Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.x] Improve upgrade assistance for the legacy audit logger #114995

Merged
merged 6 commits into from
Oct 18, 2021

Conversation

legrego
Copy link
Member

@legrego legrego commented Oct 14, 2021

Summary

Improves the assistance for migrating away from the legacy audit logger on Cloud installations. The existing assistance was aimed at on-prem installations, and would have been both incorrect and confusing on Cloud.

Existing Revised on-prem assistance

image

New Cloud assistance

image

@legrego legrego added backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes v7.16.0 labels Oct 14, 2021
@legrego legrego added the Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! label Oct 14, 2021
@legrego legrego marked this pull request as ready for review October 14, 2021 15:10
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-security (Team:Security)

@legrego legrego requested review from a team, gchaps and debadair October 14, 2021 15:10
Copy link
Contributor

@jportner jportner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call differentiating this for Cloud and non-Cloud users!

You didn't change this section of the code so I can't comment on it directly, but what do you think about changing the non-Cloud manual steps to something like this?

The new ECS-compliant audit logger will be automatically enabled after upgrading to 8.0. You can optionally enable the new audit logger before upgrading by configuring an appender with "xpack.security.audit.appender". Learn more

Edit: looks like message can only be a string, bummer. I wonder if it would render to a clickable link if you just included the URL? probably not...

I have some other comments below!

Comment on lines +37 to +39
// Gross, but the cloud plugin depends on the security plugin already,
// so we can't add a dependency in the other direction to check this in a more conventional manner.
const isCloudInstance = typeof settings?.xpack?.cloud?.id === 'string';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

😅 👍


const message = i18n.translate('xpack.security.deprecations.auditLoggerMessage', {
defaultMessage:
'The legacy audit logger is deprecated in favor of the new ECS-compliant audit logger.',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm thinking we should change this a bit:

Suggested change
'The legacy audit logger is deprecated in favor of the new ECS-compliant audit logger.',
'Use the new ECS-compliant audit logger. The legacy audit logger will be removed in 8.0.',

but I'm interested to see what Gail and Deb think.

'The legacy audit logger is deprecated in favor of the new ECS-compliant audit logger.',
});

const documentationUrl = `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#audit-logging-settings`;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The current link directs the user to the "Audit logging settings" page. But you have to scroll down quite a bit before you find where it mentions the legacy audit logger is deprecated (and even then it is not very noticeable).

I'm a bit on the fence about this, but it might be better to direct user to our "Audit logs" page.

image

That clearly describes the two different types of loggers and it might be a bit more appropriate for users to learn more about the deprecation.

Suggested change
const documentationUrl = `https://www.elastic.co/guide/en/kibana/${branch}/security-settings-kb.html#audit-logging-settings`;
const documentationUrl = `https://www.elastic.co/guide/en/kibana/${branch}/xpack-security-audit-logging.html`;

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I like this suggestion! I'll hold off on making changes until the docs team has a chance to review

@legrego
Copy link
Member Author

legrego commented Oct 14, 2021

looks like message can only be a string, bummer. I wonder if it would render to a clickable link if you just included the URL? probably not...

@jportner I had the same thought. I think we would need to wait for #111068 before trying to tackle this.

@jportner
Copy link
Contributor

@gchaps and I chatted and we thought this text would be good:


(ON-PREM / NON-CLOUD)

The legacy audit logger is deprecated

Use the new ECS-compliant audit logger. The legacy audit logger will be removed in 8.0.

Fix manually

  1. To enable the ECS audit logger now, configure an appender with "xpack.security.audit.appender".
  2. If you don't make any changes, the ECS audit logger will be enabled when you upgrade to 8.0.

(CLOUD)

The legacy audit logger is deprecated

Use the new ECS-compliant audit logger. The legacy audit logger will be removed in 8.0.

Fix manually

  1. To enable the ECS audit logger now, add the "xpack.security.audit.appender.type: rolling-file" setting.
  2. If you don't make any changes, the ECS audit logger will be enabled when you upgrade to 8.0.

(Both are identical except Step 1)

@legrego
Copy link
Member Author

legrego commented Oct 14, 2021

Thanks for the suggestions @jportner & @gchaps. Text was updated in 4c7852b (#114995), and I updated the screenshots in the PR description to match.

I also downgraded the level of the on-prem notice from critical to warning, since we aren't failing the upgrade process if they don't take action.

@legrego legrego requested a review from jportner October 15, 2021 11:56
@gchaps
Copy link
Contributor

gchaps commented Oct 15, 2021

@jportner and I chatted this morning and we need to remove the line "The legacy audit logger will be removed in 8.0." to meet the deprecation guidelines. So the messages should be:


(ON-PREM / NON-CLOUD)

The legacy audit logger is deprecated

Use the new ECS-compliant audit logger.

Fix manually

  1. To enable the ECS audit logger now, configure an appender with "xpack.security.audit.appender".
  2. If you don't make any changes, the ECS audit logger will be enabled when you upgrade to 8.0.

(CLOUD)

The legacy audit logger is deprecated

Use the new ECS-compliant audit logger.

Fix manually

  1. To enable the ECS audit logger now, add the "xpack.security.audit.appender.type: rolling-file" setting.
  2. If you don't make any changes, the ECS audit logger will be enabled when you upgrade to 8.0.

@jportner
Copy link
Contributor

@elasticmachine merge upstream

@legrego legrego enabled auto-merge (squash) October 18, 2021 13:41
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky


Test Failures

Kibana Pipeline / general / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text·ts.detection engine api security and spaces enabled Detection exceptions data types and operators Rule exception operators for data type text "is not" operator should filter all words using a common piece of text

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 4 times on tracked branches: https://github.com/elastic/kibana/issues/115310

[00:00:00]     │
[00:00:00]       └-: detection engine api security and spaces enabled
[00:00:00]         └-> "before all" hook in "detection engine api security and spaces enabled"
[00:00:00]         └-: 
[00:00:00]           └-> "before all" hook in ""
[00:00:00]           └-: Detection exceptions data types and operators
[00:00:00]             └-> "before all" hook in "Detection exceptions data types and operators"
[00:00:00]             └-: 
[00:00:00]               └-> "before all" hook in ""
[00:31:05]               └-: Rule exception operators for data type text
[00:31:05]                 └-> "before all" hook in "Rule exception operators for data type text"
[00:31:05]                 └-> "before all" hook in "Rule exception operators for data type text"
[00:31:05]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text] Loading "mappings.json"
[00:31:05]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text] Loading "data.json"
[00:31:05]                   │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [text] creating index, cause [api], templates [], shards [1]/[1]
[00:31:05]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text] Created index "text"
[00:31:05]                   │ debg [x-pack/test/functional/es_archives/rule_exceptions/text] "text" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:31:05]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text] Indexed 4 docs into "text"
[00:31:05]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text_no_spaces] Loading "mappings.json"
[00:31:05]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text_no_spaces] Loading "data.json"
[00:31:05]                   │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [text_no_spaces] creating index, cause [api], templates [], shards [1]/[1]
[00:31:06]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text_no_spaces] Created index "text_no_spaces"
[00:31:06]                   │ debg [x-pack/test/functional/es_archives/rule_exceptions/text_no_spaces] "text_no_spaces" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:31:06]                   │ info [x-pack/test/functional/es_archives/rule_exceptions/text_no_spaces] Indexed 4 docs into "text_no_spaces"
[00:32:53]                 └-: "is not" operator
[00:32:53]                   └-> "before all" hook for "will return 0 results if it cannot find what it is excluding"
[00:32:53]                   └-> will return 0 results if it cannot find what it is excluding
[00:32:53]                     └-> "before each" hook: global before each for "will return 0 results if it cannot find what it is excluding"
[00:32:53]                     └-> "before each" hook for "will return 0 results if it cannot find what it is excluding"
[00:32:53]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:32:53]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:32:53]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:32:54]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:32:54]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.lists-default]
[00:32:54]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:32:54]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.items-default]
[00:32:54]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:32:54]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.lists-default] for index patterns [.lists-default-*]
[00:32:54]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.items-default] for index patterns [.items-default-*]
[00:32:54]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:32:54]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:32:54]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:32:54]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:32:54]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:32:54]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:33:02]                     │ proc [kibana]   log   [14:20:46.721] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:20:46.721Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-18T14:20:46.721Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"9286c260-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:20:43.747Z","schedule_delay":2974000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"9286c260-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"9286c260-301e-11ec-8c93-4526afd1078d\"","ecs":{"version":"1.8.0"}}
[00:33:05]                     │ proc [kibana]   log   [14:20:49.785] [info][plugins][securitySolution] [+] Finished indexing 0  signals searched between date ranges [
[00:33:05]                     │ proc [kibana]   {
[00:33:05]                     │ proc [kibana]     "to": "2021-10-18T14:20:48.776Z",
[00:33:05]                     │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:33:05]                     │ proc [kibana]     "maxSignals": 100
[00:33:05]                     │ proc [kibana]   }
[00:33:05]                     │ proc [kibana] ] name: "Signal Testing Query" id: "9286c260-301e-11ec-8c93-4526afd1078d" rule id: "rule-1" signals index: ".siem-signals-default"
[00:33:05]                     │ proc [kibana]   log   [14:20:49.796] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:20:46.721Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-18T14:20:46.721Z","outcome":"success","end":"2021-10-18T14:20:49.795Z","duration":3074000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"9286c260-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:20:43.747Z","schedule_delay":2974000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"9286c260-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem","name":"Signal Testing Query"},"message":"alert executed: siem.signals:9286c260-301e-11ec-8c93-4526afd1078d: 'Signal Testing Query'","ecs":{"version":"1.8.0"}}
[00:33:05]                     └- ✓ pass  (11.4s)
[00:33:05]                   └-> "after each" hook for "will return 0 results if it cannot find what it is excluding"
[00:33:05]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.siem-signals-default-000001/s34XkRx7Qaey6raF13u0pQ] deleting index
[00:33:05]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:33:05]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:33:05]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing index template [.siem-signals-default]
[00:33:08]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.lists-default-000001/lQoN653jSB-FF4G1YsUcqg] deleting index
[00:33:08]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.items-default-000001/VDsMVk19TFuDuY4ZjgXBjA] deleting index
[00:33:08]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.lists-default]
[00:33:08]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.items-default]
[00:33:09]                   └-> will return just 1 result we excluded
[00:33:09]                     └-> "before each" hook: global before each for "will return just 1 result we excluded"
[00:33:09]                     └-> "before each" hook for "will return just 1 result we excluded"
[00:33:09]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:33:09]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:33:09]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:33:09]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:33:09]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.lists-default]
[00:33:09]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.items-default]
[00:33:09]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.lists-default] for index patterns [.lists-default-*]
[00:33:09]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:33:09]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.items-default] for index patterns [.items-default-*]
[00:33:09]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:33:09]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:33:09]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:33:09]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:33:09]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:33:17]                     │ proc [kibana]   log   [14:21:01.749] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:01.748Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:01.748Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"9b8b6a00-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:20:58.870Z","schedule_delay":2878000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"9b8b6a00-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"9b8b6a00-301e-11ec-8c93-4526afd1078d\"","ecs":{"version":"1.8.0"}}
[00:33:19]                     │ proc [kibana]   log   [14:21:03.917] [info][plugins][securitySolution] [+] Finished indexing 1  signals searched between date ranges [
[00:33:19]                     │ proc [kibana]   {
[00:33:19]                     │ proc [kibana]     "to": "2021-10-18T14:21:02.903Z",
[00:33:19]                     │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:33:19]                     │ proc [kibana]     "maxSignals": 100
[00:33:19]                     │ proc [kibana]   }
[00:33:19]                     │ proc [kibana] ] name: "Signal Testing Query" id: "9b8b6a00-301e-11ec-8c93-4526afd1078d" rule id: "rule-1" signals index: ".siem-signals-default"
[00:33:19]                     │ proc [kibana]   log   [14:21:03.924] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:01.748Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:01.748Z","outcome":"success","end":"2021-10-18T14:21:03.923Z","duration":2175000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"9b8b6a00-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:20:58.870Z","schedule_delay":2878000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"9b8b6a00-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem","name":"Signal Testing Query"},"message":"alert executed: siem.signals:9b8b6a00-301e-11ec-8c93-4526afd1078d: 'Signal Testing Query'","ecs":{"version":"1.8.0"}}
[00:33:19]                     └- ✓ pass  (10.5s)
[00:33:19]                   └-> "after each" hook for "will return just 1 result we excluded"
[00:33:19]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.siem-signals-default-000001/yCPBGH6rTLKN6PH8WnA8vw] deleting index
[00:33:19]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:33:19]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:33:20]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:33:20]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:33:20]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing index template [.siem-signals-default]
[00:33:23]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.lists-default-000001/c4BZR1uDR76Fw5JfbQojlw] deleting index
[00:33:23]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.items-default-000001/UlvMzHTxQcy9ZEtk-kGVlw] deleting index
[00:33:23]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.lists-default]
[00:33:23]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.items-default]
[00:33:23]                   └-> will return 0 results if we exclude two text
[00:33:23]                     └-> "before each" hook: global before each for "will return 0 results if we exclude two text"
[00:33:23]                     └-> "before each" hook for "will return 0 results if we exclude two text"
[00:33:23]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:33:23]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:33:23]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:33:23]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:33:23]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.lists-default]
[00:33:23]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.items-default]
[00:33:23]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.lists-default] for index patterns [.lists-default-*]
[00:33:23]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:33:23]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.items-default] for index patterns [.items-default-*]
[00:33:23]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:33:23]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:33:23]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:33:23]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:33:23]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:33:23]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:33:23]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:33:23]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:33:23]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:33:29]                     │ proc [kibana]   log   [14:21:13.746] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:13.745Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:13.745Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"a3f81760-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:21:13.012Z","schedule_delay":733000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"a3f81760-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"a3f81760-301e-11ec-8c93-4526afd1078d\"","ecs":{"version":"1.8.0"}}
[00:33:31]                     │ proc [kibana]   log   [14:21:16.042] [info][plugins][securitySolution] [+] Finished indexing 0  signals searched between date ranges [
[00:33:31]                     │ proc [kibana]   {
[00:33:31]                     │ proc [kibana]     "to": "2021-10-18T14:21:15.037Z",
[00:33:31]                     │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:33:31]                     │ proc [kibana]     "maxSignals": 100
[00:33:31]                     │ proc [kibana]   }
[00:33:31]                     │ proc [kibana] ] name: "Signal Testing Query" id: "a3f81760-301e-11ec-8c93-4526afd1078d" rule id: "rule-1" signals index: ".siem-signals-default"
[00:33:31]                     │ proc [kibana]   log   [14:21:16.053] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:13.745Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:13.745Z","outcome":"success","end":"2021-10-18T14:21:16.053Z","duration":2308000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"a3f81760-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:21:13.012Z","schedule_delay":733000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"a3f81760-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem","name":"Signal Testing Query"},"message":"alert executed: siem.signals:a3f81760-301e-11ec-8c93-4526afd1078d: 'Signal Testing Query'","ecs":{"version":"1.8.0"}}
[00:33:32]                     └- ✓ pass  (8.4s)
[00:33:32]                   └-> "after each" hook for "will return 0 results if we exclude two text"
[00:33:32]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.siem-signals-default-000001/TiJw6pqUT3a77ufUcdqC1w] deleting index
[00:33:32]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing index template [.siem-signals-default]
[00:33:35]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.lists-default-000001/BmsJ7fSlQ8q-8vipjnmZNg] deleting index
[00:33:35]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.items-default-000001/hKvKmE5WRae8OzIIqTz0yA] deleting index
[00:33:35]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.lists-default]
[00:33:35]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.items-default]
[00:33:35]                   └-> should filter 1 single text using a single word
[00:33:35]                     └-> "before each" hook: global before each for "should filter 1 single text using a single word"
[00:33:35]                     └-> "before each" hook for "should filter 1 single text using a single word"
[00:33:35]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:33:35]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:33:35]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:33:35]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:33:35]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.lists-default]
[00:33:35]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.items-default]
[00:33:35]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:33:35]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.lists-default] for index patterns [.lists-default-*]
[00:33:35]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:33:35]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.items-default] for index patterns [.items-default-*]
[00:33:35]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:33:35]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:33:35]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:33:35]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:33:35]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:33:35]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:33:35]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:33:35]                     │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:33:41]                     │ proc [kibana]   log   [14:21:25.740] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:25.740Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:25.740Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"ab321120-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:21:25.126Z","schedule_delay":614000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"ab321120-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"ab321120-301e-11ec-8c93-4526afd1078d\"","ecs":{"version":"1.8.0"}}
[00:33:44]                     │ proc [kibana]   log   [14:21:28.158] [info][plugins][securitySolution] [+] Finished indexing 1  signals searched between date ranges [
[00:33:44]                     │ proc [kibana]   {
[00:33:44]                     │ proc [kibana]     "to": "2021-10-18T14:21:27.149Z",
[00:33:44]                     │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:33:44]                     │ proc [kibana]     "maxSignals": 100
[00:33:44]                     │ proc [kibana]   }
[00:33:44]                     │ proc [kibana] ] name: "Signal Testing Query" id: "ab321120-301e-11ec-8c93-4526afd1078d" rule id: "rule-1" signals index: ".siem-signals-default"
[00:33:44]                     │ proc [kibana]   log   [14:21:28.164] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:25.740Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:25.740Z","outcome":"success","end":"2021-10-18T14:21:28.164Z","duration":2424000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"ab321120-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:21:25.126Z","schedule_delay":614000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"ab321120-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem","name":"Signal Testing Query"},"message":"alert executed: siem.signals:ab321120-301e-11ec-8c93-4526afd1078d: 'Signal Testing Query'","ecs":{"version":"1.8.0"}}
[00:33:44]                     └- ✓ pass  (8.5s)
[00:33:44]                   └-> "after each" hook for "should filter 1 single text using a single word"
[00:33:44]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.siem-signals-default-000001/HZQOyh8DSWegC_El_sz6Ww] deleting index
[00:33:44]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing index template [.siem-signals-default]
[00:33:47]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.lists-default-000001/9ePzwGisTpqe8A5K1Q6Jvw] deleting index
[00:33:47]                     │ info [o.e.c.m.MetadataDeleteIndexService] [node-01] [.items-default-000001/jEFKbKSVQQSjkD1VluZlFw] deleting index
[00:33:47]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.lists-default]
[00:33:47]                     │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] removing template [.items-default]
[00:33:47]                   └-> should filter all words using a common piece of text
[00:33:47]                     └-> "before each" hook: global before each for "should filter all words using a common piece of text"
[00:33:47]                     └-> "before each" hook for "should filter all words using a common piece of text"
[00:33:47]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.siem-signals-default]
[00:33:47]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding index template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:33:47]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:33:47]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:33:47]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:33:47]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.lists-default]
[00:33:47]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:33:47]                       │ info [o.e.x.i.a.TransportPutLifecycleAction] [node-01] adding index lifecycle policy [.items-default]
[00:33:47]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.lists-default] for index patterns [.lists-default-*]
[00:33:47]                       │ info [o.e.c.m.MetadataIndexTemplateService] [node-01] adding template [.items-default] for index patterns [.items-default-*]
[00:33:47]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:33:47]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:33:47]                       │ info [o.e.c.m.MetadataCreateIndexService] [node-01] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:33:47]                       │ info [o.e.x.i.IndexLifecycleTransition] [node-01] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:33:56]                     │ proc [kibana]   log   [14:21:40.728] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:40.727Z","event":{"provider":"alerting","action":"execute-start","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:40.727Z"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"b26aab50-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:21:37.250Z","schedule_delay":3477000000},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"b26aab50-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem"},"message":"alert execution start: \"b26aab50-301e-11ec-8c93-4526afd1078d\"","ecs":{"version":"1.8.0"}}
[00:33:59]                     │ proc [kibana]   log   [14:21:43.295] [info][plugins][securitySolution] [+] Finished indexing 4  signals searched between date ranges [
[00:33:59]                     │ proc [kibana]   {
[00:33:59]                     │ proc [kibana]     "to": "2021-10-18T14:21:42.337Z",
[00:33:59]                     │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:33:59]                     │ proc [kibana]     "maxSignals": 100
[00:33:59]                     │ proc [kibana]   }
[00:33:59]                     │ proc [kibana] ] name: "Signal Testing Query" id: "b26aab50-301e-11ec-8c93-4526afd1078d" rule id: "rule-1" signals index: ".siem-signals-default"
[00:33:59]                     │ proc [kibana]   log   [14:21:43.339] [info][eventLog][plugins] event logged: {"@timestamp":"2021-10-18T14:21:40.727Z","event":{"provider":"alerting","action":"execute","kind":"alert","category":["siem"],"start":"2021-10-18T14:21:40.727Z","outcome":"success","end":"2021-10-18T14:21:43.335Z","duration":2608000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"b26aab50-301e-11ec-8c93-4526afd1078d","type_id":"siem.signals"}],"task":{"scheduled":"2021-10-18T14:21:37.250Z","schedule_delay":3477000000},"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d","version":"7.16.0"},"rule":{"id":"b26aab50-301e-11ec-8c93-4526afd1078d","license":"basic","category":"siem.signals","ruleset":"siem","name":"Signal Testing Query"},"message":"alert executed: siem.signals:b26aab50-301e-11ec-8c93-4526afd1078d: 'Signal Testing Query'","ecs":{"version":"1.8.0"}}
[00:33:59]                     └- ✖ fail: detection engine api security and spaces enabled  Detection exceptions data types and operators  Rule exception operators for data type text "is not" operator should filter all words using a common piece of text
[00:33:59]                     │       Error: expected [] to sort of equal [ 'word four', 'word one', 'word three', 'word two' ]
[00:33:59]                     │       + expected - actual
[00:33:59]                     │ 
[00:33:59]                     │       -[]
[00:33:59]                     │       +[
[00:33:59]                     │       +  "word four"
[00:33:59]                     │       +  "word one"
[00:33:59]                     │       +  "word three"
[00:33:59]                     │       +  "word two"
[00:33:59]                     │       +]
[00:33:59]                     │       
[00:33:59]                     │       at Assertion.assert (/dev/shm/workspace/parallel/8/kibana/node_modules/@kbn/expect/expect.js:100:11)
[00:33:59]                     │       at Assertion.eql (/dev/shm/workspace/parallel/8/kibana/node_modules/@kbn/expect/expect.js:244:8)
[00:33:59]                     │       at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts:348:25)
[00:33:59]                     │       at runMicrotasks (<anonymous>)
[00:33:59]                     │       at processTicksAndRejections (node:internal/process/task_queues:96:5)
[00:33:59]                     │       at Object.apply (/dev/shm/workspace/parallel/8/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16)
[00:33:59]                     │ 
[00:33:59]                     │ 

Stack Trace

Error: expected [] to sort of equal [ 'word four', 'word one', 'word three', 'word two' ]
    at Assertion.assert (/dev/shm/workspace/parallel/8/kibana/node_modules/@kbn/expect/expect.js:100:11)
    at Assertion.eql (/dev/shm/workspace/parallel/8/kibana/node_modules/@kbn/expect/expect.js:244:8)
    at Context.<anonymous> (test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/text.ts:348:25)
    at runMicrotasks (<anonymous>)
    at processTicksAndRejections (node:internal/process/task_queues:96:5)
    at Object.apply (/dev/shm/workspace/parallel/8/kibana/node_modules/@kbn/test/target_node/functional_test_runner/lib/mocha/wrap_function.js:87:16) {
  actual: '[]',
  expected: '[\n  "word four"\n  "word one"\n  "word three"\n  "word two"\n]',
  showDiff: true
}

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@legrego legrego merged commit 0f46bdc into elastic:7.x Oct 18, 2021
@legrego legrego deleted the security/audit-logger-ua branch October 18, 2021 15:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:skip This commit does not require backporting release_note:skip Skip the PR/issue when compiling release notes Team:Security Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more! v7.16.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants