[8.x] [eem] _search endpoint / initial entity manager UI (#199609) (#…

…202050)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[eem] _search endpoint / initial entity manager UI
(#199609)](#199609)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Lacabane","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-22T15:12:04Z","message":"[eem]
_search endpoint / initial entity manager UI (#199609)\n\n##
Summary\r\n\r\n- create `_search` endpoint to discover entities with
esql queries. It\r\ncurrently reads sources of the provided `type`
from\r\n`kibana_entity_definitions` index. Run this query to insert
a\r\ndefinition:\r\n```\r\nPOST kibana_entity_definitions/_doc\r\n{\r\n
\"entity_type\": \"service\",\r\n \"index_patterns\":
[\"remote_cluster:logs-*\"],\r\n \"metadata_fields\": [],\r\n
\"identity_fields\": [\"service.name\"],\r\n \"filters\": [],\r\n
\"timestamp_field\": \"@timestamp\"\r\n}\r\n```\r\n\r\nBy default
`_search` will look at data in the last 5m. The lookup period\r\ncan be
overriden by providing `start`/`end` parameters in ISO format.
It\r\nalso accepts a `limit` to specify the number of entities returned
which\r\ndefaults to 10\r\n\r\n```\r\nPOST
kbn:/internal/entities/v2/_search\r\n{\r\n \"type\": \"service\",\r\n
\"start\": \"2024-11-19T20:40:00.000Z\",\r\n \"end\":
\"2024-11-19T20:50:00.000Z\",\r\n \"limit\": 20\r\n}\r\n```\r\n\r\n-
create `_search/preview` endpoint to preview output of entity
sources\r\nwithout persisting them\r\n \r\n- create UI to preview
results of an entity definition at\r\n`/app/entity_manager`. The
application is living in its own plugin
at\r\n`observability_solution/entity_manager_app`\r\n![Screenshot
2024-11-11 at 11
37\r\n18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Milton Hultgren
<[email protected]>","sha":"0b3f4fbd3cd60663289fc13f8f01e3f4c9131479","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport
missing","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-entities"],"number":199609,"url":"https://github.com/elastic/kibana/pull/199609","mergeCommit":{"message":"[eem]
_search endpoint / initial entity manager UI (#199609)\n\n##
Summary\r\n\r\n- create `_search` endpoint to discover entities with
esql queries. It\r\ncurrently reads sources of the provided `type`
from\r\n`kibana_entity_definitions` index. Run this query to insert
a\r\ndefinition:\r\n```\r\nPOST kibana_entity_definitions/_doc\r\n{\r\n
\"entity_type\": \"service\",\r\n \"index_patterns\":
[\"remote_cluster:logs-*\"],\r\n \"metadata_fields\": [],\r\n
\"identity_fields\": [\"service.name\"],\r\n \"filters\": [],\r\n
\"timestamp_field\": \"@timestamp\"\r\n}\r\n```\r\n\r\nBy default
`_search` will look at data in the last 5m. The lookup period\r\ncan be
overriden by providing `start`/`end` parameters in ISO format.
It\r\nalso accepts a `limit` to specify the number of entities returned
which\r\ndefaults to 10\r\n\r\n```\r\nPOST
kbn:/internal/entities/v2/_search\r\n{\r\n \"type\": \"service\",\r\n
\"start\": \"2024-11-19T20:40:00.000Z\",\r\n \"end\":
\"2024-11-19T20:50:00.000Z\",\r\n \"limit\": 20\r\n}\r\n```\r\n\r\n-
create `_search/preview` endpoint to preview output of entity
sources\r\nwithout persisting them\r\n \r\n- create UI to preview
results of an entity definition at\r\n`/app/entity_manager`. The
application is living in its own plugin
at\r\n`observability_solution/entity_manager_app`\r\n![Screenshot
2024-11-11 at 11
37\r\n18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Milton Hultgren
<[email protected]>","sha":"0b3f4fbd3cd60663289fc13f8f01e3f4c9131479"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199609","number":199609,"mergeCommit":{"message":"[eem]
_search endpoint / initial entity manager UI (#199609)\n\n##
Summary\r\n\r\n- create `_search` endpoint to discover entities with
esql queries. It\r\ncurrently reads sources of the provided `type`
from\r\n`kibana_entity_definitions` index. Run this query to insert
a\r\ndefinition:\r\n```\r\nPOST kibana_entity_definitions/_doc\r\n{\r\n
\"entity_type\": \"service\",\r\n \"index_patterns\":
[\"remote_cluster:logs-*\"],\r\n \"metadata_fields\": [],\r\n
\"identity_fields\": [\"service.name\"],\r\n \"filters\": [],\r\n
\"timestamp_field\": \"@timestamp\"\r\n}\r\n```\r\n\r\nBy default
`_search` will look at data in the last 5m. The lookup period\r\ncan be
overriden by providing `start`/`end` parameters in ISO format.
It\r\nalso accepts a `limit` to specify the number of entities returned
which\r\ndefaults to 10\r\n\r\n```\r\nPOST
kbn:/internal/entities/v2/_search\r\n{\r\n \"type\": \"service\",\r\n
\"start\": \"2024-11-19T20:40:00.000Z\",\r\n \"end\":
\"2024-11-19T20:50:00.000Z\",\r\n \"limit\": 20\r\n}\r\n```\r\n\r\n-
create `_search/preview` endpoint to preview output of entity
sources\r\nwithout persisting them\r\n \r\n- create UI to preview
results of an entity definition at\r\n`/app/entity_manager`. The
application is living in its own plugin
at\r\n`observability_solution/entity_manager_app`\r\n![Screenshot
2024-11-11 at 11
37\r\n18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Milton Hultgren
<[email protected]>","sha":"0b3f4fbd3cd60663289fc13f8f01e3f4c9131479"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <[email protected]>

.github/CODEOWNERS

@@ -415,6 +415,7 @@ x-pack/plugins/enterprise_search @elastic/search-kibana
 x-pack/plugins/observability_solution/entities_data_access @elastic/obs-entities
 x-pack/packages/kbn-entities-schema @elastic/obs-entities
 x-pack/test/api_integration/apis/entity_manager/fixture_plugin @elastic/obs-entities
+x-pack/plugins/observability_solution/entity_manager_app @elastic/obs-entities
 x-pack/plugins/entity_manager @elastic/obs-entities
 examples/error_boundary @elastic/appex-sharedux
 packages/kbn-es @elastic/kibana-operations

docs/developer/plugin-list.asciidoc

@@ -579,6 +579,10 @@ security and spaces filtering.
 |This plugin provides access to observed entity data, such as information about hosts, pods, containers, services, and more.
 
 
+|{kib-repo}blob/{branch}/x-pack/plugins/observability_solution/entity_manager_app/README.md[entityManagerApp]
+|This plugin provides a user interface to interact with the Entity Manager.
+
+
 |{kib-repo}blob/{branch}/x-pack/plugins/event_log/README.md[eventLog]
 |The event log plugin provides a persistent history of alerting and action
 activities.

package.json

@@ -478,6 +478,7 @@
     "@kbn/entities-data-access-plugin": "link:x-pack/plugins/observability_solution/entities_data_access",
     "@kbn/entities-schema": "link:x-pack/packages/kbn-entities-schema",
     "@kbn/entity-manager-fixture-plugin": "link:x-pack/test/api_integration/apis/entity_manager/fixture_plugin",
+    "@kbn/entityManager-app-plugin": "link:x-pack/plugins/observability_solution/entity_manager_app",
     "@kbn/entityManager-plugin": "link:x-pack/plugins/entity_manager",
     "@kbn/error-boundary-example-plugin": "link:examples/error_boundary",
     "@kbn/es-errors": "link:packages/kbn-es-errors",

packages/kbn-optimizer/limits.yml

@@ -42,6 +42,7 @@ pageLoadAssetSize:
   embeddableEnhanced: 22107
   enterpriseSearch: 66810
   entityManager: 17175
+  entityManagerApp: 20378
   esql: 37000
   esqlDataGrid: 24582
   esUiShared: 326654

src/plugins/kibana_usage_collection/server/collectors/application_usage/schema.ts

@@ -143,6 +143,7 @@ export const applicationUsageSchema = {
   enterpriseSearchSemanticSearch: commonSchema,
   enterpriseSearchVectorSearch: commonSchema,
   enterpriseSearchElasticsearch: commonSchema,
+  entity_manager: commonSchema,
   appSearch: commonSchema,
   workplaceSearch: commonSchema,
   searchExperiences: commonSchema,

src/plugins/telemetry/schema/oss_plugins.json

@@ -3015,6 +3015,137 @@
             }
           }
         },
+        "entity_manager": {
+          "properties": {
+            "appId": {
+              "type": "keyword",
+              "_meta": {
+                "description": "The application being tracked"
+              }
+            },
+            "viewId": {
+              "type": "keyword",
+              "_meta": {
+                "description": "Always `main`"
+              }
+            },
+            "clicks_total": {
+              "type": "long",
+              "_meta": {
+                "description": "General number of clicks in the application since we started counting them"
+              }
+            },
+            "clicks_7_days": {
+              "type": "long",
+              "_meta": {
+                "description": "General number of clicks in the application over the last 7 days"
+              }
+            },
+            "clicks_30_days": {
+              "type": "long",
+              "_meta": {
+                "description": "General number of clicks in the application over the last 30 days"
+              }
+            },
+            "clicks_90_days": {
+              "type": "long",
+              "_meta": {
+                "description": "General number of clicks in the application over the last 90 days"
+              }
+            },
+            "minutes_on_screen_total": {
+              "type": "float",
+              "_meta": {
+                "description": "Minutes the application is active and on-screen since we started counting them."
+              }
+            },
+            "minutes_on_screen_7_days": {
+              "type": "float",
+              "_meta": {
+                "description": "Minutes the application is active and on-screen over the last 7 days"
+              }
+            },
+            "minutes_on_screen_30_days": {
+              "type": "float",
+              "_meta": {
+                "description": "Minutes the application is active and on-screen over the last 30 days"
+              }
+            },
+            "minutes_on_screen_90_days": {
+              "type": "float",
+              "_meta": {
+                "description": "Minutes the application is active and on-screen over the last 90 days"
+              }
+            },
+            "views": {
+              "type": "array",
+              "items": {
+                "properties": {
+                  "appId": {
+                    "type": "keyword",
+                    "_meta": {
+                      "description": "The application being tracked"
+                    }
+                  },
+                  "viewId": {
+                    "type": "keyword",
+                    "_meta": {
+                      "description": "The application view being tracked"
+                    }
+                  },
+                  "clicks_total": {
+                    "type": "long",
+                    "_meta": {
+                      "description": "General number of clicks in the application sub view since we started counting them"
+                    }
+                  },
+                  "clicks_7_days": {
+                    "type": "long",
+                    "_meta": {
+                      "description": "General number of clicks in the active application sub view over the last 7 days"
+                    }
+                  },
+                  "clicks_30_days": {
+                    "type": "long",
+                    "_meta": {
+                      "description": "General number of clicks in the active application sub view over the last 30 days"
+                    }
+                  },
+                  "clicks_90_days": {
+                    "type": "long",
+                    "_meta": {
+                      "description": "General number of clicks in the active application sub view over the last 90 days"
+                    }
+                  },
+                  "minutes_on_screen_total": {
+                    "type": "float",
+                    "_meta": {
+                      "description": "Minutes the application sub view is active and on-screen since we started counting them."
+                    }
+                  },
+                  "minutes_on_screen_7_days": {
+                    "type": "float",
+                    "_meta": {
+                      "description": "Minutes the application is active and on-screen active application sub view over the last 7 days"
+                    }
+                  },
+                  "minutes_on_screen_30_days": {
+                    "type": "float",
+                    "_meta": {
+                      "description": "Minutes the application is active and on-screen active application sub view over the last 30 days"
+                    }
+                  },
+                  "minutes_on_screen_90_days": {
+                    "type": "float",
+                    "_meta": {
+                      "description": "Minutes the application is active and on-screen active application sub view over the last 90 days"
+                    }
+                  }
+                }
+              }
+            }
+          }
+        },
         "appSearch": {
           "properties": {
             "appId": {

tsconfig.base.json

@@ -824,6 +824,8 @@
       "@kbn/entities-schema/*": ["x-pack/packages/kbn-entities-schema/*"],
       "@kbn/entity-manager-fixture-plugin": ["x-pack/test/api_integration/apis/entity_manager/fixture_plugin"],
       "@kbn/entity-manager-fixture-plugin/*": ["x-pack/test/api_integration/apis/entity_manager/fixture_plugin/*"],
+      "@kbn/entityManager-app-plugin": ["x-pack/plugins/observability_solution/entity_manager_app"],
+      "@kbn/entityManager-app-plugin/*": ["x-pack/plugins/observability_solution/entity_manager_app/*"],
       "@kbn/entityManager-plugin": ["x-pack/plugins/entity_manager"],
       "@kbn/entityManager-plugin/*": ["x-pack/plugins/entity_manager/*"],
       "@kbn/error-boundary-example-plugin": ["examples/error_boundary"],

x-pack/packages/kbn-entities-schema/src/schema/entity.ts

@@ -23,6 +23,13 @@ export interface MetadataRecord {
   [key: string]: string[] | MetadataRecord | string;
 }
 
+export interface EntityV2 {
+  'entity.id': string;
+  'entity.last_seen_timestamp': string;
+  'entity.type': string;
+  [metadata: string]: any;
+}
+
 const literalSchema = z.union([z.string(), z.number(), z.boolean(), z.null()]);
 
 type Literal = z.infer<typeof literalSchema>;

x-pack/plugins/entity_manager/kibana.jsonc

@@ -8,9 +8,13 @@
   "plugin": {
     "id": "entityManager",
     "configPath": ["xpack", "entityManager"],
-    "requiredPlugins": ["security", "encryptedSavedObjects", "licensing"],
     "browser": true,
     "server": true,
+    "requiredPlugins": [
+      "security",
+      "encryptedSavedObjects",
+      "licensing"
+    ],
     "requiredBundles": []
   }
 }

x-pack/plugins/entity_manager/public/index.ts

@@ -16,6 +16,8 @@ export const plugin: PluginInitializer<
   return new Plugin(context);
 };
 
+export { EntityClient } from './lib/entity_client';
+
 export type { EntityManagerPublicPluginSetup, EntityManagerPublicPluginStart };
 export type EntityManagerAppId = 'entityManager';
 

x-pack/plugins/entity_manager/public/plugin.ts

@@ -22,16 +22,14 @@ export class Plugin implements EntityManagerPluginClass {
   }
 
   setup(core: CoreSetup) {
-    const entityClient = new EntityClient(core);
     return {
-      entityClient,
+      entityClient: new EntityClient(core),
     };
   }
 
   start(core: CoreStart) {
-    const entityClient = new EntityClient(core);
     return {
-      entityClient,
+      entityClient: new EntityClient(core),
     };
   }
 

x-pack/plugins/entity_manager/public/types.ts

@@ -10,7 +10,6 @@ import type { EntityClient } from './lib/entity_client';
 export interface EntityManagerPublicPluginSetup {
   entityClient: EntityClient;
 }
-
 export interface EntityManagerPublicPluginStart {
   entityClient: EntityClient;
 }

x-pack/plugins/entity_manager/server/lib/errors.ts → x-pack/plugins/entity_manager/server/lib/entities/errors/unknown_entity_type.ts

@@ -5,10 +5,9 @@
  * 2.0.
  */
 
-export class AssetNotFoundError extends Error {
-  constructor(ean: string) {
-    super(`Asset with ean (${ean}) not found in the provided time range`);
-    Object.setPrototypeOf(this, new.target.prototype);
-    this.name = 'AssetNotFoundError';
+export class UnknownEntityType extends Error {
+  constructor(message: string) {
+    super(message);
+    this.name = 'UnknownEntityType';
   }
 }