Merge branch 'main' of github.com:elastic/kibana into alerting/slis

.github/CODEOWNERS

@@ -1230,13 +1230,18 @@ x-pack/plugins/cloud_integrations/cloud_full_story/server/config.ts @elastic/kib
 /x-pack/plugins/security_solution/public/common/components/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/common/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/endpoint/ @elastic/security-defend-workflows
+/x-pack/plugins/security_solution/common/api/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/lists_integration/endpoint/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/lib/license/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/scripts/endpoint/event_filters/ @elastic/security-defend-workflows
 /x-pack/plugins/security_solution/scripts/endpoint/trusted_apps/ @elastic/security-defend-workflows
 /x-pack/test/security_solution_endpoint/ @elastic/security-defend-workflows
 /x-pack/test/security_solution_endpoint_api_int/ @elastic/security-defend-workflows
+/x-pack/test_serverless/shared/lib/security/kibana_roles/ @elastic/security-defend-workflows
+/x-pack/test_serverless/functional/test_suites/security/cypress/e2e/endpoint_management @elastic/security-defend-workflows
+/x-pack/test_serverless/functional/test_suites/security/cypress/screens/endpoint_management @elastic/security-defend-workflows
+/x-pack/test_serverless/functional/test_suites/security/cypress/tasks/endpoint_management @elastic/security-defend-workflows
 
 ## Security Solution sub teams - security-telemetry (Data Engineering)
 x-pack/plugins/security_solution/server/usage/ @elastic/security-data-analytics

docs/developer/architecture/core/elasticsearch-service.asciidoc

@@ -2,16 +2,14 @@
 == Elasticsearch service
 `Elasticsearch service` provides `elasticsearch.client` program API to communicate with Elasticsearch server HTTP API.
 
-NOTE: The Elasticsearch service is only available server side. You can use the {kib-repo}blob/{branch}/docs/development/plugins/data/public/kibana-plugin-plugins-data-public.md[Data plugin] APIs on the client side.
+NOTE: The Elasticsearch service is only available server side. You can use the {kib-repo}blob/{branch}/src/plugins/data/README.mdx[Data plugin].
 
 `elasticsearch.client` interacts with Elasticsearch service on behalf of:
 
 - `kibana_system` user via `elasticsearch.client.asInternalUser.*` methods.
 - a current end-user via `elasticsearch.client.asCurrentUser.*` methods. In this case Elasticsearch client should be given the current user credentials.
 See <<scoped-services>> and <<development-security>>.
 
-{kib-repo}blob/{branch}/docs/development/core/server/kibana-plugin-core-server.elasticsearchservicestart.md[Elasticsearch service API docs]
-
 [source,typescript]
 ----
 import { CoreStart, Plugin } from '@kbn/core/public';
@@ -26,5 +24,5 @@ export class MyPlugin implements Plugin {
 }
 ----
 
-For advanced use-cases, such as a search, use {kib-repo}blob/{branch}/docs/development/plugins/data/server/kibana-plugin-plugins-data-server.md[Data plugin]
+For advanced use-cases, such as a search for specific objects, use the {kib-repo}blob/{branch}/x-pack/plugins/global_search/README.md[Global search plugin].
 

fleet_packages.json

@@ -30,7 +30,7 @@
   },
   {
     "name": "elastic_agent",
-    "version": "1.9.1"
+    "version": "1.10.0"
   },
   {
     "name": "endpoint",

packages/kbn-storybook/templates/index.ejs

@@ -18,7 +18,6 @@
       <meta name="viewport" content="width=device-width, initial-scale=1" />
 
       <meta name="eui-global" />
-      <meta name="eui-utilities" />
       <meta name="emotion" />
 
       <!-- Added for Kibana shared dependencies -->
@@ -49,6 +48,7 @@
                 <link
                   href="https://fonts.googleapis.com/css2?family=Inter:slnt,wght@-10,300..700;0,300..700&family=Roboto+Mono:ital,wght@0,400..700;1,400..700&display=swap"
                   rel="stylesheet">
+                <meta name="eui-utilities" />
 </head>
 
 <body>

src/core/server/integration_tests/saved_objects/migrations/group2/multiple_kibana_nodes.test.ts

@@ -106,8 +106,7 @@ async function createRoot({ logFileName }: CreateRootConfig) {
 // suite is very long, the 10mins default can cause timeouts
 jest.setTimeout(15 * 60 * 1000);
 
-// FLAKY: https://github.com/elastic/kibana/issues/156117
-describe.skip('migration v2', () => {
+describe('migration v2', () => {
   let esServer: TestElasticsearchUtils;
   let rootA: Root;
   let rootB: Root;

x-pack/packages/ml/aiops_components/src/document_count_chart/document_count_chart.tsx

@@ -20,23 +20,22 @@ import {
   XYChartElementEvent,
   XYBrushEvent,
 } from '@elastic/charts';
+import {
+  BarStyleAccessor,
+  RectAnnotationSpec,
+} from '@elastic/charts/dist/chart_types/xy_chart/utils/specs';
 
 import { i18n } from '@kbn/i18n';
 import { IUiSettingsClient } from '@kbn/core/public';
 import { getSnappedWindowParameters, getWindowParameters } from '@kbn/aiops-utils';
 import type { WindowParameters } from '@kbn/aiops-utils';
 import { MULTILAYER_TIME_AXIS_STYLE } from '@kbn/charts-plugin/common';
 
-import {
-  BarStyleAccessor,
-  RectAnnotationSpec,
-} from '@elastic/charts/dist/chart_types/xy_chart/utils/specs';
-
 import type { DataPublicPluginStart } from '@kbn/data-plugin/public';
 import type { ChartsPluginStart } from '@kbn/charts-plugin/public';
 import type { FieldFormatsStart } from '@kbn/field-formats-plugin/public';
-import { BrushBadge } from './brush_badge';
 import { DualBrush, DualBrushAnnotation } from '../..';
+import { BrushBadge } from './brush_badge';
 
 declare global {
   interface Window {

x-pack/packages/ml/aiops_utils/src/get_window_parameters.ts

@@ -8,7 +8,7 @@
 import { isPopulatedObject } from '@kbn/ml-is-populated-object';
 
 /**
- * Time range definition for baseline and deviation to be used by spike log analysis.
+ * Time range definition for baseline and deviation to be used by log rate analysis.
  *
  * @export
  * @interface WindowParameters
@@ -54,12 +54,12 @@ export const isWindowParameters = (arg: unknown): arg is WindowParameters =>
  * 2. The historical time window prior to the click to use as a baseline.
  *
  * The philosophy here is that charts are displayed with different granularities according to their
- * overall time window. We select the log spike and historical time windows inline with the
+ * overall time window. We select the log deviation and historical time windows inline with the
  * overall time window.
  *
  * The algorithm for doing this is based on the typical granularities that exist in machine data.
  *
- * @param clickTime timestamp of the clicked log rate spike.
+ * @param clickTime timestamp of the clicked log rate deviation.
  * @param minTime minimum timestamp of the time window to be analysed
  * @param maxTime maximum timestamp of the time window to be analysed
  * @returns WindowParameters
@@ -103,7 +103,7 @@ export const getWindowParameters = (
  * Converts window paramaters from the brushes to “snap” the brushes to the chart histogram bar width and ensure timestamps
  * correspond to bucket timestamps
  *
- * @param windowParameters time range definition for baseline and deviation to be used by spike log analysis
+ * @param windowParameters time range definition for baseline and deviation to be used by log rate analysis
  * @param snapTimestamps time range definition that always corresponds to histogram bucket timestamps
  * @returns WindowParameters
  */

x-pack/plugins/aiops/common/api/log_rate_analysis/schema.ts

@@ -19,7 +19,7 @@ export const aiopsLogRateAnalysisSchema = schema.object({
   baselineMax: schema.number(),
   deviationMin: schema.number(),
   deviationMax: schema.number(),
-  /** The index to query for log rate spikes */
+  /** The index to query for log rate analysis */
   index: schema.string(),
   /** Settings to override headers derived compression and flush fix */
   compressResponse: schema.maybe(schema.boolean()),

x-pack/plugins/aiops/common/constants.ts

@@ -5,7 +5,14 @@
  * 2.0.
  */
 
-export const SPIKE_ANALYSIS_THRESHOLD = 0.02;
+export const LOG_RATE_ANALYSIS_P_VALUE_THRESHOLD = 0.02;
+
+export const LOG_RATE_ANALYSIS_TYPE = {
+  SPIKE: 'spike',
+  DIP: 'dip',
+} as const;
+export type LogRateAnalysisType =
+  typeof LOG_RATE_ANALYSIS_TYPE[keyof typeof LOG_RATE_ANALYSIS_TYPE];
 
 // For the technical preview of Log Rate Analysis we use a hard coded seed.
 // In future versions we might use a user specific seed or let the user costumise it.

x-pack/plugins/aiops/public/components/document_count_content/document_count_content/document_count_content.tsx

@@ -8,14 +8,14 @@
 import React, { type FC } from 'react';
 
 import { EuiFlexGroup, EuiFlexItem } from '@elastic/eui';
-
-import type { WindowParameters } from '@kbn/aiops-utils';
-
 import {
   BarStyleAccessor,
   RectAnnotationSpec,
 } from '@elastic/charts/dist/chart_types/xy_chart/utils/specs';
+
+import type { WindowParameters } from '@kbn/aiops-utils';
 import { DocumentCountChart, type DocumentCountChartPoint } from '@kbn/aiops-components';
+
 import { useAiopsAppContext } from '../../../hooks/use_aiops_app_context';
 import { DocumentCountStats } from '../../../get_document_stats';
 

x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content.tsx

@@ -18,6 +18,8 @@ import type { Dictionary } from '@kbn/ml-url-state';
 import type { WindowParameters } from '@kbn/aiops-utils';
 import type { SignificantTerm } from '@kbn/ml-agg-utils';
 
+import { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../../../../common/constants';
+
 import { useData } from '../../../hooks/use_data';
 
 import { DocumentCountContent } from '../../document_count_content/document_count_content';
@@ -46,6 +48,8 @@ export function getDocumentCountStatsSplitLabel(
 export interface LogRateAnalysisContentProps {
   /** The data view to analyze. */
   dataView: DataView;
+  /** The type of analysis, whether it's a spike or dip */
+  analysisType?: LogRateAnalysisType;
   setGlobalState?: (params: Dictionary<unknown>) => void;
   /** Timestamp for the start of the range for initial analysis */
   initialAnalysisStart?: number | WindowParameters;
@@ -64,6 +68,7 @@ export interface LogRateAnalysisContentProps {
 
 export const LogRateAnalysisContent: FC<LogRateAnalysisContentProps> = ({
   dataView,
+  analysisType = LOG_RATE_ANALYSIS_TYPE.SPIKE,
   setGlobalState,
   initialAnalysisStart: incomingInitialAnalysisStart,
   timeRange,
@@ -94,7 +99,7 @@ export const LogRateAnalysisContent: FC<LogRateAnalysisContentProps> = ({
 
   const { documentStats, earliest, latest } = useData(
     dataView,
-    'explain_log_rage_spikes',
+    'log_rate_analysis',
     esSearchQuery,
     setGlobalState,
     currentSelectedSignificantTerm,
@@ -148,6 +153,7 @@ export const LogRateAnalysisContent: FC<LogRateAnalysisContentProps> = ({
       {earliest !== undefined && latest !== undefined && windowParameters !== undefined && (
         <LogRateAnalysisResults
           dataView={dataView}
+          analysisType={analysisType}
           earliest={earliest}
           isBrushCleared={isBrushCleared}
           latest={latest}
@@ -171,7 +177,7 @@ export const LogRateAnalysisContent: FC<LogRateAnalysisContentProps> = ({
             <h2>
               <FormattedMessage
                 id="xpack.aiops.logRateAnalysis.page.emptyPromptTitle"
-                defaultMessage="Click a spike in the histogram chart to start the analysis."
+                defaultMessage="Click a spike or dip in the histogram chart to start the analysis."
               />
             </h2>
           }
@@ -180,7 +186,7 @@ export const LogRateAnalysisContent: FC<LogRateAnalysisContentProps> = ({
             <p>
               <FormattedMessage
                 id="xpack.aiops.logRateAnalysis.page.emptyPromptBody"
-                defaultMessage="The log rate analysis feature identifies statistically significant field/value combinations that contribute to a log rate spike or drop."
+                defaultMessage="The log rate analysis feature identifies statistically significant field/value combinations that contribute to a log rate spike or dip."
               />
             </p>
           }

x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_content/log_rate_analysis_content_wrapper.tsx

@@ -20,6 +20,7 @@ import { DatePickerContextProvider } from '@kbn/ml-date-picker';
 import { UI_SETTINGS } from '@kbn/data-plugin/common';
 import { toMountPoint, wrapWithTheme } from '@kbn/kibana-react-plugin/public';
 
+import { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../../../../common/constants';
 import { timeSeriesDataViewWarning } from '../../../application/utils/time_series_dataview_check';
 import { AiopsAppContext, type AiopsAppDependencies } from '../../../hooks/use_aiops_app_context';
 import { DataSourceContext } from '../../../hooks/use_data_source';
@@ -34,6 +35,8 @@ const localStorage = new Storage(window.localStorage);
 export interface LogRateAnalysisContentWrapperProps {
   /** The data view to analyze. */
   dataView: DataView;
+  /** The type of analysis, whether it's a spike or dip */
+  analysisType?: LogRateAnalysisType;
   /** Option to make main histogram sticky */
   stickyHistogram?: boolean;
   /** App dependencies */
@@ -55,6 +58,7 @@ export interface LogRateAnalysisContentWrapperProps {
 
 export const LogRateAnalysisContentWrapper: FC<LogRateAnalysisContentWrapperProps> = ({
   dataView,
+  analysisType = LOG_RATE_ANALYSIS_TYPE.SPIKE,
   appDependencies,
   setGlobalState,
   initialAnalysisStart,
@@ -89,6 +93,7 @@ export const LogRateAnalysisContentWrapper: FC<LogRateAnalysisContentWrapperProp
               <DatePickerContextProvider {...datePickerDeps}>
                 <LogRateAnalysisContent
                   dataView={dataView}
+                  analysisType={analysisType}
                   setGlobalState={setGlobalState}
                   initialAnalysisStart={initialAnalysisStart}
                   timeRange={timeRange}

x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_page.tsx

@@ -84,7 +84,7 @@ export const LogRateAnalysisPage: FC<Props> = ({ stickyHistogram }) => {
 
   const { timefilter } = useData(
     dataView,
-    'explain_log_rage_spikes',
+    'log_rate_analysis',
     searchQuery,
     setGlobalState,
     currentSelectedSignificantTerm,

x-pack/plugins/aiops/public/components/log_rate_analysis/log_rate_analysis_results.tsx

@@ -30,6 +30,7 @@ import { FormattedMessage } from '@kbn/i18n-react';
 import type { SignificantTerm, SignificantTermGroup } from '@kbn/ml-agg-utils';
 
 import { useAiopsAppContext } from '../../hooks/use_aiops_app_context';
+import { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../../../common/constants';
 import { initialState, streamReducer } from '../../../common/api/stream_reducer';
 import type { AiopsApiLogRateAnalysis } from '../../../common/api';
 import {
@@ -79,6 +80,8 @@ export interface LogRateAnalysisResultsData {
 interface LogRateAnalysisResultsProps {
   /** The data view to analyze. */
   dataView: DataView;
+  /** The type of analysis, whether it's a spike or dip */
+  analysisType?: LogRateAnalysisType;
   /** Start timestamp filter */
   earliest: number;
   /** End timestamp filter */
@@ -104,6 +107,7 @@ interface LogRateAnalysisResultsProps {
 
 export const LogRateAnalysisResults: FC<LogRateAnalysisResultsProps> = ({
   dataView,
+  analysisType = LOG_RATE_ANALYSIS_TYPE.SPIKE,
   earliest,
   isBrushCleared,
   latest,
@@ -170,7 +174,16 @@ export const LogRateAnalysisResults: FC<LogRateAnalysisResultsProps> = ({
       index: dataView.getIndexPattern(),
       grouping: true,
       flushFix: true,
-      ...windowParameters,
+      // If analysis type is `spike`, pass on window parameters as is,
+      // if it's `dip`, swap baseline and deviation.
+      ...(analysisType === LOG_RATE_ANALYSIS_TYPE.SPIKE
+        ? windowParameters
+        : {
+            baselineMin: windowParameters.deviationMin,
+            baselineMax: windowParameters.deviationMax,
+            deviationMin: windowParameters.baselineMin,
+            deviationMax: windowParameters.baselineMax,
+          }),
       overrides,
       sampleProbability,
     },
@@ -384,7 +397,7 @@ export const LogRateAnalysisResults: FC<LogRateAnalysisResultsProps> = ({
             <p>
               <FormattedMessage
                 id="xpack.aiops.logRateAnalysis.page.noResultsPromptBody"
-                defaultMessage="Try to adjust the baseline and deviation time ranges and rerun the analysis. If you still get no results, there might be no statistically significant entities contributing to this spike in log rates."
+                defaultMessage="Try to adjust the baseline and deviation time ranges and rerun the analysis. If you still get no results, there might be no statistically significant entities contributing to this deviation in log rate."
               />
             </p>
           }

x-pack/plugins/aiops/public/index.ts

@@ -13,6 +13,8 @@ export function plugin() {
   return new AiopsPlugin();
 }
 
+export { LOG_RATE_ANALYSIS_TYPE, type LogRateAnalysisType } from '../common/constants';
+
 export type { AiopsAppDependencies } from './hooks/use_aiops_app_context';
 export type { LogRateAnalysisAppStateProps } from './components/log_rate_analysis';
 export type { LogCategorizationAppStateProps } from './components/log_categorization';

x-pack/plugins/aiops/server/routes/queries/fetch_significant_term_p_values.ts

@@ -15,7 +15,10 @@ import {
   type RandomSamplerWrapper,
 } from '@kbn/ml-random-sampler-utils';
 
-import { SPIKE_ANALYSIS_THRESHOLD, RANDOM_SAMPLER_SEED } from '../../../common/constants';
+import {
+  LOG_RATE_ANALYSIS_P_VALUE_THRESHOLD,
+  RANDOM_SAMPLER_SEED,
+} from '../../../common/constants';
 import type { AiopsLogRateAnalysisSchema } from '../../../common/api/log_rate_analysis';
 
 import { isRequestAbortedError } from '../../lib/is_request_aborted_error';
@@ -171,7 +174,7 @@ export const fetchSignificantTermPValues = async (
         0.25 * Math.min(Math.max((bucket.score - 6.908) / 6.908, 0), 1) +
         0.25 * Math.min(Math.max((bucket.score - 13.816) / 101.314, 0), 1);
 
-      if (typeof pValue === 'number' && pValue < SPIKE_ANALYSIS_THRESHOLD) {
+      if (typeof pValue === 'number' && pValue < LOG_RATE_ANALYSIS_P_VALUE_THRESHOLD) {
         result.push({
           fieldName,
           fieldValue: String(bucket.key),

x-pack/plugins/alerting/README.md

@@ -99,7 +99,6 @@ The following table describes the properties of the `options` object.
 |isExportable|Whether the rule type is exportable from the Saved Objects Management UI.|boolean|
 |defaultScheduleInterval|(Optional) The default interval that will show up in the UI when creating a rule of this rule type.|boolean|
 |doesSetRecoveryContext|(Optional) Whether the rule type will set context variables for recovered alerts. Defaults to `false`. If this is set to true, context variables are made available for the recovery action group and executors will be provided with the ability to set recovery context.|boolean|
-|getSummarizedAlerts|(Optional) When developing a rule type, you can choose to implement this hook for retrieving summarized alerts based on execution UUID or time range. This hook will be invoked when an alert summary action is configured for the rule.|Function|
 |alerts|(Optional) Specify options for writing alerts as data documents for this rule type. This feature is currently under development so this field is optional but we will eventually make this a requirement of all rule types. For full details, see the alerts as data section below.|IRuleTypeAlerts|
 |autoRecoverAlerts|(Optional) Whether the framework should determine if alerts have recovered between rule runs. If not specified, the default value of `true` is used. |boolean|
 |getViewInAppRelativeUrl|(Optional) When developing a rule type, you can choose to implement this hook for generating a link back to the Kibana application that can be used in alert actions. If not specified, a generic link back to the Rule Management app is generated.|Function|

x-pack/plugins/alerting/server/alerts_client/alerts_client.mock.ts

@@ -15,6 +15,7 @@ const createAlertsClientMock = () => {
       hasReachedAlertLimit: jest.fn(),
       checkLimitUsage: jest.fn(),
       persistAlerts: jest.fn(),
+      getSummarizedAlerts: jest.fn(),
       factory: jest.fn(),
       client: jest.fn(),
     };