.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"threat.indicator.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"threat.software.alias","type":"keyword","normalization":"array","example":["X-Agent"],"description":"Alias of the software"},{"field":"threat.software.id","type":"keyword","normalization":"","example":"S0552","description":"ID of the software"},{"field":"threat.software.name","type":"keyword","normalization":"","example":"AdFind","description":"Name of the software."},{"field":"threat.software.platforms","type":"keyword","normalization":"array","example":["Windows"],"description":"Platforms of the software."},{"field":"threat.software.reference","type":"keyword","normalization":"","example":"https://attack.mitre.org/software/S0552/","description":"Software reference URL."},{"field":"threat.software.type","type":"keyword","normalization":"","example":"Tool","description":"Software type."},{"field":"threat.tactic.id","type":"keyword","normalization":"array","example":"TA0002","description":"Threat tactic id."},{"field":"threat.tactic.name","type":"keyword","normalization":"array","example":"Execution","description":"Threat tactic."},{"field":"threat.tactic.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/tactics/TA0002/","description":"Threat tactic URL reference."},{"field":"threat.technique.id","type":"keyword","normalization":"array","example":"T1059","description":"Threat technique id."},{"field":"threat.technique.name","type":"keyword","normalization":"array","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.name.text","type":"match_only_text","normalization":"","example":"Command and Scripting Interpreter","description":"Threat technique name."},{"field":"threat.technique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/","description":"Threat technique URL reference."},{"field":"threat.technique.subtechnique.id","type":"keyword","normalization":"array","example":"T1059.001","description":"Threat subtechnique id."},{"field":"threat.technique.subtechnique.name","type":"keyword","normalization":"array","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.name.text","type":"match_only_text","normalization":"","example":"PowerShell","description":"Threat subtechnique name."},{"field":"threat.technique.subtechnique.reference","type":"keyword","normalization":"array","example":"https://attack.mitre.org/techniques/T1059/001/","description":"Threat subtechnique URL reference."},{"field":"tls.cipher","type":"keyword","normalization":"","example":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256","description":"String indicating the cipher used during the current connection."},{"field":"tls.client.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the client."},{"field":"tls.client.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the client."},{"field":"tls.client.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the client."},{"field":"tls.client.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Distinguished name of subject of the issuer of the x.509 certificate presented by the client."},{"field":"tls.client.ja3","type":"keyword","normalization":"","example":"d4e5b18d6b55c71272893221c96ba240","description":"A hash that identifies clients based on how they perform an SSL/TLS handshake."},{"field":"tls.client.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is no longer considered valid."},{"field":"tls.client.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Date/Time indicating when client certificate is first considered valid."},{"field":"tls.client.server_name","type":"keyword","normalization":"","example":"www.elastic.co","description":"Hostname the client is trying to connect to. Also called the SNI."},{"field":"tls.client.subject","type":"keyword","normalization":"","example":"CN=myclient, OU=Documentation Team, DC=example, DC=com","description":"Distinguished name of subject of the x.509 certificate presented by the client."},{"field":"tls.client.supported_ciphers","type":"keyword","normalization":"array","example":["TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384","..."],"description":"Array of ciphers offered by the client during the client hello."},{"field":"tls.client.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.client.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.client.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.client.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.client.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.client.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.client.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.client.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.client.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.client.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.client.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.client.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.client.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.client.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.client.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.client.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.client.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.client.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.client.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.client.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.client.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.client.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.curve","type":"keyword","normalization":"","example":"secp256r1","description":"String indicating the curve used for the given cipher, when applicable."},{"field":"tls.established","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if the TLS negotiation was successful and transitioned to an encrypted tunnel."},{"field":"tls.next_protocol","type":"keyword","normalization":"","example":"http/1.1","description":"String indicating the protocol being tunneled."},{"field":"tls.resumed","type":"boolean","normalization":"","example":"","description":"Boolean flag indicating if this TLS connection was resumed from an existing TLS negotiation."},{"field":"tls.server.certificate","type":"keyword","normalization":"","example":"MII...","description":"PEM-encoded stand-alone certificate offered by the server."},{"field":"tls.server.certificate_chain","type":"keyword","normalization":"array","example":["MII...","MII..."],"description":"Array of PEM-encoded certificates that make up the certificate chain offered by the server."},{"field":"tls.server.hash.md5","type":"keyword","normalization":"","example":"0F76C7F2C55BFD7D8E8B8F4BFBF0C9EC","description":"Certificate fingerprint using the MD5 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha1","type":"keyword","normalization":"","example":"9E393D93138888D288266C2D915214D1D1CCEB2A","description":"Certificate fingerprint using the SHA1 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.hash.sha256","type":"keyword","normalization":"","example":"0687F666A054EF17A08E2F2162EAB4CBC0D265E1D7875BE74BF3C712CA92DAF0","description":"Certificate fingerprint using the SHA256 digest of DER-encoded version of certificate offered by the server."},{"field":"tls.server.issuer","type":"keyword","normalization":"","example":"CN=Example Root CA, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the issuer of the x.509 certificate presented by the server."},{"field":"tls.server.ja3s","type":"keyword","normalization":"","example":"394441ab65754e2207b1e1b457b3641d","description":"A hash that identifies servers based on how they perform an SSL/TLS handshake."},{"field":"tls.server.not_after","type":"date","normalization":"","example":"2021-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is no longer considered valid."},{"field":"tls.server.not_before","type":"date","normalization":"","example":"1970-01-01T00:00:00.000Z","description":"Timestamp indicating when server certificate is first considered valid."},{"field":"tls.server.subject","type":"keyword","normalization":"","example":"CN=www.example.com, OU=Infrastructure Team, DC=example, DC=com","description":"Subject of the x.509 certificate presented by the server."},{"field":"tls.server.x509.alternative_names","type":"keyword","normalization":"array","example":"*.elastic.co","description":"List of subject alternative names (SAN)."},{"field":"tls.server.x509.issuer.common_name","type":"keyword","normalization":"array","example":"Example SHA2 High Assurance Server CA","description":"List of common name (CN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) codes"},{"field":"tls.server.x509.issuer.distinguished_name","type":"keyword","normalization":"","example":"C=US, O=Example Inc, OU=www.example.com, CN=Example SHA2 High Assurance Server CA","description":"Distinguished name (DN) of issuing certificate authority."},{"field":"tls.server.x509.issuer.locality","type":"keyword","normalization":"array","example":"Mountain View","description":"List of locality names (L)"},{"field":"tls.server.x509.issuer.organization","type":"keyword","normalization":"array","example":"Example Inc","description":"List of organizations (O) of issuing certificate authority."},{"field":"tls.server.x509.issuer.organizational_unit","type":"keyword","normalization":"array","example":"www.example.com","description":"List of organizational units (OU) of issuing certificate authority."},{"field":"tls.server.x509.issuer.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.not_after","type":"date","normalization":"","example":"2020-07-16 03:15:39+00:00","description":"Time at which the certificate is no longer considered valid."},{"field":"tls.server.x509.not_before","type":"date","normalization":"","example":"2019-08-16 01:40:25+00:00","description":"Time at which the certificate is first considered valid."},{"field":"tls.server.x509.public_key_algorithm","type":"keyword","normalization":"","example":"RSA","description":"Algorithm used to generate the public key."},{"field":"tls.server.x509.public_key_curve","type":"keyword","normalization":"","example":"nistp521","description":"The curve used by the elliptic curve public key algorithm. This is algorithm specific."},{"field":"tls.server.x509.public_key_exponent","type":"long","normalization":"","example":65537,"description":"Exponent used to derive the public key. This is algorithm specific."},{"field":"tls.server.x509.public_key_size","type":"long","normalization":"","example":2048,"description":"The size of the public key space in bits."},{"field":"tls.server.x509.serial_number","type":"keyword","normalization":"","example":"55FBB9C7DEBF09809D12CCAA","description":"Unique serial number issued by the certificate authority."},{"field":"tls.server.x509.signature_algorithm","type":"keyword","normalization":"","example":"SHA256-RSA","description":"Identifier for certificate signature algorithm."},{"field":"tls.server.x509.subject.common_name","type":"keyword","normalization":"array","example":"shared.global.example.net","description":"List of common names (CN) of subject."},{"field":"tls.server.x509.subject.country","type":"keyword","normalization":"array","example":"US","description":"List of country (C) code"},{"field":"tls.server.x509.subject.distinguished_name","type":"keyword","normalization":"","example":"C=US, ST=California, L=San Francisco, O=Example, Inc., CN=shared.global.example.net","description":"Distinguished name (DN) of the certificate subject entity."},{"field":"tls.server.x509.subject.locality","type":"keyword","normalization":"array","example":"San Francisco","description":"List of locality names (L)"},{"field":"tls.server.x509.subject.organization","type":"keyword","normalization":"array","example":"Example, Inc.","description":"List of organizations (O) of subject."},{"field":"tls.server.x509.subject.organizational_unit","type":"keyword","normalization":"array","example":"","description":"List of organizational units (OU) of subject."},{"field":"tls.server.x509.subject.state_or_province","type":"keyword","normalization":"array","example":"California","description":"List of state or province names (ST, S, or P)"},{"field":"tls.server.x509.version_number","type":"keyword","normalization":"","example":3,"description":"Version of x509 format."},{"field":"tls.version","type":"keyword","normalization":"","example":1.2,"description":"Numeric part of the version parsed from the original string."},{"field":"tls.version_protocol","type":"keyword","normalization":"","example":"tls","description":"Normalized lowercase protocol name parsed from original string."},{"field":"trace.id","type":"keyword","normalization":"","example":"4bf92f3577b34da6a3ce929d0e0e4736","description":"Unique identifier of the trace."},{"field":"transaction.id","type":"keyword","normalization":"","example":"00f067aa0ba902b7","description":"Unique identifier of the transaction within the scope of its trace."},{"field":"url.domain","type":"keyword","normalization":"","example":"www.elastic.co","description":"Domain of the url."},{"field":"url.extension","type":"keyword","normalization":"","example":"png","description":"File extension from the request url, excluding the leading dot."},{"field":"url.fragment","type":"keyword","normalization":"","example":"","description":"Portion of the url after the `#`."},{"field":"url.full","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.full.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top","description":"Full unparsed URL."},{"field":"url.original","type":"wildcard","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.original.text","type":"match_only_text","normalization":"","example":"https://www.elastic.co:443/search?q=elasticsearch#top or /search?q=elasticsearch","description":"Unmodified original url as seen in the event source."},{"field":"url.password","type":"keyword","normalization":"","example":"","description":"Password of the request."},{"field":"url.path","type":"wildcard","normalization":"","example":"","description":"Path of the request, such as \"/search\"."},{"field":"url.port","type":"long","normalization":"","example":443,"description":"Port of the request, such as 443."},{"field":"url.query","type":"keyword","normalization":"","example":"","description":"Query string of the request."},{"field":"url.registered_domain","type":"keyword","normalization":"","example":"example.com","description":"The highest registered url domain, stripped of the subdomain."},{"field":"url.scheme","type":"keyword","normalization":"","example":"https","description":"Scheme of the url."},{"field":"url.subdomain","type":"keyword","normalization":"","example":"east","description":"The subdomain of the domain."},{"field":"url.top_level_domain","type":"keyword","normalization":"","example":"co.uk","description":"The effective top level domain (com, org, net, co.uk)."},{"field":"url.username","type":"keyword","normalization":"","example":"","description":"Username of the request."},{"field":"user.changes.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.changes.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.changes.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.changes.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.changes.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.changes.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.changes.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.changes.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.changes.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.changes.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.effective.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.effective.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.effective.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.effective.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.effective.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.effective.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.effective.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.effective.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.effective.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user.target.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the user is a member of."},{"field":"user.target.email","type":"keyword","normalization":"","example":"","description":"User email address."},{"field":"user.target.full_name","type":"keyword","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.full_name.text","type":"match_only_text","normalization":"","example":"Albert Einstein","description":"User's full name, if available."},{"field":"user.target.group.domain","type":"keyword","normalization":"","example":"","description":"Name of the directory the group is a member of."},{"field":"user.target.group.id","type":"keyword","normalization":"","example":"","description":"Unique identifier for the group on the system/platform."},{"field":"user.target.group.name","type":"keyword","normalization":"","example":"","description":"Name of the group."},{"field":"user.target.hash","type":"keyword","normalization":"","example":"","description":"Unique user hash to correlate information for a user in anonymized form."},{"field":"user.target.id","type":"keyword","normalization":"","example":"S-1-5-21-202424912787-2692429404-2351956786-1000","description":"Unique identifier of the user."},{"field":"user.target.name","type":"keyword","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.name.text","type":"match_only_text","normalization":"","example":"a.einstein","description":"Short name or login of the user."},{"field":"user.target.roles","type":"keyword","normalization":"array","example":["kibana_admin","reporting_user"],"description":"Array of user roles at the time of the event."},{"field":"user_agent.device.name","type":"keyword","normalization":"","example":"iPhone","description":"Name of the device."},{"field":"user_agent.name","type":"keyword","normalization":"","example":"Safari","description":"Name of the user agent."},{"field":"user_agent.original","type":"keyword","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.original.text","type":"match_only_text","normalization":"","example":"Mozilla/5.0 (iPhone; CPU iPhone OS 12_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Mobile/15E148 Safari/604.1","description":"Unparsed user_agent string."},{"field":"user_agent.os.family","type":"keyword","normalization":"","example":"debian","description":"OS family (such as redhat, debian, freebsd, windows)."},{"field":"user_agent.os.full","type":"keyword","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.full.text","type":"match_only_text","normalization":"","example":"Mac OS Mojave","description":"Operating system name, including the version or code name."},{"field":"user_agent.os.kernel","type":"keyword","normalization":"","example":"4.4.0-112-generic","description":"Operating system kernel version as a raw string."},{"field":"user_agent.os.name","type":"keyword","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.name.text","type":"match_only_text","normalization":"","example":"Mac OS X","description":"Operating system name, without the version."},{"field":"user_agent.os.platform","type":"keyword","normalization":"","example":"darwin","description":"Operating system platform (such centos, ubuntu, windows)."},{"field":"user_agent.os.type","type":"keyword","normalization":"","example":"macos","description":"Which commercial OS family (one of: linux, macos, unix or windows)."},{"field":"user_agent.os.version","type":"keyword","normalization":"","example":"10.14.1","description":"Operating system version as a raw string."},{"field":"user_agent.version","type":"keyword","normalization":"","example":12,"description":"Version of the user agent."},{"field":"vulnerability.category","type":"keyword","normalization":"array","example":["Firewall"],"description":"Category of a vulnerability."},{"field":"vulnerability.classification","type":"keyword","normalization":"","example":"CVSS","description":"Classification of the vulnerability."},{"field":"vulnerability.description","type":"keyword","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.description.text","type":"match_only_text","normalization":"","example":"In macOS before 2.12.6, there is a vulnerability in the RPC...","description":"Description of the vulnerability."},{"field":"vulnerability.enumeration","type":"keyword","normalization":"","example":"CVE","description":"Identifier of the vulnerability."},{"field":"vulnerability.id","type":"keyword","normalization":"","example":"CVE-2019-00001","description":"ID of the vulnerability."},{"field":"vulnerability.reference","type":"keyword","normalization":"","example":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6111","description":"Reference of the vulnerability."},{"field":"vulnerability.report_id","type":"keyword","normalization":"","example":20191018.0001,"description":"Scan identification number."},{"field":"vulnerability.scanner.vendor","type":"keyword","normalization":"","example":"Tenable","description":"Name of the scanner vendor."},{"field":"vulnerability.score.base","type":"float","normalization":"","example":5.5,"description":"Vulnerability Base score."},{"field":"vulnerability.score.environmental","type":"float","normalization":"","example":5.5,"description":"Vulnerability Environmental score."},{"field":"vulnerability.score.temporal","type":"float","normalization":"","example":"","description":"Vulnerability Temporal score."},{"field":"vulnerability.score.version","type":"keyword","normalization":"","example":2,"description":"CVSS version."},{"field":"vulnerability.severity","type":"keyword","normalization":"","example":"Critical","description":"Severity of the vulnerability."}] \ No newline at end of file diff --git a/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx b/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx index 63b30f5d20c7a..c2ac84ce191da 100644 --- a/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx +++ b/x-pack/plugins/osquery/public/fleet_integration/osquery_managed_policy_create_import_extension.tsx @@ -165,16 +165,6 @@ export const OsqueryManagedPolicyCreateImportExtension = React.memo< defaultValue: { config: JSON.stringify(get(newPolicy, 'inputs[0].config.osquery.value', {}), null, 2), }, - serializer: (formData) => { - let config; - try { - // @ts-expect-error update types - config = JSON.parse(formData.config); - } catch (e) { - config = {}; - } - return { config }; - }, schema: { config: { label: i18n.translate('xpack.osquery.fleetIntegration.osqueryConfig.configFieldLabel', { @@ -243,10 +233,16 @@ export const OsqueryManagedPolicyCreateImportExtension = React.memo< if (isValid === undefined) return; const updatedPolicy = produce(newPolicy, (draft) => { - if (isEmpty(config)) { + let parsedConfig; + try { + parsedConfig = JSON.parse(config); + // eslint-disable-next-line no-empty + } catch (e) {} + + if (isEmpty(parsedConfig)) { unset(draft, 'inputs[0].config'); } else { - set(draft, 'inputs[0].config.osquery.value', config); + set(draft, 'inputs[0].config.osquery.value', parsedConfig); } return draft; }); diff --git a/x-pack/plugins/osquery/public/packs/form/index.tsx b/x-pack/plugins/osquery/public/packs/form/index.tsx index f20a26f2791dd..1930227c2dc9e 100644 --- a/x-pack/plugins/osquery/public/packs/form/index.tsx +++ b/x-pack/plugins/osquery/public/packs/form/index.tsx @@ -98,14 +98,17 @@ const PackFormComponent: React.FC = ({ defaultValue, editMode = f description: { type: FIELD_TYPES.TEXT, label: i18n.translate('xpack.osquery.pack.form.descriptionFieldLabel', { - defaultMessage: 'Description', + defaultMessage: 'Description (optional)', }), }, policy_ids: { defaultValue: [], type: FIELD_TYPES.COMBO_BOX, label: i18n.translate('xpack.osquery.pack.form.agentPoliciesFieldLabel', { - defaultMessage: 'Agent policies', + defaultMessage: 'Agent policies (optional)', + }), + helpText: i18n.translate('xpack.osquery.pack.form.agentPoliciesFieldHelpText', { + defaultMessage: 'Queries in this pack are scheduled for agents in the selected policies.', }), }, enabled: { diff --git a/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx b/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx index a32f369922958..0b661c61a9057 100644 --- a/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx +++ b/x-pack/plugins/osquery/public/packs/pack_queries_status_table.tsx @@ -22,6 +22,7 @@ import { } from '@elastic/eui'; import { i18n } from '@kbn/i18n'; import { FormattedMessage, FormattedDate, FormattedTime, FormattedRelative } from '@kbn/i18n/react'; +import moment from 'moment-timezone'; import { TypedLensByValueInput, @@ -29,7 +30,7 @@ import { PieVisualizationState, } from '../../../lens/public'; import { FilterStateStore, IndexPattern } from '../../../../../src/plugins/data/common'; -import { useKibana, isModifiedEvent, isLeftClickEvent } from '../common/lib/kibana'; +import { useKibana } from '../common/lib/kibana'; import { OsqueryManagerPackagePolicyInputStream } from '../../common/types'; import { ScheduledQueryErrorsTable } from './scheduled_query_errors_table'; import { usePackQueryLastResults } from './use_pack_query_last_results'; @@ -207,8 +208,6 @@ const ViewResultsInLensActionComponent: React.FC { - const openInNewTab = !(!isModifiedEvent(event) && isLeftClickEvent(event)); - event.preventDefault(); lensService?.navigateToPrefilledEditor( @@ -222,7 +221,7 @@ const ViewResultsInLensActionComponent: React.FC + {VIEW_IN_DISCOVER} ); @@ -378,6 +377,7 @@ interface ScheduledQueryLastResultsProps { actionId: string; queryId: string; interval: number; + logsIndexPattern: IndexPattern | undefined; toggleErrors: (payload: { queryId: string; interval: number }) => void; expanded: boolean; } @@ -386,12 +386,10 @@ const ScheduledQueryLastResults: React.FC = ({ actionId, queryId, interval, + logsIndexPattern, toggleErrors, expanded, }) => { - const data = useKibana().services.data; - const [logsIndexPattern, setLogsIndexPattern] = useState(undefined); - const { data: lastResultsData, isFetched } = usePackQueryLastResults({ actionId, interval, @@ -409,15 +407,6 @@ const ScheduledQueryLastResults: React.FC = ({ [queryId, interval, toggleErrors] ); - useEffect(() => { - const fetchLogsIndexPattern = async () => { - const indexPattern = await data.indexPatterns.find('logs-*'); - - setLogsIndexPattern(indexPattern[0]); - }; - fetchLogsIndexPattern(); - }, [data.indexPatterns]); - if (!isFetched || !errorsFetched) { return ; } @@ -518,6 +507,86 @@ const ScheduledQueryLastResults: React.FC = ({ const getPackActionId = (actionId: string, packName: string) => `pack_${packName}_${actionId}`; +interface PackViewInActionProps { + item: { + id: string; + interval: number; + }; + logsIndexPattern: IndexPattern | undefined; + packName: string; + agentIds?: string[]; +} + +const PackViewInDiscoverActionComponent: React.FC = ({ + item, + logsIndexPattern, + packName, + agentIds, +}) => { + const { id, interval } = item; + const actionId = getPackActionId(id, packName); + const { data: lastResultsData } = usePackQueryLastResults({ + actionId, + interval, + logsIndexPattern, + }); + + const startDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).subtract(interval, 'seconds').toISOString() + : `now-${interval}s`; + const endDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).toISOString() + : 'now'; + + return ( + + ); +}; + +const PackViewInDiscoverAction = React.memo(PackViewInDiscoverActionComponent); + +const PackViewInLensActionComponent: React.FC = ({ + item, + logsIndexPattern, + packName, + agentIds, +}) => { + const { id, interval } = item; + const actionId = getPackActionId(id, packName); + const { data: lastResultsData } = usePackQueryLastResults({ + actionId, + interval, + logsIndexPattern, + }); + + const startDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).subtract(interval, 'seconds').toISOString() + : `now-${interval}s`; + const endDate = lastResultsData?.['@timestamp'] + ? moment(lastResultsData?.['@timestamp'][0]).toISOString() + : 'now'; + + return ( + + ); +}; + +const PackViewInLensAction = React.memo(PackViewInLensActionComponent); + interface PackQueriesStatusTableProps { agentIds?: string[]; data: OsqueryManagerPackagePolicyInputStream[]; @@ -533,6 +602,18 @@ const PackQueriesStatusTableComponent: React.FC = ( Record> >({}); + const indexPatterns = useKibana().services.data.indexPatterns; + const [logsIndexPattern, setLogsIndexPattern] = useState(undefined); + + useEffect(() => { + const fetchLogsIndexPattern = async () => { + const indexPattern = await indexPatterns.find('logs-*'); + + setLogsIndexPattern(indexPattern[0]); + }; + fetchLogsIndexPattern(); + }, [indexPatterns]); + const renderQueryColumn = useCallback( (query: string) => ( @@ -564,6 +645,7 @@ const PackQueriesStatusTableComponent: React.FC = ( const renderLastResultsColumn = useCallback( (item) => ( = ( expanded={!!itemIdToExpandedRowMap[item.id]} /> ), - [itemIdToExpandedRowMap, packName, toggleErrors] + [itemIdToExpandedRowMap, packName, toggleErrors, logsIndexPattern] ); const renderDiscoverResultsAction = useCallback( (item) => ( - ), - [agentIds, packName] + [agentIds, logsIndexPattern, packName] ); const renderLensResultsAction = useCallback( (item) => ( - ), - [agentIds, packName] + [agentIds, logsIndexPattern, packName] ); const getItemId = useCallback( diff --git a/x-pack/plugins/osquery/public/packs/packs_table.tsx b/x-pack/plugins/osquery/public/packs/packs_table.tsx index 3d4efd88b789f..dcca0e2f56596 100644 --- a/x-pack/plugins/osquery/public/packs/packs_table.tsx +++ b/x-pack/plugins/osquery/public/packs/packs_table.tsx @@ -126,7 +126,7 @@ const PacksTableComponent = () => { { field: 'policy_ids', name: i18n.translate('xpack.osquery.packs.table.policyColumnTitle', { - defaultMessage: 'Policies', + defaultMessage: 'Scheduled policies', }), truncateText: true, render: renderAgentPolicy, diff --git a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx index f6967f26cfbc2..85f4b3b3f0fad 100644 --- a/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx +++ b/x-pack/plugins/osquery/public/packs/queries/ecs_mapping_editor_field.tsx @@ -30,6 +30,7 @@ import { EuiTitle, EuiText, EuiIcon, + EuiSuperSelect, } from '@elastic/eui'; import sqlParser from 'js-sql-parser'; import { FormattedMessage } from '@kbn/i18n/react'; @@ -54,7 +55,9 @@ import { getUseField, fieldValidators, ValidationFuncArg, + UseMultiFields, } from '../../shared_imports'; +import { OsqueryIcon } from '../../components/osquery_icon'; export const CommonUseField = getUseField({ component: Field }); @@ -77,6 +80,35 @@ const typeMap = { constant_keyword: 'string', }; +const StyledEuiSuperSelect = styled(EuiSuperSelect)` + &.euiFormControlLayout__prepend { + padding-left: 8px; + padding-right: 24px; + box-shadow: none; + + .euiIcon { + padding: 0; + width: 18px; + background: none; + } + } +`; + +// @ts-expect-error update types +const ResultComboBox = styled(EuiComboBox)` + &.euiComboBox--prepended .euiSuperSelect { + border-right: 1px solid ${(props) => props.theme.eui.euiBorderColor}; + + .euiFormControlLayout__childrenWrapper { + border-radius: 6px 0 0 6px; + + .euiFormControlLayoutIcons--right { + right: 6px; + } + } + } +`; + const StyledFieldIcon = styled(FieldIcon)` width: 32px; @@ -90,6 +122,11 @@ const StyledFieldSpan = styled.span` padding-bottom: 0 !important; `; +// align the icon to the inputs +const StyledSemicolonWrapper = styled.div` + margin-top: 8px; +`; + // align the icon to the inputs const StyledButtonWrapper = styled.div` margin-top: 11px; @@ -115,11 +152,10 @@ interface ECSComboboxFieldProps { idAria?: string; } -export const ECSComboboxField: React.FC = ({ +const ECSComboboxFieldComponent: React.FC = ({ field, euiFieldProps = {}, idAria, - ...rest }) => { const { setValue } = field; const [selectedOptions, setSelected] = useState>>( @@ -179,6 +215,21 @@ export const ECSComboboxField: React.FC = ({ [selectedOptions] ); + const helpText = useMemo(() => { + // @ts-expect-error update types + let text = selectedOptions[0]?.value?.description; + + if (!text) return; + + // @ts-expect-error update types + const example = selectedOptions[0]?.value?.example; + if (example) { + text += ` e.g. ${JSON.stringify(example)}`; + } + + return text; + }, [selectedOptions]); + useEffect(() => { // @ts-expect-error update types setSelected(() => { @@ -193,14 +244,12 @@ export const ECSComboboxField: React.FC = ({ return ( = ({ ); }; +export const ECSComboboxField = React.memo(ECSComboboxFieldComponent); + +const OSQUERY_COLUMN_VALUE_TYPE_OPTIONS = [ + { + value: 'field', + inputDisplay: , + dropdownDisplay: ( + + + + + + + + + + + ), + }, + { + value: 'value', + inputDisplay: , + dropdownDisplay: ( + + + + + + + + + + + ), + }, +]; + interface OsqueryColumnFieldProps { - field: FieldHook; + resultType: FieldHook; + resultValue: FieldHook; euiFieldProps: EuiComboBoxProps; idAria?: string; } -export const OsqueryColumnField: React.FC = ({ - field, +const OsqueryColumnFieldComponent: React.FC = ({ + resultType, + resultValue, euiFieldProps = {}, idAria, - ...rest }) => { - const { setValue } = field; - const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage(field); + const { setValue } = resultValue; + const { setValue: setType } = resultType; + const { isInvalid, errorMessage } = getFieldValidityAndErrorMessage(resultValue); const describedByIds = useMemo(() => (idAria ? [idAria] : []), [idAria]); const [selectedOptions, setSelected] = useState< Array> @@ -269,19 +363,51 @@ export const OsqueryColumnField: React.FC = ({ [setValue, setSelected] ); + const onTypeChange = useCallback( + (newType) => { + if (newType !== resultType.value) { + setType(newType); + } + }, + [setType, resultType.value] + ); + + const handleCreateOption = useCallback( + (newOption) => { + setValue(newOption); + }, + [setValue] + ); + + const Prepend = useMemo( + () => ( + + ), + [onTypeChange, resultType.value] + ); + useEffect(() => { setSelected(() => { - if (!field.value.length) return []; + if (!resultValue.value.length) return []; - const selectedOption = find(euiFieldProps?.options, ['label', field.value]); + const selectedOption = find(euiFieldProps?.options, ['label', resultValue.value]); - return selectedOption ? [selectedOption] : [{ label: field.value }]; + return selectedOption ? [selectedOption] : [{ label: resultValue.value }]; }); - }, [euiFieldProps?.options, setSelected, field.value]); + }, [euiFieldProps?.options, setSelected, resultValue.value]); return ( = ({ fullWidth describedByIds={describedByIds} isDisabled={euiFieldProps.isDisabled} - {...rest} > - = ({ ); }; +export const OsqueryColumnField = React.memo( + OsqueryColumnFieldComponent, + (prevProps, nextProps) => + prevProps.resultType.value === nextProps.resultType.value && + prevProps.resultType.isChangingValue === nextProps.resultType.isChangingValue && + prevProps.resultType.errors === nextProps.resultType.errors && + prevProps.resultValue.value === nextProps.resultValue.value && + prevProps.resultValue.isChangingValue === nextProps.resultValue.isChangingValue && + prevProps.resultValue.errors === nextProps.resultValue.errors && + deepEqual(prevProps.euiFieldProps, nextProps.euiFieldProps) +); + export interface ECSMappingEditorFieldRef { validate: () => Promise< | Record< @@ -344,7 +483,7 @@ const getEcsFieldValidator = )(args); // @ts-expect-error update types - if (fieldRequiredError && ((!editForm && args.formData['value.field'].length) || editForm)) { + if (fieldRequiredError && ((!editForm && args.formData['result.value'].length) || editForm)) { return fieldRequiredError; } @@ -354,7 +493,7 @@ const getEcsFieldValidator = const getOsqueryResultFieldValidator = (osquerySchemaOptions: OsquerySchemaOption[], editForm: boolean) => ( - args: ValidationFuncArg + args: ValidationFuncArg ) => { const fieldRequiredError = fieldValidators.emptyField( i18n.translate('xpack.osquery.pack.queryFlyoutForm.osqueryResultFieldRequiredErrorMessage', { @@ -366,7 +505,8 @@ const getOsqueryResultFieldValidator = return fieldRequiredError; } - if (!args.value.length) return; + // @ts-expect-error update types + if (!args.value?.length || args.formData['result.type'] !== 'field') return; const osqueryColumnExists = find(osquerySchemaOptions, ['label', args.value]); @@ -383,6 +523,7 @@ const getOsqueryResultFieldValidator = }, } ), + __isBlocking__: false, } : undefined; }; @@ -395,7 +536,8 @@ const FORM_DEFAULT_VALUE = { interface ECSMappingEditorFormData { key: string; value: { - field: string; + field?: string; + value?: string; }; } @@ -413,27 +555,44 @@ export const ECSMappingEditorForm = forwardRef ({ + key: data.key ?? '', + result: { + type: data.value + ? Object.keys(data.value)[0] + : OSQUERY_COLUMN_VALUE_TYPE_OPTIONS[0].value, + value: data.value ? Object.values(data.value)[0] : '', + }, + }), }); const { submit, reset, validate, __validateFields } = form; @@ -442,17 +601,25 @@ export const ECSMappingEditorForm = forwardRef { validate(); - __validateFields(['value.field']); + __validateFields(['result.value']); const { data, isValid } = await submit(); if (isValid) { + const serializedData = { + key: data.key, + value: { + [data.result.type]: data.result.value, + }, + }; if (onAdd) { - onAdd(data); + onAdd(serializedData); + } + if (onChange) { + onChange(serializedData); } reset(); } - return { data, isValid }; - }, [validate, __validateFields, submit, onAdd, reset]); + }, [validate, __validateFields, submit, onAdd, onChange, reset]); const handleDeleteClick = useCallback(() => { if (defaultValue?.key && onDelete) { @@ -460,6 +627,37 @@ export const ECSMappingEditorForm = forwardRef ( + + {(fields) => ( + + )} + + ), + [osquerySchemaOptions, isDisabled] + ); + + const ecsComboBoxEuiFieldProps = useMemo(() => ({ isDisabled }), [isDisabled]); + useImperativeHandle( ref, () => ({ @@ -468,35 +666,37 @@ export const ECSMappingEditorForm = forwardRef { - if (onAdd && !deepEqual(formData, currentFormData.current)) { + if (!deepEqual(formData, currentFormData.current)) { currentFormData.current = formData; handleSubmit(); } }, [handleSubmit, formData, onAdd]); - useEffect(() => { - if (onChange && !deepEqual(formData, currentFormData.current)) { - currentFormData.current = formData; - onChange(formData); - } - }, [defaultValue, formData, handleDeleteClick, onChange]); - - useEffect(() => { - if (defaultValue) { - validate(); - __validateFields(['value.field']); - } - }, [defaultValue, osquerySchemaOptions, validate, __validateFields]); + // useEffect(() => { + // if (defaultValue) { + // validate(); + // __validateFields(['result.value']); + // } + // }, [defaultValue, osquerySchemaOptions, validate, __validateFields]); return (
@@ -507,30 +707,19 @@ export const ECSMappingEditorForm = forwardRef - - - + + : + - - - + {MultiFields} {!isDisabled && ( @@ -578,179 +767,175 @@ interface OsqueryColumn { index: boolean; } -export const ECSMappingEditorField = ({ - field, - query, - fieldRef, - euiFieldProps, -}: ECSMappingEditorFieldProps) => { - const { setValue, value = {} } = field; - const [osquerySchemaOptions, setOsquerySchemaOptions] = useState([]); - const formRefs = useRef>({}); - - useImperativeHandle( - fieldRef, - () => ({ - validate: async () => { - const validations = await Promise.all( - Object.values(formRefs.current).map(async (formRef) => { - const { data, isValid } = await formRef.validate(); - return [data, isValid]; - }) - ); +export const ECSMappingEditorField = React.memo( + ({ field, query, fieldRef, euiFieldProps }: ECSMappingEditorFieldProps) => { + const { setValue, value = {} } = field; + const [osquerySchemaOptions, setOsquerySchemaOptions] = useState([]); + const formRefs = useRef>({}); - if (find(validations, (result) => result[1] === false)) { - return false; - } - - return deepmerge.all(map(validations, '[0]')); - }, - }), - [] - ); + useImperativeHandle( + fieldRef, + () => ({ + validate: async () => { + const validations = await Promise.all( + Object.values(formRefs.current).map(async (formRef) => { + const { data, isValid } = await formRef.validate(); + return [data, isValid]; + }) + ); + + if (find(validations, (result) => result[1] === false)) { + return false; + } - useEffect(() => { - setOsquerySchemaOptions((currentValue) => { - if (!query?.length) { - return currentValue; - } + return deepmerge.all(map(validations, '[0]')); + }, + }), + [] + ); - // eslint-disable-next-line @typescript-eslint/no-explicit-any - let ast: Record | undefined; + useEffect(() => { + setOsquerySchemaOptions((currentValue) => { + if (!query?.length) { + return currentValue; + } - try { - ast = sqlParser.parse(query)?.value; - } catch (e) { - return currentValue; - } + // eslint-disable-next-line @typescript-eslint/no-explicit-any + let ast: Record | undefined; - const astOsqueryTables: Record< - string, - { - columns: OsqueryColumn[]; - order: number; + try { + ast = sqlParser.parse(query)?.value; + } catch (e) { + return currentValue; } - > = - ast?.from?.value?.reduce( - ( - acc: { - [x: string]: { - columns: OsqueryColumn[]; - order: number; - }; - }, - table: { - value: { - left?: { value: { value: string }; alias?: { value: string } }; - right?: { value: { value: string }; alias?: { value: string } }; - value?: { value: string }; - alias?: { value: string }; - }; - } - ) => { - each(['value.left', 'value.right', 'value'], (valueKey) => { - if (valueKey) { - const osqueryTable = find(osquerySchema, [ - 'name', - get(table, `${valueKey}.value.value`), - ]); - - if (osqueryTable) { - acc[ - get(table, `${valueKey}.alias.value`) ?? get(table, `${valueKey}.value.value`) - ] = { - columns: osqueryTable.columns, - order: Object.keys(acc).length, - }; - } + + const astOsqueryTables: Record< + string, + { + columns: OsqueryColumn[]; + order: number; + } + > = + ast?.from?.value?.reduce( + ( + acc: { + [x: string]: { + columns: OsqueryColumn[]; + order: number; + }; + }, + table: { + value: { + left?: { value: { value: string }; alias?: { value: string } }; + right?: { value: { value: string }; alias?: { value: string } }; + value?: { value: string }; + alias?: { value: string }; + }; } - }); + ) => { + each(['value.left', 'value.right', 'value'], (valueKey) => { + if (valueKey) { + const osqueryTable = find(osquerySchema, [ + 'name', + get(table, `${valueKey}.value.value`), + ]); + + if (osqueryTable) { + acc[ + get(table, `${valueKey}.alias.value`) ?? get(table, `${valueKey}.value.value`) + ] = { + columns: osqueryTable.columns, + order: Object.keys(acc).length, + }; + } + } + }); - return acc; - }, - {} - ) ?? {}; + return acc; + }, + {} + ) ?? {}; - // Table doesn't exist in osquery schema - if (isEmpty(astOsqueryTables)) { - return currentValue; - } + // Table doesn't exist in osquery schema + if (isEmpty(astOsqueryTables)) { + return currentValue; + } - const suggestions = - isArray(ast?.selectItems?.value) && - ast?.selectItems?.value - ?.map((selectItem: { type: string; value: string; hasAs: boolean; alias?: string }) => { - if (selectItem.type === 'Identifier') { - /* + const suggestions = + isArray(ast?.selectItems?.value) && + ast?.selectItems?.value + ?.map((selectItem: { type: string; value: string; hasAs: boolean; alias?: string }) => { + if (selectItem.type === 'Identifier') { + /* select * from routes, uptime; */ - if (ast?.selectItems?.value.length === 1 && selectItem.value === '*') { - return reduce( - astOsqueryTables, - (acc, { columns: osqueryColumns, order: tableOrder }, table) => { - acc.push( - ...osqueryColumns.map((osqueryColumn) => ({ - label: osqueryColumn.name, - value: { - name: osqueryColumn.name, - description: osqueryColumn.description, - table, - tableOrder, - suggestion_label: osqueryColumn.name, - }, - })) - ); - return acc; - }, - [] as OsquerySchemaOption[] - ); - } + if (ast?.selectItems?.value.length === 1 && selectItem.value === '*') { + return reduce( + astOsqueryTables, + (acc, { columns: osqueryColumns, order: tableOrder }, table) => { + acc.push( + ...osqueryColumns.map((osqueryColumn) => ({ + label: osqueryColumn.name, + value: { + name: osqueryColumn.name, + description: osqueryColumn.description, + table, + tableOrder, + suggestion_label: osqueryColumn.name, + }, + })) + ); + return acc; + }, + [] as OsquerySchemaOption[] + ); + } - /* + /* select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid; */ - const [table, column] = selectItem.value.includes('.') - ? selectItem.value?.split('.') - : [Object.keys(astOsqueryTables)[0], selectItem.value]; - - if (column === '*' && astOsqueryTables[table]) { - const { columns: osqueryColumns, order: tableOrder } = astOsqueryTables[table]; - return osqueryColumns.map((osqueryColumn) => ({ - label: osqueryColumn.name, - value: { - name: osqueryColumn.name, - description: osqueryColumn.description, - table, - tableOrder, - suggestion_label: `${osqueryColumn.name}`, - }, - })); - } + const [table, column] = selectItem.value.includes('.') + ? selectItem.value?.split('.') + : [Object.keys(astOsqueryTables)[0], selectItem.value]; + + if (column === '*' && astOsqueryTables[table]) { + const { columns: osqueryColumns, order: tableOrder } = astOsqueryTables[table]; + return osqueryColumns.map((osqueryColumn) => ({ + label: osqueryColumn.name, + value: { + name: osqueryColumn.name, + description: osqueryColumn.description, + table, + tableOrder, + suggestion_label: `${osqueryColumn.name}`, + }, + })); + } + + if (astOsqueryTables[table]) { + const osqueryColumn = find(astOsqueryTables[table].columns, ['name', column]); + + if (osqueryColumn) { + const label = selectItem.hasAs ? selectItem.alias : column; - if (astOsqueryTables[table]) { - const osqueryColumn = find(astOsqueryTables[table].columns, ['name', column]); - - if (osqueryColumn) { - const label = selectItem.hasAs ? selectItem.alias : column; - - return [ - { - label, - value: { - name: osqueryColumn.name, - description: osqueryColumn.description, - table, - tableOrder: astOsqueryTables[table].order, - suggestion_label: `${label}`, + return [ + { + label, + value: { + name: osqueryColumn.name, + description: osqueryColumn.description, + table, + tableOrder: astOsqueryTables[table].order, + suggestion_label: `${label}`, + }, }, - }, - ]; + ]; + } } } - } - /* + /* SELECT pid, uid, name, ROUND(( (user_time + system_time) / (cpu_time.tsb - cpu_time.itsb) ) * 100, 2) AS percentage @@ -764,161 +949,166 @@ export const ECSMappingEditorField = ({ LIMIT 5; */ - if (selectItem.hasAs && selectItem.alias) { - return [ - { - label: selectItem.alias, - value: { - name: selectItem.alias, - description: '', - table: '', - tableOrder: -1, - suggestion_label: selectItem.alias, + if (selectItem.hasAs && selectItem.alias) { + return [ + { + label: selectItem.alias, + value: { + name: selectItem.alias, + description: '', + table: '', + tableOrder: -1, + suggestion_label: selectItem.alias, + }, }, - }, - ]; - } + ]; + } - return []; - }) - .flat(); + return []; + }) + .flat(); - // Remove column duplicates by keeping the column from the table that appears last in the query - return sortedUniqBy( - orderBy(suggestions, ['value.suggestion_label', 'value.tableOrder'], ['asc', 'desc']), - 'label' - ); - }); - }, [query]); - - const handleAddRow = useCallback( - (newRow) => { - if (newRow?.key && newRow?.value) { - setValue( - produce((draft) => { - draft[newRow.key] = newRow.value; - return draft; - }) + // Remove column duplicates by keeping the column from the table that appears last in the query + return sortedUniqBy( + orderBy(suggestions, ['value.suggestion_label', 'value.tableOrder'], ['asc', 'desc']), + 'label' ); - } - }, - [setValue] - ); + }); + }, [query]); + + const handleAddRow = useCallback( + (newRow) => { + if (newRow?.key && newRow?.value) { + setValue( + produce((draft) => { + draft[newRow.key] = newRow.value; + return draft; + }) + ); + } + }, + [setValue] + ); - const handleUpdateRow = useCallback( - (currentKey: string) => (updatedRow: FormData) => { - if (updatedRow?.key && updatedRow?.value) { - setValue( - produce((draft) => { - if (currentKey !== updatedRow.key) { - delete draft[currentKey]; - } + const handleUpdateRow = useCallback( + (currentKey: string) => (updatedRow: FormData) => { + if (updatedRow?.key && updatedRow?.value) { + setValue( + produce((draft) => { + if (currentKey !== updatedRow.key) { + delete draft[currentKey]; + } - draft[updatedRow.key] = updatedRow.value; + draft[updatedRow.key] = updatedRow.value; - return draft; - }) - ); - } - }, - [setValue] - ); + return draft; + }) + ); + } + }, + [setValue] + ); - const handleDeleteRow = useCallback( - (key) => { - if (key) { - setValue( - produce((draft) => { - if (draft[key]) { - delete draft[key]; - } - return draft; - }) - ); + const handleDeleteRow = useCallback( + (key) => { + if (key) { + setValue( + produce((draft) => { + if (draft[key]) { + delete draft[key]; + } + return draft; + }) + ); - if (formRefs.current[key]) { - delete formRefs.current[key]; + if (formRefs.current[key]) { + delete formRefs.current[key]; + } } - } - }, - [setValue] - ); + }, + [setValue] + ); - return ( - <> - - - -
+ return ( + <> + + + +
+ +
+ + -
- - - - - - - - - - - - - - - - - - - - - {Object.entries(value).map(([ecsKey, ecsValue]) => ( - + + + + + + + + + + + + + + + + + {Object.entries(value).map(([ecsKey, ecsValue]) => ( + { - if (formRef) { - formRefs.current[ecsKey] = formRef; - } - }} - key={ecsKey} - osquerySchemaOptions={osquerySchemaOptions} - // eslint-disable-next-line react-perf/jsx-no-new-object-as-prop - defaultValue={{ - key: ecsKey, - value: ecsValue, - }} - onChange={handleUpdateRow(ecsKey)} - onDelete={handleDeleteRow} - isDisabled={!!euiFieldProps?.isDisabled} - /> - ))} - {!euiFieldProps?.isDisabled && ( - + ))} + {!euiFieldProps?.isDisabled && ( + { - if (formRef) { - formRefs.current.new = formRef; - } - }} - osquerySchemaOptions={osquerySchemaOptions} - onAdd={handleAddRow} - /> - )} - - ); -}; + if (formRef) { + formRefs.current.new = formRef; + } + }} + osquerySchemaOptions={osquerySchemaOptions} + onAdd={handleAddRow} + /> + )} + + ); + }, + (prevProps, nextProps) => + prevProps.field.value === nextProps.field.value && + prevProps.query === nextProps.query && + deepEqual(prevProps.euiFieldProps, nextProps.euiFieldProps) +); // eslint-disable-next-line import/no-default-export export default ECSMappingEditorField; diff --git a/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts b/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts index af3e5b23e80f8..cb84386dbe3ea 100644 --- a/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts +++ b/x-pack/plugins/osquery/public/packs/use_pack_query_last_results.ts @@ -6,6 +6,7 @@ */ import { useQuery } from 'react-query'; +import moment from 'moment-timezone'; import { IndexPattern } from '../../../../../src/plugins/data/common'; import { useKibana } from '../common/lib/kibana'; @@ -46,13 +47,12 @@ export const usePackQueryLastResults = ({ }); const lastResultsResponse = await lastResultsSearchSource.fetch$().toPromise(); + const timestamp = lastResultsResponse.rawResponse?.hits?.hits[0]?.fields?.['@timestamp'][0]; - const responseId = lastResultsResponse.rawResponse?.hits?.hits[0]?._source?.response_id; - - if (responseId) { + if (timestamp) { const aggsSearchSource = await data.search.searchSource.create({ index: logsIndexPattern, - size: 0, + size: 1, aggs: { unique_agents: { cardinality: { field: 'agent.id' } }, }, @@ -61,13 +61,16 @@ export const usePackQueryLastResults = ({ bool: { filter: [ { - match_phrase: { - action_id: actionId, + range: { + '@timestamp': { + gte: moment(timestamp).subtract(interval, 'seconds').format(), + lte: moment(timestamp).format(), + }, }, }, { match_phrase: { - response_id: responseId, + action_id: actionId, }, }, ], @@ -81,7 +84,7 @@ export const usePackQueryLastResults = ({ '@timestamp': lastResultsResponse.rawResponse?.hits?.hits[0]?.fields?.['@timestamp'], // @ts-expect-error update types uniqueAgentsCount: aggsResponse.rawResponse.aggregations?.unique_agents?.value, - docCount: aggsResponse.rawResponse?.hits?.total, + docCount: aggsResponse?.rawResponse?.hits?.total, }; } diff --git a/x-pack/plugins/osquery/public/results/results_table.tsx b/x-pack/plugins/osquery/public/results/results_table.tsx index 5b8143c874e2b..d1d16730e7982 100644 --- a/x-pack/plugins/osquery/public/results/results_table.tsx +++ b/x-pack/plugins/osquery/public/results/results_table.tsx @@ -291,19 +291,9 @@ const ResultsTableComponent: React.FC = ({ setIsLive(() => { if (!agentIds?.length || expired) return false; - const uniqueAgentsRepliedCount = - // @ts-expect-error-type - allResultsData?.rawResponse.aggregations?.unique_agents.value ?? 0; - - return !!(uniqueAgentsRepliedCount !== agentIds?.length - aggregations.failed); + return !!(aggregations.totalResponded !== agentIds?.length); }), - [ - agentIds?.length, - aggregations.failed, - // @ts-expect-error-type - allResultsData?.rawResponse.aggregations?.unique_agents.value, - expired, - ] + [agentIds?.length, aggregations.failed, aggregations.totalResponded, expired] ); if (!hasActionResultsPrivileges) { @@ -328,7 +318,7 @@ const ResultsTableComponent: React.FC = ({ <> {isLive && } - {isFetched && !allResultsData?.edges.length ? ( + {isFetched && !allResultsData?.edges.length && !aggregations?.totalRowCount ? ( <> diff --git a/x-pack/plugins/osquery/public/routes/packs/list/index.tsx b/x-pack/plugins/osquery/public/routes/packs/list/index.tsx index 945677cade577..6f084e9e6bf25 100644 --- a/x-pack/plugins/osquery/public/routes/packs/list/index.tsx +++ b/x-pack/plugins/osquery/public/routes/packs/list/index.tsx @@ -27,6 +27,16 @@ const PacksPageComponent = () => { + + +

+ +

+ + ), [] diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts index a7047dfec82d9..8f697581642e6 100644 --- a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts +++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts @@ -36,6 +36,7 @@ export const useSavedQueries = ({ toastMessage: error.body.message, }); }, + refetchOnWindowFocus: !!isLive, } ); }; diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts index 811550feb38fe..8f24f7734fc46 100644 --- a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts +++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts @@ -29,6 +29,7 @@ export const useSavedQuery = ({ savedQueryId }: UseSavedQueryProps) => { () => http.get(`/internal/osquery/saved_query/${savedQueryId}`), { keepPreviousData: true, + refetchOnWindowFocus: false, onSuccess: (data) => { if (data.error) { setErrorToast(data.error, { diff --git a/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts b/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts index e53750080ef76..07f02a892999c 100644 --- a/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts +++ b/x-pack/plugins/osquery/scripts/schema_formatter/ecs_formatter.ts @@ -11,7 +11,7 @@ import path from 'path'; import { run } from '@kbn/dev-utils'; -const ECS_COLUMN_SCHEMA_FIELDS = ['field', 'type', 'description']; +const ECS_COLUMN_SCHEMA_FIELDS = ['field', 'type', 'normalization', 'example', 'description']; const RESTRICTED_FIELDS = [ 'agent.name', diff --git a/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts b/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts index a633fe4923aeb..fb2c834f3c74d 100644 --- a/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts +++ b/x-pack/plugins/osquery/server/lib/saved_query/saved_object_mappings.ts @@ -53,6 +53,11 @@ export const savedQueryType: SavedObjectsType = { hidden: false, namespaceType: 'multiple-isolated', mappings: savedQuerySavedObjectMappings, + management: { + defaultSearchField: 'id', + importableAndExportable: true, + getTitle: (savedObject) => savedObject.attributes.id, + }, }; export const packSavedObjectMappings: SavedObjectsType['mappings'] = { @@ -109,4 +114,9 @@ export const packType: SavedObjectsType = { hidden: false, namespaceType: 'multiple-isolated', mappings: packSavedObjectMappings, + management: { + defaultSearchField: 'name', + importableAndExportable: true, + getTitle: (savedObject) => savedObject.attributes.name, + }, }; diff --git a/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts index 3308a8023dd9e..a84ec5a262a64 100644 --- a/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts +++ b/x-pack/plugins/osquery/server/routes/saved_query/read_saved_query_route.ts @@ -26,7 +26,7 @@ export const readSavedQueryRoute = (router: IRouter) => { const savedObjectsClient = context.core.savedObjects.client; const savedQuery = await savedObjectsClient.get<{ - ecs_mapping: Array<{ field: string; value: string }>; + ecs_mapping: Array<{ key: string; value: Record }>; }>(savedQuerySavedObjectType, request.params.id); if (savedQuery.attributes.ecs_mapping) { diff --git a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts index c0148087ee8c9..b34999204b8a3 100644 --- a/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts +++ b/x-pack/plugins/osquery/server/routes/saved_query/update_saved_query_route.ts @@ -34,7 +34,8 @@ export const updateSavedQueryRoute = (router: IRouter, osqueryContext: OsqueryAp schema.recordOf( schema.string(), schema.object({ - field: schema.string(), + field: schema.maybe(schema.string()), + value: schema.maybe(schema.string()), }) ) ), diff --git a/x-pack/plugins/osquery/server/routes/utils.ts b/x-pack/plugins/osquery/server/routes/utils.ts index 136cbc190e46c..62464ec5d6336 100644 --- a/x-pack/plugins/osquery/server/routes/utils.ts +++ b/x-pack/plugins/osquery/server/routes/utils.ts @@ -5,22 +5,24 @@ * 2.0. */ -import { pick, reduce } from 'lodash'; +import { reduce } from 'lodash'; export const convertECSMappingToArray = (ecsMapping: Record | undefined) => ecsMapping ? Object.entries(ecsMapping).map((item) => ({ - value: item[0], - ...item[1], + key: item[0], + value: item[1], })) : undefined; -export const convertECSMappingToObject = (ecsMapping: Array<{ field: string; value: string }>) => +export const convertECSMappingToObject = ( + ecsMapping: Array<{ key: string; value: Record }> +) => reduce( ecsMapping, (acc, value) => { - acc[value.value] = pick(value, 'field'); + acc[value.key] = value.value; return acc; }, - {} as Record + {} as Record ); diff --git a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts index 109e260911933..96d5ad60cd54c 100644 --- a/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts +++ b/x-pack/plugins/osquery/server/search_strategy/osquery/factory/actions/results/query.action_results.dsl.ts @@ -46,6 +46,11 @@ export const buildActionResultsQuery = ({ }, }, aggs: { + rows_count: { + sum: { + field: 'action_response.osquery.count', + }, + }, responses: { terms: { script: { From 38213cd0e51075d41a116d579e54398490b23c4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Cau=C3=AA=20Marcondes?= <55978943+cauemarcondes@users.noreply.github.com> Date: Tue, 2 Nov 2021 11:38:13 -0400 Subject: [PATCH 20/53] [APM] Fixing synthtrace import location (#117017) --- .../tests/errors/distribution.ts | 56 +- .../tests/errors/generate_data.ts | 72 +++ .../tests/errors/group_id.ts | 92 ++++ .../test/apm_api_integration/tests/index.ts | 479 +++++++++--------- 4 files changed, 409 insertions(+), 290 deletions(-) create mode 100644 x-pack/test/apm_api_integration/tests/errors/generate_data.ts create mode 100644 x-pack/test/apm_api_integration/tests/errors/group_id.ts diff --git a/x-pack/test/apm_api_integration/tests/errors/distribution.ts b/x-pack/test/apm_api_integration/tests/errors/distribution.ts index 666c5c2ea2975..487b5ff8a12c9 100644 --- a/x-pack/test/apm_api_integration/tests/errors/distribution.ts +++ b/x-pack/test/apm_api_integration/tests/errors/distribution.ts @@ -4,7 +4,6 @@ * 2.0; you may not use this file except in compliance with the Elastic License * 2.0. */ -import { service, timerange } from '@elastic/apm-synthtrace'; import expect from '@kbn/expect'; import { first, last, sumBy } from 'lodash'; import { isFiniteNumber } from '../../../../plugins/apm/common/utils/is_finite_number'; @@ -15,6 +14,7 @@ import { import { RecursivePartial } from '../../../../plugins/apm/typings/common'; import { FtrProviderContext } from '../../common/ftr_provider_context'; import { registry } from '../../common/registry'; +import { config, generateData } from './generate_data'; type ErrorsDistribution = APIReturnType<'GET /internal/apm/services/{serviceName}/errors/distribution'>; @@ -65,59 +65,9 @@ export default function ApiTest({ getService }: FtrProviderContext) { { config: 'basic', archives: ['apm_mappings_only_8.0.0'] }, () => { describe('errors distribution', () => { - const appleTransaction = { - name: 'GET /apple 🍎 ', - successRate: 75, - failureRate: 25, - }; - const bananaTransaction = { - name: 'GET /banana 🍌', - successRate: 50, - failureRate: 50, - }; - + const { appleTransaction, bananaTransaction } = config; before(async () => { - const serviceGoProdInstance = service(serviceName, 'production', 'go').instance( - 'instance-a' - ); - - const interval = '1m'; - - const indices = [appleTransaction, bananaTransaction] - .map((transaction, index) => { - return [ - ...timerange(start, end) - .interval(interval) - .rate(transaction.successRate) - .flatMap((timestamp) => - serviceGoProdInstance - .transaction(transaction.name) - .timestamp(timestamp) - .duration(1000) - .success() - .serialize() - ), - ...timerange(start, end) - .interval(interval) - .rate(transaction.failureRate) - .flatMap((timestamp) => - serviceGoProdInstance - .transaction(transaction.name) - .errors( - serviceGoProdInstance - .error(`Error ${index}`, transaction.name) - .timestamp(timestamp) - ) - .duration(1000) - .timestamp(timestamp) - .failure() - .serialize() - ), - ]; - }) - .flatMap((_) => _); - - await synthtraceEsClient.index(indices); + await generateData({ serviceName, start, end, synthtraceEsClient }); }); after(() => synthtraceEsClient.clean()); diff --git a/x-pack/test/apm_api_integration/tests/errors/generate_data.ts b/x-pack/test/apm_api_integration/tests/errors/generate_data.ts new file mode 100644 index 0000000000000..f7874b1c61495 --- /dev/null +++ b/x-pack/test/apm_api_integration/tests/errors/generate_data.ts @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import { service, SynthtraceEsClient, timerange } from '@elastic/apm-synthtrace'; + +export const config = { + appleTransaction: { + name: 'GET /apple 🍎 ', + successRate: 75, + failureRate: 25, + }, + bananaTransaction: { + name: 'GET /banana 🍌', + successRate: 50, + failureRate: 50, + }, +}; + +export async function generateData({ + synthtraceEsClient, + serviceName, + start, + end, +}: { + synthtraceEsClient: SynthtraceEsClient; + serviceName: string; + start: number; + end: number; +}) { + const serviceGoProdInstance = service(serviceName, 'production', 'go').instance('instance-a'); + + const interval = '1m'; + + const { bananaTransaction, appleTransaction } = config; + + const documents = [appleTransaction, bananaTransaction] + .map((transaction, index) => { + return [ + ...timerange(start, end) + .interval(interval) + .rate(transaction.successRate) + .flatMap((timestamp) => + serviceGoProdInstance + .transaction(transaction.name) + .timestamp(timestamp) + .duration(1000) + .success() + .serialize() + ), + ...timerange(start, end) + .interval(interval) + .rate(transaction.failureRate) + .flatMap((timestamp) => + serviceGoProdInstance + .transaction(transaction.name) + .errors( + serviceGoProdInstance.error(`Error ${index}`, transaction.name).timestamp(timestamp) + ) + .duration(1000) + .timestamp(timestamp) + .failure() + .serialize() + ), + ]; + }) + .flatMap((_) => _); + + await synthtraceEsClient.index(documents); +} diff --git a/x-pack/test/apm_api_integration/tests/errors/group_id.ts b/x-pack/test/apm_api_integration/tests/errors/group_id.ts new file mode 100644 index 0000000000000..ef9e293355a7f --- /dev/null +++ b/x-pack/test/apm_api_integration/tests/errors/group_id.ts @@ -0,0 +1,92 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ +import expect from '@kbn/expect'; +import { + APIClientRequestParamsOf, + APIReturnType, +} from '../../../../plugins/apm/public/services/rest/createCallApmApi'; +import { RecursivePartial } from '../../../../plugins/apm/typings/common'; +import { FtrProviderContext } from '../../common/ftr_provider_context'; +import { registry } from '../../common/registry'; +import { config, generateData } from './generate_data'; + +type ErrorsDistribution = + APIReturnType<'GET /internal/apm/services/{serviceName}/errors/{groupId}'>; + +export default function ApiTest({ getService }: FtrProviderContext) { + const apmApiClient = getService('apmApiClient'); + const synthtraceEsClient = getService('synthtraceEsClient'); + + const serviceName = 'synth-go'; + const start = new Date('2021-01-01T00:00:00.000Z').getTime(); + const end = new Date('2021-01-01T00:15:00.000Z').getTime() - 1; + + async function callApi( + overrides?: RecursivePartial< + APIClientRequestParamsOf<'GET /internal/apm/services/{serviceName}/errors/{groupId}'>['params'] + > + ) { + const response = await apmApiClient.readUser({ + endpoint: 'GET /internal/apm/services/{serviceName}/errors/{groupId}', + params: { + path: { + serviceName, + groupId: 'foo', + ...overrides?.path, + }, + query: { + start: new Date(start).toISOString(), + end: new Date(end).toISOString(), + environment: 'ENVIRONMENT_ALL', + kuery: '', + ...overrides?.query, + }, + }, + }); + return response; + } + + registry.when('when data is not loaded', { config: 'basic', archives: [] }, () => { + it('handles the empty state', async () => { + const response = await callApi(); + expect(response.status).to.be(200); + expect(response.body.occurrencesCount).to.be(0); + }); + }); + + registry.when( + 'when data is loaded', + { config: 'basic', archives: ['apm_mappings_only_8.0.0'] }, + () => { + const { bananaTransaction } = config; + describe('error group id', () => { + before(async () => { + await generateData({ serviceName, start, end, synthtraceEsClient }); + }); + + after(() => synthtraceEsClient.clean()); + + describe('return correct data', () => { + let errorsDistribution: ErrorsDistribution; + before(async () => { + const response = await callApi({ + path: { groupId: '0000000000000000000000000Error 1' }, + }); + errorsDistribution = response.body; + }); + + it('displays correct number of occurrences', () => { + const numberOfBuckets = 15; + expect(errorsDistribution.occurrencesCount).to.equal( + bananaTransaction.failureRate * numberOfBuckets + ); + }); + }); + }); + } + ); +} diff --git a/x-pack/test/apm_api_integration/tests/index.ts b/x-pack/test/apm_api_integration/tests/index.ts index b6693e9d344f2..46966834a176e 100644 --- a/x-pack/test/apm_api_integration/tests/index.ts +++ b/x-pack/test/apm_api_integration/tests/index.ts @@ -14,249 +14,254 @@ export default function apmApiIntegrationTests(providerContext: FtrProviderConte describe('APM API tests', function () { this.tags('ciGroup1'); - // // inspect feature - // describe('inspect/inspect', function () { - // loadTestFile(require.resolve('./inspect/inspect')); - // }); - - // // alerts - // describe('alerts/chart_preview', function () { - // loadTestFile(require.resolve('./alerts/chart_preview')); - // }); - - // describe('alerts/rule_registry', function () { - // loadTestFile(require.resolve('./alerts/rule_registry')); - // }); - - // // correlations - // describe('correlations/failed_transactions', function () { - // loadTestFile(require.resolve('./correlations/failed_transactions')); - // }); - - // describe('correlations/latency', function () { - // loadTestFile(require.resolve('./correlations/latency')); - // }); - - // describe('event_metadata/event_metadata', function () { - // loadTestFile(require.resolve('./event_metadata/event_metadata')); - // }); - - // describe('metrics_charts/metrics_charts', function () { - // loadTestFile(require.resolve('./metrics_charts/metrics_charts')); - // }); - - // describe('observability_overview/has_data', function () { - // loadTestFile(require.resolve('./observability_overview/has_data')); - // }); - - // describe('observability_overview/observability_overview', function () { - // loadTestFile(require.resolve('./observability_overview/observability_overview')); - // }); - - // describe('service_maps/service_maps', function () { - // loadTestFile(require.resolve('./service_maps/service_maps')); - // }); - - // // Service overview - // describe('service_overview/dependencies', function () { - // loadTestFile(require.resolve('./service_overview/dependencies')); - // }); - - // describe('service_overview/instances_main_statistics', function () { - // loadTestFile(require.resolve('./service_overview/instances_main_statistics')); - // }); - - // describe('service_overview/instances_detailed_statistics', function () { - // loadTestFile(require.resolve('./service_overview/instances_detailed_statistics')); - // }); - - // describe('service_overview/instance_details', function () { - // loadTestFile(require.resolve('./service_overview/instance_details')); - // }); - - // // Services - // describe('services/agent', function () { - // loadTestFile(require.resolve('./services/agent')); - // }); - - // describe('services/annotations', function () { - // loadTestFile(require.resolve('./services/annotations')); - // loadTestFile(require.resolve('./services/derived_annotations')); - // }); - - // describe('services/service_details', function () { - // loadTestFile(require.resolve('./services/service_details')); - // }); - - // describe('services/service_icons', function () { - // loadTestFile(require.resolve('./services/service_icons')); - // }); - - // describe('services/throughput', function () { - // loadTestFile(require.resolve('./services/throughput')); - // }); - - // describe('service apis throughput', function () { - // loadTestFile(require.resolve('./throughput/service_apis')); - // }); - - // describe('dependencies throughput', function () { - // loadTestFile(require.resolve('./throughput/dependencies_apis')); - // }); - - // describe('services/top_services', function () { - // loadTestFile(require.resolve('./services/top_services')); - // }); - - // describe('services/transaction_types', function () { - // loadTestFile(require.resolve('./services/transaction_types')); - // }); - - // describe('services/error_groups_main_statistics', function () { - // loadTestFile(require.resolve('./services/error_groups/error_groups_main_statistics')); - // }); - - // describe('services/error_groups_detailed_statistics', function () { - // loadTestFile(require.resolve('./services/error_groups/error_groups_detailed_statistics')); - // }); - - // describe('services/detailed_statistics', function () { - // loadTestFile(require.resolve('./services/services_detailed_statistics')); - // }); - - // // Settings - // describe('settings/anomaly_detection/basic', function () { - // loadTestFile(require.resolve('./settings/anomaly_detection/basic')); - // }); - - // describe('settings/anomaly_detection/no_access_user', function () { - // loadTestFile(require.resolve('./settings/anomaly_detection/no_access_user')); - // }); - - // describe('settings/anomaly_detection/read_user', function () { - // loadTestFile(require.resolve('./settings/anomaly_detection/read_user')); - // }); - - // describe('settings/anomaly_detection/write_user', function () { - // loadTestFile(require.resolve('./settings/anomaly_detection/write_user')); - // }); - - // describe('settings/agent_configuration', function () { - // loadTestFile(require.resolve('./settings/agent_configuration')); - // }); - - // describe('settings/custom_link', function () { - // loadTestFile(require.resolve('./settings/custom_link')); - // }); - - // // suggestions - // describe('suggestions', function () { - // loadTestFile(require.resolve('./suggestions/suggestions')); - // }); - - // // traces - // describe('traces/top_traces', function () { - // loadTestFile(require.resolve('./traces/top_traces')); - // }); - // describe('/internal/apm/traces/{traceId}', function () { - // loadTestFile(require.resolve('./traces/trace_by_id')); - // }); - - // // transactions - // describe('transactions/breakdown', function () { - // loadTestFile(require.resolve('./transactions/breakdown')); - // }); - - // describe('transactions/trace_samples', function () { - // loadTestFile(require.resolve('./transactions/trace_samples')); - // }); - - // describe('transactions/error_rate', function () { - // loadTestFile(require.resolve('./transactions/error_rate')); - // }); - - // describe('transactions/latency_overall_distribution', function () { - // loadTestFile(require.resolve('./transactions/latency_overall_distribution')); - // }); - - // describe('transactions/latency', function () { - // loadTestFile(require.resolve('./transactions/latency')); - // }); - - // describe('transactions/transactions_groups_main_statistics', function () { - // loadTestFile(require.resolve('./transactions/transactions_groups_main_statistics')); - // }); - - // describe('transactions/transactions_groups_detailed_statistics', function () { - // loadTestFile(require.resolve('./transactions/transactions_groups_detailed_statistics')); - // }); - - // // feature control - // describe('feature_controls', function () { - // loadTestFile(require.resolve('./feature_controls')); - // }); - - // // CSM - // describe('csm/csm_services', function () { - // loadTestFile(require.resolve('./csm/csm_services')); - // }); - - // describe('csm/has_rum_data', function () { - // loadTestFile(require.resolve('./csm/has_rum_data')); - // }); - - // describe('csm/js_errors', function () { - // loadTestFile(require.resolve('./csm/js_errors')); - // }); - - // describe('csm/long_task_metrics', function () { - // loadTestFile(require.resolve('./csm/long_task_metrics')); - // }); - - // describe('csm/page_load_dist', function () { - // loadTestFile(require.resolve('./csm/page_load_dist')); - // }); - - // describe('csm/page_views', function () { - // loadTestFile(require.resolve('./csm/page_views')); - // }); - - // describe('csm/url_search', function () { - // loadTestFile(require.resolve('./csm/url_search')); - // }); - - // describe('csm/web_core_vitals', function () { - // loadTestFile(require.resolve('./csm/web_core_vitals')); - // }); - - // describe('historical_data/has_data', function () { - // loadTestFile(require.resolve('./historical_data/has_data')); - // }); - - // describe('error_rate/service_apis', function () { - // loadTestFile(require.resolve('./error_rate/service_apis')); - // }); - - // describe('latency/service_apis', function () { - // loadTestFile(require.resolve('./latency/service_apis')); - // }); - - // describe('errors/distribution', function () { - // loadTestFile(require.resolve('./errors/distribution')); - // }); + // inspect feature + describe('inspect/inspect', function () { + loadTestFile(require.resolve('./inspect/inspect')); + }); + + // alerts + describe('alerts/chart_preview', function () { + loadTestFile(require.resolve('./alerts/chart_preview')); + }); + + describe('alerts/rule_registry', function () { + loadTestFile(require.resolve('./alerts/rule_registry')); + }); + + // correlations + describe('correlations/failed_transactions', function () { + loadTestFile(require.resolve('./correlations/failed_transactions')); + }); + + describe('correlations/latency', function () { + loadTestFile(require.resolve('./correlations/latency')); + }); + + describe('event_metadata/event_metadata', function () { + loadTestFile(require.resolve('./event_metadata/event_metadata')); + }); + + describe('metrics_charts/metrics_charts', function () { + loadTestFile(require.resolve('./metrics_charts/metrics_charts')); + }); + + describe('observability_overview/has_data', function () { + loadTestFile(require.resolve('./observability_overview/has_data')); + }); + + describe('observability_overview/observability_overview', function () { + loadTestFile(require.resolve('./observability_overview/observability_overview')); + }); + + describe('service_maps/service_maps', function () { + loadTestFile(require.resolve('./service_maps/service_maps')); + }); + + // Service overview + describe('service_overview/dependencies', function () { + loadTestFile(require.resolve('./service_overview/dependencies')); + }); + + describe('service_overview/instances_main_statistics', function () { + loadTestFile(require.resolve('./service_overview/instances_main_statistics')); + }); + + describe('service_overview/instances_detailed_statistics', function () { + loadTestFile(require.resolve('./service_overview/instances_detailed_statistics')); + }); + + describe('service_overview/instance_details', function () { + loadTestFile(require.resolve('./service_overview/instance_details')); + }); + + // Services + describe('services/agent', function () { + loadTestFile(require.resolve('./services/agent')); + }); + + describe('services/annotations', function () { + loadTestFile(require.resolve('./services/annotations')); + loadTestFile(require.resolve('./services/derived_annotations')); + }); + + describe('services/service_details', function () { + loadTestFile(require.resolve('./services/service_details')); + }); + + describe('services/service_icons', function () { + loadTestFile(require.resolve('./services/service_icons')); + }); + + describe('services/throughput', function () { + loadTestFile(require.resolve('./services/throughput')); + }); + + describe('service apis throughput', function () { + loadTestFile(require.resolve('./throughput/service_apis')); + }); + + describe('dependencies throughput', function () { + loadTestFile(require.resolve('./throughput/dependencies_apis')); + }); + + describe('services/top_services', function () { + loadTestFile(require.resolve('./services/top_services')); + }); + + describe('services/transaction_types', function () { + loadTestFile(require.resolve('./services/transaction_types')); + }); + + describe('services/error_groups_main_statistics', function () { + loadTestFile(require.resolve('./services/error_groups/error_groups_main_statistics')); + }); + + describe('services/error_groups_detailed_statistics', function () { + loadTestFile(require.resolve('./services/error_groups/error_groups_detailed_statistics')); + }); + + describe('services/detailed_statistics', function () { + loadTestFile(require.resolve('./services/services_detailed_statistics')); + }); + + // Settinges + describe('settings/anomaly_detection/basic', function () { + loadTestFile(require.resolve('./settings/anomaly_detection/basic')); + }); + + describe('settings/anomaly_detection/no_access_user', function () { + loadTestFile(require.resolve('./settings/anomaly_detection/no_access_user')); + }); + + describe('settings/anomaly_detection/read_user', function () { + loadTestFile(require.resolve('./settings/anomaly_detection/read_user')); + }); + + describe('settings/anomaly_detection/write_user', function () { + loadTestFile(require.resolve('./settings/anomaly_detection/write_user')); + }); + + describe('settings/agent_configuration', function () { + loadTestFile(require.resolve('./settings/agent_configuration')); + }); + + describe('settings/custom_link', function () { + loadTestFile(require.resolve('./settings/custom_link')); + }); + + // suggestions + describe('suggestions', function () { + loadTestFile(require.resolve('./suggestions/suggestions')); + }); + + // traces + describe('traces/top_traces', function () { + loadTestFile(require.resolve('./traces/top_traces')); + }); + describe('/internal/apm/traces/{traceId}', function () { + loadTestFile(require.resolve('./traces/trace_by_id')); + }); + + // transactions + describe('transactions/breakdown', function () { + loadTestFile(require.resolve('./transactions/breakdown')); + }); + + describe('transactions/trace_samples', function () { + loadTestFile(require.resolve('./transactions/trace_samples')); + }); + + describe('transactions/error_rate', function () { + loadTestFile(require.resolve('./transactions/error_rate')); + }); + + describe('transactions/latency_overall_distribution', function () { + loadTestFile(require.resolve('./transactions/latency_overall_distribution')); + }); + + describe('transactions/latency', function () { + loadTestFile(require.resolve('./transactions/latency')); + }); + + describe('transactions/transactions_groups_main_statistics', function () { + loadTestFile(require.resolve('./transactions/transactions_groups_main_statistics')); + }); + + describe('transactions/transactions_groups_detailed_statistics', function () { + loadTestFile(require.resolve('./transactions/transactions_groups_detailed_statistics')); + }); + + // feature control + describe('feature_controls', function () { + loadTestFile(require.resolve('./feature_controls')); + }); + + // CSM + describe('csm/csm_services', function () { + loadTestFile(require.resolve('./csm/csm_services')); + }); + + describe('csm/has_rum_data', function () { + loadTestFile(require.resolve('./csm/has_rum_data')); + }); + + describe('csm/js_errors', function () { + loadTestFile(require.resolve('./csm/js_errors')); + }); + + describe('csm/long_task_metrics', function () { + loadTestFile(require.resolve('./csm/long_task_metrics')); + }); + + describe('csm/page_load_dist', function () { + loadTestFile(require.resolve('./csm/page_load_dist')); + }); + + describe('csm/page_views', function () { + loadTestFile(require.resolve('./csm/page_views')); + }); + + describe('csm/url_search', function () { + loadTestFile(require.resolve('./csm/url_search')); + }); + + describe('csm/web_core_vitals', function () { + loadTestFile(require.resolve('./csm/web_core_vitals')); + }); + + describe('historical_data/has_data', function () { + loadTestFile(require.resolve('./historical_data/has_data')); + }); + + describe('error_rate/service_apis', function () { + loadTestFile(require.resolve('./error_rate/service_apis')); + }); + + describe('latency/service_apis', function () { + loadTestFile(require.resolve('./latency/service_apis')); + }); + + // Errors + describe('errors/group_id', function () { + loadTestFile(require.resolve('./errors/group_id')); + }); + + describe('errors/distribution', function () { + loadTestFile(require.resolve('./errors/distribution')); + }); describe('errors/error_group_list', function () { loadTestFile(require.resolve('./errors/error_group_list')); }); - // // Dependencies - // describe('dependencies/metadata', function () { - // loadTestFile(require.resolve('./dependencies/metadata')); - // }); + // Dependencies + describe('dependencies/metadata', function () { + loadTestFile(require.resolve('./dependencies/metadata')); + }); - // describe('dependencies/top_dependencies', function () { - // loadTestFile(require.resolve('./dependencies/top_dependencies')); - // }); + describe('dependencies/top_dependencies', function () { + loadTestFile(require.resolve('./dependencies/top_dependencies')); + }); registry.run(providerContext); }); From 237d68d6e907c0ee6fd537501405f3d16c562798 Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Tue, 2 Nov 2021 08:53:07 -0700 Subject: [PATCH 21/53] [ci] Run Jest tests in parallel (#115687) * [ci] Run Jest tests in parallel Signed-off-by: Tyler Smalley * Disable coverage Signed-off-by: Tyler Smalley * Make hourly match prs Signed-off-by: Tyler Smalley * Update timeout Signed-off-by: Tyler Smalley * mock process.execArgv so that it is consistent * Remove comment Signed-off-by: Tyler Smalley Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: spalger --- .buildkite/pipelines/hourly.yml | 15 +++++----- .buildkite/pipelines/pull_request/base.yml | 15 +++++----- .buildkite/scripts/steps/test/jest.sh | 4 +-- .../scripts/steps/test/jest_parallel.sh | 28 +++++++++++++++++++ .../kbn-cli-dev-mode/src/dev_server.test.ts | 6 ++-- packages/kbn-rule-data-utils/jest.config.js | 13 --------- .../jest.config.js | 13 --------- .../jest.config.js | 13 --------- packages/kbn-test/jest-preset.js | 10 ++++++- packages/kbn-test/src/jest/run.ts | 5 ++-- src/plugins/expression_error/jest.config.js | 16 ----------- .../plugins/metrics_entities/jest.config.js | 15 ---------- .../download/ensure_downloaded.test.ts | 3 +- .../server/routes/deprecations.test.ts | 3 +- 14 files changed, 66 insertions(+), 93 deletions(-) create mode 100755 .buildkite/scripts/steps/test/jest_parallel.sh delete mode 100644 packages/kbn-rule-data-utils/jest.config.js delete mode 100644 packages/kbn-securitysolution-list-constants/jest.config.js delete mode 100644 packages/kbn-securitysolution-t-grid/jest.config.js delete mode 100644 src/plugins/expression_error/jest.config.js delete mode 100644 x-pack/plugins/metrics_entities/jest.config.js diff --git a/.buildkite/pipelines/hourly.yml b/.buildkite/pipelines/hourly.yml index b03a46b5b5c66..81875dee70f18 100644 --- a/.buildkite/pipelines/hourly.yml +++ b/.buildkite/pipelines/hourly.yml @@ -119,6 +119,14 @@ steps: - exit_status: '*' limit: 1 + - command: .buildkite/scripts/steps/test/jest.sh + label: 'Jest Tests' + parallelism: 6 + agents: + queue: n2-4 + timeout_in_minutes: 90 + key: jest + - command: .buildkite/scripts/steps/test/jest_integration.sh label: 'Jest Integration Tests' agents: @@ -133,13 +141,6 @@ steps: timeout_in_minutes: 120 key: api-integration - - command: .buildkite/scripts/steps/test/jest.sh - label: 'Jest Tests' - agents: - queue: c2-16 - timeout_in_minutes: 120 - key: jest - - command: .buildkite/scripts/steps/lint.sh label: 'Linting' agents: diff --git a/.buildkite/pipelines/pull_request/base.yml b/.buildkite/pipelines/pull_request/base.yml index 1013a841dfd27..a3a1881c856c5 100644 --- a/.buildkite/pipelines/pull_request/base.yml +++ b/.buildkite/pipelines/pull_request/base.yml @@ -117,6 +117,14 @@ steps: - exit_status: '*' limit: 1 + - command: .buildkite/scripts/steps/test/jest.sh + label: 'Jest Tests' + parallelism: 6 + agents: + queue: n2-4 + timeout_in_minutes: 90 + key: jest + - command: .buildkite/scripts/steps/test/jest_integration.sh label: 'Jest Integration Tests' agents: @@ -131,13 +139,6 @@ steps: timeout_in_minutes: 120 key: api-integration - - command: .buildkite/scripts/steps/test/jest.sh - label: 'Jest Tests' - agents: - queue: c2-16 - timeout_in_minutes: 120 - key: jest - - command: .buildkite/scripts/steps/lint.sh label: 'Linting' agents: diff --git a/.buildkite/scripts/steps/test/jest.sh b/.buildkite/scripts/steps/test/jest.sh index 2c4e3fe21902d..d2d1ed10043d6 100755 --- a/.buildkite/scripts/steps/test/jest.sh +++ b/.buildkite/scripts/steps/test/jest.sh @@ -9,5 +9,5 @@ is_test_execution_step .buildkite/scripts/bootstrap.sh echo '--- Jest' -checks-reporter-with-killswitch "Jest Unit Tests" \ - node scripts/jest --ci --verbose --maxWorkers=10 +checks-reporter-with-killswitch "Jest Unit Tests $((BUILDKITE_PARALLEL_JOB+1))" \ + .buildkite/scripts/steps/test/jest_parallel.sh diff --git a/.buildkite/scripts/steps/test/jest_parallel.sh b/.buildkite/scripts/steps/test/jest_parallel.sh new file mode 100755 index 0000000000000..d3ee75b7add4a --- /dev/null +++ b/.buildkite/scripts/steps/test/jest_parallel.sh @@ -0,0 +1,28 @@ +#!/bin/bash + +set -uo pipefail + +JOB=$BUILDKITE_PARALLEL_JOB +JOB_COUNT=$BUILDKITE_PARALLEL_JOB_COUNT + +# a jest failure will result in the script returning an exit +# code of 10 + +i=0 +exitCode=0 + +find src x-pack packages -name jest.config.js -not -path "*/__fixtures__/*" | sort | while read config; do + if [ "$(($i % $JOB_COUNT))" -eq $JOB ]; then + echo "--- $ node scripts/jest --config $config" + node --max-old-space-size=5632 ./node_modules/.bin/jest --config=$config --runInBand --coverage=false + + if [ $? -ne 0 ]; then + exitCode=10 + echo "^^^ +++" + fi + fi + + ((i=i+1)) +done + +exit $exitCode \ No newline at end of file diff --git a/packages/kbn-cli-dev-mode/src/dev_server.test.ts b/packages/kbn-cli-dev-mode/src/dev_server.test.ts index 92dbe484eb005..5e386e3de5972 100644 --- a/packages/kbn-cli-dev-mode/src/dev_server.test.ts +++ b/packages/kbn-cli-dev-mode/src/dev_server.test.ts @@ -79,6 +79,7 @@ expect.addSnapshotSerializer(extendedEnvSerializer); beforeEach(() => { jest.clearAllMocks(); log.messages.length = 0; + process.execArgv = ['--inheritted', '--exec', '--argv']; currentProc = undefined; }); @@ -138,8 +139,9 @@ describe('#run$', () => { "isDevCliChild": "true", }, "nodeOptions": Array [ - "--preserve-symlinks-main", - "--preserve-symlinks", + "--inheritted", + "--exec", + "--argv", ], "stdio": "pipe", }, diff --git a/packages/kbn-rule-data-utils/jest.config.js b/packages/kbn-rule-data-utils/jest.config.js deleted file mode 100644 index 26cb39fe8b55a..0000000000000 --- a/packages/kbn-rule-data-utils/jest.config.js +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -module.exports = { - preset: '@kbn/test', - rootDir: '../..', - roots: ['/packages/kbn-rule-data-utils'], -}; diff --git a/packages/kbn-securitysolution-list-constants/jest.config.js b/packages/kbn-securitysolution-list-constants/jest.config.js deleted file mode 100644 index 21dffdfcf5a68..0000000000000 --- a/packages/kbn-securitysolution-list-constants/jest.config.js +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -module.exports = { - preset: '@kbn/test', - rootDir: '../..', - roots: ['/packages/kbn-securitysolution-list-constants'], -}; diff --git a/packages/kbn-securitysolution-t-grid/jest.config.js b/packages/kbn-securitysolution-t-grid/jest.config.js deleted file mode 100644 index 21e7d2d71b61a..0000000000000 --- a/packages/kbn-securitysolution-t-grid/jest.config.js +++ /dev/null @@ -1,13 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -module.exports = { - preset: '@kbn/test', - rootDir: '../..', - roots: ['/packages/kbn-securitysolution-t-grid'], -}; diff --git a/packages/kbn-test/jest-preset.js b/packages/kbn-test/jest-preset.js index 0199aa6e311b6..db64f070b37d9 100644 --- a/packages/kbn-test/jest-preset.js +++ b/packages/kbn-test/jest-preset.js @@ -46,7 +46,15 @@ module.exports = { modulePathIgnorePatterns: ['__fixtures__/', 'target/'], // Use this configuration option to add custom reporters to Jest - reporters: ['default', '@kbn/test/target_node/jest/junit_reporter'], + reporters: [ + 'default', + [ + '@kbn/test/target_node/jest/junit_reporter', + { + rootDirectory: '.', + }, + ], + ], // The paths to modules that run some code to configure or set up the testing environment before each test setupFiles: [ diff --git a/packages/kbn-test/src/jest/run.ts b/packages/kbn-test/src/jest/run.ts index 4a5dd4e9281ba..f2592500beeee 100644 --- a/packages/kbn-test/src/jest/run.ts +++ b/packages/kbn-test/src/jest/run.ts @@ -52,11 +52,12 @@ export function runJest(configName = 'jest.config.js') { const runStartTime = Date.now(); const reportTime = getTimeReporter(log, 'scripts/jest'); - let cwd: string; + let testFiles: string[]; + const cwd: string = process.env.INIT_CWD || process.cwd(); + if (!argv.config) { - cwd = process.env.INIT_CWD || process.cwd(); testFiles = argv._.splice(2).map((p) => resolve(cwd, p)); const commonTestFiles = commonBasePath(testFiles); const testFilesProvided = testFiles.length > 0; diff --git a/src/plugins/expression_error/jest.config.js b/src/plugins/expression_error/jest.config.js deleted file mode 100644 index 27774f4003f9e..0000000000000 --- a/src/plugins/expression_error/jest.config.js +++ /dev/null @@ -1,16 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0 and the Server Side Public License, v 1; you may not use this file except - * in compliance with, at your election, the Elastic License 2.0 or the Server - * Side Public License, v 1. - */ - -module.exports = { - preset: '@kbn/test', - rootDir: '../../..', - roots: ['/src/plugins/expression_error'], - coverageDirectory: '/target/kibana-coverage/jest/src/plugins/expression_error', - coverageReporters: ['text', 'html'], - collectCoverageFrom: ['/src/plugins/expression_error/{common,public}/**/*.{ts,tsx}'], -}; diff --git a/x-pack/plugins/metrics_entities/jest.config.js b/x-pack/plugins/metrics_entities/jest.config.js deleted file mode 100644 index 98a391223cc0f..0000000000000 --- a/x-pack/plugins/metrics_entities/jest.config.js +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License - * 2.0; you may not use this file except in compliance with the Elastic License - * 2.0. - */ - -module.exports = { - collectCoverageFrom: ['/x-pack/plugins/metrics_entities/{common,server}/**/*.{ts,tsx}'], - coverageDirectory: '/target/kibana-coverage/jest/x-pack/plugins/metrics_entities', - coverageReporters: ['text', 'html'], - preset: '@kbn/test', - rootDir: '../../..', - roots: ['/x-pack/plugins/metrics_entities'], -}; diff --git a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts index 955e8214af8fa..9db128c019ac0 100644 --- a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts +++ b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts @@ -17,7 +17,8 @@ import { LevelLogger } from '../../lib'; jest.mock('./checksum'); jest.mock('./download'); -describe('ensureBrowserDownloaded', () => { +// https://github.com/elastic/kibana/issues/115881 +describe.skip('ensureBrowserDownloaded', () => { let logger: jest.Mocked; beforeEach(() => { diff --git a/x-pack/plugins/reporting/server/routes/deprecations.test.ts b/x-pack/plugins/reporting/server/routes/deprecations.test.ts index 5367b6bd531ed..63be2acf52c25 100644 --- a/x-pack/plugins/reporting/server/routes/deprecations.test.ts +++ b/x-pack/plugins/reporting/server/routes/deprecations.test.ts @@ -24,7 +24,8 @@ import { registerDeprecationsRoutes } from './deprecations'; type SetupServerReturn = UnwrapPromise>; -describe(`GET ${API_GET_ILM_POLICY_STATUS}`, () => { +// https://github.com/elastic/kibana/issues/115881 +describe.skip(`GET ${API_GET_ILM_POLICY_STATUS}`, () => { const reportingSymbol = Symbol('reporting'); let server: SetupServerReturn['server']; let httpSetup: SetupServerReturn['httpSetup']; From a720a021a4e14b2e8da6267a0edeca1669317771 Mon Sep 17 00:00:00 2001 From: Joe Reuter Date: Tue, 2 Nov 2021 17:06:09 +0100 Subject: [PATCH 22/53] stabilize combo box selection (#116577) = --- test/functional/services/combo_box.ts | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/test/functional/services/combo_box.ts b/test/functional/services/combo_box.ts index 6706db82ce708..88201b0ec7e19 100644 --- a/test/functional/services/combo_box.ts +++ b/test/functional/services/combo_box.ts @@ -46,7 +46,9 @@ export class ComboBoxService extends FtrService { */ private async clickOption(isMouseClick: boolean, element: WebElementWrapper): Promise { // element.click causes scrollIntoView which causes combobox to close, using _webElement.click instead - return isMouseClick ? await element.clickMouseButton() : await element._webElement.click(); + await this.retry.try(async () => { + return isMouseClick ? await element.clickMouseButton() : await element._webElement.click(); + }); } /** From a3b71bea01115c471d9714e741e6201bbeeb5eb9 Mon Sep 17 00:00:00 2001 From: Joe Reuter Date: Tue, 2 Nov 2021 17:07:10 +0100 Subject: [PATCH 23/53] retry chart selection (#116580) --- x-pack/test/examples/embedded_lens/embedded_example.ts | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/x-pack/test/examples/embedded_lens/embedded_example.ts b/x-pack/test/examples/embedded_lens/embedded_example.ts index 3a0891079f24e..d11495f0450b4 100644 --- a/x-pack/test/examples/embedded_lens/embedded_example.ts +++ b/x-pack/test/examples/embedded_lens/embedded_example.ts @@ -16,8 +16,10 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const retry = getService('retry'); async function checkData() { - const data = await elasticChart.getChartDebugData(); - expect(data!.bars![0].bars.length).to.eql(24); + await retry.try(async () => { + const data = await elasticChart.getChartDebugData(); + expect(data!.bars![0].bars.length).to.eql(24); + }); } describe('show and save', () => { From 515d1c1fb6ac6bb374129a780afacdc2736cca47 Mon Sep 17 00:00:00 2001 From: Joe Reuter Date: Tue, 2 Nov 2021 17:07:27 +0100 Subject: [PATCH 24/53] make sure string mode popover is actually closed (#116585) --- .../page_objects/visual_builder_page.ts | 19 +++++++++++++------ 1 file changed, 13 insertions(+), 6 deletions(-) diff --git a/test/functional/page_objects/visual_builder_page.ts b/test/functional/page_objects/visual_builder_page.ts index 385d250fe761d..f6e6caf102004 100644 --- a/test/functional/page_objects/visual_builder_page.ts +++ b/test/functional/page_objects/visual_builder_page.ts @@ -506,12 +506,19 @@ export class VisualBuilderPageObject extends FtrService { } public async toggleIndexPatternSelectionModePopover(shouldOpen: boolean) { - const isPopoverOpened = await this.testSubjects.exists( - 'switchIndexPatternSelectionModePopoverContent' - ); - if ((shouldOpen && !isPopoverOpened) || (!shouldOpen && isPopoverOpened)) { - await this.testSubjects.click('switchIndexPatternSelectionModePopoverButton'); - } + await this.retry.try(async () => { + const isPopoverOpened = await this.testSubjects.exists( + 'switchIndexPatternSelectionModePopoverContent' + ); + if ((shouldOpen && !isPopoverOpened) || (!shouldOpen && isPopoverOpened)) { + await this.testSubjects.click('switchIndexPatternSelectionModePopoverButton'); + } + if (shouldOpen) { + await this.testSubjects.existOrFail('switchIndexPatternSelectionModePopoverContent'); + } else { + await this.testSubjects.missingOrFail('switchIndexPatternSelectionModePopoverContent'); + } + }); } public async switchIndexPatternSelectionMode(useKibanaIndices: boolean) { From 87c7289b745642832b093f8685daa8ab6a0a872c Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Tue, 2 Nov 2021 09:17:16 -0700 Subject: [PATCH 25/53] [ci] Increase heap of Jest Signed-off-by: Tyler Smalley --- .buildkite/scripts/steps/test/jest_parallel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/scripts/steps/test/jest_parallel.sh b/.buildkite/scripts/steps/test/jest_parallel.sh index d3ee75b7add4a..963cfae581b1f 100755 --- a/.buildkite/scripts/steps/test/jest_parallel.sh +++ b/.buildkite/scripts/steps/test/jest_parallel.sh @@ -14,7 +14,7 @@ exitCode=0 find src x-pack packages -name jest.config.js -not -path "*/__fixtures__/*" | sort | while read config; do if [ "$(($i % $JOB_COUNT))" -eq $JOB ]; then echo "--- $ node scripts/jest --config $config" - node --max-old-space-size=5632 ./node_modules/.bin/jest --config=$config --runInBand --coverage=false + node --max-old-space-size=7168 ./node_modules/.bin/jest --config=$config --runInBand --coverage=false if [ $? -ne 0 ]; then exitCode=10 From e53771df2dbba9615dc6a9dab5fa9f85ad700901 Mon Sep 17 00:00:00 2001 From: Matthew Kime Date: Tue, 2 Nov 2021 11:34:59 -0500 Subject: [PATCH 26/53] [docs] index pattern => data view (#110421) (#115497) * [user docs - index patterns] index pattern => data view (#110421) --- ...-patterns.asciidoc => data-views.asciidoc} | 78 +++++++++---------- docs/concepts/index.asciidoc | 16 ++-- docs/concepts/set-time-filter.asciidoc | 2 +- docs/discover/search.asciidoc | 2 +- docs/maps/search.asciidoc | 2 +- docs/redirects.asciidoc | 5 ++ docs/setup/connect-to-elasticsearch.asciidoc | 2 +- docs/user/canvas.asciidoc | 2 +- docs/user/dashboard/dashboard.asciidoc | 4 +- docs/user/dashboard/lens-advanced.asciidoc | 2 +- docs/user/dashboard/tsvb.asciidoc | 2 +- docs/user/discover.asciidoc | 2 +- docs/user/graph/getting-started.asciidoc | 2 +- 13 files changed, 63 insertions(+), 58 deletions(-) rename docs/concepts/{index-patterns.asciidoc => data-views.asciidoc} (55%) diff --git a/docs/concepts/index-patterns.asciidoc b/docs/concepts/data-views.asciidoc similarity index 55% rename from docs/concepts/index-patterns.asciidoc rename to docs/concepts/data-views.asciidoc index b8a10572fd8eb..7eb95405db6bc 100644 --- a/docs/concepts/index-patterns.asciidoc +++ b/docs/concepts/data-views.asciidoc @@ -1,45 +1,45 @@ -[[index-patterns]] -=== Create an index pattern +[[data-views]] +=== Create a data view -{kib} requires an index pattern to access the {es} data that you want to explore. -An index pattern selects the data to use and allows you to define properties of the fields. +{kib} requires a data view to access the {es} data that you want to explore. +A data view selects the data to use and allows you to define properties of the fields. -An index pattern can point to one or more indices, {ref}/data-streams.html[data stream], or {ref}/alias.html[index aliases]. -For example, an index pattern can point to your log data from yesterday, +A data view can point to one or more indices, {ref}/data-streams.html[data stream], or {ref}/alias.html[index aliases]. +For example, a data view can point to your log data from yesterday, or all indices that contain your data. [float] -[[index-patterns-read-only-access]] +[[data-views-read-only-access]] === Required permissions -* Access to *Index Patterns* requires the <> -`Index Pattern Management`. +* Access to *Data Views* requires the <> +`Data View Management`. -* To create an index pattern, you must have the <> +* To create a data view, you must have the <> `view_index_metadata`. * If a read-only indicator appears in {kib}, you have insufficient privileges -to create or save index patterns. The buttons to create new index patterns or -save existing index patterns are not visible. For more information, +to create or save data views. The buttons to create new data views or +save existing data views are not visible. For more information, refer to <>. [float] [[settings-create-pattern]] -=== Create an index pattern +=== Create a data view If you collected data using one of the {kib} <>, uploaded a file, or added sample data, -you get an index pattern for free, and can start exploring your data. -If you loaded your own data, follow these steps to create an index pattern. +you get a data view for free, and can start exploring your data. +If you loaded your own data, follow these steps to create a data view. -. Open the main menu, then click to *Stack Management > Index Patterns*. +. Open the main menu, then click to *Stack Management > Data Views*. + +. Click *Create data view*. -. Click *Create index pattern*. -+ [role="screenshot"] -image:management/index-patterns/images/create-index-pattern.png["Create index pattern"] +image:management/index-patterns/images/create-index-pattern.png["Create data view"] -. Start typing in the *Index pattern* field, and {kib} looks for the names of +. Start typing in the *name* field, and {kib} looks for the names of indices, data streams, and aliases that match your input. + ** To match multiple sources, use a wildcard (*). For example, `filebeat-*` matches @@ -61,21 +61,21 @@ global time filters on your dashboards. This is useful if you have multiple time fields and want to create dashboards that combine visualizations based on different timestamps. -. Click *Create index pattern*. +. Click *Create data view*. + [[reload-fields]] {kib} is now configured to use your {es} data. When a new field is added to an index, -the index pattern field list is updated -the next time the index pattern is loaded, for example, when you load the page or +the data view field list is updated +the next time the data view is loaded, for example, when you load the page or move between {kib} apps. -. Select this index pattern when you search and visualize your data. +. Select this data view when you search and visualize your data. [float] -[[rollup-index-pattern]] -==== Create an index pattern for rolled up data +[[rollup-data-view]] +==== Create a data view for rolled up data -An index pattern can match one rollup index. For a combination rollup -index pattern with both raw and rolled up data, use the standard notation: +A data view can match one rollup index. For a combination rollup +data view with both raw and rolled up data, use the standard notation: ```ts rollup_logstash,kibana_sample_data_logs @@ -84,7 +84,7 @@ For an example, refer to < Index Patterns*. +. Open the main menu, then click *Stack Management > Data Views*. -. Click the index pattern to delete. +. Click the data view to delete. -. Delete (image:management/index-patterns/images/delete.png[Delete icon]) the index pattern. +. Delete (image:management/index-patterns/images/delete.png[Delete icon]) the data view. diff --git a/docs/concepts/index.asciidoc b/docs/concepts/index.asciidoc index 20d7103f021cd..eac26beee1f9b 100644 --- a/docs/concepts/index.asciidoc +++ b/docs/concepts/index.asciidoc @@ -35,19 +35,19 @@ Open the search bar using the keyboard shortcut Ctrl+/ on Windows and Linux, Com image:concepts/images/global-search.png["Global search showing matches to apps and saved objects for the word visualize"] [float] -=== Accessing data with index patterns +=== Accessing data with data views -{kib} requires an index pattern to tell it which {es} data you want to access, -and whether the data is time-based. An index pattern can point to one or more {es} +{kib} requires a data view to tell it which {es} data you want to access, +and whether the data is time-based. A data view can point to one or more {es} data streams, indices, or index aliases by name. For example, `logs-elasticsearch-prod-*` is an index pattern, and it is time-based with a time field of `@timestamp`. The time field is not editable. -Index patterns are typically created by an administrator when sending data to {es}. -You can <> in *Stack Management*, or by using a script +Data views are typically created by an administrator when sending data to {es}. +You can <> in *Stack Management*, or by using a script that accesses the {kib} API. -{kib} uses the index pattern to show you a list of fields, such as +{kib} uses the data view to show you a list of fields, such as `event.duration`. You can customize the display name and format for each field. For example, you can tell {kib} to display `event.duration` in seconds. {kib} has <> for strings, @@ -75,7 +75,7 @@ and can optionally contain the time filter and extra filters. ==== Time filter The <> limits the time range of data displayed. -In most cases, the time filter applies to the time field in the index pattern, +In most cases, the time filter applies to the time field in the data view, but some apps allow you to use a different time field. Using the time filter, you can configure a refresh rate to periodically @@ -159,7 +159,7 @@ Use the global search to quickly open a saved object. * Go to <> for instructions on searching your data. -include::index-patterns.asciidoc[] +include::data-views.asciidoc[] include::set-time-filter.asciidoc[] diff --git a/docs/concepts/set-time-filter.asciidoc b/docs/concepts/set-time-filter.asciidoc index e4784a97e816b..116bcd6f91f77 100644 --- a/docs/concepts/set-time-filter.asciidoc +++ b/docs/concepts/set-time-filter.asciidoc @@ -2,7 +2,7 @@ === Set the time range Display data within a specified time range when your index contains time-based events, and a time-field is configured for the -selected <>. +selected <>. The default time range is 15 minutes, but you can customize it in <>. diff --git a/docs/discover/search.asciidoc b/docs/discover/search.asciidoc index 0306be3eb670d..4f4f8f5b48d10 100644 --- a/docs/discover/search.asciidoc +++ b/docs/discover/search.asciidoc @@ -3,7 +3,7 @@ You can search your data in any app that has a query bar, or by clicking on elements in a visualization. A search matches indices in the current -<> and in the current <>. +<> and in the current <>. [float] diff --git a/docs/maps/search.asciidoc b/docs/maps/search.asciidoc index 08624e4ddff57..a170bcc414d3b 100644 --- a/docs/maps/search.asciidoc +++ b/docs/maps/search.asciidoc @@ -43,7 +43,7 @@ To prevent the global search from applying to a layer, configure the following: [[maps-narrow-layer-by-global-time]] ==== Narrow layers by global time -Layers that request data from {es} using an <> with a configured time field are narrowed by the <>. +Layers that request data from {es} using a <> with a configured time field are narrowed by the <>. These layers contain the clock icon image:maps/images/clock_icon.png[clock icon] next to the layer name in the legend. Use the time slider to quickly select time slices within the global time range: diff --git a/docs/redirects.asciidoc b/docs/redirects.asciidoc index d5bc2ccd8ef7d..4010083d601b5 100644 --- a/docs/redirects.asciidoc +++ b/docs/redirects.asciidoc @@ -358,3 +358,8 @@ This content has moved. Refer to <>. == Rendering pre-captured profiler JSON This content has moved. Refer to <>. + +[role="exclude",id="index-patterns"] +== Index patterns has been renamed to data views. + +This content has moved. Refer to <>. diff --git a/docs/setup/connect-to-elasticsearch.asciidoc b/docs/setup/connect-to-elasticsearch.asciidoc index ad38ac1710fd5..b1d9d3ea2ea18 100644 --- a/docs/setup/connect-to-elasticsearch.asciidoc +++ b/docs/setup/connect-to-elasticsearch.asciidoc @@ -84,7 +84,7 @@ You can manage your roles, privileges, and spaces in **{stack-manage-app}** in If the {kib} ingest options don't work for you, you can index your data into Elasticsearch with {ref}/getting-started-index.html[REST APIs] or https://www.elastic.co/guide/en/elasticsearch/client/index.html[client libraries]. -After you add your data, you're required to create an <> to tell +After you add your data, you're required to create a <> to tell {kib} where to find the data. * To add data for Elastic Observability, refer to {observability-guide}/add-observability-data.html[Send data to Elasticsearch]. diff --git a/docs/user/canvas.asciidoc b/docs/user/canvas.asciidoc index 1cd8eacc456c7..1f469b697c218 100644 --- a/docs/user/canvas.asciidoc +++ b/docs/user/canvas.asciidoc @@ -43,7 +43,7 @@ To create workpads, you must meet the minimum requirements. * If you need to set up {kib}, use https://www.elastic.co/cloud/elasticsearch-service/signup?baymax=docs-body&elektra=docs[our free trial]. -* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and an <>. +* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and a <>. * Have an understanding of {ref}/documents-indices.html[{es} documents and indices]. diff --git a/docs/user/dashboard/dashboard.asciidoc b/docs/user/dashboard/dashboard.asciidoc index a2e0eb6bf92e9..474b45f4989fb 100644 --- a/docs/user/dashboard/dashboard.asciidoc +++ b/docs/user/dashboard/dashboard.asciidoc @@ -5,7 +5,7 @@ -- **_Visualize your data with dashboards._** -The best way to understand your data is to visualize it. With dashboards, you can turn your data from one or more <> into a collection of panels +The best way to understand your data is to visualize it. With dashboards, you can turn your data from one or more <> into a collection of panels that bring clarity to your data, tell a story about your data, and allow you to focus on only the data that's important to you. [role="screenshot"] @@ -53,7 +53,7 @@ To create dashboards, you must meet the minimum requirements. * If you need to set up {kib}, use https://www.elastic.co/cloud/elasticsearch-service/signup?baymax=docs-body&elektra=docs[our free trial]. -* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and an <>. +* Make sure you have {ref}/getting-started-index.html[data indexed into {es}] and a <>. * When the read-only indicator appears, you have insufficient privileges to create or save dashboards, and the options to create and save dashboards are not visible. For more information, diff --git a/docs/user/dashboard/lens-advanced.asciidoc b/docs/user/dashboard/lens-advanced.asciidoc index d5a52428cff36..02e0afd2c0311 100644 --- a/docs/user/dashboard/lens-advanced.asciidoc +++ b/docs/user/dashboard/lens-advanced.asciidoc @@ -33,7 +33,7 @@ Open *Lens*, then make sure the correct fields appear. . Make sure the *kibana_sample_data_ecommerce* index appears. + -If you are using your own data, select the <> that contains your data. +If you are using your own data, select the <> that contains your data. [discrete] [[custom-time-interval]] diff --git a/docs/user/dashboard/tsvb.asciidoc b/docs/user/dashboard/tsvb.asciidoc index 9fe6af2d3da6d..c944ec2c9e083 100644 --- a/docs/user/dashboard/tsvb.asciidoc +++ b/docs/user/dashboard/tsvb.asciidoc @@ -8,7 +8,7 @@ With *TSVB*, you can: * Combine an infinite number of <> to display your data. * Annotate time series data with timestamped events from an {es} index. * View the data in several types of visualizations, including charts, data tables, and markdown panels. -* Display multiple <> in each visualization. +* Display multiple <> in each visualization. * Use custom functions and some math on aggregations. * Customize the data with labels and colors. diff --git a/docs/user/discover.asciidoc b/docs/user/discover.asciidoc index e52531f9decdc..a485bb4c96efe 100644 --- a/docs/user/discover.asciidoc +++ b/docs/user/discover.asciidoc @@ -64,7 +64,7 @@ Tell {kib} where to find the data you want to explore, and then specify the time . Select the data you want to work with. + -{kib} uses an <> to tell it where to find +{kib} uses a <> to tell it where to find your {es} data. To view the ecommerce sample data, make sure the index pattern is set to **kibana_sample_data_ecommerce**. + diff --git a/docs/user/graph/getting-started.asciidoc b/docs/user/graph/getting-started.asciidoc index 086c0707b3c2c..5e87efc5e8aca 100644 --- a/docs/user/graph/getting-started.asciidoc +++ b/docs/user/graph/getting-started.asciidoc @@ -3,7 +3,7 @@ == Create a graph You must index data into {es} before you can create a graph. -<> or get started with a <>. +<> or get started with a <>. [float] [[exploring-connections]] From c149fe6f926e8d5c8214294d330e621205140e88 Mon Sep 17 00:00:00 2001 From: Claudio Procida Date: Tue, 2 Nov 2021 17:43:24 +0100 Subject: [PATCH 27/53] [RAC] Updates Alerts table cell actions (#116446) * Adds Filter Out button to alert table cell flyout * Adds translations * Fixes capitalization of labels * Removes unused declarations and imports * Fixes and adds functional tests for Alerts table action buttons * Addresses review comments * Fixes Alert table cell actions functional tests * Removes Filter out action for now Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../pages/alerts/default_cell_actions.tsx | 50 ++----------------- .../public/pages/alerts/filter_for_value.tsx | 2 +- .../public/components/t_grid/body/index.tsx | 9 +++- .../services/observability/alerts/common.ts | 15 ++---- .../apps/observability/alerts/index.ts | 10 ++-- 5 files changed, 20 insertions(+), 66 deletions(-) diff --git a/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx b/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx index 5ad4804f88d5e..3adfb0a1d9c89 100644 --- a/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/default_cell_actions.tsx @@ -7,58 +7,16 @@ import React from 'react'; import { i18n } from '@kbn/i18n'; -import { ObservabilityPublicPluginsStart } from '../..'; import { getMappedNonEcsValue } from './render_cell_value'; import FilterForValueButton from './filter_for_value'; -import { useKibana } from '../../../../../../src/plugins/kibana_react/public'; import { TimelineNonEcsData } from '../../../../timelines/common/search_strategy'; import { TGridCellAction } from '../../../../timelines/common/types/timeline'; -import { getPageRowIndex, TimelinesUIStart } from '../../../../timelines/public'; +import { getPageRowIndex } from '../../../../timelines/public'; export const FILTER_FOR_VALUE = i18n.translate('xpack.observability.hoverActions.filterForValue', { defaultMessage: 'Filter for value', }); -/** a hook to eliminate the verbose boilerplate required to use common services */ -const useKibanaServices = () => { - const { timelines } = useKibana<{ timelines: TimelinesUIStart }>().services; - const { - services: { - data: { - query: { filterManager }, - }, - }, - } = useKibana(); - - return { timelines, filterManager }; -}; - -/** actions common to all cells (e.g. copy to clipboard) */ -const commonCellActions: TGridCellAction[] = [ - ({ data, pageSize }: { data: TimelineNonEcsData[][]; pageSize: number }) => - ({ rowIndex, columnId, Component }) => { - const { timelines } = useKibanaServices(); - - const value = getMappedNonEcsValue({ - data: data[getPageRowIndex(rowIndex, pageSize)], - fieldName: columnId, - }); - - return ( - <> - {timelines.getHoverActions().getCopyButton({ - Component, - field: columnId, - isHoverAction: false, - ownFocus: false, - showTooltip: false, - value, - })} - - ); - }, -]; - /** actions for adding filters to the search bar */ const buildFilterCellActions = (addToQuery: (value: string) => void): TGridCellAction[] => [ ({ data, pageSize }: { data: TimelineNonEcsData[][]; pageSize: number }) => @@ -80,7 +38,5 @@ const buildFilterCellActions = (addToQuery: (value: string) => void): TGridCellA ]; /** returns the default actions shown in `EuiDataGrid` cells */ -export const getDefaultCellActions = ({ addToQuery }: { addToQuery: (value: string) => void }) => [ - ...buildFilterCellActions(addToQuery), - ...commonCellActions, -]; +export const getDefaultCellActions = ({ addToQuery }: { addToQuery: (value: string) => void }) => + buildFilterCellActions(addToQuery); diff --git a/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx b/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx index 77cac9d482a37..f75ae488c9b28 100644 --- a/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx +++ b/x-pack/plugins/observability/public/pages/alerts/filter_for_value.tsx @@ -11,7 +11,7 @@ import { i18n } from '@kbn/i18n'; export const filterForValueButtonLabel = i18n.translate( 'xpack.observability.hoverActions.filterForValueButtonLabel', { - defaultMessage: 'Filter for value', + defaultMessage: 'Filter in', } ); diff --git a/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx b/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx index 9e43c16fd5e6f..29766a5b8a1f5 100644 --- a/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx +++ b/x-pack/plugins/timelines/public/components/t_grid/body/index.tsx @@ -146,7 +146,14 @@ const EuiDataGridContainer = styled.div<{ hideLastPage: boolean }>` } `; -const FIELDS_WITHOUT_CELL_ACTIONS = ['@timestamp', 'signal.rule.risk_score', 'signal.reason']; +// TODO: accept extra list of column ids without actions from callsites +const FIELDS_WITHOUT_CELL_ACTIONS = [ + '@timestamp', + 'signal.rule.risk_score', + 'signal.reason', + 'kibana.alert.duration.us', + 'kibana.alert.reason', +]; const hasCellActions = (columnId?: string) => columnId && FIELDS_WITHOUT_CELL_ACTIONS.indexOf(columnId) < 0; const transformControlColumns = ({ diff --git a/x-pack/test/functional/services/observability/alerts/common.ts b/x-pack/test/functional/services/observability/alerts/common.ts index f47d17039b5ae..7e29b94c85fa3 100644 --- a/x-pack/test/functional/services/observability/alerts/common.ts +++ b/x-pack/test/functional/services/observability/alerts/common.ts @@ -16,7 +16,7 @@ const DATE_WITH_DATA = { }; const ALERTS_FLYOUT_SELECTOR = 'alertsFlyout'; -const COPY_TO_CLIPBOARD_BUTTON_SELECTOR = 'copy-to-clipboard'; +const FILTER_FOR_VALUE_BUTTON_SELECTOR = 'filter-for-value'; const ALERTS_TABLE_CONTAINER_SELECTOR = 'events-viewer-panel'; const ACTION_COLUMN_INDEX = 1; @@ -149,16 +149,12 @@ export function ObservabilityAlertsCommonProvider({ // Cell actions - const copyToClipboardButtonExists = async () => { - return await testSubjects.exists(COPY_TO_CLIPBOARD_BUTTON_SELECTOR); - }; - - const getCopyToClipboardButton = async () => { - return await testSubjects.find(COPY_TO_CLIPBOARD_BUTTON_SELECTOR); + const filterForValueButtonExists = async () => { + return await testSubjects.exists(FILTER_FOR_VALUE_BUTTON_SELECTOR); }; const getFilterForValueButton = async () => { - return await testSubjects.find('filter-for-value'); + return await testSubjects.find(FILTER_FOR_VALUE_BUTTON_SELECTOR); }; const openActionsMenuForRow = async (rowIndex: number) => { @@ -216,15 +212,14 @@ export function ObservabilityAlertsCommonProvider({ getQueryBar, clearQueryBar, closeAlertsFlyout, + filterForValueButtonExists, getAlertsFlyout, getAlertsFlyoutDescriptionListDescriptions, getAlertsFlyoutDescriptionListTitles, getAlertsFlyoutOrFail, getAlertsFlyoutTitle, getAlertsFlyoutViewInAppButtonOrFail, - getCopyToClipboardButton, getFilterForValueButton, - copyToClipboardButtonExists, getNoDataPageOrFail, getNoDataStateOrFail, getTableCells, diff --git a/x-pack/test/observability_functional/apps/observability/alerts/index.ts b/x-pack/test/observability_functional/apps/observability/alerts/index.ts index 112c24f7c3a88..216a9736fbe87 100644 --- a/x-pack/test/observability_functional/apps/observability/alerts/index.ts +++ b/x-pack/test/observability_functional/apps/observability/alerts/index.ts @@ -189,19 +189,15 @@ export default ({ getService }: FtrProviderContext) => { await alertStatusCell.moveMouseTo(); await retry.waitFor( 'cell actions visible', - async () => await observability.alerts.common.copyToClipboardButtonExists() + async () => await observability.alerts.common.filterForValueButtonExists() ); }); }); afterEach(async () => { await observability.alerts.common.clearQueryBar(); - }); - - it('Copy button works', async () => { - // NOTE: We don't have access to the clipboard in a headless environment, - // so we'll just check the button is clickable in the functional tests. - await (await observability.alerts.common.getCopyToClipboardButton()).click(); + // Reset the query bar by hiding the dropdown + await observability.alerts.common.submitQuery(''); }); it('Filter for value works', async () => { From 441003df5cf909d6922527713de2911ae36ad7fa Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Tue, 2 Nov 2021 09:46:00 -0700 Subject: [PATCH 28/53] Ignore eslint no-explicit-any Signed-off-by: Tyler Smalley --- x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts | 1 + x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts | 1 + 2 files changed, 2 insertions(+) diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts index 8f697581642e6..9de40c759c2cf 100644 --- a/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts +++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_queries.ts @@ -24,6 +24,7 @@ export const useSavedQueries = ({ return useQuery( [SAVED_QUERIES_ID, { pageIndex, pageSize, sortField, sortDirection }], () => + // eslint-disable-next-line @typescript-eslint/no-explicit-any http.get('/internal/osquery/saved_query', { query: { pageIndex, pageSize, sortField, sortDirection }, }), diff --git a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts index 8f24f7734fc46..f05f38b8259ce 100644 --- a/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts +++ b/x-pack/plugins/osquery/public/saved_queries/use_saved_query.ts @@ -26,6 +26,7 @@ export const useSavedQuery = ({ savedQueryId }: UseSavedQueryProps) => { return useQuery( [SAVED_QUERY_ID, { savedQueryId }], + // eslint-disable-next-line @typescript-eslint/no-explicit-any () => http.get(`/internal/osquery/saved_query/${savedQueryId}`), { keepPreviousData: true, From 5d557539e48f86bba722cb87333bd764c189fd42 Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Tue, 2 Nov 2021 10:05:31 -0700 Subject: [PATCH 29/53] Revert "[ci] Increase heap of Jest" This reverts commit 87c7289b745642832b093f8685daa8ab6a0a872c. --- .buildkite/scripts/steps/test/jest_parallel.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.buildkite/scripts/steps/test/jest_parallel.sh b/.buildkite/scripts/steps/test/jest_parallel.sh index 963cfae581b1f..d3ee75b7add4a 100755 --- a/.buildkite/scripts/steps/test/jest_parallel.sh +++ b/.buildkite/scripts/steps/test/jest_parallel.sh @@ -14,7 +14,7 @@ exitCode=0 find src x-pack packages -name jest.config.js -not -path "*/__fixtures__/*" | sort | while read config; do if [ "$(($i % $JOB_COUNT))" -eq $JOB ]; then echo "--- $ node scripts/jest --config $config" - node --max-old-space-size=7168 ./node_modules/.bin/jest --config=$config --runInBand --coverage=false + node --max-old-space-size=5632 ./node_modules/.bin/jest --config=$config --runInBand --coverage=false if [ $? -ne 0 ]; then exitCode=10 From 98de5f673cd89c991f8414a10fd53cfa779121f4 Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Tue, 2 Nov 2021 10:05:55 -0700 Subject: [PATCH 30/53] Revert "[ci] Run Jest tests in parallel (#115687)" This reverts commit 237d68d6e907c0ee6fd537501405f3d16c562798. --- .buildkite/pipelines/hourly.yml | 15 +++++----- .buildkite/pipelines/pull_request/base.yml | 15 +++++----- .buildkite/scripts/steps/test/jest.sh | 4 +-- .../scripts/steps/test/jest_parallel.sh | 28 ------------------- .../kbn-cli-dev-mode/src/dev_server.test.ts | 6 ++-- packages/kbn-rule-data-utils/jest.config.js | 13 +++++++++ .../jest.config.js | 13 +++++++++ .../jest.config.js | 13 +++++++++ packages/kbn-test/jest-preset.js | 10 +------ packages/kbn-test/src/jest/run.ts | 5 ++-- src/plugins/expression_error/jest.config.js | 16 +++++++++++ .../plugins/metrics_entities/jest.config.js | 15 ++++++++++ .../download/ensure_downloaded.test.ts | 3 +- .../server/routes/deprecations.test.ts | 3 +- 14 files changed, 93 insertions(+), 66 deletions(-) delete mode 100755 .buildkite/scripts/steps/test/jest_parallel.sh create mode 100644 packages/kbn-rule-data-utils/jest.config.js create mode 100644 packages/kbn-securitysolution-list-constants/jest.config.js create mode 100644 packages/kbn-securitysolution-t-grid/jest.config.js create mode 100644 src/plugins/expression_error/jest.config.js create mode 100644 x-pack/plugins/metrics_entities/jest.config.js diff --git a/.buildkite/pipelines/hourly.yml b/.buildkite/pipelines/hourly.yml index 81875dee70f18..b03a46b5b5c66 100644 --- a/.buildkite/pipelines/hourly.yml +++ b/.buildkite/pipelines/hourly.yml @@ -119,14 +119,6 @@ steps: - exit_status: '*' limit: 1 - - command: .buildkite/scripts/steps/test/jest.sh - label: 'Jest Tests' - parallelism: 6 - agents: - queue: n2-4 - timeout_in_minutes: 90 - key: jest - - command: .buildkite/scripts/steps/test/jest_integration.sh label: 'Jest Integration Tests' agents: @@ -141,6 +133,13 @@ steps: timeout_in_minutes: 120 key: api-integration + - command: .buildkite/scripts/steps/test/jest.sh + label: 'Jest Tests' + agents: + queue: c2-16 + timeout_in_minutes: 120 + key: jest + - command: .buildkite/scripts/steps/lint.sh label: 'Linting' agents: diff --git a/.buildkite/pipelines/pull_request/base.yml b/.buildkite/pipelines/pull_request/base.yml index a3a1881c856c5..1013a841dfd27 100644 --- a/.buildkite/pipelines/pull_request/base.yml +++ b/.buildkite/pipelines/pull_request/base.yml @@ -117,14 +117,6 @@ steps: - exit_status: '*' limit: 1 - - command: .buildkite/scripts/steps/test/jest.sh - label: 'Jest Tests' - parallelism: 6 - agents: - queue: n2-4 - timeout_in_minutes: 90 - key: jest - - command: .buildkite/scripts/steps/test/jest_integration.sh label: 'Jest Integration Tests' agents: @@ -139,6 +131,13 @@ steps: timeout_in_minutes: 120 key: api-integration + - command: .buildkite/scripts/steps/test/jest.sh + label: 'Jest Tests' + agents: + queue: c2-16 + timeout_in_minutes: 120 + key: jest + - command: .buildkite/scripts/steps/lint.sh label: 'Linting' agents: diff --git a/.buildkite/scripts/steps/test/jest.sh b/.buildkite/scripts/steps/test/jest.sh index d2d1ed10043d6..2c4e3fe21902d 100755 --- a/.buildkite/scripts/steps/test/jest.sh +++ b/.buildkite/scripts/steps/test/jest.sh @@ -9,5 +9,5 @@ is_test_execution_step .buildkite/scripts/bootstrap.sh echo '--- Jest' -checks-reporter-with-killswitch "Jest Unit Tests $((BUILDKITE_PARALLEL_JOB+1))" \ - .buildkite/scripts/steps/test/jest_parallel.sh +checks-reporter-with-killswitch "Jest Unit Tests" \ + node scripts/jest --ci --verbose --maxWorkers=10 diff --git a/.buildkite/scripts/steps/test/jest_parallel.sh b/.buildkite/scripts/steps/test/jest_parallel.sh deleted file mode 100755 index d3ee75b7add4a..0000000000000 --- a/.buildkite/scripts/steps/test/jest_parallel.sh +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/bash - -set -uo pipefail - -JOB=$BUILDKITE_PARALLEL_JOB -JOB_COUNT=$BUILDKITE_PARALLEL_JOB_COUNT - -# a jest failure will result in the script returning an exit -# code of 10 - -i=0 -exitCode=0 - -find src x-pack packages -name jest.config.js -not -path "*/__fixtures__/*" | sort | while read config; do - if [ "$(($i % $JOB_COUNT))" -eq $JOB ]; then - echo "--- $ node scripts/jest --config $config" - node --max-old-space-size=5632 ./node_modules/.bin/jest --config=$config --runInBand --coverage=false - - if [ $? -ne 0 ]; then - exitCode=10 - echo "^^^ +++" - fi - fi - - ((i=i+1)) -done - -exit $exitCode \ No newline at end of file diff --git a/packages/kbn-cli-dev-mode/src/dev_server.test.ts b/packages/kbn-cli-dev-mode/src/dev_server.test.ts index 5e386e3de5972..92dbe484eb005 100644 --- a/packages/kbn-cli-dev-mode/src/dev_server.test.ts +++ b/packages/kbn-cli-dev-mode/src/dev_server.test.ts @@ -79,7 +79,6 @@ expect.addSnapshotSerializer(extendedEnvSerializer); beforeEach(() => { jest.clearAllMocks(); log.messages.length = 0; - process.execArgv = ['--inheritted', '--exec', '--argv']; currentProc = undefined; }); @@ -139,9 +138,8 @@ describe('#run$', () => { "isDevCliChild": "true", }, "nodeOptions": Array [ - "--inheritted", - "--exec", - "--argv", + "--preserve-symlinks-main", + "--preserve-symlinks", ], "stdio": "pipe", }, diff --git a/packages/kbn-rule-data-utils/jest.config.js b/packages/kbn-rule-data-utils/jest.config.js new file mode 100644 index 0000000000000..26cb39fe8b55a --- /dev/null +++ b/packages/kbn-rule-data-utils/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-rule-data-utils'], +}; diff --git a/packages/kbn-securitysolution-list-constants/jest.config.js b/packages/kbn-securitysolution-list-constants/jest.config.js new file mode 100644 index 0000000000000..21dffdfcf5a68 --- /dev/null +++ b/packages/kbn-securitysolution-list-constants/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-securitysolution-list-constants'], +}; diff --git a/packages/kbn-securitysolution-t-grid/jest.config.js b/packages/kbn-securitysolution-t-grid/jest.config.js new file mode 100644 index 0000000000000..21e7d2d71b61a --- /dev/null +++ b/packages/kbn-securitysolution-t-grid/jest.config.js @@ -0,0 +1,13 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../..', + roots: ['/packages/kbn-securitysolution-t-grid'], +}; diff --git a/packages/kbn-test/jest-preset.js b/packages/kbn-test/jest-preset.js index db64f070b37d9..0199aa6e311b6 100644 --- a/packages/kbn-test/jest-preset.js +++ b/packages/kbn-test/jest-preset.js @@ -46,15 +46,7 @@ module.exports = { modulePathIgnorePatterns: ['__fixtures__/', 'target/'], // Use this configuration option to add custom reporters to Jest - reporters: [ - 'default', - [ - '@kbn/test/target_node/jest/junit_reporter', - { - rootDirectory: '.', - }, - ], - ], + reporters: ['default', '@kbn/test/target_node/jest/junit_reporter'], // The paths to modules that run some code to configure or set up the testing environment before each test setupFiles: [ diff --git a/packages/kbn-test/src/jest/run.ts b/packages/kbn-test/src/jest/run.ts index f2592500beeee..4a5dd4e9281ba 100644 --- a/packages/kbn-test/src/jest/run.ts +++ b/packages/kbn-test/src/jest/run.ts @@ -52,12 +52,11 @@ export function runJest(configName = 'jest.config.js') { const runStartTime = Date.now(); const reportTime = getTimeReporter(log, 'scripts/jest'); - + let cwd: string; let testFiles: string[]; - const cwd: string = process.env.INIT_CWD || process.cwd(); - if (!argv.config) { + cwd = process.env.INIT_CWD || process.cwd(); testFiles = argv._.splice(2).map((p) => resolve(cwd, p)); const commonTestFiles = commonBasePath(testFiles); const testFilesProvided = testFiles.length > 0; diff --git a/src/plugins/expression_error/jest.config.js b/src/plugins/expression_error/jest.config.js new file mode 100644 index 0000000000000..27774f4003f9e --- /dev/null +++ b/src/plugins/expression_error/jest.config.js @@ -0,0 +1,16 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0 and the Server Side Public License, v 1; you may not use this file except + * in compliance with, at your election, the Elastic License 2.0 or the Server + * Side Public License, v 1. + */ + +module.exports = { + preset: '@kbn/test', + rootDir: '../../..', + roots: ['/src/plugins/expression_error'], + coverageDirectory: '/target/kibana-coverage/jest/src/plugins/expression_error', + coverageReporters: ['text', 'html'], + collectCoverageFrom: ['/src/plugins/expression_error/{common,public}/**/*.{ts,tsx}'], +}; diff --git a/x-pack/plugins/metrics_entities/jest.config.js b/x-pack/plugins/metrics_entities/jest.config.js new file mode 100644 index 0000000000000..98a391223cc0f --- /dev/null +++ b/x-pack/plugins/metrics_entities/jest.config.js @@ -0,0 +1,15 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +module.exports = { + collectCoverageFrom: ['/x-pack/plugins/metrics_entities/{common,server}/**/*.{ts,tsx}'], + coverageDirectory: '/target/kibana-coverage/jest/x-pack/plugins/metrics_entities', + coverageReporters: ['text', 'html'], + preset: '@kbn/test', + rootDir: '../../..', + roots: ['/x-pack/plugins/metrics_entities'], +}; diff --git a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts index 9db128c019ac0..955e8214af8fa 100644 --- a/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts +++ b/x-pack/plugins/reporting/server/browsers/download/ensure_downloaded.test.ts @@ -17,8 +17,7 @@ import { LevelLogger } from '../../lib'; jest.mock('./checksum'); jest.mock('./download'); -// https://github.com/elastic/kibana/issues/115881 -describe.skip('ensureBrowserDownloaded', () => { +describe('ensureBrowserDownloaded', () => { let logger: jest.Mocked; beforeEach(() => { diff --git a/x-pack/plugins/reporting/server/routes/deprecations.test.ts b/x-pack/plugins/reporting/server/routes/deprecations.test.ts index 63be2acf52c25..5367b6bd531ed 100644 --- a/x-pack/plugins/reporting/server/routes/deprecations.test.ts +++ b/x-pack/plugins/reporting/server/routes/deprecations.test.ts @@ -24,8 +24,7 @@ import { registerDeprecationsRoutes } from './deprecations'; type SetupServerReturn = UnwrapPromise>; -// https://github.com/elastic/kibana/issues/115881 -describe.skip(`GET ${API_GET_ILM_POLICY_STATUS}`, () => { +describe(`GET ${API_GET_ILM_POLICY_STATUS}`, () => { const reportingSymbol = Symbol('reporting'); let server: SetupServerReturn['server']; let httpSetup: SetupServerReturn['httpSetup']; From 39d79f7237c8b71ae41ee6e2b71e6f44e27e0ce0 Mon Sep 17 00:00:00 2001 From: Corey Robertson Date: Tue, 2 Nov 2021 13:07:29 -0400 Subject: [PATCH 31/53] Remove fullscreen mode when workpad unmounts (#114551) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../workpad/hooks/use_fullscreen_presentation_helper.ts | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts b/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts index 9021c6d6c2753..ca66fa227e4eb 100644 --- a/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts +++ b/x-pack/plugins/canvas/public/routes/workpad/hooks/use_fullscreen_presentation_helper.ts @@ -5,6 +5,7 @@ * 2.0. */ import { useContext, useEffect } from 'react'; +import useEffectOnce from 'react-use/lib/useEffectOnce'; import { usePlatformService } from '../../../services'; import { WorkpadRoutingContext } from '..'; @@ -27,4 +28,10 @@ export const useFullscreenPresentationHelper = () => { setFullscreen(true); } }, [isFullscreen, setFullscreen]); + + // Remove fullscreen when component unmounts + useEffectOnce(() => () => { + setFullscreen(true); + document.querySelector('body')?.classList.remove(fullscreenClass); + }); }; From 4e294e3153071019d84de3efb245e11d37fc44c7 Mon Sep 17 00:00:00 2001 From: Dominique Clarke Date: Tue, 2 Nov 2021 13:10:58 -0400 Subject: [PATCH 32/53] [Uptime] Fix: Last successful screenshot should be from same location (#116906) * update get_last_successful_step query to include location logic * adjust types --- .../common/runtime_types/ping/synthetics.ts | 5 + .../step_expanded_row/step_screenshots.tsx | 1 + .../check_steps/use_expanded_row.test.tsx | 3 + .../uptime/public/state/api/journey.ts | 3 + .../requests/get_last_successful_step.test.ts | 132 ++++++++++++++++++ .../lib/requests/get_last_successful_step.ts | 43 +++++- .../synthetics/last_successful_step.ts | 4 +- 7 files changed, 185 insertions(+), 6 deletions(-) create mode 100644 x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.test.ts diff --git a/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts b/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts index 7b181ac2cf50c..040f0a83e84ab 100644 --- a/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts +++ b/x-pack/plugins/uptime/common/runtime_types/ping/synthetics.ts @@ -27,6 +27,11 @@ export const JourneyStepType = t.intersection([ lt: t.string, }), }), + observer: t.type({ + geo: t.type({ + name: t.string, + }), + }), synthetics: t.partial({ error: t.partial({ message: t.string, diff --git a/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx b/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx index 54f73fb39a52a..f8776f74b780e 100644 --- a/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx +++ b/x-pack/plugins/uptime/public/components/synthetics/check_steps/step_expanded_row/step_screenshots.tsx @@ -36,6 +36,7 @@ export const StepScreenshots = ({ step }: Props) => { timestamp: step['@timestamp'], monitorId: step.monitor.id, stepIndex: step.synthetics?.step?.index!, + location: step.observer?.geo?.name, }); } }, [step._id, step['@timestamp']]); diff --git a/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx b/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx index 7aa763c15ca1f..e1f43cfebdbb2 100644 --- a/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx +++ b/x-pack/plugins/uptime/public/components/synthetics/check_steps/use_expanded_row.test.tsx @@ -228,6 +228,9 @@ const browserConsoleStep = { _id: 'IvT1oXwB5ds00bB_FVXP', observer: { hostname: '16Elastic', + geo: { + name: 'au-heartbeat', + }, }, agent: { name: '16Elastic', diff --git a/x-pack/plugins/uptime/public/state/api/journey.ts b/x-pack/plugins/uptime/public/state/api/journey.ts index b982da90d9dc5..05d4a9e356919 100644 --- a/x-pack/plugins/uptime/public/state/api/journey.ts +++ b/x-pack/plugins/uptime/public/state/api/journey.ts @@ -51,10 +51,12 @@ export async function fetchLastSuccessfulStep({ monitorId, timestamp, stepIndex, + location, }: { monitorId: string; timestamp: string; stepIndex: number; + location?: string; }): Promise { return await apiService.get( `/api/uptime/synthetics/step/success/`, @@ -62,6 +64,7 @@ export async function fetchLastSuccessfulStep({ monitorId, timestamp, stepIndex, + location, }, JourneyStepType ); diff --git a/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.test.ts b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.test.ts new file mode 100644 index 0000000000000..63274bf64536c --- /dev/null +++ b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.test.ts @@ -0,0 +1,132 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License + * 2.0; you may not use this file except in compliance with the Elastic License + * 2.0. + */ + +import { getLastSuccessfulStepParams } from './get_last_successful_step'; + +describe('getLastSuccessfulStep', () => { + describe('getLastSuccessfulStepParams', () => { + it('formats ES params with location', () => { + const monitorId = 'my-monitor'; + const stepIndex = 1; + const location = 'au-heartbeat'; + const timestamp = '2021-10-31T19:47:52.392Z'; + const params = getLastSuccessfulStepParams({ + monitorId, + stepIndex, + location, + timestamp, + }); + + expect(params).toEqual({ + query: { + bool: { + filter: [ + { + range: { + '@timestamp': { + lte: '2021-10-31T19:47:52.392Z', + }, + }, + }, + { + term: { + 'monitor.id': monitorId, + }, + }, + { + term: { + 'synthetics.type': 'step/end', + }, + }, + { + term: { + 'synthetics.step.status': 'succeeded', + }, + }, + { + term: { + 'synthetics.step.index': stepIndex, + }, + }, + { + term: { + 'observer.geo.name': location, + }, + }, + ], + }, + }, + size: 1, + sort: [ + { + '@timestamp': { + order: 'desc', + }, + }, + ], + }); + }); + + it('formats ES params without location', () => { + const params = getLastSuccessfulStepParams({ + monitorId: 'my-monitor', + stepIndex: 1, + location: undefined, + timestamp: '2021-10-31T19:47:52.392Z', + }); + + expect(params).toEqual({ + query: { + bool: { + filter: [ + { + range: { + '@timestamp': { + lte: '2021-10-31T19:47:52.392Z', + }, + }, + }, + { + term: { + 'monitor.id': 'my-monitor', + }, + }, + { + term: { + 'synthetics.type': 'step/end', + }, + }, + { + term: { + 'synthetics.step.status': 'succeeded', + }, + }, + { + term: { + 'synthetics.step.index': 1, + }, + }, + ], + must_not: { + exists: { + field: 'observer.geo.name', + }, + }, + }, + }, + size: 1, + sort: [ + { + '@timestamp': { + order: 'desc', + }, + }, + ], + }); + }); + }); +}); diff --git a/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts index e096cdaa65b86..d6862b93c8cd4 100644 --- a/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts +++ b/x-pack/plugins/uptime/server/lib/requests/get_last_successful_step.ts @@ -13,13 +13,16 @@ export interface GetStepScreenshotParams { monitorId: string; timestamp: string; stepIndex: number; + location?: string; } -export const getStepLastSuccessfulStep: UMElasticsearchQueryFn< - GetStepScreenshotParams, - JourneyStep | null -> = async ({ uptimeEsClient, monitorId, stepIndex, timestamp }) => { - const lastSuccessCheckParams: estypes.SearchRequest['body'] = { +export const getLastSuccessfulStepParams = ({ + monitorId, + stepIndex, + timestamp, + location, +}: GetStepScreenshotParams): estypes.SearchRequest['body'] => { + return { size: 1, sort: [ { @@ -58,10 +61,40 @@ export const getStepLastSuccessfulStep: UMElasticsearchQueryFn< 'synthetics.step.index': stepIndex, }, }, + ...(location + ? [ + { + term: { + 'observer.geo.name': location, + }, + }, + ] + : []), ], + ...(!location + ? { + must_not: { + exists: { + field: 'observer.geo.name', + }, + }, + } + : {}), }, }, }; +}; + +export const getStepLastSuccessfulStep: UMElasticsearchQueryFn< + GetStepScreenshotParams, + JourneyStep | null +> = async ({ uptimeEsClient, monitorId, stepIndex, timestamp, location }) => { + const lastSuccessCheckParams = getLastSuccessfulStepParams({ + monitorId, + stepIndex, + timestamp, + location, + }); const { body: result } = await uptimeEsClient.search({ body: lastSuccessCheckParams }); diff --git a/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts b/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts index 5d1407a8679c8..81539459172cc 100644 --- a/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts +++ b/x-pack/plugins/uptime/server/rest_api/synthetics/last_successful_step.ts @@ -22,16 +22,18 @@ export const createLastSuccessfulStepRoute: UMRestApiRouteFactory = (libs: UMSer monitorId: schema.string(), stepIndex: schema.number(), timestamp: schema.string(), + location: schema.maybe(schema.string()), }), }, handler: async ({ uptimeEsClient, request, response }) => { - const { timestamp, monitorId, stepIndex } = request.query; + const { timestamp, monitorId, stepIndex, location } = request.query; const step: JourneyStep | null = await libs.requests.getStepLastSuccessfulStep({ uptimeEsClient, monitorId, stepIndex, timestamp, + location, }); if (step === null) { From 6e14338c58eb42d4960cac65441df315a8f47cf5 Mon Sep 17 00:00:00 2001 From: Yuliia Naumenko Date: Tue, 2 Nov 2021 10:23:19 -0700 Subject: [PATCH 33/53] [Alerting] More telemetry for 8.0 based on Event Log data (#115318) * [Alerting] More telemetry for 8.0 based on Event Log data * fixed event log index mapping * fixed typecheck * fixed tests * added avg aggs * set size to 0 * fixed due to comments * fixed telemetry schema * fixed query * removed test data * added tests * fixed test * fixed query * added exection detalization by day * fixed test * fixed for rules * fixed schema * fixed schema Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- x-pack/plugins/actions/server/plugin.ts | 3 +- .../server/usage/actions_telemetry.test.ts | 100 ++- .../actions/server/usage/actions_telemetry.ts | 182 ++++- .../server/usage/actions_usage_collector.ts | 12 + x-pack/plugins/actions/server/usage/task.ts | 40 +- x-pack/plugins/actions/server/usage/types.ts | 9 +- x-pack/plugins/alerting/server/plugin.ts | 8 +- .../server/usage/alerts_telemetry.test.ts | 76 +- .../alerting/server/usage/alerts_telemetry.ts | 187 ++++- .../server/usage/alerts_usage_collector.ts | 34 + x-pack/plugins/alerting/server/usage/task.ts | 37 +- x-pack/plugins/alerting/server/usage/types.ts | 7 + .../server/event_log_service.mock.ts | 1 + .../event_log/server/event_log_service.ts | 4 + x-pack/plugins/event_log/server/types.ts | 1 + .../schema/xpack_plugins.json | 756 ++++++++++++++++++ 16 files changed, 1434 insertions(+), 23 deletions(-) diff --git a/x-pack/plugins/actions/server/plugin.ts b/x-pack/plugins/actions/server/plugin.ts index 8531f4a2bb706..bbf00572935fa 100644 --- a/x-pack/plugins/actions/server/plugin.ts +++ b/x-pack/plugins/actions/server/plugin.ts @@ -268,7 +268,8 @@ export class ActionsPlugin implements Plugin { test('getTotalCount should replace first symbol . to __ for action types names', async () => { @@ -604,4 +604,102 @@ Object { } `); }); + + test('getExecutionsTotalCount', async () => { + const mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser; + mockEsClient.search.mockReturnValueOnce( + // @ts-expect-error not full search response + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + totalExecutions: { + byConnectorTypeId: { + value: { + connectorTypes: { + '.slack': 100, + '.server-log': 20, + }, + total: 120, + }, + }, + }, + failedExecutions: { + refs: { + byConnectorTypeId: { + value: { + connectorTypes: { + '.slack': 7, + }, + total: 7, + }, + }, + }, + }, + avgDuration: { value: 10 }, + avgDurationByType: { + doc_count: 216, + actionSavedObjects: { + doc_count: 108, + byTypeId: { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets: [ + { + key: '.server-log', + doc_count: 99, + refs: { + doc_count: 99, + avgDuration: { + value: 919191.9191919192, + }, + }, + }, + { + key: '.email', + doc_count: 9, + refs: { + doc_count: 9, + avgDuration: { + value: 4.196666666666667e8, + }, + }, + }, + ], + }, + }, + }, + }, + }) + ); + + // for .slack connectors + mockEsClient.search.mockReturnValueOnce( + // @ts-expect-error not full search response + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + avgDuration: { value: 10 }, + }, + }) + ); + const telemetry = await getExecutionsPerDayCount(mockEsClient, 'test'); + + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(telemetry).toStrictEqual({ + avgExecutionTime: 0, + avgExecutionTimeByType: { + '__server-log': 919191.9191919192, + __email: 419666666.6666667, + }, + + countByType: { + __slack: 100, + + '__server-log': 20, + }, + countFailed: 7, + countFailedByType: { + __slack: 7, + }, + countTotal: 120, + }); + }); }); diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index ab72352d460e3..d288611af5e21 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -379,4 +379,184 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -// TODO: Implement executions count telemetry with eventLog, when it will write to index +export async function getExecutionsPerDayCount( + esClient: ElasticsearchClient, + eventLogIndex: string +): Promise<{ + countTotal: number; + countByType: Record; + countFailed: number; + countFailedByType: Record; + avgExecutionTime: number; + avgExecutionTimeByType: Record; +}> { + const scriptedMetric = { + scripted_metric: { + init_script: 'state.connectorTypes = [:]; state.total = 0;', + map_script: ` + if (doc['kibana.saved_objects.type'].value == 'action') { + String connectorType = doc['kibana.saved_objects.type_id'].value; + state.connectorTypes.put(connectorType, state.connectorTypes.containsKey(connectorType) ? state.connectorTypes.get(connectorType) + 1 : 1); + state.total++; + } + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map connectorTypes = [:]; + long total = 0; + for (state in states) { + if (state !== null) { + total += state.total; + for (String k : state.connectorTypes.keySet()) { + connectorTypes.put(k, connectorTypes.containsKey(k) ? connectorTypes.get(k) + state.connectorTypes.get(k) : state.connectorTypes.get(k)); + } + } + } + Map result = new HashMap(); + result.total = total; + result.connectorTypes = connectorTypes; + return result; + `, + }, + }; + + const { body: actionResults } = await esClient.search({ + index: eventLogIndex, + size: 0, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + term: { 'event.provider': 'actions' }, + }, + { + range: { + '@timestamp': { + gte: 'now-1d', + }, + }, + }, + ], + }, + }, + }, + }, + aggs: { + totalExecutions: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + byConnectorTypeId: scriptedMetric, + }, + }, + failedExecutions: { + filter: { + bool: { + filter: [ + { + term: { + 'event.outcome': 'failure', + }, + }, + ], + }, + }, + aggs: { + refs: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + byConnectorTypeId: scriptedMetric, + }, + }, + }, + }, + avgDuration: { avg: { field: 'event.duration' } }, + avgDurationByType: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + actionSavedObjects: { + filter: { term: { 'kibana.saved_objects.type': 'action' } }, + aggs: { + byTypeId: { + terms: { + field: 'kibana.saved_objects.type_id', + }, + aggs: { + refs: { + reverse_nested: {}, + aggs: { + avgDuration: { avg: { field: 'event.duration' } }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }, + }); + + // @ts-expect-error aggegation type is not specified + const aggsExecutions = actionResults.aggregations.totalExecutions?.byConnectorTypeId.value; + // convert nanoseconds to milliseconds + const aggsAvgExecutionTime = Math.round( + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.avgDuration.value / (1000 * 1000) + ); + const aggsFailedExecutions = + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.failedExecutions?.refs?.byConnectorTypeId.value; + + const avgDurationByType = + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.avgDurationByType?.actionSavedObjects?.byTypeId?.buckets; + + const avgExecutionTimeByType: Record = avgDurationByType.reduce( + // @ts-expect-error aggegation type is not specified + (res: Record, bucket) => { + res[replaceFirstAndLastDotSymbols(bucket.key)] = bucket?.refs.avgDuration.value; + return res; + }, + {} + ); + + return { + countTotal: aggsExecutions.total, + countByType: Object.entries(aggsExecutions.connectorTypes).reduce( + (res: Record, [key, value]) => { + // @ts-expect-error aggegation type is not specified + res[replaceFirstAndLastDotSymbols(key)] = value; + return res; + }, + {} + ), + countFailed: aggsFailedExecutions.total, + countFailedByType: Object.entries(aggsFailedExecutions.connectorTypes).reduce( + (res: Record, [key, value]) => { + // @ts-expect-error aggegation type is not specified + res[replaceFirstAndLastDotSymbols(key)] = value; + return res; + }, + {} + ), + avgExecutionTime: aggsAvgExecutionTime, + avgExecutionTimeByType, + }; +} diff --git a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts index 9ba9d7390a7b6..3e690d18063d6 100644 --- a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts +++ b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts @@ -37,8 +37,14 @@ export function createActionsUsageCollector( }, }, count_active_by_type: byTypeSchema, + count_actions_executions_per_day: { type: 'long' }, + count_actions_executions_by_type_per_day: byTypeSchema, count_active_email_connectors_by_service_type: byServiceProviderTypeSchema, count_actions_namespaces: { type: 'long' }, + count_actions_executions_failed_per_day: { type: 'long' }, + count_actions_executions_failed_by_type_per_day: byTypeSchema, + avg_execution_time_per_day: { type: 'long' }, + avg_execution_time_by_type_per_day: byTypeSchema, }, fetch: async () => { try { @@ -60,6 +66,12 @@ export function createActionsUsageCollector( count_active_by_type: {}, count_active_email_connectors_by_service_type: {}, count_actions_namespaces: 0, + count_actions_executions_per_day: 0, + count_actions_executions_by_type_per_day: {}, + count_actions_executions_failed_per_day: 0, + count_actions_executions_failed_by_type_per_day: {}, + avg_execution_time_per_day: 0, + avg_execution_time_by_type_per_day: {}, }; } }, diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index bacb9e5f72571..5ddcbab4261d1 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -7,13 +7,14 @@ import { Logger, CoreSetup } from 'kibana/server'; import moment from 'moment'; +import { IEventLogService } from '../../../event_log/server'; import { RunContext, TaskManagerSetupContract, TaskManagerStartContract, } from '../../../task_manager/server'; import { PreConfiguredAction } from '../types'; -import { getTotalCount, getInUseTotalCount } from './actions_telemetry'; +import { getTotalCount, getInUseTotalCount, getExecutionsPerDayCount } from './actions_telemetry'; export const TELEMETRY_TASK_TYPE = 'actions_telemetry'; @@ -24,9 +25,17 @@ export function initializeActionsTelemetry( taskManager: TaskManagerSetupContract, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { - registerActionsTelemetryTask(logger, taskManager, core, kibanaIndex, preconfiguredActions); + registerActionsTelemetryTask( + logger, + taskManager, + core, + kibanaIndex, + preconfiguredActions, + eventLog + ); } export function scheduleActionsTelemetry(logger: Logger, taskManager: TaskManagerStartContract) { @@ -38,13 +47,20 @@ function registerActionsTelemetryTask( taskManager: TaskManagerSetupContract, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Actions usage fetch task', timeout: '5m', - createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, preconfiguredActions), + createTaskRunner: telemetryTaskRunner( + logger, + core, + kibanaIndex, + preconfiguredActions, + eventLog + ), }, }); } @@ -66,10 +82,12 @@ export function telemetryTaskRunner( logger: Logger, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; + const eventLogIndex = eventLog.getIndexPattern(); const getEsClient = () => core.getStartServices().then( ([ @@ -84,8 +102,9 @@ export function telemetryTaskRunner( return Promise.all([ getTotalCount(esClient, kibanaIndex, preconfiguredActions), getInUseTotalCount(esClient, kibanaIndex, undefined, preconfiguredActions), + getExecutionsPerDayCount(esClient, eventLogIndex), ]) - .then(([totalAggegations, totalInUse]) => { + .then(([totalAggegations, totalInUse, totalExecutionsPerDay]) => { return { state: { runs: (state.runs || 0) + 1, @@ -96,6 +115,13 @@ export function telemetryTaskRunner( count_active_alert_history_connectors: totalInUse.countByAlertHistoryConnectorType, count_active_email_connectors_by_service_type: totalInUse.countEmailByService, count_actions_namespaces: totalInUse.countNamespaces, + count_actions_executions_per_day: totalExecutionsPerDay.countTotal, + count_actions_executions_by_type_per_day: totalExecutionsPerDay.countByType, + count_actions_executions_failed_per_day: totalExecutionsPerDay.countFailed, + count_actions_executions_failed_by_type_per_day: + totalExecutionsPerDay.countFailedByType, + avg_execution_time_per_day: totalExecutionsPerDay.avgExecutionTime, + avg_execution_time_by_type_per_day: totalExecutionsPerDay.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/actions/server/usage/types.ts b/x-pack/plugins/actions/server/usage/types.ts index 52677b35ac75b..2d041b1ba0d0e 100644 --- a/x-pack/plugins/actions/server/usage/types.ts +++ b/x-pack/plugins/actions/server/usage/types.ts @@ -16,9 +16,12 @@ export interface ActionsUsage { count_active_by_type: Record; count_active_email_connectors_by_service_type: Record; count_actions_namespaces: number; - // TODO: Implement executions count telemetry with eventLog, when it will write to index - // executions_by_type: Record; - // executions_total: number; + count_actions_executions_per_day: number; + count_actions_executions_by_type_per_day: Record; + count_actions_executions_failed_per_day: number; + count_actions_executions_failed_by_type_per_day: Record; + avg_execution_time_per_day: number; + avg_execution_time_by_type_per_day: Record; } export const byTypeSchema: MakeSchemaFrom['count_by_type'] = { diff --git a/x-pack/plugins/alerting/server/plugin.ts b/x-pack/plugins/alerting/server/plugin.ts index 9834225e73723..f0703defbca3d 100644 --- a/x-pack/plugins/alerting/server/plugin.ts +++ b/x-pack/plugins/alerting/server/plugin.ts @@ -209,7 +209,13 @@ export class AlertingPlugin { usageCollection, core.getStartServices().then(([_, { taskManager }]) => taskManager) ); - initializeAlertingTelemetry(this.telemetryLogger, core, plugins.taskManager, kibanaIndex); + initializeAlertingTelemetry( + this.telemetryLogger, + core, + plugins.taskManager, + kibanaIndex, + this.eventLogService + ); } // Usage counter for telemetry diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts index 03a96d19b8e8a..af08c8c75c144 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts @@ -7,7 +7,11 @@ // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { elasticsearchClientMock } from '../../../../../src/core/server/elasticsearch/client/mocks'; -import { getTotalCountAggregations, getTotalCountInUse } from './alerts_telemetry'; +import { + getTotalCountAggregations, + getTotalCountInUse, + getExecutionsPerDayCount, +} from './alerts_telemetry'; describe('alerts telemetry', () => { test('getTotalCountInUse should replace first "." symbol to "__" in alert types names', async () => { @@ -114,4 +118,74 @@ Object { } `); }); + + test('getTotalExecutionsCount should return execution aggregations for total count, count by rule type and number of failed executions', async () => { + const mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser; + mockEsClient.search.mockReturnValue( + // @ts-expect-error @elastic/elasticsearch Aggregate only allows unknown values + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + byRuleTypeId: { + value: { + ruleTypes: { + '.index-threshold': 2, + 'logs.alert.document.count': 1, + 'document.test.': 1, + }, + ruleTypesDuration: { + '.index-threshold': 2087868, + 'logs.alert.document.count': 1675765, + 'document.test.': 17687687, + }, + }, + }, + failuresByReason: { + value: { + reasons: { + unknown: { + '.index-threshold': 2, + 'logs.alert.document.count': 1, + 'document.test.': 1, + }, + }, + }, + }, + avgDuration: { value: 10 }, + }, + hits: { + hits: [], + }, + }) + ); + + const telemetry = await getExecutionsPerDayCount(mockEsClient, 'test'); + + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + + expect(telemetry).toStrictEqual({ + avgExecutionTime: 0, + avgExecutionTimeByType: { + '__index-threshold': 1043934, + 'document.test__': 17687687, + 'logs.alert.document.count': 1675765, + }, + countByType: { + '__index-threshold': 2, + 'document.test__': 1, + 'logs.alert.document.count': 1, + }, + countFailuresByReason: { + unknown: 4, + }, + countFailuresByReasonByType: { + unknown: { + '.index-threshold': 2, + 'document.test.': 1, + 'logs.alert.document.count': 1, + }, + }, + countTotal: 4, + countTotalFailures: 4, + }); + }); }); diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts index 7ff9538c1aa26..180ee4300f18c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts @@ -38,6 +38,65 @@ const alertTypeMetric = { }, }; +const ruleTypeExecutionsMetric = { + scripted_metric: { + init_script: 'state.ruleTypes = [:]; state.ruleTypesDuration = [:];', + map_script: ` + String ruleType = doc['rule.category'].value; + long duration = doc['event.duration'].value / (1000 * 1000); + state.ruleTypes.put(ruleType, state.ruleTypes.containsKey(ruleType) ? state.ruleTypes.get(ruleType) + 1 : 1); + state.ruleTypesDuration.put(ruleType, state.ruleTypesDuration.containsKey(ruleType) ? state.ruleTypesDuration.get(ruleType) + duration : duration); + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map result = [:]; + for (Map m : states.toArray()) { + if (m !== null) { + for (String k : m.keySet()) { + result.put(k, result.containsKey(k) ? result.get(k) + m.get(k) : m.get(k)); + } + } + } + return result; + `, + }, +}; + +const ruleTypeFailureExecutionsMetric = { + scripted_metric: { + init_script: 'state.reasons = [:]', + map_script: ` + if (doc['event.outcome'].value == 'failure') { + String reason = doc['event.reason'].value; + String ruleType = doc['rule.category'].value; + Map ruleTypes = state.reasons.containsKey(reason) ? state.reasons.get(reason) : [:]; + ruleTypes.put(ruleType, ruleTypes.containsKey(ruleType) ? ruleTypes.get(ruleType) + 1 : 1); + state.reasons.put(reason, ruleTypes); + } + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map result = [:]; + for (Map m : states.toArray()) { + if (m !== null) { + for (String k : m.keySet()) { + result.put(k, result.containsKey(k) ? result.get(k) + m.get(k) : m.get(k)); + } + } + } + return result; + `, + }, +}; + export async function getTotalCountAggregations( esClient: ElasticsearchClient, kibanaInex: string @@ -260,4 +319,130 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -// TODO: Implement executions count telemetry with eventLog, when it will write to index +export async function getExecutionsPerDayCount( + esClient: ElasticsearchClient, + eventLogIndex: string +) { + const { body: searchResult } = await esClient.search({ + index: eventLogIndex, + size: 0, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + term: { 'event.provider': 'alerting' }, + }, + { + range: { + '@timestamp': { + gte: 'now-1d', + }, + }, + }, + ], + }, + }, + }, + }, + aggs: { + byRuleTypeId: ruleTypeExecutionsMetric, + failuresByReason: ruleTypeFailureExecutionsMetric, + avgDuration: { avg: { field: 'event.duration' } }, + }, + }, + }); + + const executionsAggregations = searchResult.aggregations as { + byRuleTypeId: { + value: { ruleTypes: Record; ruleTypesDuration: Record }; + }; + }; + + const aggsAvgExecutionTime = Math.round( + // @ts-expect-error aggegation type is not specified + // convert nanoseconds to milliseconds + searchResult.aggregations.avgDuration.value / (1000 * 1000) + ); + + const executionFailuresAggregations = searchResult.aggregations as { + failuresByReason: { value: { reasons: Record> } }; + }; + + return { + countTotal: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + (total: number, key: string) => + parseInt(executionsAggregations.byRuleTypeId.value.ruleTypes[key], 10) + total, + 0 + ), + countByType: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: + executionsAggregations.byRuleTypeId.value.ruleTypes[key], + }), + {} + ), + countTotalFailures: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce((total: number, reason: string) => { + const byRuleTypesRefs = executionFailuresAggregations.failuresByReason.value.reasons[reason]; + const countByRuleTypes = Object.keys(byRuleTypesRefs).reduce( + (totalByType, ruleType) => parseInt(byRuleTypesRefs[ruleType] + totalByType, 10), + 0 + ); + return countByRuleTypes + total; + }, 0), + countFailuresByReason: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, reason: string) => { + const byRuleTypesRefs = + executionFailuresAggregations.failuresByReason.value.reasons[reason]; + const countByRuleTypes = Object.keys(byRuleTypesRefs).reduce( + (totalByType, ruleType) => parseInt(byRuleTypesRefs[ruleType] + totalByType, 10), + 0 + ); + return { + ...obj, + [replaceFirstAndLastDotSymbols(reason)]: countByRuleTypes, + }; + }, + {} + ), + countFailuresByReasonByType: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: + executionFailuresAggregations.failuresByReason.value.reasons[key], + }), + {} + ), + avgExecutionTime: aggsAvgExecutionTime, + avgExecutionTimeByType: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: Math.round( + executionsAggregations.byRuleTypeId.value.ruleTypesDuration[key] / + parseInt(executionsAggregations.byRuleTypeId.value.ruleTypes[key], 10) + ), + }), + {} + ), + }; +} diff --git a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts index e9405c51dbf15..e5b25ea75fc1c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts @@ -50,6 +50,26 @@ const byTypeSchema: MakeSchemaFrom['count_by_type'] = { xpack__ml__anomaly_detection_jobs_health: { type: 'long' }, // eslint-disable-line @typescript-eslint/naming-convention }; +const byReasonSchema: MakeSchemaFrom['count_rules_executions_failured_by_reason_per_day'] = + { + // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) + DYNAMIC_KEY: { type: 'long' }, + read: { type: 'long' }, + decrypt: { type: 'long' }, + license: { type: 'long' }, + unknown: { type: 'long' }, + }; + +const byReasonSchemaByType: MakeSchemaFrom['count_rules_executions_failured_by_reason_by_type_per_day'] = + { + // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) + DYNAMIC_KEY: byTypeSchema, + read: byTypeSchema, + decrypt: byTypeSchema, + license: byTypeSchema, + unknown: byTypeSchema, + }; + export function createAlertsUsageCollector( usageCollection: UsageCollectionSetup, taskManager: Promise @@ -92,6 +112,13 @@ export function createAlertsUsageCollector( count_active_by_type: {}, count_by_type: {}, count_rules_namespaces: 0, + count_rules_executions_per_day: 0, + count_rules_executions_by_type_per_day: {}, + count_rules_executions_failured_per_day: 0, + count_rules_executions_failured_by_reason_per_day: {}, + count_rules_executions_failured_by_reason_by_type_per_day: {}, + avg_execution_time_per_day: 0, + avg_execution_time_by_type_per_day: {}, }; } }, @@ -117,6 +144,13 @@ export function createAlertsUsageCollector( count_active_by_type: byTypeSchema, count_by_type: byTypeSchema, count_rules_namespaces: { type: 'long' }, + count_rules_executions_per_day: { type: 'long' }, + count_rules_executions_by_type_per_day: byTypeSchema, + count_rules_executions_failured_per_day: { type: 'long' }, + count_rules_executions_failured_by_reason_per_day: byReasonSchema, + count_rules_executions_failured_by_reason_by_type_per_day: byReasonSchemaByType, + avg_execution_time_per_day: { type: 'long' }, + avg_execution_time_by_type_per_day: byTypeSchema, }, }); } diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 9d39b3765cb5d..2fbd56c105c31 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -7,13 +7,18 @@ import { Logger, CoreSetup } from 'kibana/server'; import moment from 'moment'; +import { IEventLogService } from '../../../event_log/server'; import { RunContext, TaskManagerSetupContract, TaskManagerStartContract, } from '../../../task_manager/server'; -import { getTotalCountAggregations, getTotalCountInUse } from './alerts_telemetry'; +import { + getTotalCountAggregations, + getTotalCountInUse, + getExecutionsPerDayCount, +} from './alerts_telemetry'; export const TELEMETRY_TASK_TYPE = 'alerting_telemetry'; @@ -23,9 +28,10 @@ export function initializeAlertingTelemetry( logger: Logger, core: CoreSetup, taskManager: TaskManagerSetupContract, - kibanaIndex: string + kibanaIndex: string, + eventLog: IEventLogService ) { - registerAlertingTelemetryTask(logger, core, taskManager, kibanaIndex); + registerAlertingTelemetryTask(logger, core, taskManager, kibanaIndex, eventLog); } export function scheduleAlertingTelemetry(logger: Logger, taskManager?: TaskManagerStartContract) { @@ -38,13 +44,14 @@ function registerAlertingTelemetryTask( logger: Logger, core: CoreSetup, taskManager: TaskManagerSetupContract, - kibanaIndex: string + kibanaIndex: string, + eventLog: IEventLogService ) { taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Alerting usage fetch task', timeout: '5m', - createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex), + createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, eventLog), }, }); } @@ -62,9 +69,15 @@ async function scheduleTasks(logger: Logger, taskManager: TaskManagerStartContra } } -export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex: string) { +export function telemetryTaskRunner( + logger: Logger, + core: CoreSetup, + kibanaIndex: string, + eventLog: IEventLogService +) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; + const eventLogIndex = eventLog.getIndexPattern(); const getEsClient = () => core.getStartServices().then( ([ @@ -80,8 +93,9 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex return Promise.all([ getTotalCountAggregations(esClient, kibanaIndex), getTotalCountInUse(esClient, kibanaIndex), + getExecutionsPerDayCount(esClient, eventLogIndex), ]) - .then(([totalCountAggregations, totalInUse]) => { + .then(([totalCountAggregations, totalInUse, totalExecutions]) => { return { state: { runs: (state.runs || 0) + 1, @@ -90,6 +104,15 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex count_active_total: totalInUse.countTotal, count_disabled_total: totalCountAggregations.count_total - totalInUse.countTotal, count_rules_namespaces: totalInUse.countNamespaces, + count_rules_executions_per_day: totalExecutions.countTotal, + count_rules_executions_by_type_per_day: totalExecutions.countByType, + count_rules_executions_failured_per_day: totalExecutions.countTotalFailures, + count_rules_executions_failured_by_reason_per_day: + totalExecutions.countFailuresByReason, + count_rules_executions_failured_by_reason_by_type_per_day: + totalExecutions.countFailuresByReasonByType, + avg_execution_time_per_day: totalExecutions.avgExecutionTime, + avg_execution_time_by_type_per_day: totalExecutions.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/alerting/server/usage/types.ts b/x-pack/plugins/alerting/server/usage/types.ts index 0e489893a1bbc..50d9b80c44b70 100644 --- a/x-pack/plugins/alerting/server/usage/types.ts +++ b/x-pack/plugins/alerting/server/usage/types.ts @@ -12,6 +12,13 @@ export interface AlertsUsage { count_by_type: Record; count_active_by_type: Record; count_rules_namespaces: number; + count_rules_executions_per_day: number; + count_rules_executions_by_type_per_day: Record; + count_rules_executions_failured_per_day: number; + count_rules_executions_failured_by_reason_per_day: Record; + count_rules_executions_failured_by_reason_by_type_per_day: Record>; + avg_execution_time_per_day: number; + avg_execution_time_by_type_per_day: Record; throttle_time: { min: number; avg: number; diff --git a/x-pack/plugins/event_log/server/event_log_service.mock.ts b/x-pack/plugins/event_log/server/event_log_service.mock.ts index a3ad81eb0e5a6..f43f3e025a7cf 100644 --- a/x-pack/plugins/event_log/server/event_log_service.mock.ts +++ b/x-pack/plugins/event_log/server/event_log_service.mock.ts @@ -17,6 +17,7 @@ const createEventLogServiceMock = () => { getProviderActions: jest.fn(), registerSavedObjectProvider: jest.fn(), getLogger: jest.fn().mockReturnValue(eventLoggerMock.create()), + getIndexPattern: jest.fn(), }; return mock; }; diff --git a/x-pack/plugins/event_log/server/event_log_service.ts b/x-pack/plugins/event_log/server/event_log_service.ts index 993631ed3ca8a..2cf22b0f20755 100644 --- a/x-pack/plugins/event_log/server/event_log_service.ts +++ b/x-pack/plugins/event_log/server/event_log_service.ts @@ -92,6 +92,10 @@ export class EventLogService implements IEventLogService { return this.savedObjectProviderRegistry.registerProvider(type, provider); } + getIndexPattern() { + return this.esContext.esNames.indexPattern; + } + getLogger(initialProperties: IEvent): IEventLogger { return new EventLogger({ esContext: this.esContext, diff --git a/x-pack/plugins/event_log/server/types.ts b/x-pack/plugins/event_log/server/types.ts index c50bed7e01dd5..6ffde7fd6dbe0 100644 --- a/x-pack/plugins/event_log/server/types.ts +++ b/x-pack/plugins/event_log/server/types.ts @@ -33,6 +33,7 @@ export interface IEventLogService { getProviderActions(): Map>; registerSavedObjectProvider(type: string, provider: SavedObjectProvider): void; getLogger(properties: IEvent): IEventLogger; + getIndexPattern(): string; } export interface IEventLogClientService { diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 2786cab4fe963..8ac619d479bef 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -100,6 +100,49 @@ } } }, + "count_actions_executions_per_day": { + "type": "long" + }, + "count_actions_executions_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } + }, "count_active_email_connectors_by_service_type": { "properties": { "DYNAMIC_KEY": { @@ -127,6 +170,92 @@ }, "count_actions_namespaces": { "type": "long" + }, + "count_actions_executions_failed_per_day": { + "type": "long" + }, + "count_actions_executions_failed_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } + }, + "avg_execution_time_per_day": { + "type": "long" + }, + "avg_execution_time_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } } } }, @@ -352,6 +481,633 @@ }, "count_rules_namespaces": { "type": "long" + }, + "count_rules_executions_per_day": { + "type": "long" + }, + "count_rules_executions_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "count_rules_executions_failured_per_day": { + "type": "long" + }, + "count_rules_executions_failured_by_reason_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "read": { + "type": "long" + }, + "decrypt": { + "type": "long" + }, + "license": { + "type": "long" + }, + "unknown": { + "type": "long" + } + } + }, + "count_rules_executions_failured_by_reason_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "read": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "decrypt": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "license": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "unknown": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + } + } + }, + "avg_execution_time_per_day": { + "type": "long" + }, + "avg_execution_time_by_type_per_day": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } } } }, From 0e3dea35a9b1e5def3f24fbddb7724a49a8316a1 Mon Sep 17 00:00:00 2001 From: Corey Robertson Date: Tue, 2 Nov 2021 13:38:37 -0400 Subject: [PATCH 34/53] Fix bug where cache is rebuilt incorrectly (#114105) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- x-pack/plugins/canvas/public/lib/run_interpreter.ts | 8 +++++--- x-pack/plugins/canvas/public/state/actions/elements.js | 3 ++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/canvas/public/lib/run_interpreter.ts b/x-pack/plugins/canvas/public/lib/run_interpreter.ts index 6c10b82fae3fd..9633d91b8b8b2 100644 --- a/x-pack/plugins/canvas/public/lib/run_interpreter.ts +++ b/x-pack/plugins/canvas/public/lib/run_interpreter.ts @@ -19,11 +19,13 @@ interface Options { */ export async function interpretAst( ast: ExpressionAstExpression, - variables: Record + variables: Record, + input: ExpressionValue = null ): Promise { const context = { variables }; const { execute } = pluginServices.getServices().expressions; - return await execute(ast, null, context).getData().pipe(pluck('result')).toPromise(); + + return await execute(ast, input, context).getData().pipe(pluck('result')).toPromise(); } /** @@ -43,9 +45,9 @@ export async function runInterpreter( options: Options = {} ): Promise { const context = { variables }; - try { const { execute } = pluginServices.getServices().expressions; + const renderable = await execute(ast, input, context) .getData() .pipe(pluck('result')) diff --git a/x-pack/plugins/canvas/public/state/actions/elements.js b/x-pack/plugins/canvas/public/state/actions/elements.js index a8302cf094016..c8d322163b54f 100644 --- a/x-pack/plugins/canvas/public/state/actions/elements.js +++ b/x-pack/plugins/canvas/public/state/actions/elements.js @@ -111,7 +111,8 @@ export const fetchContext = createThunk( ...element.ast, chain: astChain, }, - variables + variables, + prevContextValue ).then((value) => { dispatch( args.setValue({ From c91e44ca8e9b6363069773236f8532bcd2915cbc Mon Sep 17 00:00:00 2001 From: Shahzad Date: Tue, 2 Nov 2021 18:44:53 +0100 Subject: [PATCH 35/53] [Uptime] Fix regression in logging queries on inspect (#117124) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- x-pack/plugins/uptime/server/lib/lib.ts | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/x-pack/plugins/uptime/server/lib/lib.ts b/x-pack/plugins/uptime/server/lib/lib.ts index 894bf743499f9..fbd0494a3ca82 100644 --- a/x-pack/plugins/uptime/server/lib/lib.ts +++ b/x-pack/plugins/uptime/server/lib/lib.ts @@ -59,8 +59,6 @@ export function createUptimeESClient({ request?: KibanaRequest; savedObjectsClient: SavedObjectsClientContract | ISavedObjectsRepository; }) { - const { _inspect = false } = (request?.query as { _inspect: boolean }) ?? {}; - return { baseESClient: esClient, async search( @@ -101,10 +99,9 @@ export function createUptimeESClient({ startTime: startTimeNow, }) ); - } - - if (_inspect && request) { - debugESCall({ startTime, request, esError, operationName: 'search', params: esParams }); + if (request) { + debugESCall({ startTime, request, esError, operationName: 'search', params: esParams }); + } } if (esError) { @@ -129,8 +126,9 @@ export function createUptimeESClient({ } catch (e) { esError = e; } + const inspectableEsQueries = inspectableEsQueriesMap.get(request!); - if (_inspect && request) { + if (inspectableEsQueries && request) { debugESCall({ startTime, request, esError, operationName: 'count', params: esParams }); } From 03cebac5472f66e4c68183dd2c2a5d44f72ad057 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?David=20S=C3=A1nchez?= Date: Tue, 2 Nov 2021 18:53:31 +0100 Subject: [PATCH 36/53] [Security solution] [Endpoint] Fixes for operator "match_any" in event filters card (#117136) * Fix translations and allow negative operators * UI fixes * Remove useCallbacks and update test --- .../artifact_entry_card.tsx | 16 +++-- .../components/criteria_conditions.tsx | 56 ++++++++++++----- .../components/translations.ts | 16 ++++- .../__snapshots__/index.test.tsx.snap | 60 +++++++++---------- 4 files changed, 97 insertions(+), 51 deletions(-) diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx index d5f8c2dc74788..89d2f029e9538 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/artifact_entry_card.tsx @@ -80,16 +80,20 @@ export const ArtifactEntryCard = memo( data-test-subj={getTestId('subHeader')} /> - - {!hideDescription && ( - - {artifact.description} - + <> + + + {artifact.description} + + )} {!hideComments ? ( - + <> + + + ) : null} diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx index 743eac7a15458..24244aad3ef99 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/criteria_conditions.tsx @@ -6,7 +6,14 @@ */ import React, { memo, useCallback, useMemo } from 'react'; -import { CommonProps, EuiExpression, EuiToken, EuiFlexGroup, EuiFlexItem } from '@elastic/eui'; +import { + CommonProps, + EuiExpression, + EuiToken, + EuiFlexGroup, + EuiFlexItem, + EuiBadge, +} from '@elastic/eui'; import styled from 'styled-components'; import { ListOperatorTypeEnum } from '@kbn/securitysolution-io-ts-list-types'; import { @@ -21,6 +28,8 @@ import { CONDITION_OPERATOR_TYPE_MATCH_ANY, CONDITION_OPERATOR_TYPE_EXISTS, CONDITION_OPERATOR_TYPE_LIST, + CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY, + CONDITION_OPERATOR_TYPE_NOT_MATCH, } from './translations'; import { ArtifactInfo, ArtifactInfoEntry } from '../types'; import { useTestIdGenerator } from '../../hooks/use_test_id_generator'; @@ -32,7 +41,7 @@ const OS_LABELS = Object.freeze({ windows: OS_WINDOWS, }); -const OPERATOR_TYPE_LABELS = Object.freeze({ +const OPERATOR_TYPE_LABELS_INCLUDED = Object.freeze({ [ListOperatorTypeEnum.NESTED]: CONDITION_OPERATOR_TYPE_NESTED, [ListOperatorTypeEnum.MATCH_ANY]: CONDITION_OPERATOR_TYPE_MATCH_ANY, [ListOperatorTypeEnum.MATCH]: CONDITION_OPERATOR_TYPE_MATCH, @@ -41,8 +50,13 @@ const OPERATOR_TYPE_LABELS = Object.freeze({ [ListOperatorTypeEnum.LIST]: CONDITION_OPERATOR_TYPE_LIST, }); +const OPERATOR_TYPE_LABELS_EXCLUDED = Object.freeze({ + [ListOperatorTypeEnum.MATCH_ANY]: CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY, + [ListOperatorTypeEnum.MATCH]: CONDITION_OPERATOR_TYPE_NOT_MATCH, +}); + const EuiFlexGroupNested = styled(EuiFlexGroup)` - margin-left: ${({ theme }) => theme.eui.spacerSizes.l}; + margin-left: ${({ theme }) => theme.eui.spacerSizes.xl}; `; const EuiFlexItemNested = styled(EuiFlexItem)` @@ -67,11 +81,30 @@ export const CriteriaConditions = memo( .join(', '); }, [os]); + const getEntryValue = (type: string, value: string | string[]) => { + if (type === 'match_any' && Array.isArray(value)) { + return value.map((currentValue) => {currentValue}); + } + return value; + }; + + const getEntryOperator = (type: string, operator: string) => { + if (type === 'nested') return; + return operator === 'included' + ? OPERATOR_TYPE_LABELS_INCLUDED[type as keyof typeof OPERATOR_TYPE_LABELS_INCLUDED] ?? type + : OPERATOR_TYPE_LABELS_EXCLUDED[type as keyof typeof OPERATOR_TYPE_LABELS_EXCLUDED] ?? type; + }; + const getNestedEntriesContent = useCallback( (type: string, nestedEntries: ArtifactInfoEntry[]) => { if (type === 'nested' && nestedEntries.length) { return nestedEntries.map( - ({ field: nestedField, type: nestedType, value: nestedValue }) => { + ({ + field: nestedField, + type: nestedType, + value: nestedValue, + operator: nestedOperator, + }) => { return ( ( @@ -113,7 +143,7 @@ export const CriteriaConditions = memo( - {entries.map(({ field, type, value, entries: nestedEntries = [] }) => { + {entries.map(({ field, type, value, operator, entries: nestedEntries = [] }) => { return (
( color="subdued" /> {getNestedEntriesContent(type, nestedEntries)}
diff --git a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts index b2c0edfb2b9eb..3290a52c1c37d 100644 --- a/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts +++ b/x-pack/plugins/security_solution/public/management/components/artifact_entry_card/components/translations.ts @@ -54,6 +54,13 @@ export const CONDITION_OPERATOR_TYPE_MATCH = i18n.translate( } ); +export const CONDITION_OPERATOR_TYPE_NOT_MATCH = i18n.translate( + 'xpack.securitySolution.artifactCard.conditions.matchOperator.not', + { + defaultMessage: 'IS NOT', + } +); + export const CONDITION_OPERATOR_TYPE_WILDCARD = i18n.translate( 'xpack.securitySolution.artifactCard.conditions.wildcardOperator', { @@ -71,7 +78,14 @@ export const CONDITION_OPERATOR_TYPE_NESTED = i18n.translate( export const CONDITION_OPERATOR_TYPE_MATCH_ANY = i18n.translate( 'xpack.securitySolution.artifactCard.conditions.matchAnyOperator', { - defaultMessage: 'is any', + defaultMessage: 'is one of', + } +); + +export const CONDITION_OPERATOR_TYPE_NOT_MATCH_ANY = i18n.translate( + 'xpack.securitySolution.artifactCard.conditions.matchAnyOperator.not', + { + defaultMessage: 'is not one of', } ); diff --git a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap index ea5869f79275f..f22cc1179f0d3 100644 --- a/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap +++ b/x-pack/plugins/security_solution/public/management/pages/trusted_apps/view/components/trusted_apps_grid/__snapshots__/index.test.tsx.snap @@ -743,7 +743,7 @@ exports[`TrustedAppsGrid renders correctly when loaded data 1`] = `
Date: Tue, 2 Nov 2021 10:55:32 -0700 Subject: [PATCH 37/53] Exceptions export duplicates (#116698) ## Summary Addresses https://github.com/elastic/kibana/issues/116329 Removes duplicate exception lists on rule export when multiple rules reference the same list. --- .../response/exception_list_schema.mock.ts | 21 +++++++++++ .../server/scripts/check_env_variables.sh | 10 ----- .../exception_list_client.mock.ts | 9 +++-- .../rules/get_export_all.test.ts | 4 +- .../rules/get_export_rule_exceptions.test.ts | 37 +++++++++++++++---- .../rules/get_export_rule_exceptions.ts | 17 ++++++--- .../scripts/check_env_variables.sh | 10 ----- 7 files changed, 70 insertions(+), 38 deletions(-) diff --git a/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts b/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts index 42c35ba1a5d7a..eca17b4c835d6 100644 --- a/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts +++ b/x-pack/plugins/lists/common/schemas/response/exception_list_schema.mock.ts @@ -16,6 +16,7 @@ import { import { DATE_NOW, DESCRIPTION, + DETECTION_TYPE, ELASTIC_USER, ENDPOINT_TYPE, IMMUTABLE, @@ -48,6 +49,26 @@ export const getExceptionListSchemaMock = (): ExceptionListSchema => ({ version: VERSION, }); +export const getDetectionsExceptionListSchemaMock = (): ExceptionListSchema => ({ + _version: _VERSION, + created_at: DATE_NOW, + created_by: USER, + description: DESCRIPTION, + id: '1', + immutable: IMMUTABLE, + list_id: 'exception_list_id', + meta: META, + name: 'Sample Exception List', + namespace_type: 'single', + os_types: ['linux'], + tags: ['user added string for a tag', 'malware'], + tie_breaker_id: TIE_BREAKER, + type: DETECTION_TYPE, + updated_at: DATE_NOW, + updated_by: 'user_name', + version: VERSION, +}); + export const getTrustedAppsListSchemaMock = (): ExceptionListSchema => { return { ...getExceptionListSchemaMock(), diff --git a/x-pack/plugins/lists/server/scripts/check_env_variables.sh b/x-pack/plugins/lists/server/scripts/check_env_variables.sh index 4df0e42adf9f3..df2354ed8398a 100755 --- a/x-pack/plugins/lists/server/scripts/check_env_variables.sh +++ b/x-pack/plugins/lists/server/scripts/check_env_variables.sh @@ -30,13 +30,3 @@ if [ -z "${KIBANA_URL}" ]; then echo "Set KIBANA_URL in your environment" exit 1 fi - -if [ -z "${TASK_MANAGER_INDEX}" ]; then - echo "Set TASK_MANAGER_INDEX in your environment" - exit 1 -fi - -if [ -z "${KIBANA_INDEX}" ]; then - echo "Set KIBANA_INDEX in your environment" - exit 1 -fi diff --git a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts index f5f6a4f1f2d5a..a780080dabc83 100644 --- a/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts +++ b/x-pack/plugins/lists/server/services/exception_lists/exception_list_client.mock.ts @@ -11,6 +11,7 @@ import { getFoundExceptionListSchemaMock } from '../../../common/schemas/respons import { getFoundExceptionListItemSchemaMock } from '../../../common/schemas/response/found_exception_list_item_schema.mock'; import { getExceptionListItemSchemaMock } from '../../../common/schemas/response/exception_list_item_schema.mock'; import { + getDetectionsExceptionListSchemaMock, getExceptionListSchemaMock, getTrustedAppsListSchemaMock, } from '../../../common/schemas/response/exception_list_schema.mock'; @@ -31,10 +32,12 @@ export class ExceptionListClientMock extends ExceptionListClient { public createTrustedAppsList = jest.fn().mockResolvedValue(getTrustedAppsListSchemaMock()); public createEndpointList = jest.fn().mockResolvedValue(getExceptionListSchemaMock()); public exportExceptionListAndItems = jest.fn().mockResolvedValue({ - exportData: 'exportString', + exportData: `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}`, exportDetails: { - exported_exception_list_count: 0, - exported_exception_list_item_count: 0, + exported_exception_list_count: 1, + exported_exception_list_item_count: 1, missing_exception_list_item_count: 0, missing_exception_list_items: [], missing_exception_lists: [], diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts index 80df4c94971cc..99f5f76be1a7c 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_all.test.ts @@ -101,8 +101,8 @@ describe.each([ exceptions_list: getListArrayMock(), }); expect(detailsJson).toEqual({ - exported_exception_list_count: 0, - exported_exception_list_item_count: 0, + exported_exception_list_count: 1, + exported_exception_list_item_count: 1, exported_rules_count: 1, missing_exception_list_item_count: 0, missing_exception_list_items: [], diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts index dd7e59c74601c..614c0ae0a1281 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.test.ts @@ -8,15 +8,15 @@ import { ENDPOINT_LIST_ID } from '@kbn/securitysolution-list-constants'; import { getExceptionListClientMock } from '../../../../../lists/server/services/exception_lists/exception_list_client.mock'; +import { getDetectionsExceptionListSchemaMock } from '../../../../../lists/common/schemas/response/exception_list_schema.mock'; +import { getExceptionListItemSchemaMock } from '../../../../../lists/common/schemas/response/exception_list_item_schema.mock'; + import { getRuleExceptionsForExport, getExportableExceptions, getDefaultExportDetails, } from './get_export_rule_exceptions'; -import { - getListArrayMock, - getListMock, -} from '../../../../common/detection_engine/schemas/types/lists.mock'; +import { getListMock } from '../../../../common/detection_engine/schemas/types/lists.mock'; describe('get_export_rule_exceptions', () => { describe('getRuleExceptionsForExport', () => { @@ -36,7 +36,24 @@ describe('get_export_rule_exceptions', () => { getExceptionListClientMock() ); - expect(exportData).toEqual('exportString'); + expect(exportData).toEqual( + `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}` + ); + }); + + test('it does not return duplicate exception lists', async () => { + const { exportData } = await getRuleExceptionsForExport( + [getListMock(), getListMock()], + getExceptionListClientMock() + ); + + expect(exportData).toEqual( + `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}` + ); }); test('it does not return a global endpoint list', async () => { @@ -60,11 +77,15 @@ describe('get_export_rule_exceptions', () => { test('it returns stringified exception lists and items', async () => { // This rule has 2 exception lists tied to it const { exportData } = await getExportableExceptions( - getListArrayMock(), + [getListMock()], getExceptionListClientMock() ); - expect(exportData).toEqual('exportStringexportString'); + expect(exportData).toEqual( + `${JSON.stringify(getDetectionsExceptionListSchemaMock())}\n${JSON.stringify( + getExceptionListItemSchemaMock({ list_id: 'exception_list_id' }) + )}` + ); }); test('it throws error if error occurs in getting exceptions', async () => { @@ -72,7 +93,7 @@ describe('get_export_rule_exceptions', () => { exceptionsClient.exportExceptionListAndItems = jest.fn().mockRejectedValue(new Error('oops')); // This rule has 2 exception lists tied to it await expect(async () => { - await getExportableExceptions(getListArrayMock(), exceptionsClient); + await getExportableExceptions([getListMock()], exceptionsClient); }).rejects.toThrowErrorMatchingInlineSnapshot(`"oops"`); }); }); diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts index 719649d35c0f0..6faf3fdfe6104 100644 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rules/get_export_rule_exceptions.ts @@ -21,10 +21,17 @@ export const getRuleExceptionsForExport = async ( exceptions: ListArray, exceptionsListClient: ExceptionListClient | undefined ): Promise => { + const uniqueExceptionLists = new Set(); + if (exceptionsListClient != null) { - const exceptionsWithoutUnexportableLists = exceptions.filter( - ({ list_id: listId }) => !NON_EXPORTABLE_LIST_IDS.includes(listId) - ); + const exceptionsWithoutUnexportableLists = exceptions.filter((list) => { + if (!uniqueExceptionLists.has(list.id)) { + uniqueExceptionLists.add(list.id); + return !NON_EXPORTABLE_LIST_IDS.includes(list.list_id); + } else { + return false; + } + }); return getExportableExceptions(exceptionsWithoutUnexportableLists, exceptionsListClient); } else { return { exportData: '', exportDetails: getDefaultExportDetails() }; @@ -72,9 +79,9 @@ export const getExportableExceptions = async ( }; /** - * Creates promises of the rules and returns them. + * Creates promises of the exceptions to be exported and returns them. * @param exceptionsListClient Exception Lists client - * @param exceptions The rules to apply the update for + * @param exceptions The exceptions to be exported * @returns Promise of export ready exceptions. */ export const createPromises = ( diff --git a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh index 4df0e42adf9f3..df2354ed8398a 100755 --- a/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh +++ b/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/check_env_variables.sh @@ -30,13 +30,3 @@ if [ -z "${KIBANA_URL}" ]; then echo "Set KIBANA_URL in your environment" exit 1 fi - -if [ -z "${TASK_MANAGER_INDEX}" ]; then - echo "Set TASK_MANAGER_INDEX in your environment" - exit 1 -fi - -if [ -z "${KIBANA_INDEX}" ]; then - echo "Set KIBANA_INDEX in your environment" - exit 1 -fi From 47e8f783dc6da74a0f8cca81c02ed0349f540747 Mon Sep 17 00:00:00 2001 From: Bryan Clement Date: Tue, 2 Nov 2021 11:00:43 -0700 Subject: [PATCH 38/53] remove unused enrollment path (#117063) --- api_docs/fleet.json | 12 +----------- x-pack/plugins/fleet/common/constants/routes.ts | 1 - 2 files changed, 1 insertion(+), 12 deletions(-) diff --git a/api_docs/fleet.json b/api_docs/fleet.json index b951a5feea633..06c6bf2dbae32 100644 --- a/api_docs/fleet.json +++ b/api_docs/fleet.json @@ -19696,16 +19696,6 @@ "path": "x-pack/plugins/fleet/common/constants/routes.ts", "deprecated": false }, - { - "parentPluginId": "fleet", - "id": "def-common.AGENT_API_ROUTES.ENROLL_PATTERN", - "type": "string", - "tags": [], - "label": "ENROLL_PATTERN", - "description": [], - "path": "x-pack/plugins/fleet/common/constants/routes.ts", - "deprecated": false - }, { "parentPluginId": "fleet", "id": "def-common.AGENT_API_ROUTES.UNENROLL_PATTERN", @@ -21889,4 +21879,4 @@ } ] } -} \ No newline at end of file +} diff --git a/x-pack/plugins/fleet/common/constants/routes.ts b/x-pack/plugins/fleet/common/constants/routes.ts index 60795799bb32d..aa5e0dbcd5ed1 100644 --- a/x-pack/plugins/fleet/common/constants/routes.ts +++ b/x-pack/plugins/fleet/common/constants/routes.ts @@ -89,7 +89,6 @@ export const AGENT_API_ROUTES = { CHECKIN_PATTERN: `${API_ROOT}/agents/{agentId}/checkin`, ACKS_PATTERN: `${API_ROOT}/agents/{agentId}/acks`, ACTIONS_PATTERN: `${API_ROOT}/agents/{agentId}/actions`, - ENROLL_PATTERN: `${API_ROOT}/agents/enroll`, UNENROLL_PATTERN: `${API_ROOT}/agents/{agentId}/unenroll`, BULK_UNENROLL_PATTERN: `${API_ROOT}/agents/bulk_unenroll`, REASSIGN_PATTERN: `${API_ROOT}/agents/{agentId}/reassign`, From 6dbb314f76e6e1c84f33dd11960dfc3491471ed0 Mon Sep 17 00:00:00 2001 From: Tyler Smalley Date: Tue, 2 Nov 2021 11:02:05 -0700 Subject: [PATCH 39/53] [bazel] Set cache for build, not common (#117163) These settings are not valid outside build, and cause commands like shutdown to fail. Signed-off-by: Tyler Smalley --- .bazelrc.common | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.bazelrc.common b/.bazelrc.common index c401a90507982..0ad0c95fdcbbd 100644 --- a/.bazelrc.common +++ b/.bazelrc.common @@ -13,10 +13,10 @@ test --experimental_guard_against_concurrent_changes query --experimental_guard_against_concurrent_changes ## Cache action outputs on disk so they persist across output_base and bazel shutdown (eg. changing branches) -common --disk_cache=~/.bazel-cache/disk-cache +build --disk_cache=~/.bazel-cache/disk-cache ## Bazel repo cache settings -common --repository_cache=~/.bazel-cache/repository-cache +build --repository_cache=~/.bazel-cache/repository-cache # Bazel will create symlinks from the workspace directory to output artifacts. # Build results will be placed in a directory called "bazel-bin" From d9359219592dc5dc8b7e42f4061ed8f6c8409020 Mon Sep 17 00:00:00 2001 From: Vadim Yakhin Date: Tue, 2 Nov 2021 11:04:01 -0700 Subject: [PATCH 40/53] Update Workplace Search integration categories (#117036) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../custom_integrations/common/index.ts | 11 ++---- .../enterprise_search/server/integrations.ts | 34 +++++++++---------- 2 files changed, 20 insertions(+), 25 deletions(-) diff --git a/src/plugins/custom_integrations/common/index.ts b/src/plugins/custom_integrations/common/index.ts index 98148bb22c816..f00b4c39405d5 100755 --- a/src/plugins/custom_integrations/common/index.ts +++ b/src/plugins/custom_integrations/common/index.ts @@ -40,16 +40,11 @@ export const INTEGRATION_CATEGORY_DISPLAY = { web: 'Web', // Kibana added - communication: 'Communication', - customer_support: 'Customer Support', - document_storage: 'Document Storage', - enterprise_management: 'Enterprise Management', - knowledge_platform: 'Knowledge Platform', + communications: 'Communications', + file_storage: 'File storage', language_client: 'Language client', - project_management: 'Project Management', - software_development: 'Software Development', upload_file: 'Upload a file', - website_search: 'Website Search', + website_search: 'Website search', }; /** diff --git a/x-pack/plugins/enterprise_search/server/integrations.ts b/x-pack/plugins/enterprise_search/server/integrations.ts index eee5cdc3aaec3..633f5638cc05c 100644 --- a/x-pack/plugins/enterprise_search/server/integrations.ts +++ b/x-pack/plugins/enterprise_search/server/integrations.ts @@ -30,7 +30,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your files and folders stored on Box with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], }, { id: 'confluence_cloud', @@ -47,7 +47,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your organizational content on Confluence Cloud with Workplace Search.', } ), - categories: ['knowledge_platform'], + categories: ['productivity'], }, { id: 'confluence_server', @@ -64,7 +64,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your organizational content on Confluence Server with Workplace Search.', } ), - categories: ['knowledge_platform'], + categories: ['productivity'], }, { id: 'dropbox', @@ -78,7 +78,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your files and folders stored on Dropbox with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], }, { id: 'github', @@ -91,7 +91,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your projects and repos on GitHub with Workplace Search.', } ), - categories: ['software_development'], + categories: ['productivity'], }, { id: 'github_enterprise_server', @@ -108,7 +108,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ 'Search over your projects and repos on GitHub Enterprise Server with Workplace Search.', } ), - categories: ['software_development'], + categories: ['productivity'], }, { id: 'gmail', @@ -121,7 +121,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your emails managed by Gmail with Workplace Search.', } ), - categories: ['communication'], + categories: ['communications'], }, { id: 'google_drive', @@ -134,7 +134,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your documents on Google Drive with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], }, { id: 'jira_cloud', @@ -147,7 +147,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your project workflow on Jira Cloud with Workplace Search.', } ), - categories: ['project_management'], + categories: ['productivity'], }, { id: 'jira_server', @@ -160,7 +160,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your project workflow on Jira Server with Workplace Search.', } ), - categories: ['project_management'], + categories: ['productivity'], }, { id: 'onedrive', @@ -173,7 +173,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your files stored on OneDrive with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], uiInternalPath: '/app/enterprise_search/workplace_search/sources/add/one_drive', }, { @@ -187,7 +187,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your content on Salesforce with Workplace Search.', } ), - categories: ['crm'], + categories: ['productivity'], }, { id: 'salesforce_sandbox', @@ -203,7 +203,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your content on Salesforce Sandbox with Workplace Search.', } ), - categories: ['crm'], + categories: ['productivity'], }, { id: 'servicenow', @@ -216,7 +216,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your content on ServiceNow with Workplace Search.', } ), - categories: ['enterprise_management'], + categories: ['productivity'], }, { id: 'sharepoint_online', @@ -232,7 +232,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your files stored on SharePoint Online with Workplace Search.', } ), - categories: ['document_storage'], + categories: ['file_storage'], uiInternalPath: '/app/enterprise_search/workplace_search/sources/add/share_point', }, { @@ -246,7 +246,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your messages on Slack with Workplace Search.', } ), - categories: ['communication'], + categories: ['communications'], }, { id: 'zendesk', @@ -259,7 +259,7 @@ const workplaceSearchIntegrations: WorkplaceSearchIntegration[] = [ defaultMessage: 'Search over your tickets on Zendesk with Workplace Search.', } ), - categories: ['customer_support'], + categories: ['communications'], }, { id: 'custom_api_source', From 8d814f1c6c4e080096673f617a1cde811ea95fe6 Mon Sep 17 00:00:00 2001 From: Dima Arnautov Date: Tue, 2 Nov 2021 19:06:39 +0100 Subject: [PATCH 41/53] [ML] fix ticks, add custom colors inline (#117159) --- .../severity_control/severity_control.tsx | 13 ++++++------- .../components/severity_control/styles.scss | 18 ------------------ 2 files changed, 6 insertions(+), 25 deletions(-) delete mode 100644 x-pack/plugins/ml/public/application/components/severity_control/styles.scss diff --git a/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx b/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx index 7be72b8430233..4cc182988778d 100644 --- a/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx +++ b/x-pack/plugins/ml/public/application/components/severity_control/severity_control.tsx @@ -16,7 +16,6 @@ import { EuiRangeProps, } from '@elastic/eui'; import { ANOMALY_THRESHOLD } from '../../../../common'; -import './styles.scss'; export interface SeveritySelectorProps { value: number | undefined; @@ -29,23 +28,23 @@ export const SeverityControl: FC = React.memo(({ value, o const levels: EuiRangeProps['levels'] = [ { min: ANOMALY_THRESHOLD.LOW, - max: ANOMALY_THRESHOLD.MINOR - 1, - color: 'success', + max: ANOMALY_THRESHOLD.MINOR, + color: '#8BC8FB', }, { min: ANOMALY_THRESHOLD.MINOR, - max: ANOMALY_THRESHOLD.MAJOR - 1, - color: 'primary', + max: ANOMALY_THRESHOLD.MAJOR, + color: '#FDEC25', }, { min: ANOMALY_THRESHOLD.MAJOR, max: ANOMALY_THRESHOLD.CRITICAL, - color: 'warning', + color: '#FBA740', }, { min: ANOMALY_THRESHOLD.CRITICAL, max: MAX_ANOMALY_SCORE, - color: 'danger', + color: '#FE5050', }, ]; diff --git a/x-pack/plugins/ml/public/application/components/severity_control/styles.scss b/x-pack/plugins/ml/public/application/components/severity_control/styles.scss deleted file mode 100644 index 9a5fa8f2b160a..0000000000000 --- a/x-pack/plugins/ml/public/application/components/severity_control/styles.scss +++ /dev/null @@ -1,18 +0,0 @@ -// Color overrides are required (https://github.com/elastic/eui/issues/4467) - -.mlSeverityControl { - .euiRangeLevel-- { - &success { - background-color: #8BC8FB; - } - &primary { - background-color: #FDEC25; - } - &warning { - background-color: #FBA740; - } - &danger { - background-color: #FE5050; - } - } -} From 3a6a94695d864a83d7f348398411830e11d447b0 Mon Sep 17 00:00:00 2001 From: Dominique Clarke Date: Tue, 2 Nov 2021 14:45:57 -0400 Subject: [PATCH 42/53] [Observability] [Exploratory View] adjust popover placement (#116471) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../exploratory_view/components/date_range_picker.tsx | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx b/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx index 5529f28927028..32994b37fffe3 100644 --- a/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx +++ b/x-pack/plugins/observability/public/components/shared/exploratory_view/components/date_range_picker.tsx @@ -79,8 +79,10 @@ export function DateRangePicker({ seriesId, series }: { seriesId: number; series return ( } endDateControl={ } /> From fd8a564392373a4d775287c726ed935a83eec31a Mon Sep 17 00:00:00 2001 From: Mark Hopkin Date: Tue, 2 Nov 2021 18:56:56 +0000 Subject: [PATCH 43/53] show upgrade title when no policy present (#117134) --- .../components/layout.tsx | 37 ++++++++++++++----- 1 file changed, 27 insertions(+), 10 deletions(-) diff --git a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx index 3daf7fa545f24..b7c7d263d2675 100644 --- a/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx +++ b/x-pack/plugins/fleet/public/applications/fleet/sections/agent_policy/create_package_policy_page/components/layout.tsx @@ -123,16 +123,33 @@ export const CreatePackagePolicyPageLayout: React.FunctionComponent<{ ); } - return isEdit ? ( - -

- -

- - ) : ( + if (isEdit) { + return ( + +

+ +

+ + ); + } + + if (isUpgrade) { + return ( + +

+ +

+ + ); + } + + return (

Date: Tue, 2 Nov 2021 12:01:28 -0700 Subject: [PATCH 44/53] skip flaky suite (#116058) --- .../import_saved_objects_between_versions.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts b/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts index 790909164b33d..4dce6bca8f67a 100644 --- a/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts +++ b/x-pack/test/functional/apps/saved_objects_management/import_saved_objects_between_versions.ts @@ -20,7 +20,8 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const retry = getService('retry'); - describe('Export import saved objects between versions', function () { + // Failing: See https://github.com/elastic/kibana/issues/116058 + describe.skip('Export import saved objects between versions', function () { before(async function () { await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); await esArchiver.load('x-pack/test/functional/es_archives/getting_started/shakespeare'); From 5c73c0c120d43ddb9ef7c38545d480ab527f3b90 Mon Sep 17 00:00:00 2001 From: Scotty Bollinger Date: Tue, 2 Nov 2021 14:04:15 -0500 Subject: [PATCH 45/53] Update Role mappings modal copy (#117182) --- .../public/applications/shared/role_mapping/constants.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts index d2229b428932f..0a99b0991f4ed 100644 --- a/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts +++ b/x-pack/plugins/enterprise_search/public/applications/shared/role_mapping/constants.ts @@ -382,7 +382,7 @@ export const INVITATION_PENDING_LABEL = i18n.translate( export const ROLE_MODAL_TEXT = i18n.translate('xpack.enterpriseSearch.roleMapping.roleModalText', { defaultMessage: - 'Removing a role mapping revokes access to any user corresponding to the mapping attributes, but may not take effect immediately for SAML-governed roles. Users with an active SAML session will retain access until it expires.', + 'Removing a role mapping could revoke access to the currently logged-in user. Before proceeding, verify that the currently logged-in user has the appropriate access level via a different role mapping to avoid undesired behavior. This action may not take effect immediately for SAML-governed roles. Users with an active SAML session will retain access until it expires.', }); export const USER_MODAL_TITLE = (username: string) => From f5e9a075e20be13d5a3b0d0e80019dcd339640ed Mon Sep 17 00:00:00 2001 From: Andrea Del Rio Date: Tue, 2 Nov 2021 12:33:40 -0700 Subject: [PATCH 46/53] [Design] Swap button styles in header and KQL search bar (#117062) --- .../data/public/ui/query_string_input/query_bar_top_row.tsx | 1 + .../top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap | 1 + .../navigation/public/top_nav_menu/top_nav_menu_item.tsx | 2 +- 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx b/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx index f71a3d3b0686a..90db5abe418b7 100644 --- a/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx +++ b/src/plugins/data/public/ui/query_string_input/query_bar_top_row.tsx @@ -231,6 +231,7 @@ export default function QueryBarTopRow(props: QueryBarTopRowProps) { isDisabled={isDateRangeInvalid} isLoading={props.isLoading} onClick={onClickSubmitButton} + fill={false} data-test-subj="querySubmitButton" /> ); diff --git a/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap b/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap index 155377e5ea335..570699aa0c0e2 100644 --- a/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap +++ b/src/plugins/navigation/public/top_nav_menu/__snapshots__/top_nav_menu_item.test.tsx.snap @@ -2,6 +2,7 @@ exports[`TopNavMenu Should render emphasized item which should be clickable 1`] = ` + {upperFirst(props.label || props.id!)} ) : ( From 2a74c291c8211eda18fdcb42e6a3c5c2fcb8e6be Mon Sep 17 00:00:00 2001 From: Spencer Date: Tue, 2 Nov 2021 14:02:43 -0600 Subject: [PATCH 47/53] [docs] fix direct branch injection into docs links (#116794) * [docs] fix direct branch injection into docs links * add one more todo * correct fallback branch Co-authored-by: spalger Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../server/deprecations/deprecations.test.ts | 17 +++++++++++++---- x-pack/plugins/apm/server/deprecations/index.ts | 4 +++- .../server/deprecations/reporting_role.ts | 7 +++++-- .../security/server/config_deprecations.ts | 13 ++++++++++--- .../server/deprecations/kibana_user_role.ts | 15 ++++++++++++--- .../server/lib/log_health_metrics.ts | 5 ++++- 6 files changed, 47 insertions(+), 14 deletions(-) diff --git a/x-pack/plugins/apm/server/deprecations/deprecations.test.ts b/x-pack/plugins/apm/server/deprecations/deprecations.test.ts index 43e8140fb9b3c..8ab632deec809 100644 --- a/x-pack/plugins/apm/server/deprecations/deprecations.test.ts +++ b/x-pack/plugins/apm/server/deprecations/deprecations.test.ts @@ -5,6 +5,8 @@ * 2.0. */ +import { kibanaPackageJson } from '@kbn/dev-utils'; + import { GetDeprecationsContext } from '../../../../../src/core/server'; import { CloudSetup } from '../../../cloud/server'; import { getDeprecations } from './'; @@ -19,7 +21,7 @@ const deprecationContext = { describe('getDeprecations', () => { describe('when fleet is disabled', () => { it('returns no deprecations', async () => { - const deprecationsCallback = getDeprecations({ branch: 'master' }); + const deprecationsCallback = getDeprecations({ branch: 'main' }); const deprecations = await deprecationsCallback(deprecationContext); expect(deprecations).toEqual([]); }); @@ -28,7 +30,7 @@ describe('getDeprecations', () => { describe('when running on cloud with legacy apm-server', () => { it('returns deprecations', async () => { const deprecationsCallback = getDeprecations({ - branch: 'master', + branch: 'main', cloudSetup: { isCloudEnabled: true } as unknown as CloudSetup, fleet: { start: () => ({ @@ -38,13 +40,20 @@ describe('getDeprecations', () => { }); const deprecations = await deprecationsCallback(deprecationContext); expect(deprecations).not.toEqual([]); + // TODO: remove when docs support "main" + if (kibanaPackageJson.branch === 'main') { + for (const { documentationUrl } of deprecations) { + expect(documentationUrl).toMatch(/\/master\//); + expect(documentationUrl).not.toMatch(/\/main\//); + } + } }); }); describe('when running on cloud with fleet', () => { it('returns no deprecations', async () => { const deprecationsCallback = getDeprecations({ - branch: 'master', + branch: 'main', cloudSetup: { isCloudEnabled: true } as unknown as CloudSetup, fleet: { start: () => ({ @@ -60,7 +69,7 @@ describe('getDeprecations', () => { describe('when running on prem', () => { it('returns no deprecations', async () => { const deprecationsCallback = getDeprecations({ - branch: 'master', + branch: 'main', cloudSetup: { isCloudEnabled: false } as unknown as CloudSetup, fleet: { start: () => ({ agentPolicyService: { get: () => undefined } }), diff --git a/x-pack/plugins/apm/server/deprecations/index.ts b/x-pack/plugins/apm/server/deprecations/index.ts index 76c90270abb8f..39e282e76d9a6 100644 --- a/x-pack/plugins/apm/server/deprecations/index.ts +++ b/x-pack/plugins/apm/server/deprecations/index.ts @@ -38,6 +38,8 @@ export function getDeprecations({ const isCloudEnabled = !!cloudSetup?.isCloudEnabled; const hasCloudAgentPolicy = !isEmpty(cloudAgentPolicy); + // TODO: remove when docs support "main" + const docBranch = branch === 'main' ? 'master' : branch; if (isCloudEnabled && !hasCloudAgentPolicy) { deprecations.push({ @@ -48,7 +50,7 @@ export function getDeprecations({ defaultMessage: 'Running the APM Server binary directly is considered a legacy option and is deprecated since 7.16. Switch to APM Server managed by an Elastic Agent instead. Read our documentation to learn more.', }), - documentationUrl: `https://www.elastic.co/guide/en/apm/server/${branch}/apm-integration.html`, + documentationUrl: `https://www.elastic.co/guide/en/apm/server/${docBranch}/apm-integration.html`, level: 'warning', correctiveActions: { manualSteps: [ diff --git a/x-pack/plugins/reporting/server/deprecations/reporting_role.ts b/x-pack/plugins/reporting/server/deprecations/reporting_role.ts index e4575f9875315..355a83c13a37e 100644 --- a/x-pack/plugins/reporting/server/deprecations/reporting_role.ts +++ b/x-pack/plugins/reporting/server/deprecations/reporting_role.ts @@ -19,8 +19,11 @@ import { ReportingCore } from '../'; import { deprecations } from '../lib/deprecations'; const REPORTING_USER_ROLE_NAME = 'reporting_user'; -const getDocumentationUrl = (branch: string) => - `https://www.elastic.co/guide/en/kibana/${branch}/kibana-privileges.html`; +const getDocumentationUrl = (branch: string) => { + // TODO: remove when docs support "main" + const docBranch = branch === 'main' ? 'master' : branch; + return `https://www.elastic.co/guide/en/kibana/${docBranch}/kibana-privileges.html`; +}; interface ExtraDependencies { reportingCore: ReportingCore; diff --git a/x-pack/plugins/security/server/config_deprecations.ts b/x-pack/plugins/security/server/config_deprecations.ts index 3a71dbb28add2..8b778950036b5 100644 --- a/x-pack/plugins/security/server/config_deprecations.ts +++ b/x-pack/plugins/security/server/config_deprecations.ts @@ -34,6 +34,8 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ // Deprecation warning for the old array-based format of `xpack.security.authc.providers`. (settings, _fromPath, addDeprecation, { branch }) => { if (Array.isArray(settings?.xpack?.security?.authc?.providers)) { + // TODO: remove when docs support "main" + const docsBranch = branch === 'main' ? 'master' : 'main'; addDeprecation({ configPath: 'xpack.security.authc.providers', title: i18n.translate('xpack.security.deprecations.authcProvidersTitle', { @@ -43,7 +45,7 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ defaultMessage: 'Use the new object format instead of an array of provider types.', }), level: 'warning', - documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/security-settings-kb.html#authentication-security-settings`, correctiveActions: { manualSteps: [ i18n.translate('xpack.security.deprecations.authcProviders.manualSteps1', { @@ -59,6 +61,9 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ } }, (settings, _fromPath, addDeprecation, { branch }) => { + // TODO: remove when docs support "main" + const docsBranch = branch === 'main' ? 'master' : 'main'; + const hasProviderType = (providerType: string) => { const providers = settings?.xpack?.security?.authc?.providers; if (Array.isArray(providers)) { @@ -86,7 +91,7 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ values: { tokenProvider }, }), level: 'warning', - documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/security-settings-kb.html#authentication-security-settings`, correctiveActions: { manualSteps: [ i18n.translate('xpack.security.deprecations.basicAndTokenProviders.manualSteps1', { @@ -100,6 +105,8 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ } }, (settings, _fromPath, addDeprecation, { branch }) => { + // TODO: remove when docs support "main" + const docsBranch = branch === 'main' ? 'master' : 'main'; const samlProviders = (settings?.xpack?.security?.authc?.providers?.saml ?? {}) as Record< string, any @@ -119,7 +126,7 @@ export const securityConfigDeprecationProvider: ConfigDeprecationProvider = ({ defaultMessage: 'This setting is no longer used.', }), level: 'warning', - documentationUrl: `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#authentication-security-settings`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/security-settings-kb.html#authentication-security-settings`, correctiveActions: { manualSteps: [ i18n.translate('xpack.security.deprecations.maxRedirectURLSize.manualSteps1', { diff --git a/x-pack/plugins/security/server/deprecations/kibana_user_role.ts b/x-pack/plugins/security/server/deprecations/kibana_user_role.ts index ba32446611a62..9746597aa95b8 100644 --- a/x-pack/plugins/security/server/deprecations/kibana_user_role.ts +++ b/x-pack/plugins/security/server/deprecations/kibana_user_role.ts @@ -98,13 +98,16 @@ async function getUsersDeprecations( return []; } + // TODO: remove when docs support "main" + const docsBranch = packageInfo.branch === 'main' ? 'master' : packageInfo.branch; + return [ { title: getDeprecationTitle(), message: getDeprecationMessage(), level: 'warning', deprecationType: 'feature', - documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${packageInfo.branch}/built-in-roles.html`, + documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${docsBranch}/built-in-roles.html`, correctiveActions: { api: { method: 'POST', @@ -159,13 +162,16 @@ async function getRoleMappingsDeprecations( return []; } + // TODO: remove when docs support "main" + const docsBranch = packageInfo.branch === 'main' ? 'master' : packageInfo.branch; + return [ { title: getDeprecationTitle(), message: getDeprecationMessage(), level: 'warning', deprecationType: 'feature', - documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${packageInfo.branch}/built-in-roles.html`, + documentationUrl: `https://www.elastic.co/guide/en/elasticsearch/reference/${docsBranch}/built-in-roles.html`, correctiveActions: { api: { method: 'POST', @@ -193,6 +199,9 @@ async function getRoleMappingsDeprecations( function deprecationError(packageInfo: PackageInfo, error: Error): DeprecationsDetails[] { const title = getDeprecationTitle(); + // TODO: remove when docs support "main" + const docsBranch = packageInfo.branch === 'main' ? 'master' : packageInfo.branch; + if (getErrorStatusCode(error) === 403) { return [ { @@ -202,7 +211,7 @@ function deprecationError(packageInfo: PackageInfo, error: Error): DeprecationsD message: i18n.translate('xpack.security.deprecations.kibanaUser.forbiddenErrorMessage', { defaultMessage: 'You do not have enough permissions to fix this deprecation.', }), - documentationUrl: `https://www.elastic.co/guide/en/kibana/${packageInfo.branch}/xpack-security.html#_required_permissions_7`, + documentationUrl: `https://www.elastic.co/guide/en/kibana/${docsBranch}/xpack-security.html#_required_permissions_7`, correctiveActions: { manualSteps: [ i18n.translate( diff --git a/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts b/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts index d541ffb5684da..5d513c645a862 100644 --- a/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts +++ b/x-pack/plugins/task_manager/server/lib/log_health_metrics.ts @@ -46,7 +46,10 @@ export function logHealthMetrics( } const message = `Latest Monitored Stats: ${JSON.stringify(monitoredHealth)}`; - const docLink = `https://www.elastic.co/guide/en/kibana/${kibanaPackageJson.branch}/task-manager-health-monitoring.html`; + // TODO: remove when docs support "main" + const docsBranch = kibanaPackageJson.branch === 'main' ? 'master' : 'main'; + + const docLink = `https://www.elastic.co/guide/en/kibana/${docsBranch}/task-manager-health-monitoring.html`; const detectedProblemMessage = `Task Manager detected a degradation in performance. This is usually temporary, and Kibana can recover automatically. If the problem persists, check the docs for troubleshooting information: ${docLink} .`; if (enabled) { const driftInSeconds = (monitoredHealth.stats.runtime?.value.drift.p99 ?? 0) / 1000; From 8143901f5975309e0c1e0a45f592f918541becf2 Mon Sep 17 00:00:00 2001 From: liza-mae Date: Tue, 2 Nov 2021 14:29:27 -0600 Subject: [PATCH 48/53] Fix reporting api tests for cloud (#116515) * Fix reporting api tests for cloud * Add default value Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- x-pack/test/reporting_api_integration/services/scenarios.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/x-pack/test/reporting_api_integration/services/scenarios.ts b/x-pack/test/reporting_api_integration/services/scenarios.ts index e39a3e2e5954b..807ea7457ad45 100644 --- a/x-pack/test/reporting_api_integration/services/scenarios.ts +++ b/x-pack/test/reporting_api_integration/services/scenarios.ts @@ -132,7 +132,11 @@ export function createScenarios({ getService }: Pick { + const generateCsv = async ( + job: JobParamsCSV, + username = 'elastic', + password = process.env.TEST_KIBANA_PASS || 'changeme' + ) => { const jobParams = rison.encode(job as object as RisonValue); return await supertestWithoutAuth .post(`/api/reporting/generate/csv_searchsource`) From 2f8dfba4cdc0d6855406d5bb8543e51ca72a3929 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Tue, 2 Nov 2021 13:53:09 -0700 Subject: [PATCH 49/53] [Reporting] Log TM health and drift stats prior to reporting tests (#117013) * [Reporting] Log TM health and drift stats prior to reporting tests Closes https://github.com/elastic/kibana/issues/114946 * re-skip flaky test * rename method --- .../reporting_and_security/index.ts | 1 + .../reporting_without_security/index.ts | 6 +++++- .../services/scenarios.ts | 15 +++++++++++++++ .../reporting_and_deprecated_security/index.ts | 2 ++ .../reporting_and_security/index.ts | 1 + .../reporting_without_security/index.ts | 6 ++++++ 6 files changed, 30 insertions(+), 1 deletion(-) diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/index.ts b/x-pack/test/reporting_api_integration/reporting_and_security/index.ts index f6654ff5a6b1d..6ea6de3482501 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/index.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/index.ts @@ -14,6 +14,7 @@ export default function ({ getService, loadTestFile }: FtrProviderContext) { before(async () => { const reportingAPI = getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); await reportingAPI.createDataAnalystRole(); await reportingAPI.createTestReportingUserRole(); await reportingAPI.createDataAnalyst(); diff --git a/x-pack/test/reporting_api_integration/reporting_without_security/index.ts b/x-pack/test/reporting_api_integration/reporting_without_security/index.ts index 81ca3e05e4dd0..258ae814f5789 100644 --- a/x-pack/test/reporting_api_integration/reporting_without_security/index.ts +++ b/x-pack/test/reporting_api_integration/reporting_without_security/index.ts @@ -8,8 +8,12 @@ import { FtrProviderContext } from '../ftr_provider_context'; // eslint-disable-next-line import/no-default-export -export default function ({ loadTestFile }: FtrProviderContext) { +export default function ({ loadTestFile, getService }: FtrProviderContext) { describe('Reporting API Integration Tests with Security disabled', function () { + before(async () => { + const reportingAPI = getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); + }); this.tags('ciGroup13'); loadTestFile(require.resolve('./job_apis_csv')); loadTestFile(require.resolve('./job_apis_csv_deprecated')); diff --git a/x-pack/test/reporting_api_integration/services/scenarios.ts b/x-pack/test/reporting_api_integration/services/scenarios.ts index 807ea7457ad45..a596b61ea00d1 100644 --- a/x-pack/test/reporting_api_integration/services/scenarios.ts +++ b/x-pack/test/reporting_api_integration/services/scenarios.ts @@ -36,6 +36,20 @@ export function createScenarios({ getService }: Pick { + // Check task manager health for analyzing test failures. See https://github.com/elastic/kibana/issues/114946 + const tmHealth = await supertest.get(`/api/task_manager/_health`); + const driftValues = tmHealth.body?.stats?.runtime?.value; + + log.info(`Task Manager status: "${tmHealth.body?.status}"`); + log.info(`Task Manager overall drift rankings: "${JSON.stringify(driftValues?.drift)}"`); + log.info( + `Task Manager drift rankings for "report:execute": "${JSON.stringify( + driftValues?.drift_by_type?.['report:execute'] + )}"` + ); + }; + const initEcommerce = async () => { await esArchiver.load('x-pack/test/functional/es_archives/reporting/ecommerce'); await kibanaServer.importExport.load(ecommerceSOPath); @@ -205,6 +219,7 @@ export function createScenarios({ getService }: Pick { + const reportingAPI = context.getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); await createDataAnalystRole(); await createDataAnalyst(); await createReportingUser(); diff --git a/x-pack/test/reporting_functional/reporting_and_security/index.ts b/x-pack/test/reporting_functional/reporting_and_security/index.ts index be0e76a28bd0b..22057c9be77dc 100644 --- a/x-pack/test/reporting_functional/reporting_and_security/index.ts +++ b/x-pack/test/reporting_functional/reporting_and_security/index.ts @@ -14,6 +14,7 @@ export default function ({ getService, loadTestFile }: FtrProviderContext) { before(async () => { const reportingFunctional = getService('reportingFunctional'); + await reportingFunctional.logTaskManagerHealth(); await reportingFunctional.createDataAnalystRole(); await reportingFunctional.createDataAnalyst(); await reportingFunctional.createTestReportingUserRole(); diff --git a/x-pack/test/reporting_functional/reporting_without_security/index.ts b/x-pack/test/reporting_functional/reporting_without_security/index.ts index d1801b7e3e2e6..fecc0e97daac0 100644 --- a/x-pack/test/reporting_functional/reporting_without_security/index.ts +++ b/x-pack/test/reporting_functional/reporting_without_security/index.ts @@ -11,6 +11,12 @@ import { FtrProviderContext } from '../ftr_provider_context'; export default function ({ loadTestFile, getService }: FtrProviderContext) { describe('Reporting Functional Tests with Security disabled', function () { this.tags('ciGroup2'); + + before(async () => { + const reportingAPI = getService('reportingAPI'); + await reportingAPI.logTaskManagerHealth(); + }); + loadTestFile(require.resolve('./management')); }); } From 2928c5f0ac5523ca161b4c80781864641bb48447 Mon Sep 17 00:00:00 2001 From: Dominique Clarke Date: Tue, 2 Nov 2021 16:54:29 -0400 Subject: [PATCH 50/53] [Exploratory View] Adjust labels for percentile calculation and document loaded metric (#116704) * adjust labels * fix types Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../configurations/constants/constants.ts | 22 +++++++++++++++++-- .../synthetics/kpi_over_time_config.ts | 4 ++-- 2 files changed, 22 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts index c12e67bc9b1ae..aac5ac7136d7a 100644 --- a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts +++ b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/constants/constants.ts @@ -21,6 +21,7 @@ import { BROWSER_VERSION_LABEL, CLS_LABEL, CORE_WEB_VITALS_LABEL, + DCL_LABEL, DEVICE_DISTRIBUTION_LABEL, DEVICE_LABEL, ENVIRONMENT_LABEL, @@ -50,8 +51,18 @@ import { PAGE_LOAD_TIME_LABEL, LABELS_FIELD, STEP_NAME_LABEL, + STEP_DURATION_LABEL, } from './labels'; -import { SYNTHETICS_STEP_NAME } from './field_names/synthetics'; +import { + MONITOR_DURATION_US, + SYNTHETICS_CLS, + SYNTHETICS_DCL, + SYNTHETICS_DOCUMENT_ONLOAD, + SYNTHETICS_FCP, + SYNTHETICS_LCP, + SYNTHETICS_STEP_DURATION, + SYNTHETICS_STEP_NAME, +} from './field_names/synthetics'; export const DEFAULT_TIME = { from: 'now-1h', to: 'now' }; @@ -73,12 +84,19 @@ export const FieldLabels: Record = { [TBT_FIELD]: TBT_LABEL, [FID_FIELD]: FID_LABEL, [CLS_FIELD]: CLS_LABEL, + + [SYNTHETICS_CLS]: CLS_LABEL, + [SYNTHETICS_DCL]: DCL_LABEL, + [SYNTHETICS_STEP_DURATION]: STEP_DURATION_LABEL, + [SYNTHETICS_LCP]: LCP_LABEL, + [SYNTHETICS_FCP]: FCP_LABEL, + [SYNTHETICS_DOCUMENT_ONLOAD]: PAGE_LOAD_TIME_LABEL, [TRANSACTION_TIME_TO_FIRST_BYTE]: BACKEND_TIME_LABEL, [TRANSACTION_DURATION]: PAGE_LOAD_TIME_LABEL, 'monitor.id': MONITOR_ID_LABEL, 'monitor.status': MONITOR_STATUS_LABEL, - 'monitor.duration.us': MONITORS_DURATION_LABEL, + [MONITOR_DURATION_US]: MONITORS_DURATION_LABEL, [SYNTHETICS_STEP_NAME]: STEP_NAME_LABEL, 'agent.hostname': AGENT_HOST_LABEL, diff --git a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts index e548ec2714e14..63bd7e0cf3e81 100644 --- a/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts +++ b/x-pack/plugins/observability/public/components/shared/exploratory_view/configurations/synthetics/kpi_over_time_config.ts @@ -16,13 +16,13 @@ import { import { CLS_LABEL, DCL_LABEL, - DOCUMENT_ONLOAD_LABEL, DOWN_LABEL, FCP_LABEL, LCP_LABEL, MONITORS_DURATION_LABEL, STEP_DURATION_LABEL, UP_LABEL, + PAGE_LOAD_TIME_LABEL, } from '../constants/labels'; import { MONITOR_DURATION_US, @@ -128,7 +128,7 @@ export function getSyntheticsKPIConfig({ indexPattern }: ConfigProps): SeriesCon columnFilters: getStepMetricColumnFilter(SYNTHETICS_DCL), }, { - label: DOCUMENT_ONLOAD_LABEL, + label: PAGE_LOAD_TIME_LABEL, field: SYNTHETICS_DOCUMENT_ONLOAD, id: SYNTHETICS_DOCUMENT_ONLOAD, columnType: OPERATION_COLUMN, From 9acedc8406b934d61f1c9be234ef6de4780d843a Mon Sep 17 00:00:00 2001 From: Spencer Date: Tue, 2 Nov 2021 15:19:42 -0600 Subject: [PATCH 51/53] [watcher] fix invalid import (#116907) Co-authored-by: spalger Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .../{calc_es_interval.js => calc_es_interval.ts} | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) rename x-pack/plugins/watcher/public/legacy/{calc_es_interval.js => calc_es_interval.ts} (83%) diff --git a/x-pack/plugins/watcher/public/legacy/calc_es_interval.js b/x-pack/plugins/watcher/public/legacy/calc_es_interval.ts similarity index 83% rename from x-pack/plugins/watcher/public/legacy/calc_es_interval.js rename to x-pack/plugins/watcher/public/legacy/calc_es_interval.ts index 29f0f0f56d38d..cae88b797ea4f 100644 --- a/x-pack/plugins/watcher/public/legacy/calc_es_interval.js +++ b/x-pack/plugins/watcher/public/legacy/calc_es_interval.ts @@ -7,7 +7,7 @@ import dateMath from '@elastic/datemath'; -import { parseEsInterval } from './index'; +import { parseEsInterval } from './parse_es_interval'; const unitsDesc = dateMath.unitsDesc; const largeMax = unitsDesc.indexOf('M'); @@ -17,10 +17,9 @@ const largeMax = unitsDesc.indexOf('M'); * compatible expression, and provide * associated metadata * - * @param {moment.duration} duration - * @return {object} + * @param duration */ -export function convertDurationToNormalizedEsInterval(duration) { +export function convertDurationToNormalizedEsInterval(duration: moment.Duration) { for (let i = 0; i < unitsDesc.length; i++) { const unit = unitsDesc[i]; const val = duration.as(unit); @@ -35,7 +34,7 @@ export function convertDurationToNormalizedEsInterval(duration) { return { value: val, - unit: unit, + unit, expression: val + unit, }; } @@ -49,7 +48,7 @@ export function convertDurationToNormalizedEsInterval(duration) { }; } -export function convertIntervalToEsInterval(interval) { +export function convertIntervalToEsInterval(interval: string) { const { value, unit } = parseEsInterval(interval); return { value, From 488f112f47dbf492c7e252d459a4a202d6924098 Mon Sep 17 00:00:00 2001 From: Tim Sullivan Date: Tue, 2 Nov 2021 18:27:52 -0700 Subject: [PATCH 52/53] [Reporting/Tests] Consolidate test archives, move kbn objects to kbn_archiver (#116528) * remove unused * remove kibana objects from reporting es_archives * import objects using kibanaServer for tests * consolidate ecommerce_kibana_spaces * self-review * fix nanos test * fix loading of reporting/ecommerce_kibana_spaces * fix csv snapshots * fix more csv tests * archive rename * consolidate canvas_disallowed_url archive * clean up snapshots * fix CSV tests * polish * remove unused * Update x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts --- x-pack/test/accessibility/apps/reporting.ts | 9 +- .../apps/dashboard/reporting/download_csv.ts | 3 + .../canvas_disallowed_url/data.json.gz | Bin 883 -> 0 bytes .../canvas_disallowed_url/mappings.json | 2185 -------------- .../ecommerce_kibana_spaces/data.json | 83 - .../reporting/hugedata/data.json.gz | Bin 33885 -> 31900 bytes .../reporting/hugedata/mappings.json | 2523 ----------------- .../es_archives/reporting/logs/data.json.gz | Bin 1375 -> 0 bytes .../es_archives/reporting/logs/mappings.json | 263 -- .../reporting/multi_index/data.json.gz | Bin 619 -> 0 bytes .../reporting/multi_index/mappings.json | 92 - .../reporting/multi_index_kibana/data.json.gz | Bin 455 -> 0 bytes .../multi_index_kibana/mappings.json | 2027 ------------- .../es_archives/reporting/nanos/data.json | 25 + .../es_archives/reporting/nanos/data.json.gz | Bin 863 -> 0 bytes .../es_archives/reporting/nanos/mappings.json | 1028 ------- .../es_archives/reporting/sales/data.json.gz | Bin 1762 -> 1004 bytes .../es_archives/reporting/sales/mappings.json | 264 -- .../kbn_archiver/reporting/ecommerce.json | 51 + .../fixtures/kbn_archiver/reporting/logs.json | 441 +++ .../__snapshots__/download_csv_dashboard.snap | 126 +- .../download_csv_dashboard.ts | 303 +- .../generate_csv_discover_deprecated.ts | 7 +- .../ilm_migration_apis.ts | 7 +- .../reporting_and_security/network_policy.ts | 6 +- .../reporting_and_security/spaces.ts | 13 +- .../job_apis_csv.ts | 4 +- .../job_apis_csv_deprecated.ts | 7 +- .../services/scenarios.ts | 13 + 29 files changed, 766 insertions(+), 8714 deletions(-) delete mode 100644 x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/data.json.gz delete mode 100644 x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/mappings.json delete mode 100644 x-pack/test/functional/es_archives/reporting/hugedata/mappings.json delete mode 100644 x-pack/test/functional/es_archives/reporting/logs/data.json.gz delete mode 100644 x-pack/test/functional/es_archives/reporting/logs/mappings.json delete mode 100644 x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz delete mode 100644 x-pack/test/functional/es_archives/reporting/multi_index/mappings.json delete mode 100644 x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz delete mode 100644 x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json create mode 100644 x-pack/test/functional/es_archives/reporting/nanos/data.json delete mode 100644 x-pack/test/functional/es_archives/reporting/nanos/data.json.gz create mode 100644 x-pack/test/functional/fixtures/kbn_archiver/reporting/logs.json diff --git a/x-pack/test/accessibility/apps/reporting.ts b/x-pack/test/accessibility/apps/reporting.ts index bccb650fa08ca..91356ef85972b 100644 --- a/x-pack/test/accessibility/apps/reporting.ts +++ b/x-pack/test/accessibility/apps/reporting.ts @@ -16,7 +16,6 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const testSubjects = getService('testSubjects'); const supertestWithoutAuth = getService('supertestWithoutAuth'); const reporting = getService('reporting'); - const esArchiver = getService('esArchiver'); const security = getService('security'); describe('Reporting', () => { @@ -33,17 +32,13 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { }; before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); - + await reporting.initLogs(); await createReportingUser(); await reporting.loginReportingUser(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); - + await reporting.teardownLogs(); await deleteReportingUser(); }); diff --git a/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts b/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts index 79ddaea13dfa5..4ee61811e5f85 100644 --- a/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts +++ b/x-pack/test/functional/apps/dashboard/reporting/download_csv.ts @@ -18,6 +18,7 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { const log = getService('log'); const testSubjects = getService('testSubjects'); const kibanaServer = getService('kibanaServer'); + const reportingAPI = getService('reporting'); const filterBar = getService('filterBar'); const find = getService('find'); const retry = getService('retry'); @@ -124,9 +125,11 @@ export default function ({ getService, getPageObjects }: FtrProviderContext) { describe('Field Formatters and Scripted Fields', () => { before(async () => { + await reportingAPI.initLogs(); await esArchiver.load('x-pack/test/functional/es_archives/reporting/hugedata'); }); after(async () => { + await reportingAPI.teardownLogs(); await esArchiver.unload('x-pack/test/functional/es_archives/reporting/hugedata'); }); diff --git a/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/data.json.gz b/x-pack/test/functional/es_archives/reporting/canvas_disallowed_url/data.json.gz deleted file mode 100644 index c434eee5dd8d35749fce7d082a802c159e70af14..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 883 zcmV-(1C0D1iwFqD#}Hov17u-zVJ>QOZ*BmkR@;u-HV}RHR|x7$i$q$Ix{wqQv?z)` z7JVohAaxM%CRAZW8?X!sON=Q^lfjv`Hvgs&~GwK36TpP4+=<2L;{eL zOq6v1W;LZ54M2!V!9mE$iaIL-FfX{=c-DxEEDJz)W}NVFd(G=S%o8eBN)d8OT;?Gs zMnZ`YtP3HEP!J_BW?>-AM2+(>CBcQtH_<8CNXMX55{I5dN(wiEuv~=Fxgu+Z0+5sv zDY=Qx84aU@d4|0b6Z?AvgyZC1RxV)d^IJeoQiGF1V z6`l5aug}XnepJojXq_KMU;#Jdd(&9Ocs3s;B^9V?OWx>G|WDFFu%l z8n!nfbh}9I?^c3{M7feE5wJu_4%}OaBAz7_6N&RIV{SkMddH*v(yBW`$DD~rpMswG zeJ92%mvca54b!h2+p^B{-Bx{Krt!VDE_dm1)fEDA750`v+%*ToeCXem8N&>=FVPsM zAO-P;#;97k!xyVGZb{s}5CXoNeHx^HAAe%@^%pGpa0%;WIPcE8-RUd7J$hX?hlHh2nf&fd0_wpWMOn+E^2dcZUEGs(QceKu7L0R6pLP;JrGGr zl=cDk3C`8IIhe%L#))eewo}w8_T3LTGf5ZyX^t1tFDZbFy5rPkKadnjQRE*#{OxZ) zKEM2W{P7=u`|;-C{g3~pAN+Q>`>db*A^#x%czdHig<9zE|9?EbJluae{QaM&Kd3*u zzd8P{KYn+3_i}&u<@ogVCr=NbAK(A^TjZ0Q!}IamZweq^{}aMLPGA2WLipdyzbSw6 z=cD}ENBy(^{PRQo?Wd2x+X6#Z_U+B@%PZ z74c0@eivNtZYQ&Pck6(PDJM*&Ci#|A*xF$k!3q0t!u>cABLpA{nIfe^=}q>Bd-(Pa zpxQjU3yK9)Au1skf>O5u1E2wF7r*{a&Y<>Fu+{iPhVR7wdeCY$L7&z_R(QPs?RbBC zGdq6&Du0FpO``W$S;F|ji7RiJK^T?r{PfdgTtEHf*5h742fg+>`k+)%c!XZ%toBQN@f%7<0)LNtkVeDyz)bJ;9+)q*@KoBL$K-15lk&=7L64kXQEtd$VRC>jti`Mz-o-Fd{`1z#T1Yugp#euiiQR3D(T1B zIrCYF*MVhVj+sMDF{cDu?W#jAz0ODBZ3kSfXW^|!OVZ{n8U%q8U}Sz<-n>gqrVp)V z<#K5i%88)X#4!MZWsM`0>m0bhOpn}OUVleL;)4WJmJpsLdf#R^Y?107xT6_o_xkrjCfRuoJ3Qf90TxsZ@-WV~jP#?X@6VLDo*rsvT6Tt9libWP_Aa z2plUGG_L1K0FFBZU*_k7FJ3;FF+eV*M5-ZGBYQSW?0c!z{Mg-vmAC?N68!?C3V(G2 z%kot_h3+pO5AQ!skKRvGc;$x7RZ>Gqq$@Gh__i*rodWomj}Hqdmb&l6 zK2P>tB7qmZlNKHjYGC=UYzs72eYCshI+L0mIfw+`hm*hmd9nrG|LnP|b#A>nfNFE@ zKB#s4`u)qpFSoNVQ_n)IuUQK0aew;N^P_w9yi7Ag4^VA3=!23lv{cETMX64q>6^mQ zUGAM9Z#q*e#jrv$PDCqx z-le_aY4(G!Czn&np+c^w4kJPKrc7s-!2RjN;c+@DmBFL6#n$sl&4)fkKVw2-U7s#P1bITz!_v-ya3 zkBj+ExSB1|$0gxIghKjg0x}xG!;skFjO+Pfa{J?11}`sMrdRat&^}$Xk(D!A6ho9) z6l2I(1CZghXn)9y)Yu19V@T?OB9gy^7AMT57#Sg1QPw^o>C60^i5I8XE;*q%shUNd zFaR399Y!^L+#SA5NA<<8$#9BXH6ASp#{2mp@8L9PIQE!()fO`x-LY372OnwA71W?3 z+_wQK3>h|{@#yU@v-2F0z&roem>7+nP_?O*k7}6-7JpqxwfQQaRF+VoWJn?9N*Im7 zS7TmQo(!;uw`#ONe@NdVQ^>X2e*4rOTD4W%MFQ6Z0mTX(=HFdV9EmE6%gQN;k2f-$VZ9$O&mC%_ZQfl)@JgZ* zE+A>US_-AWHfl&i`qZ!&tTtzL1r~%NF$0FIoegBHnlRfR_egUl&**a(o-MN-Ze2)! zsjM4_hU9>;2cxEPvBL;C)mXHy&T{tEWZc#ad4H3nkPhwJy4o-uyj5LX8A=2l6)oqU z6+&70%pP6Y5AWulb`S5o0O~Ji-P_){bwBE27ffyH^g1R8YH*MsRh|81CC5CZZRn&; z?~c#UlLM%W5MBmTfh8gcImJK;x5Ugot35)fUcj1ysH?z2E)o?aW-M5<@ruM8y|72d zCx4<&9{sNpyh50HFfg<+@q4v1yrk6IiOz84^y7>-UCE6Xmw^l;*N@55AG0hNl`~0@tFlqxpFJSG?-Uo&{ zib1j;iMcXv^~)S@zniz8y|&~kuNV@Eig7HdWHx3Q<{`Jv7lT~E9=`{3JeMIRZ-04F z30_B40>%_{fk|LU)fi6UsNLFu2~uPF@rJa z3jcjV*zU#U4r^YT-MUvNU8AE9dVjHM_UnF4S*Na+h)E7X%x`S^*rPk953FW)<-%H| z2l--#9b(aDJ9IY=E;1nHWQkoacp6Rd%7vJ!N(oWt^l@aPO$JBJ*6xI>G0eJh9abq| zBEp;`Gqk3pjH{YQTrI+^s7TpqbLEP&LD@XQ?QKieaNUx1=V92 zM;j@B7e@(+vQ@`+xH`QYwO1VZe$BD>HBw4coA?>c+biV>*CpO96dMOB75l+K)G@ak0{k*D^`NT9A~;Py&lR7s%|u2${(9+WF8tsbzNB7cUH2%c&!vv5}= zoxN`NB!UNPjR9(Kfi-*B$3+M)ZPpR2Sx!YDs==tUo5A}Yw>Z6kwd~OqL4n=3 z(`t(0RRS+KjY&)~>t&9vQF!Be)IFZ*sGv7Jnn)X?h_e*mNgScVK2Hzo&r&R(0>Pie zCSMkQ6XR885fMv{34e=37Bw0X1;+KKX0LhQLiq(8)(a{QoY0&H$9f5HOCn@-kvm_hR7*aIR`jNIBV?c zHQU_ws2Fxb)~;qQGLrZem+d6>4i_0O2dO z+ZEFClNg?+t&sgyXh7wGB~)_>3_~tQ9C5$t?vHl)-M)mBe@?gCT|#Q%>T@-uSp`r$n*~ujb>?=Y@zFDVH1yFj(Ceqoxj?Wu0Gty;er#pi|GX z#1o=n#eaCeXGRn|-HI=9C;nZGm8E{XI+&#U@G5X2oi3ZjG?Vp4ZPar$OD1VD9 z4=J*KAGj7vw|n4fO}BkqOT6>DIIac!)^~G7G=KY*`xRI*ArcX)x0k;e2jZxamM1|w zm|<&BuR?f1Jy5EkJH6H0TYX_8LVD`Qt6jTXUL^UV@Tvj}QZ;xD>^xkdk>W}hg(N^w zQTwSYAZ;_oQDZMAup#xEizzNpPrdcZ zU4K|3Gv|^dyDl{u)#o8Ab5FD$BsQFm>m-C1&!;3YeG<(=u}FC1448dx8y}~?SAKL} z;8GA1q{0|ug&2&n>q87Nb|Tf7_jshR$a#nigfVl>#+AQ07ki(UlIbtkoJVW5B)!py zpl6}AxFwBKsdi3{8s%^*NkFBVBrlYd$A6j=H)=DUh&kP*yXPN87DvT3idSc2aZ(&| zok*QXwVIws3JRBmRRVWPY-}zwR|@Y_RPJ%F-&mXRZuNonI*fE+YGMe+N(e0DYBN1x zwd$1v3j>Km&nT#B4Mx*0!I0ef?9?CH-@3QD^#|{vd#sY*#6qCgI@MU=Y4y_YTC$YIfyQB=G$CGPi+G z&yzO-ssvs>v%=G01@-)4GNnHJGAr`h!>|Ao#vV=_d}`wnAwTm6&@;qY4I34a*%1JgDl5OequVj=%!j z!UGNI+s1yl+JgxX7pOTh7S32HGrsX~+@(_530V8#=mINxnF@$n*LtP3VdUw!LN@ez zY)^#{Lah*M%3_tzc&T9e4@ zO18|M+Wgnj&+dCxNLV6E=&G9yVx?^#rI~T>6NWv`p9g!A!8;^Z=qQ11uo~U{6yjbFVzxC)p#9t&KI%!v*0KZYauEzH@OMmbMffHb4-g^2Wwdj+2 zJvVlc+=ox_*acN%aO&$- zEPBZSF;l2k_G7BmK9T8Ddn-<>33`n<>jYXoI_DeXEVpxhrNT{z&iPiQdfog`2hk+) zQYA=on2mQ(v44)cFYAD+RjZu4va6AM7&3MFBZfS72MGKIA3h zDOPx%-e39bJM{=qP{-@bcjaxpsQWZmKF{~+&z@JOfH4+{J!1?yJlIHYhV*h_FIdfb z<=J2@F-1`?&2lP$(N#HY4?!1Lt^UgGKqb&IV-PWD<9`SnZCt~)e?ND4K-S92yGE>7 zG3KNrF(_AS%)^kU(-%}d`cIo_xecg+5LnERwXB>o8dJ1}y)_qEr&p6j1TS(B#}1Hm z6^OcdqxL@TPQM4N*7MMZr9;`E#-fj@ld&1y%$;{S4?DnWJr6xtp;kl=D7uB>SO97!qYp zHQ38*b->l^wp?7QDkVfY6$?i;sxxMKxR>ARfUDVYdAI^ciAynOz+4!z;kkxH@@kBq z?+&w{?W+h*B>$Hyuq~`K%oMx8YO_QimNiBqfoShn;h47+M zC-Hq;?5nV|5Ki;};hM`h@>G#S(v22d|7GPp zy9^Wl?RNHaD3QQ(^;c)#4T~Z=kZOz~TvBVym69{@@cc6Qv4u*o{%I&mb@+U9yt{3$ zJ2dIlMF=mHXWc$3VJcyYT+-HIjk*;({D1y@e4LC+MR4oOlJ@8;9$f%p+#rq_s;{hG zrY}rBiQp;L8snGMX}!GM-p?-6T!ip|t?_n~`T=XyuWP^-nT4*Y;-SNunYKLf;H{a_ zTl{p|NT>Y|$v73!8o#y6yWqnLPk0Xgs}wx7;pUpP7rq$xh|#PA?#8Qq+;=-JZ+|lS zLc1>d;A*?p_50*3@g#$HFs}37ybrE+WAt#X@z$KW(P~SquPWCvQ{`3C zFAJFBmse?lPIgOBDob=8rTkdwaMS*#rfhNVPflE2L0JiFYT?lKoWU@?zNh?;fbyEYL@_$V0J{R(+bT zRiC`ui;T>uYe*$}Ph^y7%!<}70YeW|ZQ+8CYK=E_)QME1{kfzTIseW|HGh4mgNoq5 zT4WIh^@7!^SngPdP^oHy~`~Y4%(Pk>GVyDWHT@g_3Ak%7$Yf_X58M zsn#>lAr)f+K#n>*J{!pm4~eU=6R1{S<$=0-01lbGeD+k+-~Oryud_mZ$Vydwds0*6 zty;xl>u277n%(gy61;{Aw12-yce@j@UPGJ3g(1s9uoJ3Q3v^Hg@lhZldqUkjW7Mm7 zOu>pep=!0j|8MVYbn7^BZQ&=nK#{E97r5^s$C_lviUi1V=4hV&lHJ?MoNR8k@Ugn8 z1bjJ8qQL-TdL5Fz$RZc-LlxMY8k2-rpp>Mw_Okjy*gXJaC#ZbQJ%0nLZEz;%z`Uw) zevgF8%CE-PPigOc{nyLvF{9lEs}O9=KP#jLTt6#9u0up`g;;%?POQFJd|{#aqQ|G% z74ws=7`cE)300VX&%(TAfxra~)ySNoh7uHAu_0@i*a;~gQ?QYe6Qm{ATw(hP-aZAY zr>0L~3O%552A>5Ldw*1eLKUk>UuYk{VXrk$m)Wm1Y=O~!5k1XRa%R6Oq}|k18|$Ym zQ1pPx=~O0EDMretl0Q=Oiruab#z@vQ8r}vb3~0 z)%0^!SxIfJn$YKi&sF16|$XFFLD2BbSzsiECV4hO{f*IW=$1E zOYGf!Ys*xRUmxE(yh%9o)oz99T`Sx+j(;KM4@akm?N*qGg;eCOmB?r|<%)-fSa%=0 zB6j)ZZ9ZUZ#C^Qvv~evFQo_dE6cr_`Awl^!V1Em^m{?)C82c5&RSJ~MS?xn5;yGW) zE;-Ekfjr1yYsl|x?$u@1-RWEhv+k5jBLF09w6y>~1lKvv_3QMVFEPR56I@Nl!Uc87 zL`9jo9U~7Jdx7P2tpl*ukS*Ul>+DygKTYzd&MDsxJEnGK!qSr&PyOwS8sPFT6g#irXZjKeOkKL7sk$Mowu zyAej>O6*m!G-Tu|f>Htv8KC)z*Yw?r-3Wuwvv1WHxcq^f8n#;xi^HxyimlU6RP06= zseX|sSLg?rGua;j#yp~MiQQ6;5R@scF@Ms@u^(Pe;$`9$V`w?W1ei-gyiH&1c0-ug z-*`=Ds=E~y`+^WTlaZV$PYrHgVO93k9kM+nXD|J-1;*!bk)in52`aB=8Bh_XAWcCg z6d9l@QIdgAzL-<@G5`A*+;1M6&Z#v-F&AGnGb9&q?mnKYxVg zg{vj{^4r@_pSG#<>F2O-y2g9;_6dCM(A;u<1E0<2RufetC{2Ep3n(8;Sm$&gdVuB3 z?Iu{jY@rpot_@Uktjgi`A@en#0W4srDw`NL##EF&X&l(C>Cy*ugJmbJHC7I{-ox{3 z6*jiO;_d&qasM$9s8iMldO+p%tAG1YK`n9zi~&m=h*@cwQW(xqv7*URsh*_%+i z4eOWGxWhGh8EP}Z48;{T3t2X-I>;qDp)%DH*FcH{so4bL)%+etq8uyLhSH8#WFFLm z6=$%AE=ak!gN+o$#zZS+E~Hx^ib~NlWQkx4KmUq~Gy076lvSR=s1H!i;In{QMz~;g zoc?#SS|?Qj0nd}LC^Z4JljbNh0R)p8DMkU}lVK@RfBiA}@Y-&JmFm}6h1%fyWj0p7 zm|1HH;n%PM_1o-Ty_jIuKdaoSV@tnHcdKvrp%S$*W~U-jL%C_MW$LrWIRVIjipzYs zb}I}rpO`yTYz1-+Ehy8J+VIFJ?fRFmvn7}}6YgV$MErN)%#|?L+HOCGG(-bwcdsS9 z%XTh+e^TUh9hRDzKq&Xc#`U>gzRvCnvIT~3ar|L~7Bg2s*p#|QePlc-5GQM796%*1 z)xa)AA?2XFFvcMd{hL$GCh#VEUqg5~_QA>NP@iK9nC+atr1@fAs|%5GVKQ1VLxy-; zKo1#m+hcFKKFw~!eX#y{U-Oo@522&Dq4n?Cf7ktX8w|D(QWR;LKyhOWiU^>#+H*>C zrVm_R=d$5~R8ejLLqK*e<#L_c%R1$uhfRH--6`E{Fjzw&W>tyGrnnrGgCKFp(CL=t zU;ND7ndD!rnlQ8o6qB45%d%H+TNI9xwi82VKTnGZMvjlU0cR~>&x$cC^KPSVD2t&T ze=2Baju#s&`moF{K3n?KA!)gN>&ePmi);m7la{~#?#^0P`<)#nHAGp!$OJ{<4@1bQ zfc0axl#f_oKvj#(wo&G4hXGR>r9)cE*a<0L%CeDa6fhBCPV84o%MXUU-cu)}eA(&% zDfTAh_+y|rS!Lzre%O}lkLSzN^g?l zm4l&H=3L19R4I70hSoW;*at9YI35AU$*W|k|3%a`mo8!W;FwPJ4D6%`4|k9{0Z8EfkUm#y_Q}A$`+pD9+x}7ZX;0zkps)xueilBx6R; zMNi@%rP2H$tj;)0*9R-#3!;gYXf9XC4O^iSl?#4()YbRb_vuyQyHO=#3Mkh=7_n4Q zxpf%Buz8~%NI8AVLMk#mAl(^Ce}O> zl$V_M4p&*dP<^vKExrK;>tvwbzuuDpFS-Gple{lIf1iY=e|>tKz09@Qa33ya3Is9B z!(gp7CFSvE$ZJIG2A4O#n{b6DzET)0q$u8{G#JJu_@@r@9^MrHWS+L?U<6UzE>)%= zmB)FFJDil`d!XfyMH8(xHcYN?Er6B*R%PaZnX!tE(tkgh{#_9cV5MU)4;_^6 zyOKDD`~f2wETV&kDvc7w0J|T{13s2Letjb)D6Ou zzJ&8Xg!hp`PVCI9pg^J0l<#1yLtY0rpL*=kf6Q`v)uY+XT18K7bF9ns&fn!eR1gX= zb&p&UMwuQ}is)fd9}j=b_NqUORJF)Kq1Xo~r$-q;F-stnx!GC~Yu5TQ8VfyR;^XyU zdgz(bG1z3gvT#z*K{@`cwXaTsY4T)@Sg<-!VFzmZV2rI^v4*-f^uo&d-fUt8wG!mU ze}C5&Q&TpTH1c`QgL4n8oF$Eo6<2?oDj4%B>02rN&~a}QZ0XZ%rXV(~&p&_qR*!2F ze)qD^O{}AKFSbrEaKwiDXkq5`)dEpsK1xwZUg{;nbJ%DXxZM1~f(t6OEZa*m4Z^AZ z_PeMG-k($D@E>Hpb6IDFLS+`go`psBf9Vz18ZrcVIRqJz1DZG*bOZ=S2fULzXCbR#O$6Ee-~;a z4|!Zio=u(pfG9RB?_Af<&Cet zW~LGR!!1@A)Z?nBTs9F)ryq6Pjj-Zyh3h8R4=%rVS#SXW`xdnZEy#SlB6u<69PLm4 zTEV>xxH3Cd%PrK9QUGmca?Cs~e{_S({jy=f)r!1VC*(3ag{Hk#7p>oQir{n~xZE7V zfQuP?L?|`YEXTAJ8L0o>E;zp_ahbl;BQ}`z^*UQUZ0ZuP8yCC2UTJBQja{H(G=`E^ zxvCSpq2;a^Ewms+jD_7RH5vT|#25FD{zx9e`~J*1OE<% z*(!#%UE01ui-z1pp>A-w-RnMF1f09JkxC|BrDVwF z{5W-k%O8psTs1(+oZz`oj1a0a#5-iN>t`^|KH0a~@Ogr9fhLzde?mf$IXnV?9QmjE zv4_}`V)5I{^icfvvVH?%2kUu(0g~s>u+DjfYk>yDv(>MOp~}&)%6Y2>%-VF)klO>X z8(iK7gbkNW+Qcf-lT{YYZsDo}hr<_eE?Z+{4atny3oNf|nP5@KIW){nw;+->%r#_` zYbRW9)9Kcm0o6LUe-6da9&&EpKH!_J=eEY3@;zz2Es(X|4kB?K2Jz$RGM%1^4MwFH zQMNNmC{dm>qEac26K3fGmov>Dz_rqP*^lX=_`@EZ7p370jWEShmD!|m+_VE!UcWL6 z>i~M{8>}d7E#?3smD?aG zyBHdIKV>|(4_ZFPaD*1~&`Po7l#$bWz8yCm({uO<*X(DW%?8W4))>#-Qdb8JSZCrg z1z=Z7TOFWseh#5dRq&aMs z=ErQg>K~R*k?1c|<`^VKOsQ_v+pH(yG=0K*x4~izk*F1Xb1*pll#C{kGl+ZBnr?2LmK;}trzkM`{f&Tb9e;p@Fs&kP(d)$EPuy^R{S#2hK zh6W!SI$8Z(EVzplgj|HIr;-vB?JyRoD-~z#2>kfhzb1=3hy_Nfk`8<24oSz~yghO9;J z*=q7SlUQ*76IdF96hT-Omx0PU6RDN*8U2?oPlF|V~=5SPAn zaE*Jmuz@u@xw8cpze4`_5oRhmB^=m5VHkBVpr8rzx{( zqb@@Jc>VS9`}fJbeY3%Qi&$mesuNsJ-#UP6o#RD6Ucb$5U$F%SabUNC45@@FJnMFZ ze<2QO$!u{rS;U(SFmiiMH8u(@XJnRz%AJ`ZS6O2ppqw6M0=3K(E!#Q$iR;yV;Yz7+ zK5tmL+7a=(+b+X6r|N)}*R2k)g3941uM#0~A^jn&&he|~=@$of8!RrG2x8{yhJV$h zeF8^`uXTdU>035jp){uMkxQMJIcI4ae*{D1i>`3J`M12>aJ^Z3UQ68a!=GSHoEFa>Th?!(TBiqC?ntyX5SQ3Z-94*^V7J$`Y%ivkmFedh?C@TP@=&t1<-I*Py*}H?Ae+l=o zN?4?+9Ocn4=NOeatYIzX?{ANpJyF_MNw{6 za7yO_kwR3KQngu-Q^N4=m)|C1#TFRt=Wm9h*@cq#!;R3_by^7F09@U)Kb=% z90kFuLvnY$tcnFz@2>==pOl%gf2T$@D*c&Jr%<|J<;v}cST&%MC?!B@aQmb)YR6=8 zq*CUb&d$XAszFdjX4$(sbHry_c`RhjNm#PvTC9?z5`X=gqL%sJTPJ5P&G!JyxixQr6)G3YOcoMXe}NRQf~*yQ=O}%! zp*?gBovD4d!pvGr$XEPyuO8Rs{2pdsms> zK|jE})awASm~!Ie)smdLO3DuTki8x3hnF`VkLKCdh{)Z+daN6IfBnneH(W_{tqWXU z_d0-UCGVOqLTajNmJ(!1I+lt-TF$quOKszv)S7tiPyu;q*RxRpNez@kgWNbKh21M9 z&v} zD91{*A&?9}+`u*DfA#f>*6f$+-G=*U0f1;A)>Ilh8MBDnL_b90Z!d!U#kIErGHPp( z)@ekPleJuAE4SO#H`tTPpV{}CY^WdtK`e|DKrM=bISv`C!A?+ld8q{zCo3wDq*QFA zl+@}B;5iTb9gy-StGh^HU}r)RcgO)_yCtNA>SypI)-ZVjf6zv%Mb1wNYlhnRKionU zVbsX77`gysc>4s5A$CK{?OHZkOH7wueQWwA{?!NruSITR{se3VyiCREm4dMYTJB&p z(OO2lKrCIL*s)f5IAJyZ^o5*4DVa(9Z6ua~FR!zg@i!AbhigserT1|nN+p+#ng(?; zH^ouM1lY{^e-UUOT3zCtK*kD!3=s6NI_*^L~!kZdc=QL+}faT5Y z_VelzPhi(5^baz-qtKjUUgPCny6%?_?_a*I`^9?wf0A9gz_lP&YE=`Ggs6Q8PwBe% zfXe4qHdMl`vIw*hwNR9&oHVTK-UBLMYPX=`8Zg9KOG9G!LeNge4B4lbvkGjF-4@Og%EmEwR zc|yvKFlqKNbDxq~sakd0fAvV0c`NLJl-H@uqvLDnxo%bT*A8#? z&NBL|Eq>ct%mGpbY>*U=rMcBP&6%&ic6j`9GE%YOE?TVtA=8G&-$0T4yG>VB9X2|r zLDK~;uWy-fl`8jYNfyF#QNj?)xCVS5xSX`Xf(sxe(G!ugnK2a7E?=oqrRNa%E^s-& ze}^VqrPS0?LH>y{C~t;XRJhLhBzA$z`B5~3ahY>rf2H~*a{Yb4Ff&-0N-ZTL-WG?k z4mn=?SE`@>*m||X@~|~tdj5uN_RHASiu*oRF_uKF$c9)|y3POHfgbUJ?0{H@Po#ku z7ePS4?nR<|r#$KFBS_~I*PRgSkoN5df7mtZp=;v5_^$xF^Zvy+0~|_dIW`6W6Ci3A zNVQH^_r(7bt_41m7lT$HR1U@(f#mr*C@D;9qMr4cymVj{?v#HqM@<(}DBEpaAmv}| z1eQ{T1g$aO=hR;m>D(b#%=fye!>ws=S!CXtP7q6#xwn{7Oqwd?h@xn7uj!s;e?BfU zQDu@ZrDH9iJYB=EWyJX|WdH>cQqCv)>*|E6TDKP+olDLKp+WZxZ(@Dfp*O~bP7d+Cg35ChL@+vz-SRVTU z)*&1%z*Z`!`vBG_#ke$D2)kfBV6ImbsDm(+cb3 zSh!ZKOeF{t^VIaQ+2@l&u@7Y4a6E!+4Na~fh|RwjwcB8zwaB?B>;{*MOdP_s#*yKl zXicVGyAAizLL|&0W=1v0zWVK$gen_x2J`9!mowelaIG@1w81r5ftY_MBMM8A>0R+E zPV==X40Y6GR}Y|^e;-5xC_vfzETW_vnR#i43pB=c3O~I(&8DYpf%PF=W2TEbLFJ1+ z8>%&)6(#zfzW)0%d9rf1!J-UILKC)9pyUv4le)$jPKm%LhG%vRZZ;SRE45N%$Xx9} z&RCR$HR>8?C%AkB>j17rCX@uNKfYWhW5pKSM=Hi3vq{^Ge>35&Ta8f?q)tHjlDi4i z@fOAqZ7IoD^N+he92_fMrK5$t(DFs#0b1+S&aZvCr9QM?kNTyHjLp*q*kp|nb|F% z78zpR!tYB5e?dxT_?mq`YBh zAqCqAe^M0MT4GUR5H+TM(xwbxsD7<`~eL7D9)DRIshvLB#|f1 zA{$$&D9>dBOYYfnTnAu9F0(-fZQ>?Ke~VQaGPSiw;rzz)7o*yS(4gdoAt$bbxCFY* zSYb$Z$6jE0qtI$i6uFoiDmBsAEm1kQrAm*Se-nkjJUz^wo!o3NDb@-PK(QNI&c4?H zTKpYMA+^Ni4hHz(dEql|d_TN?eVL8b*B7fcTt=v$tJvA;-Qc5(NDosVoSeDJ;_ZdA zIbi0mAp28Ex0}H@BvWlbJBz^Veo zCaNNw>}yiU`w&L@)3H|YEDNqR7JEJke_Gp}m0U}R1^7Q`dZ$ApafMJc;gYTvaYWWa z%2qzmkVUAiq1B=4arU#UvS*bMLFxpRHwrDN)|eF8LvZ?e;oXK$(xB;aJjB_evCoGz z2&r)$4Kbz+w;gyIB8&mOuyVey9-LaioFheqTATJM#8JBPeXw#TcMB_$m3&Ate;3l! zmHbh60Q+F&&RC}W(HaTs`Xzk+_3dT)^yJly^*ax{hjjqV>tPmHTR1jRE$}9W!0KACw&n8P--GC~|@MvkVh&ZRx#)6c`J=#z2%iM3u$f_7p=6_4a4;9TLRHePoAy{v}y*$1A z@%ZoALHN@SgEjnvVcim}AtD*ED{5XZJ47vpSdckH%1Cm#O}TwBgw5};e?4`06Z1m$ zWIc*Ofg+>JL0Zf~(X3IWkWLCs{{QXtuw)yoPGFPcc90r`km>d@f84jR3s_#)vcX!U zuHNCA|A92$@k7p`VQvv164s9i62s zj%9E{atEdOE=ajD{1H+Ssfju#CfWW~?rmyc!|oYA3RK^wce8dI47gU2kJ^H; zkG8in4v)mWt0Z@>qPaBWX#C*p@);Yzz3_5<6%X-(SZfT4u}UPnDoVq2$eq6}cg<#} zVu9gW>m0l20+owCe;h!y%uKx4`DL=g!)}8SgGjZtM6EED*VNS0duGM1Hh=YC@=gKut8GB zwuT%!$G;Jq&Lgg7e1`hEA7<{fe}vgeHTG`p7A!TM4ToGmEG*lU~ zWAM|_dh`kXes<7NK#0N{jDfBqEywb z(>?$_5cB7M6ER{ZtMb%A38qY+0*^gs3yhH&RGQy3!43x^28CZ@BE6xOdkWS_;# zI^g9FNfWO{e;S9>4K8=iH{m+INH(yf?0}ZLq%_byY`6Fk4~2|1ZoY4?$mz zxQ|!a3UO*pgy51URyk$>a}UhNKH1D0n2$%vY!O0+e?39-egY0bTVrNtr)7^%{;5na zEn^$3PX8jW-+Lx|T!8dH+BMP|JM7my_Wk>O9xFzy&ttEE_2^i;0Wve1H>nY2n62z($`hOR`f*a9V)jX!BdivA^^U#3@_rL7uqd`fk$D$j3q;z5 z;vvoH>lg8Hg-_z6k>!_JxWaybdD{{PfMpDjf8`84wUC;2(pj57JY$ncY@NM!wcD^h zT-Q|ZUlw(zdV5v06&W#aOd@Kl%B{B{ss73#7AUaIL$O$>K}u9M@)eYw?Ko-yvJ+hH zP&DD<$|seGfypVeF6D8EhAb~oH@MufXm@W!bZE#_{uYZbT&hhE#?1&L ze|c3A$H^fP5a)V@NT@P<=R{*4z?|WD1X$xDv2a+XfTAp<05;^#HT46`8IT8n$y*Si zjAlX;{dz@8P8$L{Xa0A#lIo)^c^Mm5Kp7%3m4H-leM?JT=d`-!(+D%oQ_CfX7HcWY zyFeikzdCe~oiSR^NV`zFNyB7_H{O-@wfNBm$UGVOn|I zj(ZQRya9NCl{{YONc>m4eZt_ZKOz8kznXn9Vl%-aSx_tH#`!%Y%u0VtC0Qpq*8DEB z4b~ddaM%kgZ)&$4D`aF^6;jjw zEGPqlHAyBR0*|_w;^g1KfUXD`V8u3 zgps>s=PYsp%L&-K6a{wm%Xpf9bpXuoU?yO)c*c~TAYl#4EQHzuJZ1UpyZ7$QT((ESU!4cgMZbK z>m6XfDv^Jurrqcobvm{WSiTH@;8_JZ3Wn|e zKat)@nUvAoT!%d#cEHIOfA?{M5=-7DCy~p-K({@3tZH6AWhtryP(HG7AE@mGETj@S z>_V#8lxyHaPTTAb_3+$5JJst{Vt<5z7jdczKq9gciNAx&#iaxrvOBC1-v=&lZa;u)jp=ym2A7XD9Kp4QBIsYSIQvm-H^S9GkA49SFN=7z z^fMM2t)X6Ec_YyRYn4&lJ%7zVE|BIQ?LY+fuPFLIjp?bjd_L*~eJ8lw&Sk^3#>(sN zT`Tl%4q7)Wc~=j(yxwKQwT9r^{!#q?&_mh4`(50uu-XwZRgOei7M5AA4=!<@^l9t^ znb*aRAX_AbZT-Rd^MMBwT&a~Bxx&W86*iU+wj<7Y{h2==XoI!V8h_^k!+|zf1c^dL zpi*kf{OblR^|AV#Fzl1KoPl_hx7L`Mr+#=j-RtnvxJ0LZ_pc7j%j;bh@q!dXDUp3E zM+n;SydigjcC4m9n0@~&&t)B;^2VSA)f(4YHtO(wdZGCJe)v%%s3jDc8_DV^pgfQ` zbb!k1R0dRB8A73o6@LiSu4x)FwY8Oq(`7qN%}y?Ia%B=qA!eoy%KY*W$xi5mlryKB zNJY#!Qsh#wwyNYQ95>-MUHscdiULxKIf?QLruf0;@;ReOZ_@{n-mI_RDulrdw<%9!^s`H;8yi{@|UJ}}CPMU`D1BK9jqTYoDJS#Z6AHGLoW&F(Yg z7$K6(c&A!}a;pZ^vD}lsgA4Tg4&W*+RK#2>a51P*QGg)=u-FYQ@8{5jtE3P^q!a)+ zb1D14Fy@0u-QaSkc@wTuGgRD|R;|jkmJZiRiGH?D6kBi)Dq!ATxR!yK2_tD=#5PW- zrUz8stYttIwtqdk2mqOxmNI)()FHr=a@O=t!+oeijRjK3EpsHMloYR`JWScH2UOl{ zWk8jH6IzZ)|XEUG@=>o>6Cb^u8HEVi_T36qz;N4t4j%9q8T*EQfVn-)1PmYoL6pjoQ-8^~6A!AS!8sqvK7ctt zl1G4vu73fQ!nC3?9aB6^1?-$^s1IPyoPPw^BFhDPNKS7`{Ku+^RvHxP0F~FV)*t(p zwDsfZVYbGIm|#R;=A=a}v=%{xPHzKnNdHCx@XyKN_or1aE^)<9S~q`osC;~_n?KE} zXALoy&7U5h-e)%=HXGJY>bSx6`t&$^T4XoE>VFJYX$+Qv>|APNaM<%$C%k;$!9%>( z8Cu>{l6^%)_I=cKf0+P9LxnU>yR|0xXAELgO-#8CMGRw&YP|bI*&& z+0671u#n`GU9Qqht%`%GW0a>wz)q3`Wwe?oLi0CkO zfytNKP3@I+q^uu0oOE^ilXcP+Wb`|goHLg_RDzP(hpdlbC#al0WkI#dg+%HEm4A;f z9C%f#DB>XyFcz(yrEWu=vVigM_Imkc_O9J-#9hFUASQvU)Xe-{(Lai)eg94h!!Ce% zBhds5c_J(*-OiVKBjBZ;GXnU`44as>^W*x7rgXHTBlt zNr`>-Y?cAle^%MF5^IeuQsDx++_p)F+#ry0@b`y5I?OouYQfD0i!!XCFCw1x?efQD z&tePK_bkcn-#V}>Uuyqmv8x~(tVt9MT4Ewvl&f{aUMhM(<@72Osx_p%1*xam@2gMd ze8Unr#XdOsa=MMv8l631RZowz=SJBAgMVg}-6p0~e_S>bC`y2F$V~DE)n&E>23ufw zRZXdJ044&G!@vqn7`C0+11jIQ&x8u(QY#`tkX~pbWx8m{;PwvHbd}d9Q?+!JDRD%GmZ`C8$qFmyb!EUPwqYYiPnYkrhy26@%eB@J9lL_H0$L_qtBC6Fcuk)m z6%$N0f4YjwOh1`2c59r^+#;|;k>dl8Ga^G;vtn&d!$-oQM&Bvu=_d8y#rKEHflq)#&X>5RkI(u*a9O} zH5s*n(&R_c(!YgjNa;+Spz#$Q`G9?^k&r)Tv)%`St?SS88{ zN#tif=2Yio^$tim;+(cj7r2}W{s=D4T=LE(vudQg&#N83 ze^cIYX0O!SD)38`H*3Sh{u2r0N?5BY!ENLv8urROy?Jc5j@OvXram}1-N`;~zk&qt zj??sIl4pA@B14O<PfITjO*yAUGj5(>?&n zoFawWS~_YA0Vm?MfQyM0R#X<5-DXE4Op%M~+cAeB(`$R~Um^3`NsM`VYKU@IIuj_; zAma{8_kqhv#17zEXzlCy*Xh~oS0i<;5{PkwYWC$(w!o?zmpEUsA$9rn*`MQ`e^`kP zMhg(wwHlGI2vA?7)s%J0o!001(=*T3^b91C)od*@d%zN+vMR1hT%4l()CDYOm&*i8 z6nPT=qf*Hf701GHs!v_Oa;A3^EC{(UUd&EQLk`H>C@e!3d-tr>ftY%emcdFvBpV`A z2U)IfNofp%da?YR6#x6fAJfk{f9*!BpX7f6*5Mh$5194jLmZ6+fP{^SS5uU^^N{UA zyaF~|ocsA;9TNaDi9QIlAWa-4CN&Q`C)xJ_%$e?w0BaOtsxd(cr73q9)Wzs?dJ*g6 zMJTO728=Q&<82AYye$$k4!9XKpP_Rw=ZyfmK?s zv&z#0Dz9UGj-B7dkpkH`j9F%KYpqF>Cm8p7{d)&J6*pFvo{GGb$$>Ct^H_^=LYl@k zw|ao(C8rixvK5A{@fT4>wu8Kj-PE2UyOE+5~Hr>pQU*e^}nMWq<{nluwGt zlq&~Rb}-^FMf2z9*~gLD0*gDWGdbS@DKB%dkV+6stqns=Ngl~Q#InxmKD=C}lPosD z^r}_PFg$;MnO^L$2}Y+TQ?Arx7Kth$-nL5P5Q?=q*4tADS#zgni4BHpwZ?UHCeB#_ zn3>*w2FLZax}fFse=QrWRbHv(OZfWuJpZoRZiJQPmr*Nyy*$5l$X%{z+->*_iM|tB zu4p_&>z^|aADcKmBh|lNzQ4Up7C_o4<@$!(ffn{8pkgsl`PIVh(MwHQ33 zMf2KYB+%8Lc{P>VAYzs?9|*Eht@xALZ#ZK%z6(;$;4_h0R_CCh7&?2DX1Br0RBNmf zgdMI9g|w^hx7%RAwa6~#p0Y0Af194P*ai!(WkeG@!Q~A`8?HsxUU%<$o_!~5x4|l? z*N|_+9j?i9ZJP<7pD_{%oc$>&ah_xWfvEM|R@cAf>&R%eN znU)O~e+z5QL>P)Jy(&ygy>fUG)#?J6KYba10mhuD#Z)pT2+CY822IW2jG>2rUVwSq zfCrUzE-}SG4GVMnq&z07@(<^9nBU%JYb)+He42#c;RET;_vZI;k-p6pt{$be8!x-I zUgTmq^#jZuk0xNTWDwac5YhcxIx$L1O6**qx;D$}e_S9{GS`r8*Vqj$_m|N`3$QR- zmG#Y*Gbra;hkO?Wt(S+dKm1o5dVFYYHdx=qH6E%rxPF<9)i3MwtsSUu(~4sN@iqbIkkfm`Fy?+qK zCnHB6s&fr6ju`QPiPorP8V*>qICRPySCS;@A zM?qCx`JDKhPS~xw1`{H~g}F7%q~xh#m$%mj3Md5GOwA?Bo=H^tpF`&QwpLXKw(e|I znOr@^RIALmV+l|+y>6{ld`_#X15{2*WkR)(-fa)4ycykss>%XRj#MG$N`F~XGOWUQA47LY3TcN!{sD~I% z@~Zi4!Q2dA<7UN97dk|smoJzhxDsLLAZXzv45p6xB0U)D1eG%c4XC)V0ZJ(oe*|Mx zmX`io+x+aV!gQ4s6DfHljek-uvtL0}#)oLkGyLXMJrre}US*%iltu6eBEgeoZAp0y z9M`RyFTZmDR;>tFfH39~wSi+*WcrL5+8?t;uzpwqSc{yt-*K9LNp!bi`8Mc|)_knY zo2xkiBt$CmCHyF5KLx6L;B%77{($a-#TQD$hBM;lC|*1muI>*dwY*_~Li308T-WHVyT zTnxshNr|d5hNp1R=MGm@eTn_qJgT}#gFWm}O@6r9OfbNT4S)Fa2N5|8IUa9|oFRI1 z)C((L3?5)rLaD@jA!W>%veJneH9*9c&i)KOTZiL720;rmQIWTgjc%b*m5e`MW4aCrX)=Hu8{ZJ_*Lx*)o}8!F{MO2d;1eQIZ4N%t>#M8gpe_ zzJ{;Q4__bO-eyy+pJrIxbd8gj&=WLgNPYmcbqM{dsFF-~vq$Tu{VG02-QaR&u>-g= zG|pZkV^LDk`VeZ*^rSqtL>4;;M?!fND_NdgA*6Df`G1G#SnU2ay=Hv1YsMrE)6!6G zsv?wI$~t6-bYrZq3lP>0fa?8qwn&Otuzou} zc7n>4)qfA5;@U9OP-==0xS&?vd4>#TUA<~@Uf)bG+wm!J>5>|!@T@erhUBUsP<2S_ zE*>ftSiEYDg%j)qm8-#g0M#NY_puXH&Rk_cm1@dJg>zJ4n3VUOHcW%{<@qvOfps(C zE>;jLBh}=|FsDdOdEv>U=KcDB2OVC_K?i2);v^6<=E9ue_8Uk;BJc{;e7CyahyjurKgjG)@+DMcYLUi(6?=i@ z`V5+2$wMoXhQ>IxTDM2nTXr={)pxV>_s7}NzJHlvHIh>b84^;Hle5ZNq56=2Mqjia zXn(F^=Odu4p$d6*v<@u7?PaFs{W?`oC%BxX>j17rG*ou)nmn-eVvg3t$`w!Hk7NTm z7J93VRY%PM%Du_g$$3jmF#4p6Og_Y3VEL%T0a(=JI4GAsk*h^5WzmrJ)y=bJ>lldz z7J;Y`t*uEII-Y9Rs^Xr zM3^JytW7PaVP4e(DW6x_NJWZrCjd$eH7J|*X_TP*%j=KXZ-tu)7PneMbWOnecL&K| zA6EZ1C4ZNA)DfV1Xm0y}GBvjWiZtId)2bYU*3cRwxfVM? z#00AuQ<|J@q?ACaoZFgth+}P7O^!e|z`}`>Rjo2HlTu9WmMDx`+UbFlPiyTyPNMK6 z%_^Yni5_ofA2F({&T@_%}iWAPsELGyMEfh+9}sNdLZRZ@b{6z z+8Rb_zZa^7@RpTE^(MtB2Xr20pU-(PIcY@z;a7|qASp-J6`am#x?NwUH)t;R^Ezj9 z0uH`f`BzQKnG-0Z7N4gtsG3WctB6|cKuvFBJ)6%HODHs4k(&PGWgaC&0vU4O?ya|! z%Pp@OwjsV*I(wYqYJ}xnOT2xBD_&0>4)i*|gS!>8e`$FFe|{FY)=>oP1eZT?ncgMb zsnk%BqR_361>;F+{`>qTDY3zTYatQE`ImX@!#qq$tL(u>@MMaq$2!e~2}g#?-59ClTXqzE|ZH&r0_T?4}<9*5n&mIN@&tm!xb44H?I|0=5A4 zGLMojvY@`jR#`TxYHk4-XF+LhwjGWF> z&MgsO!URgLQZJI81XKq}ST9tjBoN-*IniP6f?7%Ne>xq(Z2fj#3w zPbav1?_)=Bi5MPKWcpA<7Vl%{pUyZyl32Mt(B=-4?k^1ex&C*PwQiXKKa)>y zCILi~c5gR-Ptwp4Ck)A^&ipp`+yp5@M5W z0bp*Wbd_O95e++3lgq-*1d}p^oC;-TRoi)2rH3_tq@_%~&~gXi`a4dzVf8wfV2K4r zzG9b(1#8LJL?KE!-92QiJ9dJ~o39M07^4<20XtXDO?jgL^-94Rbs!u1eSQRfHzH8( zP;;J2DRW{+CC%{fv zIa9lTg%xmSrvgbHquI5T%&xVq&M2M5&e@%--3F`Eu*L>!>;{)JWgWnkfdLbN>WWyI znSP9pp78?q)Ma(f)oOS$SLgVDz3@L|T|gS{if55JS$f70ZXd9mS<3Akhg ziT;+llPU~##w>_f`rCZZ`pwE(OWeWziPhv(hv?mg`)FYnF%>QeGrL*M%96#X{W-RD zI)Aqc=v6v?u@h9zZ=nrUAf}^~Tdj;*RoYmiRD+)$-sfZWZh{peag6H|5yw=t->)hWHv9#HwZ3^r7;WuU})JpmI^MWAPt zn9g$ZinJD_cvdo%O07;Q zn*A{ON*fENB?_Ajq}c`F5A&`xEODknK78+Q9a?+7FQ1rTRDh{*?H4kkJkDeJ;26Ux zRZSPLd`Zd%i<0OgGheS%a^+-F)%fygg`mVc-k#Pz%Zl*3IfxY z$G5l15qLGifBgKd@itHW5OaFhA!4CaiY2Fv8IyMCcZgzn*Z`ZXVdQTDuEWUdJ*;H49|s3()v$7*(m(QIcz2pmI^H1E`juqSx@7{CK*Va2Kka znPD|#o>jSWPFiV$Ljo}N0?X}IMq+1z#Z;6aLXMz~e-hOpPl7)kYqp-n)d+*W%dw$| zvWP<^#eCZjRqw)_(LEMhSHR1Z@m;3xmJZd}51W3rG4m4$%e#nBjxYX0-&j@IL z^YZM^>Ap<$Z1zW&NL1JdCm##7aRR2HQRazSk_YJ9@EcY*KVSa!@Jolwd%gg?T4AyF zle~0u0sWIOb&mmQlfZQ%0W-7Xbt3_PpCQ9R>0RywUdwj;iin zHUGP zB4Z@iO`x<8llD+JWEGk^A?2)ROr#1SlZ0G2Sz)NRn{sK?;n}s3f?7&$C5f03*L_MY zLqU~LIpKUqx5>@^SwIPOKlYN)zmkBo$tVUnpAZ(ah1c;0Gn- z>^B>%SX@GN=9;%=KYEFO2?kbN5hgj+3nF8rsl5*&TKflavg(sqV0qOtYXQq66&kx# zjV)5CttyAbhba~3uEhPHeDT%anQCe3Jhc(?VUpve_I!nT@=G5aN z+l1H)EGNCP!CGiU=JNH|M}Ka25(cqh{Yr00TAn|rH0%SIH+k8BaiY)2pG3r%FtpnzFdC<;(h0B*0ciln2|fYI zK@Va|p^Vr@wfS%ollXOk7yPRg>+^}fA)Bola<$?vWTLN`2xMuMq9!1j$DG-rj)?UL zO9Qcr%l-A?Oqv#f^h-5YQoiIP^-oSC6uOU0jjdWXOY#*^c{kK-3aT$h$T@dSrnomq@pNI z4kTVZ0PEmi7GMctskKSfo#KD9EbH5NqJu3!?JxF8Crl|32c<|J#h|EZsR{p_ftyZ{ zb@)P>kcApCHkquXj8$P2GcWJ8uR{z7Yd-ug^W zj7z*Q+RtS{WS2?CmQtx0wbj=+OzpK3VE$Zh0aigoIU5#gDOF9}Zp;)t^#jbG?+w7V zQz5aWOk5+9*5-md?j7jYK8QIh>t7FiEF_@RIE6v2G6QhSR)_Stup?sLpgclskwR#j zzWnunw}(GwPhW}+CJQSiaUlc=Yf$9S)t$WV!9SGjIf3RZ0Dbt8>HoR#C}w^L2WTB@CTS)oCAu^WVu zatVc9EJOb9WlxJgoYd{=0+&A$O}LWCYd~wMB}i1#ZRQ%LeA)>xe>mEJl?IFxB_^nU zq$!zcc%2uI^ZU={fD#0PB6AS|D%XsPTr<>hvQtY8!5vI=wZgnKf;bxHq+QV}LpB?? zi2VIB{mq|Eu-by_9R9n^7l5 zwrf@@se6FsjX?{nrAq1^U^$7r4Hj^JR+qHJOiR9oN|$+D-?Rr<-kfE7RsurNQv!M7 zhg(iMMzNB?die72Z7x<~!DncgvYoG!v-@U(`E)6lziAThvGD?jOSqF8_jmffFlZ zzhIFKGVFtsi!zuvE!6kx0hIF-XgL&@H>Jf`3RlieYbfK8qvitC*V)%F!~*LBm_m%q zKNGc@uzYL_syk8=dzYuld|fQC8VqYpv%v;c2jN9uLciFzxfj_)q+Ve8LeK__3&9jx zs;RV+*|n4w!;ppG*b6MznBy6{ojgQV8 zT{cv;2Bs0R`@~sZ5s^}_nRf4UU7c$7`=OX%6+#sO8uDMY0V?wRLndhitLMw?q4>=N zt8=r$NW3KX=YQWH{^&4K>Pzms5oSwbiOV$`VBfyaM(f-6PXg8Z%XH6T6Fvu6uN}sY zd|17jV@HdWhqOaAyW9~I%%0#9Gw`t&SZ>EM!OEf%$czCSF)xkE$(2#e{q@Ua+VJ|t zC~-u7Uz(>Cn2yGvNQjJD7hpR(RD?d_E+!aWwa61S_J0D)H~Vk^)*9=-;fmF4?*3{` zl}0WDnJ`pLoZ7YRiW=0`%xPgbd1t^zi#Pxw6ElWfy%NEK4>|KgN4?X zvpBgo$QVT;@CL3JX~=BbU!nN$?5FS@qLIy5zViS*G3yYMHf9+)-OKU#Ou$~J4B8CY zY5fbdHGeR(-7F$Cxi*Z67&fJGIwY0-gsexC%MaN>pDX3WU&@w5qAZ15W-+XP`ugQ@ z0b=oJudA%k6}*Bqe_iGEU;`thC~B}-CU622<@&d}=z4~-2;1s^$M7KAVDV?LQY<-T%$T(KtzjYt53j#GlW&1N0n3xEfyaM+3a}Poq;bdU`PaAk zU&E^zR-3d$8T4*gm`Nm59BkO8-RlBO%j6FfLqRGe0}+{tgt8_)WXNp?YqkaiTVQ<= zDJK$XpAtEXfztaM!b&%&CadeS0e69dT4cdBq>zO?RAtjO4C%gaS?leo2Pt*ttj!2B z%R_BB%eMZegZ_V^EPqbIdYiArve{q}2&x=})Joy>uH4BQbGczhYkqn+zlAwT-yv1b z?k&~w(YKwGLUBHMu)zY7_f=x1h5RK{@_QJveJEgke|(yZ69wofTD#PBV&{)wvv=ho;alM zM>|xP*S#u*dl79EEQ0Qe|nlkP~ zZ(e(QV>ZV2gxxbS9(PAakt|BpO_ACn<+0kK|Gt^1;-vyX%0M0JP=~0xnD{C)@ns?b z{PESr#pU|(KEJ%axSTF0mv8XEZ`u3-kNg3Dz@Nnw&rX($S$}bJt*yemd8r2)IRDku@=vB?OU#Un zlwky$Jsw%ECyu$ML6p zvi?3_XIE9jes&W5@6SK}a8-$Y@PrLS?$qc$Td(tSak;(Xss6NkOVvXU^>DJBKin-2 z+Xsg~LbICU9vr#J;d{%&W7SJKIP?f#+B~xQnB6Q752L1hEEY3V_xY|F9}d)gH7Sex zb+KGv!+-ZR`LH z1>e0puv(UD`0H1=1I34r@12nEFP}cZX=hh(@Q>Zc_m}T4;mo`?Hg}}5Hn;~)%!+(I zUA--rca==|^!NBW+-)D-yRJU2Cd)FfKh~GxXMfZR_o)&HK2$HteZ;ruKHTSU!(#0| zyO-uZ;hWihaIa|lr0tt|fBC_QIbY*5uYbkAoK!#Mvme~!p+zrIYH0VK((XGa0QZ?* z?tiXT=0J&R9l6{)^ueo1>ta23#)F8gYQxw&U%zR%f;ODs#_pco)o^x#x6_FDKdj zcDY(#OT|ci|N3^ZG2O4T`}?n_+3I$@%*yG?T`Yg9Fet+($ zD&KdAZ}mm_bkAu!yUoV)e0MCnxheCTY<+mN%(E%F;_sG|f1*T)@hqFK@~1b)o8#Jn z@8%`#c=nd}+p>Ml?X={>{`)GSMa5nI7GK-OEDm1i_UsQeeR<}BcaC+OjUSzJeL0If zbV29(S0=Bdk`exOo-bC{Vl1qo(tlA&nvhE3!w_@5*BJUk{VdIcPOp>rD07mGf+z&rd&a z3B)c#mD>OQkGI8Yy}W@=;`ohK9};Ml(=X60Fdcku_OM?1Ajf}CN55qSeNS!T^`nko z>QvqNnr*Ya*B<${^OWYyw|`jmCuhD#=T}d^$ZxUxxLD3E${d(H^pfYlRM+zapxdDA z?m8RdpK3Y$D0_~2k%w11S>D~x0gP{VhSt3O`H{oF_y0QhnmY10>^a;C7hyG>;(RZy z@!4JSEMVB&cX@gAJAW%y581r3Tl;_D)d)jx|>F?QzT^T!8>l$anm{N`sSae42!PMJ@C zJ`<)Lf%@;e`}O0+zkhzY0ESmSxAuy`{0)7Hqt~~^^uRst+P@!BZ=XH&bO?u9zL9jk zSpDmlQxvY9%-BAi8SU85Xz~DnF4m(1y7QvU*qd$zc7`~5u?@aF!MC}=k@fn-dZ}rR|iSQ zDTLXJeEtsYbQ_|<(;im&_gM*%{HhM=4uZ0Kyl49$jI?)&%J-MmxJ8u-1lRi==w;QC z-{BX*>_q+hKk!=^_<(Uf<(SuV50GkRshHT2l@`nZR2BNBi5f9xr-F>RVH3Sc3V=1+WlaX^WVF+)I&gU?c3eK4S=-_ zyA$=81G?oZS;`sJfh99SU2aj>M)IHGQ}AOtWF4X7v)9T(eoo7Oj*Rw_6~miZ|mzpD8AXNu+^Evb@OHf^tyTm$OVJe&8dRP()o_a;;p9kn*ZFbH+5Q4OSMCt8J> zhB?5~cdEh35X@p}$%zKvuAoblx=9>-J%3^HT!VuvUa=yv3h5O$j8X^y88enLPgX{E zffG-IQ=G2~;KUiD+!(?Im4XW0r0tS*!V;JRD$jc+qA0@fc_?*Y^_^b;364W06l0tT zWt3$cFl&-3Uz#s@fWs3Z6>ESYq$tGAlyb$D;7T_;K;_FGw?flF&UgcihALoy27kE% zRf=uifS#CCPE4< z%4uqs?PSoa>I#blaK-k8MF=ejn-ypfC0bG@v_3CxZY3v^2CZo23ZiAWlAKyAwIGyH zpEY)&TorMD?47wk9*2s94+5AJP=9z0?7bP`XdhC^sXI-CR4mB~A;pz4;N-Pb3ddDF z85!FJ%VLS3iuG3ksDw0@39E$=mWbxCp!SihmYh{QP_eG+C{Pd$aw!SX!ZO1=!}A;f z?5-1h>^~lS48?_F@5OScYy>U z_RcZ!z^Ek}KAC2M#+M&W?zt+Y`eqIw!Rv7Hi<_P;aB&lISHl_gN&r-xa}NVG9KXJJ zT;3IZ52jW^3}3Slu(J1|=YKLd^gNhih7>@>*{0vIvsOedBw3Tt^a+)BM z9G8$m5dv6gB^Wml`biB@p=wfh+DU~wO$An5PUZwyQWGULSKy|kMbyqC46S5klAskw zu1=se5O(EM>!w)uty&;L5G<{6I91~0bndBcr=5(dvQ%J2YE~F5DSx3G#EiR@0G5`X z@tm%BdlIlBS;GmisL;k(Mue0C5bK9GY^-qIclmZDM2L}ED-@xiV$4$M=@EV5b1UTy ztG*|Et%5iiMJ!d;RTu$eXGJ=#5ckz>R`w1R$`C?p7}G9AGPvRh{7JZmQ<1#7UEcSu zTzhNg_!53x3B$q1Q-4mR@eF}=r&O!5L9agbt5cs|gFeM$6s1ccj5L=< zF^HI@(SjS}8IbVJic79Zh|;p`IUj=(9LI`sVTmEo=?MysT{NL$oj?UfH_wVi&qG~K zgri_l;OLfHP%Nqqlb)q4;9y7Amj|` zOdm=RFha$(k^mLNDnznoRKtDAm^Si!Nsx+)0Z$-hm;yf~4Sck~M4L$Yyj2?kU=pNa zomCJiLbaldVf;slX+p(1$t}DBsI-*YXbKSx#4^5AsJ9Djqec|v?0HPWi4Y3@hA|V4 zr2;D|7kUb;fq&#eoo0RRU9mogpt8)k*@IF_%dGVjYIikrFbPzV?kWtGl8gZjl}2)F zlqb6BYFK{YP%)(y<6wps*{CPB5nj5`4qs1zR3u#wAtj*`gs4VwA{F6H>l5DjsO^M- zpYy(JwJRAyS(qV|dpN$HV&%C=!X8?A4uWOFk*PBS2!Hqnnz{9bf$dQC-k0e+0hSb0 zYr?F+vMb)qe{$Q2XRj6Ow&#kEN`~WB$T4KrQW=G7&w0`@s*_-lB||Hci-yr++5%YC zVu7|+#xvvDJBhcAf%!ymMO$JRE}##B8jh1DsA3-S&{P|Ai!y#$NQ>=Rx z#~JeAvR4#3K8`h4)Dm36y-7%ECyNarA1&_sj(>ANf>8fAj1{9LU6={M&q=vJA%zU|8E$@0(DKgh!D?Ot% zoykh1vQy5eBULR)odtEmwbmx_jd&qtwr@k|?4*~@Xiz1?ygB2drzy7T6^CGYA) z5}4xD={QW3putf|rNyPzRdnQn|5TOXhQVooNC@Bb+tcjSn&VQ;6 z3Y7}5C=zuNFoJvf0+G_pFsnSXNW4ogv=Q-vs68+Jj}jb3N*KlAW_SAGJ+sSBYZGJtc zT$~6;!NQU%OypT043@~I1yZoj4u4Isf6pEO3*5P~xcCso%@{plAEmlWBkVaxbwaZ& z)}Rrf0hCGK7N10SRoyXotO#%_sj+MbegxCa0SMDsMgax=l=r=G;Z}^{r(rg3KEbXM z@s2*Utpw;5a0p7lG>O37=bPz%f%7aqLxbK*?UtN;&x^I6fC}@<#Bj?MgC9qnXXilZj%tPk8nSZ=15+N0tT0V{x)sza$te{2;MLi2$vHcaoT2C$~*ybhL zt%vfY!>H(^sj!On>*1U-uDWUjlh6q=b!O2=8`Uvsz>0QPL9hl=gIt?o0xlYDhrt~O z2eLqlv&19=Jdvh&Vn7U4#Snq(^l70zWiqU*wY3w$6-l#B42M}xn1AG)DG8CGZCRG>S{g8LmN2Ev|y)q3@k6m5D&5*o-3%sqkJL zhDZ)wA2E`{k7w+@n|~=LA`w(^A>oM~aR#!oFRE4FO7#kMWE4qYic_c{KS1BC4FR7H zfwMW2PPI}sdY3KY{dpWxC_*U1z$}x@YE88Q4QpWK%Nw_nj7b1gTnHG3X%LARo(88l z4;92|7+c=}PI=k)E)A)aHf(Wl&_+|Jh4^=h&uLx%^``dQVNOSiq)>ypj-mcN&!|BV{jsbRBJFB?t-L! zZ@2422!S<>1=MH_R^N+#)Ix;9W?X_*L9a+Tx5SfY_mcNEMsZRB7O!7Hzy`8zG(o@? z@n}VHc$6SSPJe|2Q&c#ZgWD*axjkwd({xbKX^JA!NET5^@k)3E3cK!|)K^jrJ_MpW z#Cjeq+=_7&Gr<@$N=RmaSyLO8yUl7kj1N65Hb$@m1=I7p`3d6pY4Rm)_p)Z?Y{#krvaPPK*|VHiZX?h z^gV%+Z_KPM@1Fp!X!Q!f1;LSE61^AKiuuy_-ig$0v9fX?w5&Yo_=mDHdqUI_=-CO> zh7kdf4S#CI5W;dNMo80!QDC_T+5k948SXKO;7S8#xP7LgqB(@*)3dhH8EGI(&}W7r z;~Lb9a!wQ%TpCZ|vro_3>o$u;&$AY{VuX^iN;4p|+6d4z>dP^9QgJC#f)+VOauPIZ zxK&buWeR1a)y**_@BY7Sl%Z784g#_OV46sVdw-``0F3z-d-G4CYG+_+(LbLJk^g}V zD^(I9bO4cGC1*yXv1-JSp}vk zeRI^hn$8EZ-VR|9={7v*HjFyq${F|ozt{`3<;(tZJ z%K}(bS`S_wRvr$akm5uY1q49UGOVYzl<{W7*wr$iiO`BR#xPpL*r$^xgDct=!_#N9 zr9e-)loXe)Zx(}flE0} zl>dKwZ=+ksk!uS-(FKZR{l36`582ivJ60q>mNTO~{Uy7%lbLL8w(zmKstkNNPNKm8 zV|pEuy~rXLG3FAp^5n1TVxKcoGJSK+SXyf}$%{q=`4(!2Thcg}^5f+6D1QT|ni#0m z64!-X@@P77qb}pInbT9c`Te6&^54%j;JLSQv;CdPat-wV({`5)7%G z_oV*f-*xw<^%rZ=JvOdyVt*x&XPu^;@YH7M&q?g>{z*4yVt=>h+!j$$fKE_3TMQ;t zi%8OAC#am6-GT~4$hmS(r{zgpqiu7cz;nZqMsCa9o|sA zp=Z6J)*^3PloJx7GE)S32%*}YYIf(7EwJ+WGOvN(-X>oJ6br0+W`)&Y0qX77$vD0J zdJiTfC=3v1^jH&QMRz`89I|#!eSq?X-hH4T$Hw%DYvhoaP$|p#%tMDwr!5TBG9#ip zPP6+{_J+snAGrMCXu(yOc8S_b$R%RE9e+-%L(Y2t1*8?Z5a7=T%j7e&+VxaLTC+QOPQncwjoi%ka1Dy z2A4m58E_RUHGjw`vK;ViS?Qaq;=0}Q*ACa?>{oj+!Kj3qbZ($D`7s5h&Q=F!PD=J2 z!1AVg6ReB@vJ5#;ljh(D$3eO$`fvs7>2W@<->g`_k#mJ?fmHu!wG=f%?9fuxxz#VbOXzo?hn9P<8TIcL(7@!kI-7<%HTB;=jW|g zdl7$;f`4f9u090c>0XEYzGWs~5K01!rQBxvA-(9$y}r$#Gx=r>O>oti62(+YLWn_; z;m2V*uwB6Nx|RhNavWxiwID`@>jtWE2N=6RJgx#$m{b@^<%TB z=L}cA&Clv@R#vBgF;?cDF$NJ2R?3?pvs~B@94X2e*Rbo~ZygrMyjWS!hz%RYoJ10Xa?@lUhOACsq3SVz>PE{P zKn;XYI1G!lm2*Z#MQhluIomqDo6IIy%z+a-K$24+lIE4(`?xp#9$Kx%#Xw0BiBeS!&dORH;Bu!e6E1O;8X|ucYl%ha z&Zy<#S$V4iT<*kW!4*nmUWz#b=2{>tnQI7>mtg$<^e}sEUraEV{6C(+Zox{!LVvLf zSiVTK!Qup8xIQe6%js0KLt->!`kQ)z<@+WcfK{kO4na=xR8-|s9I`enVfe@782rO3 zca}IcATIUC!|d9SEijN;-)qkF!g|-3W`7LamtFrpbw%vOd;&I3>4t0?e1) z4*^@~*6n8N?5D8Z2!lNUC#}e3kAF-tGugUj59&JSDWiX4>k4??g$uZz&Mn5mV8x8e z@))9eaiBX~u^U`IDPa>XN%%!t^3j16&PDPKj@kjuKm!O~%QoiJV zfD|%PoZYEpu6~;Gcri@>y9ZRh2(+PEWKnGMs;|?%>Z|p7k+Bq%Go;Mk6De&PwWDF3^@*houKkYpaE6j90g3-6UyZorC(LXG_0r-RNe@@4^?1qYD^Mhfl`vz z+RN$-VfO%xouKkH_YA1E!I_)`^Qy-AJrXJ_zZzdZrM>s%UoW%AjCLEWLa;IatdJUT z{j3PN4iUW-Vt@5@I5Hno|-;|DfEEK8GII0>`@I0RjeX?p?&;@z1BQk zX1~_31xEWt^fXh+nf(#(E}={Q<+eu7=J0}l7Zx6m~!l0oqs%qCOq}f znD+66CtG5A5u&h%;Pdo@D4Pv;;gaK5#6>d~I5J#L^CEc|VBX zOt=<#7JuA*Yx??xm|&HJOK44RY3u9s@pdu6a;!BDdQdO0oMC8#l}ZCi@F@Y4F1Q`3 z)h4dasdm1;`>}E|EjGb&tR+-upchuogk@v3Qo`zhl{aD8ezj7<>HwBEVI4SDh%s=% zLrt1mADg>6Ct>-IBRkWTbsBk*rKQcO=C|9eet$dE0E`o&?B77BN*`-n$Ng!xKo(nI zK!sctM#ic@6Jbqd182w_5q5&gnbu9H05Zuz4`@NE9AzhU$lV`TY zRMa`%81zsoKtrl_sX@o}HM*2j;PfX+FUhQgxMHp6? zCEC2IhhUh~v24Mx41~Zmp;pA2HB}TXv43~>tu0eMetCTB@FwBRSGyIacdc;SIR1s0 zKOCJNwp(E$7E+PBRwAR>lq((@V%>f0irD4z+kC*-i2HcSY2#WVq=b#RDJn`>LxS>e zz!q>ZvBGjO_A7>~6eyXq+J{QSbH0#Wa+vc2d62=@kl)$dtIMpr)42|2-6@ww0Dnl> zXlns}2(ELS>zC;}Ut)sAC%Br9g$wGEiHb6FJ4PNd_5#c4S_fdQAzQwA*5#My>AYTS zFskZ^u|_#-6(JHSaX99pJ#27IAD(%(hG#_3sZh&QQb|eK5>!Eb>s9 zo)^fRuyT`&O}Akfhh1KM{_WxS>3`RCb|Z|$mDsCdX~@V`1f>KTGC=bKuj#uLyAcMV zXWyzZaQOo{HEg#Y7KdGZ6kDgCsMw7#QvD)NuFwxKXR<#6jCn-i61$}wAt+N?W2BQ~ zKfIj8%fu_j&~l0iFqedQo4(lXhA^+c@tV$5cPlLR1tD@KBRNx^8r;6Zs(B17@96I5Q$GN2+%L7IY0C^A4*#^HxJ)y^bli#f0bhEuI^1|@bv%Ii~> zLRKl2h-BxfX6ZTKW-5)Io|D|Ce+bPBS4;Hex3`}@ZBysd&tczmjrZ#96ZqVrx#j!@ zKAX+0CaOkIn*1miP(GHh&VT7Z^Z?75+fA^5*+MIFT^p$8Se3)=L*{FK2C#sgs%&E1 z7*kR9q;X)krb{2t4VIm>)>t{*dJoUDRoK`9i?{#d#{I`cpiWsI=mC}2ukJ$ywa6VX z1}t$PW~F6HVMs?Sc7n=FvhG90jDg8$OYBY=<(2vtDz*7{PL1vCzx^Wlco{8{g3bJiOrQ#B|InaqnQ8t*i&B-6NKL%{Y!LC$6^yK%CN>2(bx+tr(+#~wS;oy2G;uut@n5PsbUqtwov@@GC#?S z4F+5_B#K2O%!z+#ihsA`m{u3KobGi1*CI1DQtrGyKKD4f>Z^EmBg`fsV9UVNG&1{A zS`S0c4^cn7eBpSA*D~TEub1C0vp1o38`dwWaffU2GSp^*8Hy`x7Hn8`kV|wzWvV5v zffNZ+vkAnj`8|w8IaaC-r5&%xJg5gN&R`E+kaBSc8!3v7i78gfTu8S-6qTZ9$P&R8 ze*P5|XY?8CDXTn#Q6He3!Dj)rjBvr~IQ?(4njcjG0gsdLATFD97v&nkE7*wU}l-RkRo zs6=gy*{O)sP;T05nfk18P5|Id5_4gST@uG;Gba6JE|ZJi-gO%E3@8b1r0lsuVn0L+hMa>;srH9FG9w#4t+7=QcCb32(rEq=R%aZh>w}f=1<}MxG?y#nhOJPE z$_2kX>gxOJ`}8XD-KY{V1(a(bj999u+&YY5*t}5>q?|rwAr%=OknRkne?Xv|0j4%e z`uz2M`eWF;x%0G+CSZq-vh(w2UP?|$WJ|fUL5LwK#}2i5?sGnWv)>C%peVOgm?g+9 zI!sEQQZ=>C`S#78oiX1hYGRC1OI!n@D&;fkQVN?nyC3szk#u?WB9y&yXem_%DjYWR z{yu-o=-r+&BCckj@fQ$l5d%~-?X-k`%1h3BhpVh!sD873CB6X$%VeP5zuc2SC%OTd zll&(=e?JLL|MK)Wdzovq;XYi<6bNFLhrwEFO3LHSkk^RV4K8nfH{l9Re5Ej0NKw2? zX)ugS@J}7)J-jLY$vkb(!3d(bU8+n$Dv$FTcQ`4>_dv@ZizZrYY?xf(S^zBrtjf#* zGh-DSrT>01{ktL@$V)qb<<46cSn?@sA?I9yf2txQ6NjxgKYW=kBO@kQB{a0yiV*pd zN>fB+#ykq{U@dSY;Njp%z)Htp9y%!Bd%uX*0OTUa(XbO#ULtQnRWoy}9EqJPSJH05 zX!-pl9zXwEXz_+v`5%H4g{G~=sT+hReF^7(2=60>oYK?fyj50l{6w$+^J|2Fb?Nz@UscMmfLa`4} zPLDExVwONCbF;M~)~xkqG!}Zs#K-Hy^w2Y?YhRrN)8xq*v0!ze z!Vc8*!5CY;Vhwd|=!KQ@z1hSHY9+{xfB&v6rlxEvY2@>q2j?DGIZGNFE3W=FRWRmN z(zjCjq2t~r*wUxjOhIf|pMU=Ftsd7V{O)C+n^;HfUTmFS;D`s|BLOe3YV+ zywppC=djT(aJl(|1s7CmS+>+`F-m?T#!mm5rW(>jx{QW6fh3? zGX8+;X#pm|MyyXIeuQHWD&Y@En@TJq1411k>)>QR!LhF^U!8s~bhE*7ur-9ls2f~< z_gde%VmGwhT-88}{R-qL6SI3xe_W`IJmhg5c{X+W1ESclymMVYkJAU2pN(-`k|ldi zTm?g6%6gl##@trLUQoGn{9UL(t{dlqn3+cK54TuhP>-vga@j;Ioqp7DH^Pd;6|S3L zKe+tfWx)ji>|4|tv>@~Gir~eNbF@GFYX$c*;L7Y+Ew@lZN&&Q)$uaY|f6xss_sfO_ zS1a;fosi4y6q@!{U9^7JDT32|;Bs>a11@Ip5uwynvmDb_WT5_gyWsq$#AW(UkJw<= z*XwNcu&GPDZd~m8dZndJHgMk<+j zm8Ox2P{!@|bb-sAy$rbcgGe&pOaM$Kv|Z}|UW7e=zH9mx#enB;Hm*i<^<1$VuVnYA>JXAT|a_x z_Q}4@hMy-G7ieF*7`rQi&O9 zMtLxVpuAxWf4N8?-J02LQdMs6CHNAX5V$+ZLp%SwU`5lRBnT$>|$u-{gmj9OMIoMFG!Lc}B zegE`na&i|745(`62+YjgBW3{Qkmj&in(wpas=r%4MWVkM50!ZYL@*cWk^d^t3C;?`Cys*(<@v&6rd*G68ml_P(s7NpT3%N0+}bh{r1r) z2KxQWe{`HIsm?|E>~RCC!``8*XSJE|Gc@?v(8=oOV!>UcAmk!sJ(ZN8Xos;tU8y)@ zN8tOv{xwQWh`hin5;`|huDdbXqzJ;QxC~U*nMkda&*;B& zfy(Pu22`z9l9Ub@GKZt`8n1o>yL*)otAD+`PS)1nOt>F`h@pt^1((Yi36#UXG~~jX zf28*3%iH94uFZt?`^6H3&(G6yyO?0rf@|Efg$=CP$(=2*_!aWUk1$ioA=jqdZO}@= z?#W#;*6VD6M6tl~s$67Q90?m&I!&2P8+8%#`|B@{-@Z-e?VAneTf{2!R-NE-`qlwl z>l`oo{`z%x`-&|vhy%M7WJo1c;aRsMe++R*OJ z3+WGGb&g*>Pro>@+hB3gL=ZDqH~gz6?Grdke615)PT#WO3Z*f1k6h}+%sETbe;^nl zUv!1*&A;X4hU?AR^IGDTAN~Mq@&xkL2$Q}qGfKp^PX8u8+p>NO)jB=Eaz~=Afw;tO z>h4)R1iQViWy_l{G}zDwF0XUha4k|tU%hL3lZH+BS@Ko~u-vX?fwcsI*r1wDwG5s` z4P#=Tin0Pgitbt-(w*6Hn!P)?f0=L}tAs_G%26H-bBL(EE>G>+=LzjqN!abfj-pq8@6|i6c!g}Xy4q&LUAU-n!Y`cHLy5IeyX`k*8baf*e|c=WVEJZ)(S4T- z3sf;j%vlpGO2b5w9~Za)_GsUiD=A{CH85M{3MeY_PO94IS-y4L|*D|y#^5mHlCvy>o9(y>$w(sI6KU1}TW zq}If9hYH9`yPk~-NNS)Q8sx??DePV;fkyDIp9HOlB_;+65u~jZvkYY zm0~J6#@13o=3UwV(x?p;F?E6J+CB#siE^w|8v@Ay#0^|Se_mg&Xw819-fg˾C_ zVojy7lQE09P4q(~{`MlsUtD`DAfvVhX`MzyIa$j^wsN~&eSnB$PK8tep>mzP>lak8QUNlL{=N=dEG0G{)(-vKFavbu{D26iSCafci*wp&6< zsD1`dVhxige*kTyTIBqcux6-@|HCa*5k`$Hi=hiJhPR)9F~n|Yxn0XfYl-R7t8Y!; z#J?J0;I+t2%pZWQfS0K_y;3lCK+7GBCR)pg7l@?`6g$=`4=1d~pT3Y&C?zwAzm3E) z@a1*(GX7@5&*56rdFg$eh*HUAqozTf%uR9BF#$Gne|`kohgO$3ClGr<TIigI*%LSAilcEcSS(OPs<&O3WkJ9!NYiZ1^0$0(P*tfKA;3%QsK43Xp zGd5UNGJ1~03_e%Nitwfe);Z0Y9$wd9bf4^jxE^sY~m0Hz=Bq3@a!c)5LJ)rWrl?|0}t1JR-L@gBMDJKo^SyrWvY11WD~~e8mP+NSNBbU* z@Gk5ImpgOW*N)ei`J--d`Ge6EW{VVSW}c98BaGUCupx5PSG;ET{Vul7N@cDUix4m3 zU+R$L2(b28^lKe?BhipLS|tvpoi$w^@zoSZEZ7Q(L?W~%ONh5lrAla>(s;kjzIrSc ze^@=zW!?&VAmw!`^XT{*dahd){iVa3y|aw|VvFCl7IT190UIQRV`*-6PIKnVFC8Ag zoQza#xQkY6K*+SA@i$N;|8CP&RfmnvY0z|m%j;VvT&2prT9SpZT$C_`GOhvN2QDXV zu;2nnN%TbIY-S9Fw98kjROvYcz6)H=fA66QS1C2MRFHq749c4!78R~@K8ao6a()!e zU|i;0*k7rBiCljlFw6{Arcz7Eh_}UItV531{*~&dKek@2usm#ym!7{NoBc9&wc@^y zRg5K3E3zS0m2UHYcc4dnAUhz|;S*^f#zhbiuzQi{-YHM|`UuiF#dRmdI;4I3e*t!l zdgz+?Fa9gQ?!137&H#rJT8@nYzyyfe1yZfk)jje5fNO!zTqk?TNatO zrW3?cW$rDe6qBY(Iie`q+-tgLf0>VqOjMcVOX*k(C{NcgY#DLBOBp~xgp_kj#H^mb zh@=$SLx#RL#x;Fm>|(8parpxnN&_hxOVN}RhfU{RR;U<{G`1G{6fQ8Jdj!`a?}{5S zU7%HOce@%^8Pmm-Qp2X`bgG95&f%pCH0lq)k|#wdO@5U5q+77YHEz0ee+K<%nX?f8 zJAA58hjDqU3tY~;bpThcasaUutk~28h{Mh~^g+wXwT_&NGCLL*J0%7{P!iXWL7Tr~ zaXN`O>N+!j;DSfmHK8z>S6*d@2+LzXz&eDZ1=vdEbRWPvM5GDW64#*qipc4&8V3#M zDg(PHE1juIWZnj(y2f(Oe^ALUE4(!Ra`c6i5eX6CPpv>BrD>ynBhQ(m?}L~(Bo7c< zV*zi+>(__hr^CfIn8i?&tzp@)rreamQ6;SB>>Vud0A#-Z5F+!422wW05S2&lq^0|l zD#s3Bd6T^fRz+fnsDzxEg(+vXhKvtVFRZ*_Xkt~GT)@CuIn4*Hf03#>)>%=wz*o_J zC|l%a8+C)r?OX?NEpsetGj)F5csXG8z;OtfpjKuP3Wd<3@uaeGg=g4Ey)!^M4;cJxpHN5DUzf#0vUbup#w2 zIdg3$nB9nF?s&7Qe{bLU&oVa>e^_CC91GWqm8k?_VxF2lHv4>1DE5KO8;(bit)a;k z1hM(|qIMe$v=%uRh27wCk%>dN);Kc!1Fgx_Yq#M(T8M;M#LTD$*;l_ElTc+N&R|}h z;BuyW8?IFbmNvL1D-iSVWJF;pGQBHa#c94ag`tj`?CJrOfAfQA00k&ppGA~(BQr1U zaDm3SPT{AQr`hzBEwDa>Ys_>}C#ZbUXG68dv!X=b)0cl=CQnxGHdvH_Noc}W3X~ke zZBo}5!zmH?#PH0H!OaFEVWn1T44JDP$Qg^0utr_u>;#vOU>(4<$b^!h_4}vGWUSbN z`$)wYWHxD=e{m+fb*nK-g478pUvf8rI^MzruaSk+FH&0Gq5aB^H?9!Bx)ph@rFDyO?0c;R=FWVZ*9J6#Dw3uLm)> z##_F84qrb_{usV~G9z%6Vdfq{IWxNj)FMO7TljtIe;`Qd48KpNB4upAg$-~C9SM>$ zrZr@u4X;>DXABl$V0<8ma2exNGsauyo87tF_TSpsmw&q7ho8Q5?TCsjU+hcS7PTAFn<)ae&;pO$PBfOUA67E^d->LT| zFr!m18lO2)4eTx<;q5CdjS?{Hf|NH5Eu>%@e?f{uTT3iT45G&LPx>@=5KVG>l@WkB zMqr!>D%X)gi9djWAH~^HTnAvKfF$z7S!81?73H~XV97mOj_Uxd$YnOjpiSHa>2I+r zL#DR&D4gGT{$y0!5E_)+FyzE_5SKu=87mCQ?$`?~ZxmXsi6R$sL!~AfyCo{;wp8hn ze{-Vn^V7rZ*~!fYlVYv#02I5S=4zJmVat%21amAfO-&4Jn>a>wh5vj)7EoUR{nS7xcKY&ZckWlGsMw(2HX*Y@~S_3eW1% zYxH>!lwOxDSBGGEWi|!VHvE|SIg((@M4JK3L<{&b0gKc_l7_wf*=#_E;>gEP%n~3V zC{I!%K+xuCZuE~8HNr(;E-FcmsK@~*kOP%}<2+VCjqB)YX|wWQD8BmFEGjKOQyX?- z8+~)5PUcx_;26=>0hZ>d zlTEx&!!m_?H{aHIdp^VCXrW`Cu%sH}kyX8I*bs^22{_8MVZHu{7*Pafwq>JW0r3 znSP~}NKaz>Djl3*>aOE%fn#+c2DrYX-WdCoCSjCntywzx+dGZKM^nH>m#q>a3wZ&= zBska5>IqkOd#EeX=xslS%+TJrogihebh@^X)Ykj=>;rVO{*P%sj=3f%aZy(`NWBM9 zTQ~EAb1AYy!wB^;@~x9IjQ^S&k`{4vQqGXF;f8mMcRcv#&z2|@OsO6K2-U#Xcp))n z+6Jwu$o^g5bMi)ML)8~c^xE!$s7jD!Dh5+r(@gl8n-8e_)&GpUYVW&z+2EdU_tzdn z!EW#!OZynM=YmKR);YJ~LD~?^HN?qi1y%|n5y>;Oq8F7iH zb~=j9IfKAWLlDcvn`tRvz?`|HnGl;3y4qN(%+n%dZZdNN5~FX!kB%?hm)#=~SJ=?b|Tv2+w}%2PIK8i!NJRPq_i*v*-^x;vgktN-I|(jh8o29dTkzyV8U)$={>z>~%sd%W9}PgO-&Gw=owWeS#joaui*t_oVP-;BvBw zmF{t~;dT%(?^_tEvLSH&%y_DMg;40_?%n-9Txhj^&DN}vFh&ZYfamLDH}$lE641Lw zAbzq`O`NEPqWNw{)b^QSMt}9}1-pGp?u!A#pB=p}*+OGN`ku;oy%h4HAIKN2?}RSU z_II?vCQ)gC)w?gBO2Xv6Ea$GRIj!wL0QLpd=~cA)g~7?=o8l=NQo5&9zvPaIR}X@z zArC?&pA%jmU#xOiN{BAI56y%MR-5Mk=IkUZWgWfo!Z6=LH@_%YLcf!&A!=)26WHZp z3g!*>^*BGld|4sJ`e%XnU3@wzyS*`I{(?Hmtp}SFP&r28k4m7*g4MdPSJ+RBmF=lp zkQi(7L-euY@GBYue~d)Su^z)OSKq~RO3J2vqFoRV+Q1>!=9|()_8dWZ=VR6Vp@oYz zxgp>7G3ph}`)znyK5fclb0%0e&BBlG4eNghbzgGx0-GbaY+TPibG_}xLZghNm^d_>oeDMJtq3kXP9w-l4o0{MD->FbV$AxENQd5Al2FJItbDS3G0`oVY<|mF5ov6?6BtpuSoEGM8#l(f;MP)BemBN~ZHC}Ok8#IsgQNNEiO z%ytUXm%1%#nwQ%!73)R*3iGy0#Ut43=IYaQ?`$A*cp%VNGNrDF5WEn3l<>YePQ@7d z*=%o-w5rykM6#IB>lKQJ+5T-)TX|VIMR0K1HL`O;fa-b#R`A{JGZuNC{lXKY4DT$kSTgb>xz#TBnn+^dkT=pbw?eqt6S#Qa0zL`Faxrr` zi}|Wplnf)m*kxS^?~EiL_5roa^d^r99S{oV5Pfc~ZSO&OgA)#0s9$L{X@d1gNQ(;O z=evlRaZotuWS$5hk~&4oPA&cpSPJe2qOUfq>~7XN34c^9N;yT&<{72^pf8gmyS<%H zt(rW-_d|E&?`*T)8TLqbpUTzbVcq%4yGmhgW;+4l6|2-(YR~iW&5**Pur6+M~ElTM+7#lMwg+qH!gf1&~?&QYfrL zN{e%q-##n#_HvH0iRQ3;F8DQo_RBsJk(9(0)HG%>LgcKMa`MV$>?VA=U>y&>yNDLU zT`C*gx1Nn<821L8bD>1*$t|MQru&T5MkiqUvTqj4hRbYnGev*TS%L_80^GUOdci_4 z<8>K{M?V;T`|8nI-u=Hefcs6i=50G`NFx;)|K7rzU9Tkg@6MZ}na*g*7*FGCk=L+& zPjk9iyc%uSFEzU{B3)RJ9a58RGCR;E4ww*i6(7Je4W0jpXTXiX<^hf@JQn2IDZS2l z=ah3DK5c?vWgCfsz_-D0K`O+Y$K#?=DiYEAQTl;fFtQ zBs{;f39REPNfnjZ#N_UVa~h4U=O2Ssu=)!kmuFQrmXNud{oxlH}Cs*m9fLNqH22< zQjuOTW)(ia4!T`vK%6bhds$fCf_f!rpNh?!&Co>eoG7Khvw-{AjX?pCZM;xE09EJF z(&w&FtFrqrQpsa^#UpD}X%UmdL0hNP^XJ_batH(n0o z#(VvcRSq;}#c=kR59bfyJ=))pdne&5+ket&lK>>V>dpIBYN6#^x9Ymg}s>}mSh()mGFqe!Y53FT5@)GwR(L!W7XK>N_i<0 zmISUIbYfl)9@A;*nW*#*9&1V#-34TJk7aNv7O+lZh7vZTrkW?geuV!^S;QrBIj1^)FeaH)#)xwfGu4NiL-tzuo;qzIuKb*cAUJGo~3dqf*u zi0RyTzF@z6BZtqN!1{VnDxaypz3_o2vYss{`q98GOl360*8MCzN34JSLlwbly6oXzFN3lKXHK+z(KJrZ;&Hb z7Fli=N7ihBb8FgSY1xyk7yqQte!Q-D;bJ*xIln9o#F#nY@cs1QXj{OT4K= z^?0eqe8(!8bofI>?ef&>p=`2QLSyfe6o;vZVy|JmDC_cC{`aL2LhPjnBf?8ARVchZ zXq&*`q|*1|Z7l5b%E!CWhQMWfo3+Qoe}^G{4A$*dPn9W@rvHKYH41(V4Zxgb)`TV7 z@5uBGwfLAzQQ6+?;u?{Q@V2D+WN23Fl(;ySYc~(Y&LyH4;xauQ*N}G{ zlK?kio>!HohboPp(9Nf~!dW#uL~Lb^wLSLP#kx1SqKW~=@=f?@Hzn5LP@yK=GHE;e zviGjW)NRUPa5*-1C*;7H5>OM7O@6FeEVhB%PXfjQP54O@5LXf_o$@d8F&2;$#;b;1 zHiE`jM_!YO3zinJ{nCC>ggyf6($^$W3(5RniqA3m=IzyKzdK@oLN^-mli>b z zDcV}CeM~;MoyYA#FJ#~ided2Z>wPFBTa6#sD?_#(Xsx8RH(c7L03D9>OU~|_l{D0* z3ucF))XbMSE-tIWW&X5Tl z)nBqj{wo=rTUM~f{v*ev@V*YDp50!psvny~b4vflj96K%2akAsBAB}TFDf^_$AfWz zC5nbrU2qsNgPv+K6JI}8r4n+r6@`@9kT(GuA?J0qAqA#>W?lJ5s#wqZpRM~2em2)U zVJ8O+yUhGy319SeJf4a&R~_c<$u-@8EOn07fS!TU*EBsO#)=(c|}DYBX5 zhieP#D8)T!+sJ}v@ZB|Mmu1L&#*gPtt>QZthV8N`QcI~=5mEzW8sska&%pd zW^kFY9LyvwF#l=b-gZuyGhF8+62eon{-*Kk8lnCboCIMNJU_DiXJntInhC_Dx{{VjHJc_>Th8Ayg1GFS-N+IjZ_jf`;lke18OkHrlwsIJ9 zl-iASCP1H4RxUBM`G##PfO@E!WXLHm+fL;xi`mw4g-q%$DyfH&O9-1y_r%={7m^r} z$Q(jP9hK2s{Fhz5fpDR78M#-2(kzvQTMi&58f}rzw{=V;Rntwc`btKBz`K8JD};1i zI6t473qF)3a`9^GL9{sF@;DLKlL<5?b8ZnXK4^Ep5<_LyDR0dK{zDTraVcd(?`;D0 zUq(;BlSz8zg=zAk`!*WB8v18pnf%Xcl`2vB*6hjg(3u2wbHQES(U_&6)RDFL8y`Wul36 z30WvQ*}3LWLO6S)ZowSTwE_Zntg5(olI-ilqGCmHeG(cLE=Et%1-gb{`z{!w%0{C= zLiZu=&QFYb+>bFS<7lfp1aT72jA>eLCkqdc@!PVLmhFL)6B{uDj^%gv29w++oBIqC zia*ekD!`}6X)|ovJ&jcrUHG0LbL^g6Ln{Tl^ffm>ff1r!=m5138Mwde;F%aaSTvSf zQxn7LU&S8|!Ug|nc~9F@D1U;`6umr94CEE}hw^E!u!oZgL+veS?64a?dc|K5Q)=f} z6hDbUxT z@8D<5uUD-_KAq*C6nmDMmKP^g&HW-Or$eCda6}sR&iF}(z;4*5cL3H*N1eJ9B~#N;*BS{BKa=QSzy90dOC?SAIsfq%P)r3^RHsIrdcvL1{Jj zgP=m57~UH97>DJ;cy9^bG9MxxygC zjf<9s(n8O^K3>bG-9;qTu8|hOXAo>sU#qxz>DZ?R!=j~1B7wHsgPKSxO;%N}c+$JF zlC9^}WfO7TIPwryA2Dxw^NAT^R=qqjkT^b#HNHL0Nn)VIy^0VNdO2wGX3Lr|`)qE3 zxc)Fz(mL{M?2w9ll{b|lE9{NWx0tx)jf*l%K_yOkI zcUQlke5oZ?4h{~jGpr;2X;o4s^2TGC8hrLNc~{?lejxq?PXZWe6<9WUhp=2D0n-It zI4zctbLH20-g{xNSBg~Cj?a(c4{yLGmR_;G%m-q0dv>o#v@xw~JFVi_rWn>@4VOiJ z#^y}F&lqRUHSdIx#~gU@EF@A34gX%Wg=OW>fV7y#*7cpJWLt$k2L>I{x%|20Y#sJ& zT<%Gk8x!F`;9ppu|J5^~Pufv90N7P@!Z`hjAtvFCs zUcsE?xX|Vuzka$V!+d|`V6I*z6qmaz zwFXZdEK$^>SjE=M(VreYoC=Y7aq3j7sQ=eFn2VD8nPj;zo|nidP%k$-aPKc;-4ZGl4aEz6Utnqj zF~*fhJNKnWE%-hcOVK zPkN`ABB^^oVM%3o7M^*w?f_CiwW(lTB+M#MKwSzBg-N2W--(+bdbV%Xd?>V3eX0}q zQ|Yek$<0Xl1C_Je;U{_`g{-_*Y+aU0eL@2VuGKMRbNA@nWHd+iXq4Hv zdEhbKU$E|7k740jX>~0q+B$T}0p$WzLkQ)*O)Lv^i^|Eo_})K!>J>}R<>qaTpcAI2 z{3(f5cLX~a+k8Lbz9g87PtHBlXvNI*4!7@9zmTRh{iMA!x6!p)`L`D;@Je@QooI`% zLp^Nwh^^Y#Zh~4hto+c|rE%NGSPy=k(`F~Ei@tOZlHQyBO`@wu;^|$9#b*G(z6U+V zWe&(KZS_wiX7w`+%*+OLy%&877Fs)aaV8~JNO3T9*$R-X1@pM&sDM{#c3q>d(aLD7 z-%Qo-x1;*-2PYR0i<$k#4>upMjQOP!RTfzq4dKld-A}xtQ`yqP_qEYP(9`+CuHZg zhz>(fQue$v9;UBdF?EeXHe_I|QH9wX;K}8Bt9cfMql~AmKC%Cccc)d#7w54(+}HcM zI!p5Rih?)ymV4ME$PFY$ct5CJ&SgYehr-xxer;Flryr^|2Djk)OvtvAi3X6^^TYEr zeBkC00)-+Th_{COWD>x46#=7+VAdr|bkz}JudRemN~U~#I~}7j@Qt42M-5KA(A^GJ zx#}XU(ZFgcV~Lza^rQ6N6+3cW65Vlcqe5Pp9*rAsvhl<7b90V?l!L$ZIJ4m%E@U=N z(1(w#fSIWdMpitcP$Fikcg1w=Z~;96;a<1M3Epkl^A96%2m!z5Y2|l$cRzgM@{ajE ztHsk0%=aNo53`EkB07`L2ByMdzliYKMD&6G)|EO1nH+^{MqXhdY@FX=tOt6Vi0ey{vA4bmv{(UKbe=b#H?5h zNclV7+{KN$N1+0S^807yWJRoY+TSPTs_z)dEF7k76X4O~5vraMOnK#3j{GeBGR`wu zUUw7&l2X9|!9fM;ouRo_UJHU6=Cbd;6w==zep#l!Y%W&;|D2_1EV!<}C4*ZJdE>8s z!M?l+iceBdRydY}N-RLmR|$+x=%_IFv>I#!yra`#Zu1~o}tud7i)X=qs(Eow9 ze8Vx?VVWavo6UF>rEn6g__mpY;bb&)Y^D%H~_tQY0W!H|*_BSR$jV&W5PuwXznbM=QWixSI z&Xx~L6xb|q1JNMz4xvs#_s@T&DZQ{T_NB~ptOMu>FWZ@zTQ1u1^o3m)(y{%B8N6*# zv2F@trIDV0J_30=`*4LgO&o!4spZxd089~OUas&`wcULZ(T~-Wt+B`}h)NWA@Pjhr ziGIqBd^NK;u1se;6D=}&Dx4N0|BJZp&fRzLH8LZAXxduIt}1kL5tNL`0nd(JkqZoG z#OgESCVM$|x~DdEpEzgMo!K9Hq_$UuynsiY8Ec5ZjFrqR4q2VDSM)DQ1CCN(0Mqfg zx6&qZ#OFtj)P_;((`vI1zIDYKo+8R{YBA9fda@xHV0k=F)fk_}Q9MFBh33t9sZUv- zl8>Aj1Zjp`WanC5DwE~~$Mp}LYsDkCK&QMkxkEq(iN>&U`s4ZnhuLL50&GqsE&2(! zDM>;DDHT83CEY(rSqqJ7P%I`u#DLa^;O@a#N~uf3tA1sA7vg0-9MXWHZ4<`}r#1_W zHAX+xp=(Pvx1}c#?P(xnk~wP%oi4D-+~lmBwQphx6LPwD#{A9?yE=Q7F(}#a?56U} z{SV3@ef8zXHKLufJ2H{efJ3#O2wG#AprSVyJfxXZ=L)qB2h|ylP1OM;c4(@ntR)%s z8!XLpt%x__&aCGRPK3P9y2LpN6}FG&&%uRU4}E!-f}1(y)FC0akH;s8%+?W0No?wK zLfR^HdUI~G;$y8s4a{%pC@r_(zp0;>tISsIr%I&Ab$U58RnzH5%cAum!=CudwR~!K zdn(z|(mx%6M;cKjvH(B==3N`3?mTFS$tv84C#p8wjIL{511_r@DtRLULj(y`i0|R_ zX!s zO;g69dm<)W8oRvK*1k7*!%GlUx`(TP%=NmkHXfp%K`g6|oWAf3^n@8+M`oj22v<9p~aqn ze0%J^Q`NSHo8GdZgbSXF)!2aC4E?ppp?;XyN;3N?L?R*S%% z0uVz-x0zfv*BX@I;>Bc9B=hQ-oWedr&lMwZ8_GUf`^42UK1lwLFktm^9DdmX=$1_> zbeh|W z-Ez7=ZDl#W&ZUw_5S#!>#3~VG?KD+%ti#uUZG9o#a3iKM=5?f@A1a6JqiG-t_=`Iy zx&V{e4nu?(HdEJi(WHXs0w}5G1(xl-8oBZ>^c+3%Nu?J?C<$R11GRob#j(O4C=S0 zOpA72u0~$cd=Z^`IEodHY!AuhdP0W0?YXcyZKKlIYi^doEcYfy8g;yjAI(gVFGR zGdD%sy%X%L=VX(tjT;*Hp(J&w4^uyGa!Dg%k*uk_@rMiMF;&ZRVaieoWWY%txLK2# zBzYuKy97&Fn7MWv%U?&p3w;uYkz1^>_|UN8jn$#1f-6+VNrwY9)7?|Thhs?7jkoJ7 zyGc0A)h9&mHkv;5I)N2%<-?a8J{6{=<1Ye{m@5;c=UMqGYH~a_%|lD5!r=~yv9Afe z2UpglysFJ<#UCH3kP@6F{|mq?0!r+}rSz}CmOab3NL%2+>O4z`L`{`Qh*GH?d+2Q6 z%*k+DEjsviV^g%_I@m%I-nfOJv-6$DRyLsU^Z77ej80uXx8+?%CN2rn*SGcq=DnW! zc=jn23!!%cq|lsq{#w?S&MKJU-r4^;Ok%>Ul(30Vs^6u0ct9BbI!6I_cP2Y-#rO34 zmrZhGvb9928sz-Ur(e$S$In|3g^WHcarR*A?aCAHSxQ@fQqmdWaa-*0gKvr{b_vcT zlQX2H|5kYGv>PiJSK!ZcxgokHmyAO5mhj!b_xxMjx+46e&XeNx-g|`|-_T-FEKg9g z*Bg_@=1>xAS!JTAWGDfqI=NyL;LWnDL}LAGw2&Mdxz~2DV^tFFx@hY*qD3l#IJ=s{ za@aoW)K)K3WT_L}k~9j)KO@6oyrWC%G6gN&7Uw<9B-0C4)mpg@J1C{G`yb1DefDp1 zbKw=Oe{;0RGsxTIdPW5U9CbP2Zd>N})mB!8rW!UV!yo5-DH~u`9;Zk=30_&G*_g?G z5wonVn#MT2`Kt=o!WVCp!w{R1%cQC-Ch3c|t0@C)D>`-Q8;e~djb|_NS4Mop_V*je zVK~=puv>O9iJFW*-vT@dF#7({)fm`Jbta6cxh8z*{mv~B>!E%oW{7HynT+TR<{l;1 z&_R>#;1##&_+16O{kn64kbi_cjX~-w1IufI>nXX8tL%qUF3dbPcUd16{qix>(p0G( zVc@4UR4=dEnrT|R=TqGh9XBCEcZIPM$vWKd2%$J}XU+Y+wUUL9yrZ>~RPJXOCZ(GShkuh*`!2VYrssGRmDyg* zm(CugM&P|=8(p^H4y)3Nby!iva%StzVzgE?yolNR_?FqGT5&qK{jTQp3$rw!HGJ=pG!}yClC~B%a+VH z*>D@+F-&7abjSD#&nqfrKSN4ZZxjJr!_!!w*^Ty1*A{Cp%%wb+jr^zIOaL>Pp_fAL zt}ahpQhN2ZWR&A6EqpJ1XC1z$H{F2BnX2n}qAl2^RMk~SMM7Jx7(2N6^P=`10B{5ixGCwHOJ(Np zTns{7A;TltzrC#BQXQ=_VWaOQ<3s7*D+R(vZG3jEEMYKIeQlW>)O5~3L|WQF>cRra ztw9n{z7S-oq8Xv@HiXZ{XTy$P?523cb64b)d*w;Hb?90e*b}I~>o5%< zFtic{eVzq>3;=FG<1u8*m)UB?MWiK^3y7qBxI$=%1dPI%;;NRJ_52fFX4@J(cH&=k zA#@I|vJ~-F$x~&50*E5ZtE-qFebC%RWtO+Fon%Rz$5w6IGQj%LT1f?chf#*9P=VB2 zE~4yqJZ2B(hLVdiICA1BFg%iv;nI|@;^d8c+qFmoyfuKgA=uSlKk+6Y5SK-dNU@n{ z8RvyeFsTc@f9B7>OX!-YK1N&GSy*^KNI+%5d!(a3c#pM!dWL)`x!5aG=%7(16 zv+-o`d+CL$=$;EFNPJGT;!9`&7oYV|A!55@8Hab_s60Yn*j|z>VMFwvXZLIk5Bc2Y zB-4MIKsbA!Ki?r*cdaAzTmxN+7A%W8bxAdoxYZ%GW86rApq!W>=1@~mpyeV}Jh z{esH_4;&8Ft3;a1|CQZBI`0yMlBBZi-P3s9+59_rbNC&di|0nvvndNjX?1z(=9fPu zFeCYdrE|TaD>W!+rJflzF(WghwUfbXz(dv~h4(32Au20`(WCZ>gU7Tq#^c zWEChgwsA>-cYonX6V~cc;0Gbhc@#?)oaSe#9KrK&HeZljYBN5f8)|?&B2j_DB_=n% zg^cF1Z+0{*!l#JY!VYW2Sz(%&nbO6#TiK8lxB%2bBPkJFl$d1*&tozv`nIrUk^_ykgFAv96eki!0s?Rs1l|NzFBid za~xC)W_nF(`5+!mpSX}&hhHJ8(JStkz!yeC$u86-YPR_P=>^*XZW2S>7{Tf_%gDOO zzvVn-7ANaJ5?w*sJT1ZWj*;WhmRMX%y2eu{#wv+cld_)h1<6J2+-b6XRh3TYkW$Wm zCi8Q=mj4XxfaE80<{-FOk}b?8_;nkd-hh^JMs&OxzI9!2P_j$!u5y%lVpPkj)R={I zNPTV=#TXa;c_hv3hxyvGHortt9Trc^T~X`1>21;we0b7SYr!f@ zK)}6g{*FK#@JtU8h*-L?yViWPk67w8vSKvPc(?%IozVWdtXE7oKQY>wTF3VCaa)=< z?JKUX*54s5Jxsr!wuMv$q==A)l+t&U+>H2SlS(<{a9# zNO*!YelU|OUfu|+d&b)E`{>xvrX8_@H3z7}}n<{C{%J>B3}G9*4$UN(#~xAc435 zISKd-JP}!PjVSG;EM4$;Tnxq-@HYrK#e;wUY~h6{LEo&lsQ0a)=4MaPvc^Q{DxrbE zgqU{fA12e*UoE@hVss7NgS0gmzezHAlOR{!2uEePYpUz7I3WK)f>)(QxG2$M2S8!f zE@aPpBW-VVM<;OmND)Mkwwn)N~i z_q|6`mLD(OL$Q4_2IT4rf11?oRd|T8L~jS5TSlTXp4E@3Vc)4jcW-!YA2f&VuWtqZ zi_OQF}XD_HrAdw%nVZll%pFy>Z8R6m~=dd|AyZEapD-{2GH&!7t};UMhMh ntq}BCmy*ctAcmlvcojNl&h1R3e-N8sJ`6<$EQPojbcFu{Uulc6 diff --git a/x-pack/test/functional/es_archives/reporting/hugedata/mappings.json b/x-pack/test/functional/es_archives/reporting/hugedata/mappings.json deleted file mode 100644 index d1cb75c1f5150..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/hugedata/mappings.json +++ /dev/null @@ -1,2523 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": { - } - }, - "index": ".kibana_1", - "mappings": { - "dynamic": "strict", - "properties": { - "action": { - "properties": { - "actionTypeId": { - "type": "keyword" - }, - "config": { - "enabled": false, - "type": "object" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "secrets": { - "type": "binary" - } - } - }, - "action_task_params": { - "properties": { - "actionId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alert": { - "properties": { - "actions": { - "properties": { - "actionRef": { - "type": "keyword" - }, - "actionTypeId": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - }, - "type": "nested" - }, - "alertTypeId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "apiKeyOwner": { - "type": "keyword" - }, - "consumer": { - "type": "keyword" - }, - "createdAt": { - "type": "date" - }, - "createdBy": { - "type": "keyword" - }, - "enabled": { - "type": "boolean" - }, - "executionStatus": { - "properties": { - "error": { - "properties": { - "message": { - "type": "keyword" - }, - "reason": { - "type": "keyword" - } - } - }, - "lastExecutionDate": { - "type": "date" - }, - "status": { - "type": "keyword" - } - } - }, - "meta": { - "properties": { - "versionApiKeyLastmodified": { - "type": "keyword" - } - } - }, - "muteAll": { - "type": "boolean" - }, - "mutedInstanceIds": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "notifyWhen": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - }, - "schedule": { - "properties": { - "interval": { - "type": "keyword" - } - } - }, - "scheduledTaskId": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "throttle": { - "type": "keyword" - }, - "updatedAt": { - "type": "date" - }, - "updatedBy": { - "type": "keyword" - } - } - }, - "api_key_pending_invalidation": { - "properties": { - "apiKeyId": { - "type": "keyword" - }, - "createdAt": { - "type": "date" - } - } - }, - "apm-indices": { - "properties": { - "error": { - "type": "keyword" - }, - "metric": { - "type": "keyword" - }, - "onboarding": { - "type": "keyword" - }, - "sourcemap": { - "type": "keyword" - }, - "span": { - "type": "keyword" - }, - "transaction": { - "type": "keyword" - } - } - }, - "apm-telemetry": { - "dynamic": "false", - "type": "object" - }, - "app_search_telemetry": { - "dynamic": "false", - "type": "object" - }, - "application_usage_daily": { - "dynamic": "false", - "properties": { - "timestamp": { - "type": "date" - } - } - }, - "application_usage_totals": { - "dynamic": "false", - "type": "object" - }, - "application_usage_transactional": { - "dynamic": "false", - "type": "object" - }, - "canvas-element": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "content": { - "type": "text" - }, - "help": { - "type": "text" - }, - "image": { - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad-template": { - "dynamic": "false", - "properties": { - "help": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "tags": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "template_key": { - "type": "keyword" - } - } - }, - "cases": { - "properties": { - "closed_at": { - "type": "date" - }, - "closed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "connector": { - "properties": { - "fields": { - "properties": { - "key": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "id": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "description": { - "type": "text" - }, - "external_service": { - "properties": { - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "external_id": { - "type": "keyword" - }, - "external_title": { - "type": "text" - }, - "external_url": { - "type": "text" - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "settings": { - "properties": { - "syncAlerts": { - "type": "boolean" - } - } - }, - "status": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-comments": { - "properties": { - "alertId": { - "type": "keyword" - }, - "comment": { - "type": "text" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "index": { - "type": "keyword" - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "type": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-configure": { - "properties": { - "closure_type": { - "type": "keyword" - }, - "connector": { - "properties": { - "fields": { - "properties": { - "key": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "id": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-connector-mappings": { - "properties": { - "mappings": { - "properties": { - "action_type": { - "type": "keyword" - }, - "source": { - "type": "keyword" - }, - "target": { - "type": "keyword" - } - } - } - } - }, - "cases-user-actions": { - "properties": { - "action": { - "type": "keyword" - }, - "action_at": { - "type": "date" - }, - "action_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "action_field": { - "type": "keyword" - }, - "new_value": { - "type": "text" - }, - "old_value": { - "type": "text" - } - } - }, - "config": { - "dynamic": "false", - "properties": { - "buildNum": { - "type": "keyword" - } - } - }, - "core-usage-stats": { - "dynamic": "false", - "type": "object" - }, - "dashboard": { - "properties": { - "description": { - "type": "text" - }, - "hits": { - "doc_values": false, - "index": false, - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "index": false, - "type": "text" - } - } - }, - "optionsJSON": { - "index": false, - "type": "text" - }, - "panelsJSON": { - "index": false, - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "pause": { - "doc_values": false, - "index": false, - "type": "boolean" - }, - "section": { - "doc_values": false, - "index": false, - "type": "integer" - }, - "value": { - "doc_values": false, - "index": false, - "type": "integer" - } - } - }, - "timeFrom": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "timeRestore": { - "doc_values": false, - "index": false, - "type": "boolean" - }, - "timeTo": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "endpoint:user-artifact": { - "properties": { - "body": { - "type": "binary" - }, - "compressionAlgorithm": { - "index": false, - "type": "keyword" - }, - "created": { - "index": false, - "type": "date" - }, - "decodedSha256": { - "index": false, - "type": "keyword" - }, - "decodedSize": { - "index": false, - "type": "long" - }, - "encodedSha256": { - "type": "keyword" - }, - "encodedSize": { - "index": false, - "type": "long" - }, - "encryptionAlgorithm": { - "index": false, - "type": "keyword" - }, - "identifier": { - "type": "keyword" - } - } - }, - "endpoint:user-artifact-manifest": { - "properties": { - "created": { - "index": false, - "type": "date" - }, - "ids": { - "index": false, - "type": "keyword" - }, - "schemaVersion": { - "type": "keyword" - }, - "semanticVersion": { - "index": false, - "type": "keyword" - } - } - }, - "enterprise_search_telemetry": { - "dynamic": "false", - "type": "object" - }, - "epm-packages": { - "properties": { - "es_index_patterns": { - "enabled": false, - "type": "object" - }, - "install_source": { - "type": "keyword" - }, - "install_started_at": { - "type": "date" - }, - "install_status": { - "type": "keyword" - }, - "install_version": { - "type": "keyword" - }, - "installed_es": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "installed_kibana": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "internal": { - "type": "boolean" - }, - "name": { - "type": "keyword" - }, - "package_assets": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "removable": { - "type": "boolean" - }, - "version": { - "type": "keyword" - } - } - }, - "epm-packages-assets": { - "properties": { - "asset_path": { - "type": "keyword" - }, - "data_base64": { - "type": "binary" - }, - "data_utf8": { - "index": false, - "type": "text" - }, - "install_source": { - "type": "keyword" - }, - "media_type": { - "type": "keyword" - }, - "package_name": { - "type": "keyword" - }, - "package_version": { - "type": "keyword" - } - } - }, - "exception-list": { - "properties": { - "_tags": { - "type": "keyword" - }, - "comments": { - "properties": { - "comment": { - "type": "keyword" - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "updated_at": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "entries": { - "properties": { - "entries": { - "properties": { - "field": { - "type": "keyword" - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "field": { - "type": "keyword" - }, - "list": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "immutable": { - "type": "boolean" - }, - "item_id": { - "type": "keyword" - }, - "list_id": { - "type": "keyword" - }, - "list_type": { - "type": "keyword" - }, - "meta": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "os_types": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "tie_breaker_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "exception-list-agnostic": { - "properties": { - "_tags": { - "type": "keyword" - }, - "comments": { - "properties": { - "comment": { - "type": "keyword" - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "updated_at": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "created_at": { - "type": "keyword" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "keyword" - }, - "entries": { - "properties": { - "entries": { - "properties": { - "field": { - "type": "keyword" - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "field": { - "type": "keyword" - }, - "list": { - "properties": { - "id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "operator": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "value": { - "fields": { - "text": { - "type": "text" - } - }, - "type": "keyword" - } - } - }, - "immutable": { - "type": "boolean" - }, - "item_id": { - "type": "keyword" - }, - "list_id": { - "type": "keyword" - }, - "list_type": { - "type": "keyword" - }, - "meta": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "os_types": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "tie_breaker_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_by": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "file-upload-telemetry": { - "properties": { - "filesUploadedTotalCount": { - "type": "long" - } - } - }, - "file-upload-usage-collection-telemetry": { - "properties": { - "file_upload": { - "properties": { - "index_creation_count": { - "type": "long" - } - } - } - } - }, - "fleet-agent-actions": { - "properties": { - "ack_data": { - "type": "text" - }, - "agent_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "data": { - "type": "binary" - }, - "policy_id": { - "type": "keyword" - }, - "policy_revision": { - "type": "integer" - }, - "sent_at": { - "type": "date" - }, - "type": { - "type": "keyword" - } - } - }, - "fleet-agent-events": { - "properties": { - "action_id": { - "type": "keyword" - }, - "agent_id": { - "type": "keyword" - }, - "data": { - "type": "text" - }, - "message": { - "type": "text" - }, - "payload": { - "type": "text" - }, - "policy_id": { - "type": "keyword" - }, - "stream_id": { - "type": "keyword" - }, - "subtype": { - "type": "keyword" - }, - "timestamp": { - "type": "date" - }, - "type": { - "type": "keyword" - } - } - }, - "fleet-agents": { - "properties": { - "access_api_key_id": { - "type": "keyword" - }, - "active": { - "type": "boolean" - }, - "current_error_events": { - "index": false, - "type": "text" - }, - "default_api_key": { - "type": "binary" - }, - "default_api_key_id": { - "type": "keyword" - }, - "enrolled_at": { - "type": "date" - }, - "last_checkin": { - "type": "date" - }, - "last_checkin_status": { - "type": "keyword" - }, - "last_updated": { - "type": "date" - }, - "local_metadata": { - "type": "flattened" - }, - "packages": { - "type": "keyword" - }, - "policy_id": { - "type": "keyword" - }, - "policy_revision": { - "type": "integer" - }, - "type": { - "type": "keyword" - }, - "unenrolled_at": { - "type": "date" - }, - "unenrollment_started_at": { - "type": "date" - }, - "updated_at": { - "type": "date" - }, - "upgrade_started_at": { - "type": "date" - }, - "upgraded_at": { - "type": "date" - }, - "user_provided_metadata": { - "type": "flattened" - }, - "version": { - "type": "keyword" - } - } - }, - "fleet-enrollment-api-keys": { - "properties": { - "active": { - "type": "boolean" - }, - "api_key": { - "type": "binary" - }, - "api_key_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "expire_at": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "policy_id": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - } - } - }, - "graph-workspace": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "legacyIndexPatternRef": { - "index": false, - "type": "text" - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "dynamic": "false", - "properties": { - "title": { - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "infrastructure-ui-source": { - "dynamic": "false", - "type": "object" - }, - "ingest-agent-policies": { - "properties": { - "description": { - "type": "text" - }, - "is_default": { - "type": "boolean" - }, - "is_managed": { - "type": "boolean" - }, - "monitoring_enabled": { - "index": false, - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "namespace": { - "type": "keyword" - }, - "package_policies": { - "type": "keyword" - }, - "revision": { - "type": "integer" - }, - "status": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "ingest-outputs": { - "properties": { - "ca_sha256": { - "index": false, - "type": "keyword" - }, - "config": { - "type": "flattened" - }, - "config_yaml": { - "type": "text" - }, - "fleet_enroll_password": { - "type": "binary" - }, - "fleet_enroll_username": { - "type": "binary" - }, - "hosts": { - "type": "keyword" - }, - "is_default": { - "type": "boolean" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "ingest-package-policies": { - "properties": { - "created_at": { - "type": "date" - }, - "created_by": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "enabled": { - "type": "boolean" - }, - "inputs": { - "enabled": false, - "properties": { - "compiled_input": { - "type": "flattened" - }, - "config": { - "type": "flattened" - }, - "enabled": { - "type": "boolean" - }, - "streams": { - "properties": { - "compiled_stream": { - "type": "flattened" - }, - "config": { - "type": "flattened" - }, - "data_stream": { - "properties": { - "dataset": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "enabled": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "vars": { - "type": "flattened" - } - }, - "type": "nested" - }, - "type": { - "type": "keyword" - }, - "vars": { - "type": "flattened" - } - }, - "type": "nested" - }, - "name": { - "type": "keyword" - }, - "namespace": { - "type": "keyword" - }, - "output_id": { - "type": "keyword" - }, - "package": { - "properties": { - "name": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "version": { - "type": "keyword" - } - } - }, - "policy_id": { - "type": "keyword" - }, - "revision": { - "type": "integer" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "type": "keyword" - } - } - }, - "ingest_manager_settings": { - "properties": { - "agent_auto_upgrade": { - "type": "keyword" - }, - "has_seen_add_data_notice": { - "index": false, - "type": "boolean" - }, - "kibana_ca_sha256": { - "type": "keyword" - }, - "kibana_urls": { - "type": "keyword" - }, - "package_auto_upgrade": { - "type": "keyword" - } - } - }, - "inventory-view": { - "dynamic": "false", - "type": "object" - }, - "kql-telemetry": { - "properties": { - "optInCount": { - "type": "long" - }, - "optOutCount": { - "type": "long" - } - } - }, - "legacy-url-alias": { - "dynamic": "false", - "type": "object" - }, - "lens": { - "properties": { - "description": { - "type": "text" - }, - "expression": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "state": { - "type": "flattened" - }, - "title": { - "type": "text" - }, - "visualizationType": { - "type": "keyword" - } - } - }, - "lens-ui-telemetry": { - "properties": { - "count": { - "type": "integer" - }, - "date": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "map": { - "properties": { - "bounds": { - "dynamic": "false", - "type": "object" - }, - "description": { - "type": "text" - }, - "layerListJSON": { - "type": "text" - }, - "mapStateJSON": { - "type": "text" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "maps-telemetry": { - "enabled": false, - "type": "object" - }, - "metrics-explorer-view": { - "dynamic": "false", - "type": "object" - }, - "ml-job": { - "properties": { - "datafeed_id": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "job_id": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "type": { - "type": "keyword" - } - } - }, - "ml-telemetry": { - "dynamic": "false", - "type": "object" - }, - "monitoring-telemetry": { - "properties": { - "reportedClusterUuids": { - "type": "keyword" - } - } - }, - "namespace": { - "type": "keyword" - }, - "namespaces": { - "type": "keyword" - }, - "originId": { - "type": "keyword" - }, - "query": { - "properties": { - "description": { - "type": "text" - }, - "filters": { - "enabled": false, - "type": "object" - }, - "query": { - "properties": { - "language": { - "type": "keyword" - }, - "query": { - "index": false, - "type": "keyword" - } - } - }, - "timefilter": { - "enabled": false, - "type": "object" - }, - "title": { - "type": "text" - } - } - }, - "references": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "sample-data-telemetry": { - "properties": { - "installCount": { - "type": "long" - }, - "unInstallCount": { - "type": "long" - } - } - }, - "search": { - "properties": { - "columns": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "description": { - "type": "text" - }, - "grid": { - "enabled": false, - "type": "object" - }, - "hits": { - "doc_values": false, - "index": false, - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "index": false, - "type": "text" - } - } - }, - "pre712": { - "type": "boolean" - }, - "sort": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "search-session": { - "properties": { - "appId": { - "type": "keyword" - }, - "created": { - "type": "date" - }, - "expires": { - "type": "date" - }, - "idMapping": { - "enabled": false, - "type": "object" - }, - "initialState": { - "enabled": false, - "type": "object" - }, - "name": { - "type": "keyword" - }, - "persisted": { - "type": "boolean" - }, - "restoreState": { - "enabled": false, - "type": "object" - }, - "sessionId": { - "type": "keyword" - }, - "status": { - "type": "keyword" - }, - "touched": { - "type": "date" - }, - "urlGeneratorId": { - "type": "keyword" - } - } - }, - "search-telemetry": { - "dynamic": "false", - "type": "object" - }, - "security-solution-signals-migration": { - "properties": { - "created": { - "index": false, - "type": "date" - }, - "createdBy": { - "index": false, - "type": "text" - }, - "destinationIndex": { - "index": false, - "type": "keyword" - }, - "error": { - "index": false, - "type": "text" - }, - "sourceIndex": { - "type": "keyword" - }, - "status": { - "index": false, - "type": "keyword" - }, - "taskId": { - "index": false, - "type": "keyword" - }, - "updated": { - "index": false, - "type": "date" - }, - "updatedBy": { - "index": false, - "type": "text" - }, - "version": { - "type": "long" - } - } - }, - "server": { - "dynamic": "false", - "type": "object" - }, - "siem-detection-engine-rule-actions": { - "properties": { - "actions": { - "properties": { - "action_type_id": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "id": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alertThrottle": { - "type": "keyword" - }, - "ruleAlertId": { - "type": "keyword" - }, - "ruleThrottle": { - "type": "keyword" - } - } - }, - "siem-detection-engine-rule-status": { - "properties": { - "alertId": { - "type": "keyword" - }, - "bulkCreateTimeDurations": { - "type": "float" - }, - "gap": { - "type": "text" - }, - "lastFailureAt": { - "type": "date" - }, - "lastFailureMessage": { - "type": "text" - }, - "lastLookBackDate": { - "type": "date" - }, - "lastSuccessAt": { - "type": "date" - }, - "lastSuccessMessage": { - "type": "text" - }, - "searchAfterTimeDurations": { - "type": "float" - }, - "status": { - "type": "keyword" - }, - "statusDate": { - "type": "date" - } - } - }, - "siem-ui-timeline": { - "properties": { - "columns": { - "properties": { - "aggregatable": { - "type": "boolean" - }, - "category": { - "type": "keyword" - }, - "columnHeaderType": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "example": { - "type": "text" - }, - "id": { - "type": "keyword" - }, - "indexes": { - "type": "keyword" - }, - "name": { - "type": "text" - }, - "placeholder": { - "type": "text" - }, - "searchable": { - "type": "boolean" - }, - "type": { - "type": "keyword" - } - } - }, - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "dataProviders": { - "properties": { - "and": { - "properties": { - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "type": { - "type": "text" - } - } - }, - "enabled": { - "type": "boolean" - }, - "excluded": { - "type": "boolean" - }, - "id": { - "type": "keyword" - }, - "kqlQuery": { - "type": "text" - }, - "name": { - "type": "text" - }, - "queryMatch": { - "properties": { - "displayField": { - "type": "text" - }, - "displayValue": { - "type": "text" - }, - "field": { - "type": "text" - }, - "operator": { - "type": "text" - }, - "value": { - "type": "text" - } - } - }, - "type": { - "type": "text" - } - } - }, - "dateRange": { - "properties": { - "end": { - "type": "date" - }, - "start": { - "type": "date" - } - } - }, - "description": { - "type": "text" - }, - "eventType": { - "type": "keyword" - }, - "excludedRowRendererIds": { - "type": "text" - }, - "favorite": { - "properties": { - "favoriteDate": { - "type": "date" - }, - "fullName": { - "type": "text" - }, - "keySearch": { - "type": "text" - }, - "userName": { - "type": "text" - } - } - }, - "filters": { - "properties": { - "exists": { - "type": "text" - }, - "match_all": { - "type": "text" - }, - "meta": { - "properties": { - "alias": { - "type": "text" - }, - "controlledBy": { - "type": "text" - }, - "disabled": { - "type": "boolean" - }, - "field": { - "type": "text" - }, - "formattedValue": { - "type": "text" - }, - "index": { - "type": "keyword" - }, - "key": { - "type": "keyword" - }, - "negate": { - "type": "boolean" - }, - "params": { - "type": "text" - }, - "type": { - "type": "keyword" - }, - "value": { - "type": "text" - } - } - }, - "missing": { - "type": "text" - }, - "query": { - "type": "text" - }, - "range": { - "type": "text" - }, - "script": { - "type": "text" - } - } - }, - "indexNames": { - "type": "text" - }, - "kqlMode": { - "type": "keyword" - }, - "kqlQuery": { - "properties": { - "filterQuery": { - "properties": { - "kuery": { - "properties": { - "expression": { - "type": "text" - }, - "kind": { - "type": "keyword" - } - } - }, - "serializedQuery": { - "type": "text" - } - } - } - } - }, - "savedQueryId": { - "type": "keyword" - }, - "sort": { - "dynamic": "false", - "properties": { - "columnId": { - "type": "keyword" - }, - "columnType": { - "type": "keyword" - }, - "sortDirection": { - "type": "keyword" - } - } - }, - "status": { - "type": "keyword" - }, - "templateTimelineId": { - "type": "text" - }, - "templateTimelineVersion": { - "type": "integer" - }, - "timelineType": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-note": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "note": { - "type": "text" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "siem-ui-timeline-pinned-event": { - "properties": { - "created": { - "type": "date" - }, - "createdBy": { - "type": "text" - }, - "eventId": { - "type": "keyword" - }, - "timelineId": { - "type": "keyword" - }, - "updated": { - "type": "date" - }, - "updatedBy": { - "type": "text" - } - } - }, - "space": { - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "disabledFeatures": { - "type": "keyword" - }, - "imageUrl": { - "index": false, - "type": "text" - }, - "initials": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "spaces-usage-stats": { - "dynamic": "false", - "type": "object" - }, - "tag": { - "properties": { - "color": { - "type": "text" - }, - "description": { - "type": "text" - }, - "name": { - "type": "text" - } - } - }, - "telemetry": { - "properties": { - "allowChangingOptInStatus": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "lastReported": { - "type": "date" - }, - "lastVersionChecked": { - "type": "keyword" - }, - "reportFailureCount": { - "type": "integer" - }, - "reportFailureVersion": { - "type": "keyword" - }, - "sendUsageFrom": { - "type": "keyword" - }, - "userHasSeenNotice": { - "type": "boolean" - } - } - }, - "type": { - "type": "keyword" - }, - "ui-counter": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "ui-metric": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "updated_at": { - "type": "date" - }, - "upgrade-assistant-reindex-operation": { - "properties": { - "errorMessage": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "indexName": { - "type": "keyword" - }, - "lastCompletedStep": { - "type": "long" - }, - "locked": { - "type": "date" - }, - "newIndexName": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "reindexOptions": { - "properties": { - "openAndClose": { - "type": "boolean" - }, - "queueSettings": { - "properties": { - "queuedAt": { - "type": "long" - }, - "startedAt": { - "type": "long" - } - } - } - } - }, - "reindexTaskId": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "reindexTaskPercComplete": { - "type": "float" - }, - "runningReindexCount": { - "type": "integer" - }, - "status": { - "type": "integer" - } - } - }, - "upgrade-assistant-telemetry": { - "properties": { - "features": { - "properties": { - "deprecation_logging": { - "properties": { - "enabled": { - "null_value": true, - "type": "boolean" - } - } - } - } - }, - "ui_open": { - "properties": { - "cluster": { - "null_value": 0, - "type": "long" - }, - "indices": { - "null_value": 0, - "type": "long" - }, - "overview": { - "null_value": 0, - "type": "long" - } - } - }, - "ui_reindex": { - "properties": { - "close": { - "null_value": 0, - "type": "long" - }, - "open": { - "null_value": 0, - "type": "long" - }, - "start": { - "null_value": 0, - "type": "long" - }, - "stop": { - "null_value": 0, - "type": "long" - } - } - } - } - }, - "uptime-dynamic-settings": { - "dynamic": "false", - "type": "object" - }, - "url": { - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "user-action": { - "dynamic": "false", - "type": "object" - }, - "visualization": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "index": false, - "type": "text" - } - } - }, - "savedSearchRefName": { - "doc_values": false, - "index": false, - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "index": false, - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "index": false, - "type": "text" - } - } - }, - "workplace_search_telemetry": { - "dynamic": "false", - "type": "object" - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} - diff --git a/x-pack/test/functional/es_archives/reporting/logs/data.json.gz b/x-pack/test/functional/es_archives/reporting/logs/data.json.gz deleted file mode 100644 index dbd8f6f8e2e765a7d0186a8348beb80341d57d25..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1375 zcmV-l1)%yLiwFqjcuidZ17u-zVJ>QOZ*Bn1Tg`6cHW0q&DFmUXA{JyjiPt(MXm^1Y zZ5CJuEs!`cXo;5CP(MpjNxXsIq(D!7zdk~Tlq^fO7fl*(hKB&rkQ@$&oNtE1@zasx zxN2EYH*nl258Y!;xF@{SlqdLrPZsG`mPPcjR}iJB$O4|nQW2T-zBfahx?Okl?%14U zWKEZODZ&jmXNyy-0h$(!@fhUy331(!G zJf5cZVIV6iJcNG#5*If`K-6B5TJs)Uwb0 zr+LKS@)+TIU&F#4<&=WkBMh7!$rPRGcJ!;!XJ}IBQhe?1fw*ZV&w;EMS&)!odgHG+ z0)2cf$t@r%XI3Tjx)QXB&lX`#`7bp*KOKf{(FRvA<4DZ{SqtW~rj}mjMOsW#yg7@MI zvZs_HM1C^EKbuYPZ4Ihnqr6UTBR{X$XRRQI1rOX{u;^(f>-MJoEQtM@ZBzbu&rQ*~ zy=xNO_NfiqL9e52`!r)i=I~rUTS-OIt%trhe7l-2cQOob{Q6qm3bD&nOljJJiG8(c z_LO{D2YuGU^7<}YlylBxg8f81+b;EZNBVDdboBK6GJ8ph2$LWhki32;ihBJ%9rwoLFzlT~@BIGRkkT<7y}a_iV(vPfn)_;%Kyxpg3Av|{Gcnzq-@URnzObyw-T2HuqS!q29Kb z$y_MIsl#gTF4m&9__P__Qz7dW^jqXgkwzOI=YP;p{R*z3tG7m-6QkyzCm%139^j}a z5W907zh7{^!HRmS4dHW1^&3?HBRI+8(nLpK40jd1)nn>T-4%Q<7+2a%0{!ah8Xg&q4Z1bP(HNb8Nh>?Nqsx6^h&iC9VL}UM;2*=Z|{>|ElkA*j<|eTTd>0))(Z%H&Z1!%Xx4m&*rL!CV)-y3c{dlJ*sgp>0c11)N1=R007==tRnyb diff --git a/x-pack/test/functional/es_archives/reporting/logs/mappings.json b/x-pack/test/functional/es_archives/reporting/logs/mappings.json deleted file mode 100644 index 2e1873e43ffcc..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/logs/mappings.json +++ /dev/null @@ -1,263 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": {} - }, - "index": ".kibana_1", - "mappings": { - "properties": { - "config": { - "dynamic": "true", - "properties": { - "buildNum": { - "type": "keyword" - } - } - }, - "dashboard": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "optionsJSON": { - "type": "text" - }, - "panelsJSON": { - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "type": "keyword" - }, - "pause": { - "type": "boolean" - }, - "section": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "timeFrom": { - "type": "keyword" - }, - "timeRestore": { - "type": "boolean" - }, - "timeTo": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "graph-workspace": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "dynamic": "strict", - "properties": { - "fieldFormatMap": { - "type": "text" - }, - "fields": { - "type": "text" - }, - "intervalName": { - "type": "keyword" - }, - "notExpandable": { - "type": "boolean" - }, - "sourceFilters": { - "type": "text" - }, - "timeFieldName": { - "type": "keyword" - }, - "title": { - "type": "text" - } - } - }, - "search": { - "dynamic": "strict", - "properties": { - "columns": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "sort": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "server": { - "dynamic": "strict", - "properties": { - "uuid": { - "type": "keyword" - } - } - }, - "space": { - "properties": { - "_reserved": { - "type": "boolean" - }, - "color": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "initials": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "spaceId": { - "type": "keyword" - }, - "type": { - "type": "keyword" - }, - "url": { - "dynamic": "strict", - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "ignore_above": 2048, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "visualization": { - "dynamic": "strict", - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "savedSearchId": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "type": "text" - } - } - } - } - }, - "settings": { - "index": { - "number_of_replicas": "1", - "number_of_shards": "1" - } - } - } -} \ No newline at end of file diff --git a/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz b/x-pack/test/functional/es_archives/reporting/multi_index/data.json.gz deleted file mode 100644 index bb0e05d632f54f278a3427176104a8e05575097d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 619 zcmV-x0+jt9iwFpk>GNI!17u-zVJ>QOZ*Bm!l}&HjKoExS{0hXmNX7{SI2BqFEJ3N# z^aH9MCiYlf{ISUP#$KWP_s+UBVJOg4bq)ya>({g1XJ&S`jb^iz>kYPs&6X$K)*B-{ zK%|Var3Ed8XPz!^zm0oSXB-56d)dF74?5S2%5EHqhov#)nB`g9vO2$?WKyN>b1YKc zdXQJ!*_Lg!tzO%{yt6Nc-R{sDtah)F4U#+~m-QsLQYCq+&71G%&%Oj=6YcwMO^Oqs z#sHoyBrWd+fG%~}WM4?OE(Q6t)(SIbbW)O4CLv%S zBytU;JvJKKe@IPGdulp^zozDD(CZw_&Ukt*J0Efo8`Kgsuf60~;WA2JVnCPp`OF!R(=?)pd6`!CTv7wY@{r0`9vv+q|oW1NE@AK{+~e;-Uv7e F002xHGbR84 diff --git a/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json b/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json deleted file mode 100644 index f28ffce8ce3ce..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/multi_index/mappings.json +++ /dev/null @@ -1,92 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "tests-001", - "mappings": { - "properties": { - "@date": { - "type": "date" - }, - "ants": { - "type": "integer" - }, - "country": { - "type": "keyword" - }, - "name": { - "type": "keyword" - } - } - }, - "settings": { - "index": { - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "tests-002", - "mappings": { - "properties": { - "@date": { - "type": "date" - }, - "ants": { - "type": "integer" - }, - "country": { - "type": "keyword" - }, - "name": { - "type": "keyword" - } - } - }, - "settings": { - "index": { - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} - -{ - "type": "index", - "value": { - "aliases": { - }, - "index": "tests-003", - "mappings": { - "properties": { - "@date": { - "type": "date" - }, - "ants": { - "type": "integer" - }, - "country": { - "type": "keyword" - }, - "name": { - "type": "keyword" - } - } - }, - "settings": { - "index": { - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} diff --git a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/data.json.gz deleted file mode 100644 index a6330916d62f77c02dc978c12b512d0b21aa2a0f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 455 zcmV;&0XY62iwFp`>GNI!17u-zVJ>QOZ*Bn1mBCKqFc60CeTv9O)K*bpi^z!s;>Zbc zpsmo8I7G4ke?0zVCo}s|k_f-sqR0}VtQ2Dw-l3>i z*@sD(YQ?TL3O^@X@E*xz4vhn^t$|_!g>Hs%dD6u4qUoDngMn6ewj%kJIq79RF@m+x zSSZI?7W<_zP~uW#OL42fhtYT$xubMc&^-pt1#!`;s~}5T86U(njGZLC^{B#h1BFAD z5JJ(eAt>eZ$>{B{c|WJ@|!`tELmg0`GN+_gv&30xsA2SlYW0 zzK9OD7>DjcG~S^N5~a>5cAqCC7hc^S(r+)~dODw`-?I>IkkClvezR!Q)zNM{WH;T> xuC@%WUchtEES;s3bUv9~J{sP`@7La-e005p0;OPJW diff --git a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json b/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json deleted file mode 100644 index 69c6cbc3b46b5..0000000000000 --- a/x-pack/test/functional/es_archives/reporting/multi_index_kibana/mappings.json +++ /dev/null @@ -1,2027 +0,0 @@ -{ - "type": "index", - "value": { - "aliases": { - ".kibana": { - } - }, - "index": ".kibana_1", - "mappings": { - "_meta": { - "migrationMappingPropertyHashes": { - "action": "6e96ac5e648f57523879661ea72525b7", - "action_task_params": "a9d49f184ee89641044be0ca2950fa3a", - "alert": "7b44fba6773e37c806ce290ea9b7024e", - "apm-indices": "9bb9b2bf1fa636ed8619cbab5ce6a1dd", - "apm-telemetry": "3525d7c22c42bc80f5e6e9cb3f2b26a2", - "application_usage_totals": "c897e4310c5f24b07caaff3db53ae2c1", - "application_usage_transactional": "965839e75f809fefe04f92dc4d99722a", - "canvas-element": "7390014e1091044523666d97247392fc", - "canvas-workpad": "b0a1706d356228dbdcb4a17e6b9eb231", - "cases": "32aa96a6d3855ddda53010ae2048ac22", - "cases-comments": "c2061fb929f585df57425102fa928b4b", - "cases-configure": "42711cbb311976c0687853f4c1354572", - "cases-user-actions": "32277330ec6b721abe3b846cfd939a71", - "config": "ae24d22d5986d04124cc6568f771066f", - "dashboard": "d00f614b29a80360e1190193fd333bab", - "file-upload-telemetry": "0ed4d3e1983d1217a30982630897092e", - "graph-workspace": "cd7ba1330e6682e9cc00b78850874be1", - "index-pattern": "66eccb05066c5a89924f48a9e9736499", - "kql-telemetry": "d12a98a6f19a2d273696597547e064ee", - "lens": "d33c68a69ff1e78c9888dedd2164ac22", - "lens-ui-telemetry": "509bfa5978586998e05f9e303c07a327", - "map": "4a05b35c3a3a58fbc72dd0202dc3487f", - "maps": "bfd39d88aadadb4be597ea984d433dbe", - "migrationVersion": "4a1746014a75ade3a714e1db5763276f", - "ml-telemetry": "257fd1d4b4fdbb9cb4b8a3b27da201e9", - "namespace": "2f4316de49999235636386fe51dc06c1", - "namespaces": "2f4316de49999235636386fe51dc06c1", - "query": "11aaeb7f5f7fa5bb43f25e18ce26e7d9", - "references": "7997cf5a56cc02bdc9c93361bde732b0", - "sample-data-telemetry": "7d3cfeb915303c9641c59681967ffeb4", - "search": "181661168bbadd1eff5902361e2a0d5c", - "telemetry": "36a616f7026dfa617d6655df850fe16d", - "tsvb-validation-telemetry": "3a37ef6c8700ae6fc97d5c7da00e9215", - "type": "2f4316de49999235636386fe51dc06c1", - "ui-metric": "0d409297dc5ebe1e3a1da691c6ee32e3", - "updated_at": "00da57df13e94e9d98437d13ace4bfe0", - "upgrade-assistant-reindex-operation": "296a89039fc4260292be36b1b005d8f2", - "upgrade-assistant-telemetry": "56702cec857e0a9dacfb696655b4ff7b", - "uptime-dynamic-settings": "fcdb453a30092f022f2642db29523d80", - "url": "b675c3be8d76ecf029294d51dc7ec65d", - "visualization": "52d7a13ad68a150c4525b292d23e12cc" - } - }, - "dynamic": "strict", - "properties": { - "action": { - "properties": { - "actionTypeId": { - "type": "keyword" - }, - "config": { - "enabled": false, - "type": "object" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "secrets": { - "type": "binary" - } - } - }, - "action_task_params": { - "properties": { - "actionId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "params": { - "enabled": false, - "type": "object" - } - } - }, - "alert": { - "properties": { - "actions": { - "properties": { - "actionRef": { - "type": "keyword" - }, - "actionTypeId": { - "type": "keyword" - }, - "group": { - "type": "keyword" - }, - "params": { - "enabled": false, - "type": "object" - } - }, - "type": "nested" - }, - "alertTypeId": { - "type": "keyword" - }, - "apiKey": { - "type": "binary" - }, - "apiKeyOwner": { - "type": "keyword" - }, - "consumer": { - "type": "keyword" - }, - "createdAt": { - "type": "date" - }, - "createdBy": { - "type": "keyword" - }, - "enabled": { - "type": "boolean" - }, - "muteAll": { - "type": "boolean" - }, - "mutedInstanceIds": { - "type": "keyword" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - }, - "params": { - "enabled": false, - "type": "object" - }, - "schedule": { - "properties": { - "interval": { - "type": "keyword" - } - } - }, - "scheduledTaskId": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "throttle": { - "type": "keyword" - }, - "updatedBy": { - "type": "keyword" - } - } - }, - "apm-indices": { - "properties": { - "error": { - "type": "keyword" - }, - "metric": { - "type": "keyword" - }, - "onboarding": { - "type": "keyword" - }, - "sourcemap": { - "type": "keyword" - }, - "span": { - "type": "keyword" - }, - "transaction": { - "type": "keyword" - } - } - }, - "apm-telemetry": { - "properties": { - "agents": { - "properties": { - "dotnet": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "go": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "java": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "js-base": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "nodejs": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "python": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "ruby": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - }, - "rum-js": { - "properties": { - "agent": { - "properties": { - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "service": { - "properties": { - "framework": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "language": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - }, - "runtime": { - "properties": { - "composite": { - "ignore_above": 1024, - "type": "keyword" - }, - "name": { - "ignore_above": 1024, - "type": "keyword" - }, - "version": { - "ignore_above": 1024, - "type": "keyword" - } - } - } - } - } - } - } - } - }, - "cardinality": { - "properties": { - "transaction": { - "properties": { - "name": { - "properties": { - "all_agents": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "rum": { - "properties": { - "1d": { - "type": "long" - } - } - } - } - } - } - }, - "user_agent": { - "properties": { - "original": { - "properties": { - "all_agents": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "rum": { - "properties": { - "1d": { - "type": "long" - } - } - } - } - } - } - } - } - }, - "counts": { - "properties": { - "agent_configuration": { - "properties": { - "all": { - "type": "long" - } - } - }, - "error": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "max_error_groups_per_service": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "max_transaction_groups_per_service": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "metric": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "onboarding": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "services": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "sourcemap": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "span": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - }, - "traces": { - "properties": { - "1d": { - "type": "long" - } - } - }, - "transaction": { - "properties": { - "1d": { - "type": "long" - }, - "all": { - "type": "long" - } - } - } - } - }, - "has_any_services": { - "type": "boolean" - }, - "indices": { - "properties": { - "all": { - "properties": { - "total": { - "properties": { - "docs": { - "properties": { - "count": { - "type": "long" - } - } - }, - "store": { - "properties": { - "size_in_bytes": { - "type": "long" - } - } - } - } - } - } - }, - "shards": { - "properties": { - "total": { - "type": "long" - } - } - } - } - }, - "integrations": { - "properties": { - "ml": { - "properties": { - "all_jobs_count": { - "type": "long" - } - } - } - } - }, - "retainment": { - "properties": { - "error": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "metric": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "onboarding": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "span": { - "properties": { - "ms": { - "type": "long" - } - } - }, - "transaction": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "services_per_agent": { - "properties": { - "dotnet": { - "null_value": 0, - "type": "long" - }, - "go": { - "null_value": 0, - "type": "long" - }, - "java": { - "null_value": 0, - "type": "long" - }, - "js-base": { - "null_value": 0, - "type": "long" - }, - "nodejs": { - "null_value": 0, - "type": "long" - }, - "python": { - "null_value": 0, - "type": "long" - }, - "ruby": { - "null_value": 0, - "type": "long" - }, - "rum-js": { - "null_value": 0, - "type": "long" - } - } - }, - "tasks": { - "properties": { - "agent_configuration": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "agents": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "cardinality": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "groupings": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "indices_stats": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "integrations": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "processor_events": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "services": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - }, - "versions": { - "properties": { - "took": { - "properties": { - "ms": { - "type": "long" - } - } - } - } - } - } - }, - "version": { - "properties": { - "apm_server": { - "properties": { - "major": { - "type": "long" - }, - "minor": { - "type": "long" - }, - "patch": { - "type": "long" - } - } - } - } - } - } - }, - "application_usage_totals": { - "properties": { - "appId": { - "type": "keyword" - }, - "minutesOnScreen": { - "type": "float" - }, - "numberOfClicks": { - "type": "long" - } - } - }, - "application_usage_transactional": { - "properties": { - "appId": { - "type": "keyword" - }, - "minutesOnScreen": { - "type": "float" - }, - "numberOfClicks": { - "type": "long" - }, - "timestamp": { - "type": "date" - } - } - }, - "canvas-element": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "content": { - "type": "text" - }, - "help": { - "type": "text" - }, - "image": { - "type": "text" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "canvas-workpad": { - "dynamic": "false", - "properties": { - "@created": { - "type": "date" - }, - "@timestamp": { - "type": "date" - }, - "name": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "cases": { - "properties": { - "closed_at": { - "type": "date" - }, - "closed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "connector_id": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "description": { - "type": "text" - }, - "external_service": { - "properties": { - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "external_id": { - "type": "keyword" - }, - "external_title": { - "type": "text" - }, - "external_url": { - "type": "text" - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "status": { - "type": "keyword" - }, - "tags": { - "type": "keyword" - }, - "title": { - "type": "keyword" - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-comments": { - "properties": { - "comment": { - "type": "text" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "pushed_at": { - "type": "date" - }, - "pushed_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-configure": { - "properties": { - "closure_type": { - "type": "keyword" - }, - "connector_id": { - "type": "keyword" - }, - "connector_name": { - "type": "keyword" - }, - "created_at": { - "type": "date" - }, - "created_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "updated_at": { - "type": "date" - }, - "updated_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - } - } - }, - "cases-user-actions": { - "properties": { - "action": { - "type": "keyword" - }, - "action_at": { - "type": "date" - }, - "action_by": { - "properties": { - "email": { - "type": "keyword" - }, - "full_name": { - "type": "keyword" - }, - "username": { - "type": "keyword" - } - } - }, - "action_field": { - "type": "keyword" - }, - "new_value": { - "type": "text" - }, - "old_value": { - "type": "text" - } - } - }, - "config": { - "dynamic": "true", - "properties": { - "buildNum": { - "type": "keyword" - }, - "defaultIndex": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "dashboard": { - "properties": { - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "optionsJSON": { - "type": "text" - }, - "panelsJSON": { - "type": "text" - }, - "refreshInterval": { - "properties": { - "display": { - "type": "keyword" - }, - "pause": { - "type": "boolean" - }, - "section": { - "type": "integer" - }, - "value": { - "type": "integer" - } - } - }, - "timeFrom": { - "type": "keyword" - }, - "timeRestore": { - "type": "boolean" - }, - "timeTo": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "file-upload-telemetry": { - "properties": { - "filesUploadedTotalCount": { - "type": "long" - } - } - }, - "graph-workspace": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "numLinks": { - "type": "integer" - }, - "numVertices": { - "type": "integer" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "wsState": { - "type": "text" - } - } - }, - "index-pattern": { - "properties": { - "fieldFormatMap": { - "type": "text" - }, - "fields": { - "type": "text" - }, - "intervalName": { - "type": "keyword" - }, - "notExpandable": { - "type": "boolean" - }, - "sourceFilters": { - "type": "text" - }, - "timeFieldName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "type": { - "type": "keyword" - }, - "typeMeta": { - "type": "keyword" - } - } - }, - "kql-telemetry": { - "properties": { - "optInCount": { - "type": "long" - }, - "optOutCount": { - "type": "long" - } - } - }, - "lens": { - "properties": { - "description": { - "type": "text" - }, - "expression": { - "index": false, - "type": "keyword" - }, - "state": { - "type": "flattened" - }, - "title": { - "type": "text" - }, - "visualizationType": { - "type": "keyword" - } - } - }, - "lens-ui-telemetry": { - "properties": { - "count": { - "type": "integer" - }, - "date": { - "type": "date" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - } - }, - "map": { - "properties": { - "description": { - "type": "text" - }, - "layerListJSON": { - "type": "text" - }, - "mapStateJSON": { - "type": "text" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "maps": { - "properties": { - "attributesPerMap": { - "properties": { - "dataSourcesCount": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - }, - "emsVectorLayersCount": { - "dynamic": "true", - "type": "object" - }, - "layerTypesCount": { - "dynamic": "true", - "type": "object" - }, - "layersCount": { - "properties": { - "avg": { - "type": "long" - }, - "max": { - "type": "long" - }, - "min": { - "type": "long" - } - } - } - } - }, - "indexPatternsWithGeoFieldCount": { - "type": "long" - }, - "indexPatternsWithGeoPointFieldCount": { - "type": "long" - }, - "indexPatternsWithGeoShapeFieldCount": { - "type": "long" - }, - "mapsTotalCount": { - "type": "long" - }, - "settings": { - "properties": { - "showMapVisualizationTypes": { - "type": "boolean" - } - } - }, - "timeCaptured": { - "type": "date" - } - } - }, - "migrationVersion": { - "dynamic": "true", - "properties": { - "config": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - }, - "index-pattern": { - "fields": { - "keyword": { - "ignore_above": 256, - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "ml-telemetry": { - "properties": { - "file_data_visualizer": { - "properties": { - "index_creation_count": { - "type": "long" - } - } - } - } - }, - "namespace": { - "type": "keyword" - }, - "namespaces": { - "type": "keyword" - }, - "query": { - "properties": { - "description": { - "type": "text" - }, - "filters": { - "enabled": false, - "type": "object" - }, - "query": { - "properties": { - "language": { - "type": "keyword" - }, - "query": { - "index": false, - "type": "keyword" - } - } - }, - "timefilter": { - "enabled": false, - "type": "object" - }, - "title": { - "type": "text" - } - } - }, - "references": { - "properties": { - "id": { - "type": "keyword" - }, - "name": { - "type": "keyword" - }, - "type": { - "type": "keyword" - } - }, - "type": "nested" - }, - "sample-data-telemetry": { - "properties": { - "installCount": { - "type": "long" - }, - "unInstallCount": { - "type": "long" - } - } - }, - "search": { - "properties": { - "columns": { - "type": "keyword" - }, - "description": { - "type": "text" - }, - "hits": { - "type": "integer" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "sort": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "version": { - "type": "integer" - } - } - }, - "telemetry": { - "properties": { - "allowChangingOptInStatus": { - "type": "boolean" - }, - "enabled": { - "type": "boolean" - }, - "lastReported": { - "type": "date" - }, - "lastVersionChecked": { - "type": "keyword" - }, - "reportFailureCount": { - "type": "integer" - }, - "reportFailureVersion": { - "type": "keyword" - }, - "sendUsageFrom": { - "type": "keyword" - }, - "userHasSeenNotice": { - "type": "boolean" - } - } - }, - "tsvb-validation-telemetry": { - "properties": { - "failedRequests": { - "type": "long" - } - } - }, - "type": { - "type": "keyword" - }, - "ui-metric": { - "properties": { - "count": { - "type": "integer" - } - } - }, - "updated_at": { - "type": "date" - }, - "upgrade-assistant-reindex-operation": { - "properties": { - "errorMessage": { - "type": "keyword" - }, - "indexName": { - "type": "keyword" - }, - "lastCompletedStep": { - "type": "integer" - }, - "locked": { - "type": "date" - }, - "newIndexName": { - "type": "keyword" - }, - "reindexOptions": { - "properties": { - "openAndClose": { - "type": "boolean" - }, - "queueSettings": { - "properties": { - "queuedAt": { - "type": "long" - }, - "startedAt": { - "type": "long" - } - } - } - } - }, - "reindexTaskId": { - "type": "keyword" - }, - "reindexTaskPercComplete": { - "type": "float" - }, - "runningReindexCount": { - "type": "integer" - }, - "status": { - "type": "integer" - } - } - }, - "upgrade-assistant-telemetry": { - "properties": { - "features": { - "properties": { - "deprecation_logging": { - "properties": { - "enabled": { - "null_value": true, - "type": "boolean" - } - } - } - } - }, - "ui_open": { - "properties": { - "cluster": { - "null_value": 0, - "type": "long" - }, - "indices": { - "null_value": 0, - "type": "long" - }, - "overview": { - "null_value": 0, - "type": "long" - } - } - }, - "ui_reindex": { - "properties": { - "close": { - "null_value": 0, - "type": "long" - }, - "open": { - "null_value": 0, - "type": "long" - }, - "start": { - "null_value": 0, - "type": "long" - }, - "stop": { - "null_value": 0, - "type": "long" - } - } - } - } - }, - "uptime-dynamic-settings": { - "properties": { - "certAgeThreshold": { - "type": "long" - }, - "certExpirationThreshold": { - "type": "long" - }, - "heartbeatIndices": { - "type": "keyword" - } - } - }, - "url": { - "properties": { - "accessCount": { - "type": "long" - }, - "accessDate": { - "type": "date" - }, - "createDate": { - "type": "date" - }, - "url": { - "fields": { - "keyword": { - "type": "keyword" - } - }, - "type": "text" - } - } - }, - "visualization": { - "properties": { - "description": { - "type": "text" - }, - "kibanaSavedObjectMeta": { - "properties": { - "searchSourceJSON": { - "type": "text" - } - } - }, - "savedSearchRefName": { - "type": "keyword" - }, - "title": { - "type": "text" - }, - "uiStateJSON": { - "type": "text" - }, - "version": { - "type": "integer" - }, - "visState": { - "type": "text" - } - } - } - } - }, - "settings": { - "index": { - "auto_expand_replicas": "0-1", - "number_of_replicas": "0", - "number_of_shards": "1" - } - } - } -} diff --git a/x-pack/test/functional/es_archives/reporting/nanos/data.json b/x-pack/test/functional/es_archives/reporting/nanos/data.json new file mode 100644 index 0000000000000..02a56e95dd1f6 --- /dev/null +++ b/x-pack/test/functional/es_archives/reporting/nanos/data.json @@ -0,0 +1,25 @@ +{ + "type": "doc", + "value": { + "id": "1", + "index": "nanos", + "source": { + "date": "2015-01-01T12:10:30", + "message": "Hello 1" + }, + "type": "_doc" + } +} + +{ + "type": "doc", + "value": { + "id": "2", + "index": "nanos", + "source": { + "date": "2015-01-01T12:10:30.123456789Z", + "message": "Hello 2" + }, + "type": "_doc" + } +} diff --git a/x-pack/test/functional/es_archives/reporting/nanos/data.json.gz b/x-pack/test/functional/es_archives/reporting/nanos/data.json.gz deleted file mode 100644 index 2811c495aae2d2f7e9dd330661fd9f5f76850ef4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 863 zcmV-l1EBmLiwFo|YCT>617u-zVJ>QOZ*Bm^R$Xt}Fcf{~S44Rx$PUmnd8^b`+oV!y zpgs%`GRaNInh)kUY*od7pFffimv#*m+oT|pWBdBtbA9jibI&kL_Ou1lGt40O&AtG3 zBq;^*%s=>N9Eedr&%!wJE(d6UtR zwR~UOF)4&VA@iZ&Hs%$&Y=&zQDw+*mZUe#~SP>>hZG>G5ITmtfHulC2e+Jlgzp3r2 z%^F)Pp(uy;y?w9u++AuZtF@6G;;^+IQJ&ZlQ21-W1)7WNlX1ql?4##tmWC}texmb`g2ami6X zFEhq5#NP{_##_009A^{)Vg*VUE#KU?hqtM1<)m1rprSJiX5S2O)V;TiN$@ zhC-CCB-Pyi!n5#m3OdiMOxHjqb_$&ue8H!NI}?)UOJ~#ub?NGXQ?)x2S;eqZkkyR; z5o48aZITV5QEaDSnFU&W_-pr z^JiJr=E9UCFBaYOG+HJaKThbA)jDy8#Y*MGl7JJf<+ z)j;Ffus=vr-3&Hyv`P4nT_wpOD|ag12jE8u^hweq!SYeYh_sFX#7Badoq&+#x$ zm}qId8ab?G@JZroriE-lB4oQhQOZ*Bn1nN4roI1q;K`4vLWOJRnjNXn-++1(ah z6a`u}UpK~P*4|a5K$6?0LH~P6W4A#;(Q)Ik6Tm)*rYyYVybotacL!N^INaX2!%22H zYo~|5g@I4DUWSo7f8j3|v+(Q3cYnP5`0C%IFZ21;$(g+V%UHLX9%eK%_a#i~ZSDI1 zNBef!P4EB5kGz=KVf82uSTYa{ii-0|ffIoj|J~-NUAv)MO#M6|P4Q#2vDd46KPqk`qPn%u{sU!WHaBm0tPh;zEuODQE zDs6qvN4)=V{9|r7`MGyW?0>Hx85aS4N&jmc(f``I?6_qvIwChV##!-LVEqYh`{r`R0`R(72czVkN z0~3&!w0r>&A9=5B?P2%H?ngDb7qb8^>v{o$;KwCk18&nDM7CpSJA#$}*h()eiPNP)NPhuiFxe^N6n8n++u z^!^XIUWLUP|7#UfZ<8Y*eXXYjd9rs-4*>tc3W_uUxZ)$l-r#QLuE~zuZg5{?{W332 zLC(JmdjIQi>SLMqzmEX^s1VqJ1up3QuRQ_-|C0VUV9c}8Pmch_xTyfr2q+7PQ-BS6 z9ihuvlDGIS=mDTYwU06l03}5n0ULEWWo|%|L(tMwK!sL6$aT#=5!XIXf)jAExuqo&_Tb!44wflAZ%{l?{kA2XL$mUf=cS9)gA(f|v9VkRcWD5KOoI zqHM literal 1762 zcmV<81|9hyiwFpsk4;?w17u-zVJ>QOZ*Bn1Sy^w}I1ql%uMmWNj0BRpC_inQUfbO^ zi$qP@94Kgsw$;j#S4Y}3@PA)Y@*#ziH^V ztA|{0OQM2H?%4x-3r&rRw2=5o z5$8+<+4sy(!wGW)dmNA`qg+Hu>W@f2;;-dt!DVDPOzDv1O=(I=@HS1xuM_{AJ0Y75 zO%Lm;d<%o7B3Yh>@vxx^*o7+PDi3wxo_sm#WPXx9IHtH5_i6fMb>_kc`pm^^D^$i_ zQ=_`@8C0tDcp)b?rfhFt%85yUR`ul(*X#-AljP^j39B5lCuOq2XBi=Ds?$%Bh?00u z2X&*?vRWSIQJFP5ve-BrrX&xO_?)I0``6_7hxD)7y2Y~crn#`W+`1{zuymHKw@8VV zPkRoe2BipS#=vzo2&t>}F{PT_cWqz}&;UEm(=+612Uc72g`BdUSMr`LRaHEg; z_y(E^(YH8*+PU~iRE*=M&*#cEb}Pwcx%y3`V65<49lBaa-6+iY+Mp(CwZEa%Le-@^ z__~Z;M&WQ2u}^*!MN0y>tpaW-_^+Vp9eccAe!W&p(uqhsEXc58qaW4Sl*ub^Gbu0O z{>bvOP~-1sd08H?*<>;~tK|Fzekj!p5`~0QPFzG08wkRT(^H+we$cxI{2X%@t7qZ~ zNy#{?795r%oTj6Ew(hh}qA9bX$~h&-OBq!1L@8xuG@R1Gr#TUC5pR{Lv;DYgGYh)3 zoKA1H&|to0E7%y}q?{G6uEd~h#3{-AT9n?jWq`Azf8Hqno?N^+t%vIEg0`SQPIIWu z5VRg)8$Ez^6T>YC`}4`0lh5ydy!tg74bH!qezOqKeXunh0bt*6qhM;byNWG7>H zSnon$3f8}k5?0d%L^+D+cM=C_BHGW|)%vSTA8=0E+y%uBTmYd5j2`L=01IQ$1s{@_ zMiJFMkeDhTNt%yD7eF04HkR%JO}Y!9W&jU5J)R{qhqeb$H|Pz+bOig?;k_N$e<4DD zd;5XuLAx9J2(@7U@%V>2M$+@%g=G9Q`=N#mPJNyDcVLVC?+I0o(d#`SMW@Gy{4NcB9^M9Q&o9{)>Fn0}TNWz;4vL*cGGxI1MuzvGadj zuW)|<#j^d0zgc8?@7eS?w0JwYUzjvE>HB#!lSLwh9SVJafy-wgmY_>Fb zMV8+w@7PXp9>#P(#>>Y)uk}1=t-!xyi>$X!%7?7ia}4Rl-dFhq!2X~ItZo88Hfm}1 zayl8&SUFD8ocn^^`YC1e-;5~qY&5u1TN*{-(eKU`L7fI7-0Nj z?3YggwuZ0=KsN=r77$B-HSRk2EvGB}itkcB0oc6Thh{ec*rp*yz*@JQrjCIlodk(| z7O?qMKQLEa_8DUD^Gqlp@>#&*RRCkb?i)Yb6sy2z`Kg1*=KxECh6mggjlX4XmIDyd z5pbp7`4agoVDT~l8Qm=48ZF)bE1Je6WsShAFb { before(async () => { + await reportingAPI.initEcommerce(); + await reportingAPI.initLogs(); await kibanaServer.uiSettings.update({ - 'csv:quoteValues': false, + 'csv:quoteValues': true, 'dateFormat:tz': 'UTC', - defaultIndex: 'logstash-*', }); - await reportingAPI.initEcommerce(); }); + after(async () => { await reportingAPI.teardownEcommerce(); + await reportingAPI.teardownLogs(); await reportingAPI.deleteAllReports(); }); - it('Exports CSV with almost all fields when using fieldsFromSource', async () => { - const { - status: resStatus, - text: resText, - type: resType, - } = (await generateAPI.getCSVFromSearchSource( - getMockJobParams({ - searchSource: { - query: { query: '', language: 'kuery' }, - index: '5193f870-d861-11e9-a311-0fa548c5f953', - sort: [{ order_date: 'desc' }], - fieldsFromSource: [ - '_id', - '_index', - '_score', - '_source', - '_type', - 'category', - 'category.keyword', - 'currency', - 'customer_birth_date', - 'customer_first_name', - 'customer_first_name.keyword', - 'customer_full_name', - 'customer_full_name.keyword', - 'customer_gender', - 'customer_id', - 'customer_last_name', - 'customer_last_name.keyword', - 'customer_phone', - 'day_of_week', - 'day_of_week_i', - 'email', - 'geoip.city_name', - 'geoip.continent_name', - 'geoip.country_iso_code', - 'geoip.location', - 'geoip.region_name', - 'manufacturer', - 'manufacturer.keyword', - 'order_date', - 'order_id', - 'products._id', - 'products._id.keyword', - 'products.base_price', - 'products.base_unit_price', - 'products.category', - 'products.category.keyword', - 'products.created_on', - 'products.discount_amount', - 'products.discount_percentage', - 'products.manufacturer', - 'products.manufacturer.keyword', - 'products.min_price', - 'products.price', - 'products.product_id', - 'products.product_name', - 'products.product_name.keyword', - 'products.quantity', - 'products.sku', - 'products.tax_amount', - 'products.taxful_price', - 'products.taxless_price', - 'products.unit_discount_amount', - 'sku', - 'taxful_total_price', - 'taxless_total_price', - 'total_quantity', - 'total_unique_products', - 'type', - 'user', - ], - filter: [], - parent: { - query: { language: 'kuery', query: '' }, + describe('unquoted values', () => { + before(async () => { + await kibanaServer.uiSettings.update({ 'csv:quoteValues': false }); + }); + + after(async () => { + await kibanaServer.uiSettings.update({ 'csv:quoteValues': true }); + }); + + it('Exports CSV with almost all fields when using fieldsFromSource', async () => { + const { + status: resStatus, + text: resText, + type: resType, + } = (await generateAPI.getCSVFromSearchSource( + getMockJobParams({ + searchSource: { + query: { query: '', language: 'kuery' }, + index: '5193f870-d861-11e9-a311-0fa548c5f953', + sort: [{ order_date: 'desc' }], + fieldsFromSource: [ + '_id', + '_index', + '_score', + '_source', + '_type', + 'category', + 'category.keyword', + 'currency', + 'customer_birth_date', + 'customer_first_name', + 'customer_first_name.keyword', + 'customer_full_name', + 'customer_full_name.keyword', + 'customer_gender', + 'customer_id', + 'customer_last_name', + 'customer_last_name.keyword', + 'customer_phone', + 'day_of_week', + 'day_of_week_i', + 'email', + 'geoip.city_name', + 'geoip.continent_name', + 'geoip.country_iso_code', + 'geoip.location', + 'geoip.region_name', + 'manufacturer', + 'manufacturer.keyword', + 'order_date', + 'order_id', + 'products._id', + 'products._id.keyword', + 'products.base_price', + 'products.base_unit_price', + 'products.category', + 'products.category.keyword', + 'products.created_on', + 'products.discount_amount', + 'products.discount_percentage', + 'products.manufacturer', + 'products.manufacturer.keyword', + 'products.min_price', + 'products.price', + 'products.product_id', + 'products.product_name', + 'products.product_name.keyword', + 'products.quantity', + 'products.sku', + 'products.tax_amount', + 'products.taxful_price', + 'products.taxless_price', + 'products.unit_discount_amount', + 'sku', + 'taxful_total_price', + 'taxless_total_price', + 'total_quantity', + 'total_unique_products', + 'type', + 'user', + ], filter: [], parent: { - filter: [ - { - meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, - range: { - order_date: { - gte: fromTime, - lte: toTime, - format: 'strict_date_optional_time', + query: { language: 'kuery', query: '' }, + filter: [], + parent: { + filter: [ + { + meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, + range: { + order_date: { + gte: fromTime, + lte: toTime, + format: 'strict_date_optional_time', + }, }, }, - }, - ], + ], + }, }, }, - }, - browserTimezone: 'UTC', - title: 'testfooyu78yt90-', - }) - )) as supertest.Response; - expect(resStatus).to.eql(200); - expect(resType).to.eql('text/csv'); - expectSnapshot(resText).toMatch(); - }); + browserTimezone: 'UTC', + title: 'testfooyu78yt90-', + }) + )) as supertest.Response; + expect(resStatus).to.eql(200); + expect(resType).to.eql('text/csv'); + expectSnapshot(resText).toMatch(); + }); - it('Exports CSV with all fields when using defaults', async () => { - const { - status: resStatus, - text: resText, - type: resType, - } = await generateAPI.getCSVFromSearchSource( - getMockJobParams({ - searchSource: { - query: { query: '', language: 'kuery' }, - index: '5193f870-d861-11e9-a311-0fa548c5f953', - sort: [{ order_date: 'desc' }], - fields: ['*'], - filter: [], - parent: { - query: { language: 'kuery', query: '' }, + it('Exports CSV with all fields when using defaults', async () => { + const { + status: resStatus, + text: resText, + type: resType, + } = await generateAPI.getCSVFromSearchSource( + getMockJobParams({ + searchSource: { + query: { query: '', language: 'kuery' }, + index: '5193f870-d861-11e9-a311-0fa548c5f953', + sort: [{ order_date: 'desc' }], + fields: ['*'], filter: [], parent: { - filter: [ - { - meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, - range: { - order_date: { - gte: fromTime, - lte: toTime, - format: 'strict_date_optional_time', + query: { language: 'kuery', query: '' }, + filter: [], + parent: { + filter: [ + { + meta: { index: '5193f870-d861-11e9-a311-0fa548c5f953', params: {} }, + range: { + order_date: { + gte: fromTime, + lte: toTime, + format: 'strict_date_optional_time', + }, }, }, - }, - ], + ], + }, }, }, - }, - browserTimezone: 'UTC', - title: 'testfooyu78yt90-', - }) - ); - expect(resStatus).to.eql(200); - expect(resType).to.eql('text/csv'); - expectSnapshot(resText).toMatch(); + browserTimezone: 'UTC', + title: 'testfooyu78yt90-', + }) + ); + expect(resStatus).to.eql(200); + expect(resType).to.eql('text/csv'); + expectSnapshot(resText).toMatch(); + }); }); describe('date formatting', () => { - before(async () => { - // load test data that contains a saved search and documents - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); - }); - after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); - }); - it('With filters and timebased data, default to UTC', async () => { const res = (await generateAPI.getCSVFromSearchSource( getMockJobParams({ @@ -277,10 +279,18 @@ export default function ({ getService }: FtrProviderContext) { expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); }); + }); - it('Formatted date_nanos data, UTC timezone', async () => { + describe('nanosecond formatting', () => { + before(async () => { await esArchiver.load('x-pack/test/functional/es_archives/reporting/nanos'); + }); + after(async () => { + await esArchiver.unload('x-pack/test/functional/es_archives/reporting/nanos'); + }); + + it('Formatted date_nanos data, UTC timezone', async () => { const res = await generateAPI.getCSVFromSearchSource( getMockJobParams({ searchSource: { @@ -298,13 +308,9 @@ export default function ({ getService }: FtrProviderContext) { expect(resStatus).to.eql(200); expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); - - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/nanos'); }); it('Formatted date_nanos data, custom timezone (New York)', async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/nanos'); - const res = await generateAPI.getCSVFromSearchSource( getMockJobParams({ browserTimezone: 'America/New_York', @@ -323,8 +329,6 @@ export default function ({ getService }: FtrProviderContext) { expect(resStatus).to.eql(200); expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); - - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/nanos'); }); }); @@ -354,7 +358,6 @@ export default function ({ getService }: FtrProviderContext) { }); it('With filters and non-timebased data', async () => { - // load test data that contains a saved search and documents await esArchiver.load('x-pack/test/functional/es_archives/reporting/sales'); const { @@ -405,8 +408,6 @@ export default function ({ getService }: FtrProviderContext) { // NOTE: this test requires having the test server run with `xpack.reporting.csv.maxSizeBytes=6000` it(`Searches large amount of data, stops at Max Size Reached`, async () => { - await reportingAPI.initEcommerce(); - const { status: resStatus, text: resText, @@ -447,8 +448,6 @@ export default function ({ getService }: FtrProviderContext) { expect(resStatus).to.eql(200); expect(resType).to.eql('text/csv'); expectSnapshot(resText).toMatch(); - - await reportingAPI.teardownEcommerce(); }); }); }); diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts b/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts index 9e3ddfaf57b39..bd662fb391f15 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/generate_csv_discover_deprecated.ts @@ -12,7 +12,6 @@ import { JOB_PARAMS_RISON_CSV_DEPRECATED } from '../services/fixtures'; // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const supertestSvc = getService('supertest'); const reportingAPI = getService('reportingAPI'); @@ -32,13 +31,11 @@ export default function ({ getService }: FtrProviderContext) { describe('Generation from Legacy Job Params', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.initLogs(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.teardownLogs(); await reportingAPI.deleteAllReports(); }); diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts index 6a2139a70dde5..af6afe99e8c9d 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/ilm_migration_apis.ts @@ -13,7 +13,6 @@ import { ILM_POLICY_NAME } from '../../../plugins/reporting/common/constants'; // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const es = getService('es'); const supertest = getService('supertest'); const supertestWithoutAuth = getService('supertestWithoutAuth'); @@ -22,14 +21,12 @@ export default function ({ getService }: FtrProviderContext) { describe('ILM policy migration APIs', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.initLogs(); await reportingAPI.migrateReportingIndices(); // ensure that the ILM policy exists for the first test }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.teardownLogs(); }); afterEach(async () => { diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts b/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts index f097208658467..842cfbcf7c1e1 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/network_policy.ts @@ -10,11 +10,9 @@ import { FtrProviderContext } from '../ftr_provider_context'; // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const reportingAPI = getService('reportingAPI'); const retry = getService('retry'); const supertest = getService('supertest'); - const archive = 'x-pack/test/functional/es_archives/reporting/canvas_disallowed_url'; /* * The Reporting API Functional Test config implements a network policy that @@ -22,11 +20,11 @@ export default function ({ getService }: FtrProviderContext) { */ describe('Network Policy', () => { before(async () => { - await esArchiver.load(archive); // includes a canvas worksheet with an offending image URL + await reportingAPI.initLogs(); // includes a canvas worksheet with an offending image URL }); after(async () => { - await esArchiver.unload(archive); + await reportingAPI.teardownLogs(); }); it('should fail job when page voilates the network policy', async () => { diff --git a/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts b/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts index e61195e2f95c8..e1ca664122c76 100644 --- a/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts +++ b/x-pack/test/reporting_api_integration/reporting_and_security/spaces.ts @@ -38,18 +38,19 @@ export default function ({ getService }: FtrProviderContext) { ); }; + const spacesSharedObjectsArchive = + 'x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces'; + describe('Exports and Spaces', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/ecommerce'); - await esArchiver.load('x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces'); // multiple spaces with different config settings + await esArchiver.load(spacesSharedObjectsArchive); // multiple spaces with different config settings + await reportingAPI.initEcommerce(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/ecommerce'); - await esArchiver.unload( - 'x-pack/test/functional/es_archives/reporting/ecommerce_kibana_spaces' - ); + await reportingAPI.teardownEcommerce(); await reportingAPI.deleteAllReports(); + await esArchiver.unload(spacesSharedObjectsArchive); }); describe('CSV saved search export', () => { diff --git a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts index 06f3756593d76..e1935c2617f41 100644 --- a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts +++ b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv.ts @@ -49,12 +49,12 @@ export default function ({ getService }: FtrProviderContext) { describe('Job Listing APIs', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); + await reportingAPI.initLogs(); await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); + await reportingAPI.teardownLogs(); await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); }); diff --git a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts index 6ff8946d48c5b..5cd6065352649 100644 --- a/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts +++ b/x-pack/test/reporting_api_integration/reporting_without_security/job_apis_csv_deprecated.ts @@ -27,19 +27,16 @@ const parseApiJSON = (apiResponseText: string): { job: ReportApiJSON; path: stri // eslint-disable-next-line import/no-default-export export default function ({ getService }: FtrProviderContext) { - const esArchiver = getService('esArchiver'); const supertestNoAuth = getService('supertestWithoutAuth'); const reportingAPI = getService('reportingAPI'); describe('Job Listing APIs: Deprecated CSV Export', () => { before(async () => { - await esArchiver.load('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.initLogs(); }); after(async () => { - await esArchiver.unload('x-pack/test/functional/es_archives/reporting/logs'); - await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + await reportingAPI.teardownLogs(); }); afterEach(async () => { diff --git a/x-pack/test/reporting_api_integration/services/scenarios.ts b/x-pack/test/reporting_api_integration/services/scenarios.ts index a596b61ea00d1..6af60018d01da 100644 --- a/x-pack/test/reporting_api_integration/services/scenarios.ts +++ b/x-pack/test/reporting_api_integration/services/scenarios.ts @@ -29,7 +29,9 @@ export function createScenarios({ getService }: Pick { + await esArchiver.load('x-pack/test/functional/es_archives/logstash_functional'); + await kibanaServer.importExport.load(logsSOPath); + }; + const teardownLogs = async () => { + await kibanaServer.importExport.unload(logsSOPath); + await esArchiver.unload('x-pack/test/functional/es_archives/logstash_functional'); + }; + const createDataAnalystRole = async () => { await security.role.create('data_analyst', { metadata: {}, @@ -222,6 +233,8 @@ export function createScenarios({ getService }: Pick Date: Tue, 2 Nov 2021 21:56:47 -0500 Subject: [PATCH 53/53] Bump node to 16.13.0 (#116519) Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> --- .ci/Dockerfile | 2 +- .node-version | 2 +- .nvmrc | 2 +- WORKSPACE.bazel | 14 +++++++------- package.json | 2 +- 5 files changed, 11 insertions(+), 11 deletions(-) diff --git a/.ci/Dockerfile b/.ci/Dockerfile index 29ed08c84b23e..8e0d2d4351965 100644 --- a/.ci/Dockerfile +++ b/.ci/Dockerfile @@ -1,7 +1,7 @@ # NOTE: This Dockerfile is ONLY used to run certain tasks in CI. It is not used to run Kibana or as a distributable. # If you're looking for the Kibana Docker image distributable, please see: src/dev/build/tasks/os_packages/docker_generator/templates/dockerfile.template.ts -ARG NODE_VERSION=16.11.1 +ARG NODE_VERSION=16.13.0 FROM node:${NODE_VERSION} AS base diff --git a/.node-version b/.node-version index 141e9a2a2cef0..58a4133d910f4 100644 --- a/.node-version +++ b/.node-version @@ -1 +1 @@ -16.11.1 +16.13.0 diff --git a/.nvmrc b/.nvmrc index 141e9a2a2cef0..5b0ad74a81023 100644 --- a/.nvmrc +++ b/.nvmrc @@ -1 +1 @@ -16.11.1 +16.13.0 \ No newline at end of file diff --git a/WORKSPACE.bazel b/WORKSPACE.bazel index d3c44eab2a526..08c5bfa551437 100644 --- a/WORKSPACE.bazel +++ b/WORKSPACE.bazel @@ -27,14 +27,14 @@ check_rules_nodejs_version(minimum_version_string = "3.8.0") # we can update that rule. node_repositories( node_repositories = { - "16.11.1-darwin_amd64": ("node-v16.11.1-darwin-x64.tar.gz", "node-v16.11.1-darwin-x64", "ba54b8ed504bd934d03eb860fefe991419b4209824280d4274f6a911588b5e45"), - "16.11.1-darwin_arm64": ("node-v16.11.1-darwin-arm64.tar.gz", "node-v16.11.1-darwin-arm64", "5e772e478390fab3001b7148a923e4f22fca50170000f18b28475337d3a97248"), - "16.11.1-linux_arm64": ("node-v16.11.1-linux-arm64.tar.xz", "node-v16.11.1-linux-arm64", "083fc51f0ea26de9041aaf9821874651a9fd3b20d1cf57071ce6b523a0436f17"), - "16.11.1-linux_s390x": ("node-v16.11.1-linux-s390x.tar.xz", "node-v16.11.1-linux-s390x", "855b5c83c2ccb05273d50bb04376335c68d47df57f3187cdebe1f22b972d2825"), - "16.11.1-linux_amd64": ("node-v16.11.1-linux-x64.tar.xz", "node-v16.11.1-linux-x64", "493bcc9b660eff983a6de65a0f032eb2717f57207edf74c745bcb86e360310b3"), - "16.11.1-windows_amd64": ("node-v16.11.1-win-x64.zip", "node-v16.11.1-win-x64", "4d3c179b82d42e66e321c3948a4e332ed78592917a69d38b86e3a242d7e62fb7"), + "16.13.0-darwin_amd64": ("node-v16.13.0-darwin-x64.tar.gz", "node-v16.13.0-darwin-x64", "37e09a8cf2352f340d1204c6154058d81362fef4ec488b0197b2ce36b3f0367a"), + "16.13.0-darwin_arm64": ("node-v16.13.0-darwin-arm64.tar.gz", "node-v16.13.0-darwin-arm64", "46d83fc0bd971db5050ef1b15afc44a6665dee40bd6c1cbaec23e1b40fa49e6d"), + "16.13.0-linux_arm64": ("node-v16.13.0-linux-arm64.tar.xz", "node-v16.13.0-linux-arm64", "93a0d03f9f802353cb7052bc97a02cd9642b49fa985671cdc16c99936c86d7d2"), + "16.13.0-linux_s390x": ("node-v16.13.0-linux-s390x.tar.xz", "node-v16.13.0-linux-s390x", "49e972bf3e969d621157df4c8f2fa18ff748c167d5ebd0efc87e1b9f0c6541cc"), + "16.13.0-linux_amd64": ("node-v16.13.0-linux-x64.tar.xz", "node-v16.13.0-linux-x64", "a876ce787133149abd1696afa54b0b5bc5ce3d5ae359081d407ff776e39b7ba8"), + "16.13.0-windows_amd64": ("node-v16.13.0-win-x64.zip", "node-v16.13.0-win-x64", "5a39ec5d4786c2814a6c04488bebac6423c2aaa12832b24f0882456f2e4674e1"), }, - node_version = "16.11.1", + node_version = "16.13.0", node_urls = [ "https://nodejs.org/dist/v{version}/{filename}", ], diff --git a/package.json b/package.json index 1718c703ee7a7..f35800746095a 100644 --- a/package.json +++ b/package.json @@ -87,7 +87,7 @@ "**/underscore": "^1.13.1" }, "engines": { - "node": "16.11.1", + "node": "16.13.0", "yarn": "^1.21.1" }, "dependencies": {