diff --git a/docs/developer/plugin/migrating-legacy-plugins-examples.asciidoc b/docs/developer/plugin/migrating-legacy-plugins-examples.asciidoc index 8a0e487971b20..a033bbd26a1a7 100644 --- a/docs/developer/plugin/migrating-legacy-plugins-examples.asciidoc +++ b/docs/developer/plugin/migrating-legacy-plugins-examples.asciidoc @@ -1143,6 +1143,77 @@ router.get( ); ---- +==== Accessing the client from a collector's `fetch` method + +At the moment, the `fetch` method's context receives preconfigured +<> for Elasticsearch and SavedObjects. +To help in the transition, both, the legacy (`callCluster`) and new clients are provided, +but we strongly discourage using the deprecated legacy ones for any new implementation. + +[source,typescript] +---- +usageCollection.makeUsageCollector({ + type: 'my-collector', + isReady: async () => true, // Logic to confirm the `fetch` method is ready to be called + schema: {...}, + async fetch(context) { + const { callCluster, esClient, soClient } = context; + + // Before: + const result = callCluster('search', options) + + // After: + const { body: result } = esClient.search(options); + + return result; + } +}); +---- + +Regarding the `soClient`, it is encouraged to use it instead of the plugin's owned SavedObject's repository +as we used to do in the past. + +Before: + +[source,typescript] +---- +function getUsageCollector( + usageCollection: UsageCollectionSetup, + getSavedObjectsRepository: () => ISavedObjectsRepository | undefined +) { + usageCollection.makeUsageCollector({ + type: 'my-collector', + isReady: () => typeof getSavedObjectsRepository() !== 'undefined', + schema: {...}, + async fetch() { + const savedObjectsRepository = getSavedObjectsRepository(); + + const { attributes: result } = await savedObjectsRepository.get('my-so-type', 'my-so-id'); + + return result; + } + }); +} +---- + +After: + +[source,typescript] +---- +function getUsageCollector(usageCollection: UsageCollectionSetup) { + usageCollection.makeUsageCollector({ + type: 'my-collector', + isReady: () => true, + schema: {...}, + async fetch({ soClient }) { + const { attributes: result } = await soClient.get('my-so-type', 'my-so-id'); + + return result; + } + }); +} +---- + ==== Creating a custom client Note that the `plugins` option is no longer available on the new diff --git a/src/plugins/kibana_usage_collection/server/collectors/application_usage/telemetry_application_usage_collector.test.ts b/src/plugins/kibana_usage_collection/server/collectors/application_usage/telemetry_application_usage_collector.test.ts index 6cb104416ef58..47dc26e0ab3d8 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/application_usage/telemetry_application_usage_collector.test.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/application_usage/telemetry_application_usage_collector.test.ts @@ -40,7 +40,7 @@ describe('telemetry_application_usage', () => { const logger = loggingSystemMock.createLogger(); - let collector: Collector; + let collector: Collector; const usageCollectionMock = createUsageCollectionSetupMock(); usageCollectionMock.makeUsageCollector.mockImplementation((config) => { diff --git a/src/plugins/kibana_usage_collection/server/collectors/core/core_usage_collector.ts b/src/plugins/kibana_usage_collection/server/collectors/core/core_usage_collector.ts index 297baf016e9e6..3fd011b0bded2 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/core/core_usage_collector.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/core/core_usage_collector.ts @@ -24,7 +24,7 @@ export function getCoreUsageCollector( usageCollection: UsageCollectionSetup, getCoreUsageDataService: () => CoreUsageDataStart ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'core', isReady: () => typeof getCoreUsageDataService() !== 'undefined', schema: { diff --git a/src/plugins/kibana_usage_collection/server/collectors/core/index.test.ts b/src/plugins/kibana_usage_collection/server/collectors/core/index.test.ts index e31437a744e29..335d73fb60847 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/core/index.test.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/core/index.test.ts @@ -29,7 +29,7 @@ import { CoreUsageData } from 'src/core/server/'; const logger = loggingSystemMock.createLogger(); describe('telemetry_core', () => { - let collector: Collector; + let collector: Collector; const usageCollectionMock = createUsageCollectionSetupMock(); usageCollectionMock.makeUsageCollector.mockImplementation((config) => { diff --git a/src/plugins/kibana_usage_collection/server/collectors/kibana/index.test.ts b/src/plugins/kibana_usage_collection/server/collectors/kibana/index.test.ts index 16a60eca60f47..83cac1d456a3a 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/kibana/index.test.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/kibana/index.test.ts @@ -31,7 +31,7 @@ import { registerKibanaUsageCollector } from './'; const logger = loggingSystemMock.createLogger(); describe('telemetry_kibana', () => { - let collector: Collector; + let collector: Collector; const usageCollectionMock = createUsageCollectionSetupMock(); usageCollectionMock.makeUsageCollector.mockImplementation((config) => { @@ -66,23 +66,4 @@ describe('telemetry_kibana', () => { timelion_sheet: { total: 0 }, }); }); - - test('formatForBulkUpload', async () => { - const resultFromFetch = { - index: '.kibana-tests', - dashboard: { total: 0 }, - visualization: { total: 0 }, - search: { total: 0 }, - index_pattern: { total: 0 }, - graph_workspace: { total: 0 }, - timelion_sheet: { total: 0 }, - }; - - expect(collector.formatForBulkUpload!(resultFromFetch)).toStrictEqual({ - type: 'kibana_stats', - payload: { - usage: resultFromFetch, - }, - }); - }); }); diff --git a/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts b/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts index d292b2d5ace0e..6c2e0a2c926ad 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/kibana/kibana_usage_collector.ts @@ -21,7 +21,6 @@ import { Observable } from 'rxjs'; import { take } from 'rxjs/operators'; import { SharedGlobalConfig } from 'kibana/server'; import { UsageCollectionSetup } from 'src/plugins/usage_collection/server'; -import { KIBANA_STATS_TYPE } from '../../../common/constants'; import { getSavedObjectsCounts, KibanaSavedObjectCounts } from './get_saved_object_counts'; interface KibanaUsage extends KibanaSavedObjectCounts { @@ -32,7 +31,7 @@ export function getKibanaUsageCollector( usageCollection: UsageCollectionSetup, legacyConfig$: Observable ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'kibana', isReady: () => true, schema: { @@ -53,20 +52,6 @@ export function getKibanaUsageCollector( ...(await getSavedObjectsCounts(callCluster, index)), }; }, - - /* - * Format the response data into a model for internal upload - * 1. Make this data part of the "kibana_stats" type - * 2. Organize the payload in the usage namespace of the data payload (usage.index, etc) - */ - formatForBulkUpload: (result) => { - return { - type: KIBANA_STATS_TYPE, - payload: { - usage: result, - }, - }; - }, }); } diff --git a/src/plugins/kibana_usage_collection/server/collectors/management/index.test.ts b/src/plugins/kibana_usage_collection/server/collectors/management/index.test.ts index 0aafee01cf49d..bd63c5b40735a 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/management/index.test.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/management/index.test.ts @@ -29,7 +29,7 @@ import { registerManagementUsageCollector } from './'; const logger = loggingSystemMock.createLogger(); describe('telemetry_application_usage_collector', () => { - let collector: Collector; + let collector: Collector; const usageCollectionMock = createUsageCollectionSetupMock(); usageCollectionMock.makeUsageCollector.mockImplementation((config) => { diff --git a/src/plugins/kibana_usage_collection/server/collectors/ops_stats/index.test.ts b/src/plugins/kibana_usage_collection/server/collectors/ops_stats/index.test.ts index 8db7010e64026..1aa60e2c8e961 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/ops_stats/index.test.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/ops_stats/index.test.ts @@ -31,7 +31,7 @@ import { loggingSystemMock } from '../../../../../core/server/mocks'; const logger = loggingSystemMock.createLogger(); describe('telemetry_ops_stats', () => { - let collector: Collector; + let collector: Collector; const usageCollectionMock = createUsageCollectionSetupMock(); usageCollectionMock.makeStatsCollector.mockImplementation((config) => { diff --git a/src/plugins/kibana_usage_collection/server/collectors/ui_metric/index.test.ts b/src/plugins/kibana_usage_collection/server/collectors/ui_metric/index.test.ts index 90e3b7110e1dc..d852e505027fa 100644 --- a/src/plugins/kibana_usage_collection/server/collectors/ui_metric/index.test.ts +++ b/src/plugins/kibana_usage_collection/server/collectors/ui_metric/index.test.ts @@ -29,7 +29,7 @@ import { registerUiMetricUsageCollector } from './'; const logger = loggingSystemMock.createLogger(); describe('telemetry_ui_metric', () => { - let collector: Collector; + let collector: Collector; const usageCollectionMock = createUsageCollectionSetupMock(); usageCollectionMock.makeUsageCollector.mockImplementation((config) => { diff --git a/src/plugins/usage_collection/server/collector/collector.test.ts b/src/plugins/usage_collection/server/collector/collector.test.ts index 875414fbeec48..fe52b9b2ca03e 100644 --- a/src/plugins/usage_collection/server/collector/collector.test.ts +++ b/src/plugins/usage_collection/server/collector/collector.test.ts @@ -19,7 +19,6 @@ import { loggingSystemMock } from '../../../../core/server/mocks'; import { Collector } from './collector'; -import { UsageCollector } from './usage_collector'; const logger = loggingSystemMock.createLogger(); @@ -88,49 +87,6 @@ describe('collector', () => { }); }); - describe('formatForBulkUpload', () => { - it('should use the default formatter', () => { - const fetchOutput = { testPass: 100 }; - const collector = new Collector(logger, { - type: 'my_test_collector', - isReady: () => false, - fetch: () => fetchOutput, - }); - expect(collector.formatForBulkUpload(fetchOutput)).toStrictEqual({ - type: 'my_test_collector', - payload: fetchOutput, - }); - }); - - it('should use a custom formatter', () => { - const fetchOutput = { testPass: 100 }; - const collector = new Collector(logger, { - type: 'my_test_collector', - isReady: () => false, - fetch: () => fetchOutput, - formatForBulkUpload: (a) => ({ type: 'other_value', payload: { nested: a } }), - }); - expect(collector.formatForBulkUpload(fetchOutput)).toStrictEqual({ - type: 'other_value', - payload: { nested: fetchOutput }, - }); - }); - - it("should use UsageCollector's default formatter", () => { - const fetchOutput = { testPass: 100 }; - const collector = new UsageCollector(logger, { - type: 'my_test_collector', - isReady: () => false, - fetch: () => fetchOutput, - schema: { testPass: { type: 'long' } }, - }); - expect(collector.formatForBulkUpload(fetchOutput)).toStrictEqual({ - type: 'kibana_stats', - payload: { usage: { my_test_collector: fetchOutput } }, - }); - }); - }); - describe('schema TS validations', () => { // These tests below are used to ensure types inference is working as expected. // We don't intend to test any logic as such, just the relation between the types in `fetch` and `schema`. diff --git a/src/plugins/usage_collection/server/collector/collector.ts b/src/plugins/usage_collection/server/collector/collector.ts index 797fdaa06a620..8e86bc3d1cd26 100644 --- a/src/plugins/usage_collection/server/collector/collector.ts +++ b/src/plugins/usage_collection/server/collector/collector.ts @@ -26,8 +26,6 @@ import { KibanaRequest, } from 'src/core/server'; -export type CollectorFormatForBulkUpload = (result: T) => { type: string; payload: U }; - export type AllowedSchemaNumberTypes = 'long' | 'integer' | 'short' | 'byte' | 'double' | 'float'; export type AllowedSchemaTypes = AllowedSchemaNumberTypes | 'keyword' | 'text' | 'boolean' | 'date'; @@ -87,7 +85,7 @@ export type CollectorFetchMethod< TReturn, ExtraOptions extends object = {} > = ( - this: Collector & ExtraOptions, // Specify the context of `this` for this.log and others to become available + this: Collector & ExtraOptions, // Specify the context of `this` for this.log and others to become available context: CollectorFetchContext ) => Promise | TReturn; @@ -108,7 +106,6 @@ export type CollectorOptionsFetchExtendedContext< export type CollectorOptions< TFetchReturn = unknown, - UFormatBulkUploadPayload = TFetchReturn, // TODO: Once we remove bulk_uploader's dependency on usageCollection, we'll be able to remove this type WithKibanaRequest extends boolean = boolean, ExtraOptions extends object = {} > = { @@ -130,13 +127,6 @@ export type CollectorOptions< * @param collectorFetchContext {@link CollectorFetchContext} */ fetch: CollectorFetchMethod; - /** - * A hook for allowing the fetched data payload to be organized into a typed - * data model for internal bulk upload. See defaultFormatterForBulkUpload for - * a generic example. - * @deprecated Used only by the Legacy Monitoring collection (to be removed in 8.0) - */ - formatForBulkUpload?: CollectorFormatForBulkUpload; } & ExtraOptions & (WithKibanaRequest extends true // If enforced to true via Types, the config must be enforced ? { @@ -146,28 +136,16 @@ export type CollectorOptions< extendFetchContext?: CollectorOptionsFetchExtendedContext; }); -export class Collector< - TFetchReturn, - UFormatBulkUploadPayload = TFetchReturn, - ExtraOptions extends object = {} -> { +export class Collector { public readonly extendFetchContext: CollectorOptionsFetchExtendedContext; - public readonly type: CollectorOptions['type']; - public readonly init?: CollectorOptions['init']; + public readonly type: CollectorOptions['type']; + public readonly init?: CollectorOptions['init']; public readonly fetch: CollectorFetchMethod; - public readonly isReady: CollectorOptions['isReady']; - private readonly _formatForBulkUpload?: CollectorFormatForBulkUpload< - TFetchReturn, - UFormatBulkUploadPayload - >; - /* - * @param {Object} logger - logger object - * @param {String} options.type - property name as the key for the data - * @param {Function} options.init (optional) - initialization function - * @param {Function} options.fetch - function to query data - * @param {Function} options.formatForBulkUpload - optional - * @param {Function} options.isReady - method that returns a boolean or Promise of a boolean to indicate the collector is ready to report data - * @param {Function} options.rest - optional other properties + public readonly isReady: CollectorOptions['isReady']; + /** + * @private Constructor of a Collector. It should be called via the CollectorSet factory methods: `makeStatsCollector` and `makeUsageCollector` + * @param log {@link Logger} + * @param collectorDefinition {@link CollectorOptions} */ constructor( public readonly log: Logger, @@ -175,11 +153,10 @@ export class Collector< type, init, fetch, - formatForBulkUpload, isReady, extendFetchContext = {}, ...options - }: CollectorOptions + }: CollectorOptions ) { if (type === undefined) { throw new Error('Collector must be instantiated with a options.type string property'); @@ -200,21 +177,5 @@ export class Collector< this.fetch = fetch; this.isReady = typeof isReady === 'function' ? isReady : () => true; this.extendFetchContext = extendFetchContext; - this._formatForBulkUpload = formatForBulkUpload; - } - - public formatForBulkUpload(result: TFetchReturn) { - if (this._formatForBulkUpload) { - return this._formatForBulkUpload(result); - } else { - return this.defaultFormatterForBulkUpload(result); - } - } - - protected defaultFormatterForBulkUpload(result: TFetchReturn) { - return { - type: this.type, - payload: (result as unknown) as UFormatBulkUploadPayload, - }; } } diff --git a/src/plugins/usage_collection/server/collector/collector_set.test.ts b/src/plugins/usage_collection/server/collector/collector_set.test.ts index fc17ce131430c..90a69043e0635 100644 --- a/src/plugins/usage_collection/server/collector/collector_set.test.ts +++ b/src/plugins/usage_collection/server/collector/collector_set.test.ts @@ -20,7 +20,7 @@ import { noop } from 'lodash'; import { Collector } from './collector'; import { CollectorSet } from './collector_set'; -import { UsageCollector, UsageCollectorOptions } from './usage_collector'; +import { UsageCollector } from './usage_collector'; import { elasticsearchServiceMock, loggingSystemMock, @@ -163,29 +163,6 @@ describe('CollectorSet', () => { }, ]); }); - - it('should infer the types from the implementations of fetch and formatForBulkUpload', async () => { - const collectors = new CollectorSet({ logger }); - collectors.registerCollector( - new Collector(logger, { - type: 'MY_TEST_COLLECTOR', - fetch: () => ({ test: 1 }), - formatForBulkUpload: (result) => ({ - type: 'MY_TEST_COLLECTOR', - payload: { test: result.test * 2 }, - }), - isReady: () => true, - }) - ); - - const result = await collectors.bulkFetch(mockCallCluster, mockEsClient, mockSoClient, req); - expect(result).toStrictEqual([ - { - type: 'MY_TEST_COLLECTOR', - result: { test: 1 }, // It matches the return of `fetch`. `formatForBulkUpload` is used later on - }, - ]); - }); }); describe('toApiFieldNames', () => { @@ -253,29 +230,6 @@ describe('CollectorSet', () => { }); }); - describe('isUsageCollector', () => { - const collectorOptions: UsageCollectorOptions = { - type: 'MY_TEST_COLLECTOR', - fetch: () => ({ test: 1 }), - isReady: () => true, - schema: { test: { type: 'long' } }, - }; - - it('returns true only for UsageCollector instances', () => { - const collectors = new CollectorSet({ logger }); - const usageCollector = new UsageCollector(logger, collectorOptions); - const collector = new Collector(logger, collectorOptions); - const randomClass = new (class Random {})(); - expect(collectors.isUsageCollector(usageCollector)).toEqual(true); - expect(collectors.isUsageCollector(collector)).toEqual(false); - expect(collectors.isUsageCollector(randomClass)).toEqual(false); - expect(collectors.isUsageCollector({})).toEqual(false); - expect(collectors.isUsageCollector(null)).toEqual(false); - expect(collectors.isUsageCollector('')).toEqual(false); - expect(collectors.isUsageCollector(void 0)).toEqual(false); - }); - }); - describe('makeStatsCollector', () => { const collectorSet = new CollectorSet({ logger }); test('TS should hide kibanaRequest when not opted-in', () => { @@ -402,7 +356,7 @@ describe('CollectorSet', () => { return { test: kibanaRequest ? 1 : 0 }; }, }); - collectorSet.makeUsageCollector<{ test: number }, unknown, false>({ + collectorSet.makeUsageCollector<{ test: number }, false>({ type: 'MY_TEST_COLLECTOR', isReady: () => true, schema: { test: { type: 'long' } }, @@ -415,7 +369,7 @@ describe('CollectorSet', () => { kibanaRequest: false, }, }); - collectorSet.makeUsageCollector<{ test: number }, unknown, false>({ + collectorSet.makeUsageCollector<{ test: number }, false>({ type: 'MY_TEST_COLLECTOR', isReady: () => true, schema: { test: { type: 'long' } }, @@ -442,7 +396,7 @@ describe('CollectorSet', () => { kibanaRequest: true, }, }); - collectorSet.makeUsageCollector<{ test: number }, unknown, false>({ + collectorSet.makeUsageCollector<{ test: number }, false>({ type: 'MY_TEST_COLLECTOR', isReady: () => true, schema: { test: { type: 'long' } }, @@ -460,7 +414,7 @@ describe('CollectorSet', () => { test('TS should allow `true` when types explicitly declare `true` and do not allow `false` or undefined', () => { // false is the default when at least 1 type is specified - collectorSet.makeUsageCollector<{ test: number }, unknown, true>({ + collectorSet.makeUsageCollector<{ test: number }, true>({ type: 'MY_TEST_COLLECTOR', isReady: () => true, schema: { test: { type: 'long' } }, @@ -472,7 +426,7 @@ describe('CollectorSet', () => { kibanaRequest: true, }, }); - collectorSet.makeUsageCollector<{ test: number }, unknown, true>({ + collectorSet.makeUsageCollector<{ test: number }, true>({ type: 'MY_TEST_COLLECTOR', isReady: () => true, schema: { test: { type: 'long' } }, @@ -485,7 +439,7 @@ describe('CollectorSet', () => { kibanaRequest: false, }, }); - collectorSet.makeUsageCollector<{ test: number }, unknown, true>({ + collectorSet.makeUsageCollector<{ test: number }, true>({ type: 'MY_TEST_COLLECTOR', isReady: () => true, schema: { test: { type: 'long' } }, @@ -498,7 +452,7 @@ describe('CollectorSet', () => { kibanaRequest: undefined, }, }); - collectorSet.makeUsageCollector<{ test: number }, unknown, true>({ + collectorSet.makeUsageCollector<{ test: number }, true>({ type: 'MY_TEST_COLLECTOR', isReady: () => true, schema: { test: { type: 'long' } }, @@ -509,7 +463,7 @@ describe('CollectorSet', () => { // @ts-expect-error extendFetchContext: {}, }); - collectorSet.makeUsageCollector<{ test: number }, unknown, true>( + collectorSet.makeUsageCollector<{ test: number }, true>( // @ts-expect-error { type: 'MY_TEST_COLLECTOR', diff --git a/src/plugins/usage_collection/server/collector/collector_set.ts b/src/plugins/usage_collection/server/collector/collector_set.ts index cda4ce36d4e23..3555b05518fdb 100644 --- a/src/plugins/usage_collection/server/collector/collector_set.ts +++ b/src/plugins/usage_collection/server/collector/collector_set.ts @@ -29,8 +29,7 @@ import { import { Collector, CollectorOptions } from './collector'; import { UsageCollector, UsageCollectorOptions } from './usage_collector'; -type AnyCollector = Collector; -type AnyUsageCollector = UsageCollector; +type AnyCollector = Collector; interface CollectorSetConfig { logger: Logger; @@ -38,6 +37,22 @@ interface CollectorSetConfig { collectors?: AnyCollector[]; } +/** + * Public interface of the CollectorSet (makes it easier to mock only the public methods) + */ +export type CollectorSetPublic = Pick< + CollectorSet, + | 'makeStatsCollector' + | 'makeUsageCollector' + | 'registerCollector' + | 'getCollectorByType' + | 'areAllCollectorsReady' + | 'bulkFetch' + | 'bulkFetchUsage' + | 'toObject' + | 'toApiFieldNames' +>; + export class CollectorSet { private _waitingForAllCollectorsTimestamp?: number; private readonly logger: Logger; @@ -55,13 +70,12 @@ export class CollectorSet { */ public makeStatsCollector = < TFetchReturn, - TFormatForBulkUpload, WithKibanaRequest extends boolean, ExtraOptions extends object = {} >( - options: CollectorOptions + options: CollectorOptions ) => { - return new Collector(this.logger, options); + return new Collector(this.logger, options); }; /** @@ -70,32 +84,23 @@ export class CollectorSet { */ public makeUsageCollector = < TFetchReturn, - TFormatForBulkUpload = { usage: { [key: string]: TFetchReturn } }, // TODO: Right now, users will need to explicitly claim `true` for TS to allow `kibanaRequest` usage. // If we improve `telemetry-check-tools` so plugins do not need to specify TFetchReturn, // we'll be able to remove the type defaults and TS will successfully infer the config value as provided in JS. WithKibanaRequest extends boolean = false, ExtraOptions extends object = {} >( - options: UsageCollectorOptions< - TFetchReturn, - TFormatForBulkUpload, - WithKibanaRequest, - ExtraOptions - > + options: UsageCollectorOptions ) => { - return new UsageCollector( - this.logger, - options - ); + return new UsageCollector(this.logger, options); }; /** * Registers a collector to be used when collecting all the usage and stats data * @param collector Collector to be added to the set (previously created via `makeUsageCollector` or `makeStatsCollector`) */ - public registerCollector = ( - collector: Collector + public registerCollector = ( + collector: Collector ) => { // check instanceof if (!(collector instanceof Collector)) { @@ -118,10 +123,6 @@ export class CollectorSet { return [...this.collectors.values()].find((c) => c.type === type); }; - public isUsageCollector = (x: AnyUsageCollector | any): x is AnyUsageCollector => { - return x instanceof UsageCollector; - }; - public areAllCollectorsReady = async (collectorSet: CollectorSet = this) => { if (!(collectorSet instanceof CollectorSet)) { throw new Error( @@ -205,7 +206,7 @@ export class CollectorSet { /* * @return {new CollectorSet} */ - public getFilteredCollectorSet = (filter: (col: AnyCollector) => boolean) => { + private getFilteredCollectorSet = (filter: (col: AnyCollector) => boolean) => { const filtered = [...this.collectors.values()].filter(filter); return this.makeCollectorSetFromArray(filtered); }; @@ -267,16 +268,6 @@ export class CollectorSet { }, {}); }; - // TODO: remove - public map = (mapFn: any) => { - return [...this.collectors.values()].map(mapFn); - }; - - // TODO: remove - public some = (someFn: any) => { - return [...this.collectors.values()].some(someFn); - }; - private makeCollectorSetFromArray = (collectors: AnyCollector[]) => { return new CollectorSet({ logger: this.logger, diff --git a/src/plugins/usage_collection/server/collector/index.ts b/src/plugins/usage_collection/server/collector/index.ts index 2f8be884a8a7b..1bbb995154690 100644 --- a/src/plugins/usage_collection/server/collector/index.ts +++ b/src/plugins/usage_collection/server/collector/index.ts @@ -17,7 +17,7 @@ * under the License. */ -export { CollectorSet } from './collector_set'; +export { CollectorSet, CollectorSetPublic } from './collector_set'; export { Collector, AllowedSchemaTypes, diff --git a/src/plugins/usage_collection/server/collector/usage_collector.ts b/src/plugins/usage_collection/server/collector/usage_collector.ts index a042ea113d5cc..57f6d109d6d20 100644 --- a/src/plugins/usage_collection/server/collector/usage_collector.ts +++ b/src/plugins/usage_collection/server/collector/usage_collector.ts @@ -18,43 +18,24 @@ */ import { Logger } from 'src/core/server'; -import { KIBANA_STATS_TYPE } from '../../common/constants'; import { Collector, CollectorOptions } from './collector'; // Enforce the `schema` property for UsageCollectors export type UsageCollectorOptions< TFetchReturn = unknown, - UFormatBulkUploadPayload = { usage: { [key: string]: TFetchReturn } }, WithKibanaRequest extends boolean = false, ExtraOptions extends object = {} -> = CollectorOptions & - Required, 'schema'>>; +> = CollectorOptions & + Required, 'schema'>>; -export class UsageCollector< +export class UsageCollector extends Collector< TFetchReturn, - UFormatBulkUploadPayload = { usage: { [key: string]: TFetchReturn } }, - ExtraOptions extends object = {} -> extends Collector { + ExtraOptions +> { constructor( - public readonly log: Logger, - collectorOptions: UsageCollectorOptions< - TFetchReturn, - UFormatBulkUploadPayload, - any, - ExtraOptions - > + log: Logger, + collectorOptions: UsageCollectorOptions ) { super(log, collectorOptions); } - - protected defaultFormatterForBulkUpload(result: TFetchReturn) { - return { - type: KIBANA_STATS_TYPE, - payload: ({ - usage: { - [this.type]: result, - }, - } as unknown) as UFormatBulkUploadPayload, - }; - } } diff --git a/src/plugins/usage_collection/server/plugin.ts b/src/plugins/usage_collection/server/plugin.ts index 9a8876446d01e..31e4f0ea253ea 100644 --- a/src/plugins/usage_collection/server/plugin.ts +++ b/src/plugins/usage_collection/server/plugin.ts @@ -27,10 +27,10 @@ import { Plugin, } from 'src/core/server'; import { ConfigType } from './config'; -import { CollectorSet } from './collector'; +import { CollectorSet, CollectorSetPublic } from './collector'; import { setupRoutes } from './routes'; -export type UsageCollectionSetup = CollectorSet; +export type UsageCollectionSetup = CollectorSetPublic; export class UsageCollectionPlugin implements Plugin { private readonly logger: Logger; private savedObjects?: ISavedObjectsRepository; diff --git a/src/plugins/usage_collection/server/usage_collection.mock.ts b/src/plugins/usage_collection/server/usage_collection.mock.ts index 05dae8fa85164..fb0a2e56ff3c9 100644 --- a/src/plugins/usage_collection/server/usage_collection.mock.ts +++ b/src/plugins/usage_collection/server/usage_collection.mock.ts @@ -37,13 +37,6 @@ export const createUsageCollectionSetupMock = () => { bulkFetch: jest.fn(), bulkFetchUsage: jest.fn(), getCollectorByType: jest.fn(), - getFilteredCollectorSet: jest.fn(), - // @ts-ignore jest.fn doesn't play nice with type guards - isUsageCollector: jest.fn(), - makeCollectorSetFromArray: jest.fn(), - map: jest.fn(), - maximumWaitTimeForAllCollectorsInS: 0, - some: jest.fn(), toApiFieldNames: jest.fn(), toObject: jest.fn(), makeStatsCollector: jest.fn().mockImplementation((cfg) => new Collector(logger, cfg)), diff --git a/src/plugins/vis_type_timeseries/common/constants.ts b/src/plugins/vis_type_timeseries/common/constants.ts index bfcb5e8e15b9d..019afcba60000 100644 --- a/src/plugins/vis_type_timeseries/common/constants.ts +++ b/src/plugins/vis_type_timeseries/common/constants.ts @@ -22,4 +22,5 @@ export const INDEXES_SEPARATOR = ','; export const AUTO_INTERVAL = 'auto'; export const ROUTES = { VIS_DATA: '/api/metrics/vis/data', + FIELDS: '/api/metrics/fields', }; diff --git a/src/plugins/vis_type_timeseries/public/application/components/aggs/field_select.js b/src/plugins/vis_type_timeseries/public/application/components/aggs/field_select.js index a4168fd1398f1..b1ff749494b10 100644 --- a/src/plugins/vis_type_timeseries/public/application/components/aggs/field_select.js +++ b/src/plugins/vis_type_timeseries/public/application/components/aggs/field_select.js @@ -91,7 +91,7 @@ function FieldSelectUi({ } FieldSelectUi.defaultProps = { - indexPattern: '*', + indexPattern: '', disabled: false, restrict: [], placeholder: i18n.translate('visTypeTimeseries.fieldSelect.selectFieldPlaceholder', { diff --git a/src/plugins/vis_type_timeseries/public/application/components/annotations_editor.js b/src/plugins/vis_type_timeseries/public/application/components/annotations_editor.js index 34132e5f72716..3d38aa72fc271 100644 --- a/src/plugins/vis_type_timeseries/public/application/components/annotations_editor.js +++ b/src/plugins/vis_type_timeseries/public/application/components/annotations_editor.js @@ -43,13 +43,14 @@ import { EuiCode, EuiText, } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; import { FormattedMessage } from '@kbn/i18n/react'; function newAnnotation() { return { id: uuid.v1(), color: '#F00', - index_pattern: '*', + index_pattern: '', time_field: '@timestamp', icon: 'fa-tag', ignore_global_filters: 1, @@ -84,7 +85,7 @@ export class AnnotationsEditor extends Component { const defaults = { fields: '', template: '', - index_pattern: '*', + index_pattern: '', query_string: { query: '', language: getDefaultQueryLanguage() }, }; const model = { ...defaults, ...row }; @@ -100,6 +101,8 @@ export class AnnotationsEditor extends Component { const htmlId = htmlIdGenerator(model.id); const handleAdd = collectionActions.handleAdd.bind(null, this.props, newAnnotation); const handleDelete = collectionActions.handleDelete.bind(null, this.props, model); + const defaultIndexPattern = this.props.model.default_index_pattern; + return (
@@ -120,14 +123,22 @@ export class AnnotationsEditor extends Component { label={ } + helpText={ + defaultIndexPattern && + !model.index_pattern && + i18n.translate('visTypeTimeseries.annotationsEditor.searchByDefaultIndex', { + defaultMessage: 'Default index pattern is used. To query all indexes use *', + }) + } fullWidth > diff --git a/src/plugins/vis_type_timeseries/public/application/components/vis_editor.js b/src/plugins/vis_type_timeseries/public/application/components/vis_editor.js index 083ccaf8e5073..2cc50bd7efaeb 100644 --- a/src/plugins/vis_type_timeseries/public/application/components/vis_editor.js +++ b/src/plugins/vis_type_timeseries/public/application/components/vis_editor.js @@ -76,6 +76,19 @@ export class VisEditor extends Component { }); }, VIS_STATE_DEBOUNCE_DELAY); + debouncedFetchFields = debounce( + (extractedIndexPatterns) => { + if (this.abortControllerFetchFields) { + this.abortControllerFetchFields.abort(); + } + this.abortControllerFetchFields = new AbortController(); + + return fetchFields(extractedIndexPatterns, this.abortControllerFetchFields.signal); + }, + VIS_STATE_DEBOUNCE_DELAY, + { leading: true } + ); + handleChange = (partialModel) => { if (isEmpty(partialModel)) { return; @@ -94,7 +107,7 @@ export class VisEditor extends Component { const extractedIndexPatterns = extractIndexPatterns(nextModel); if (!isEqual(this.state.extractedIndexPatterns, extractedIndexPatterns)) { - fetchFields(extractedIndexPatterns).then((visFields) => + this.debouncedFetchFields(extractedIndexPatterns).then((visFields) => this.setState({ visFields, extractedIndexPatterns, diff --git a/src/plugins/vis_type_timeseries/public/application/lib/fetch_fields.js b/src/plugins/vis_type_timeseries/public/application/lib/fetch_fields.js index 6dd56a58418c5..a32ab71f36357 100644 --- a/src/plugins/vis_type_timeseries/public/application/lib/fetch_fields.js +++ b/src/plugins/vis_type_timeseries/public/application/lib/fetch_fields.js @@ -19,34 +19,40 @@ import { i18n } from '@kbn/i18n'; import { extractIndexPatterns } from '../../../common/extract_index_patterns'; import { getCoreStart } from '../../services'; +import { ROUTES } from '../../../common/constants'; -export async function fetchFields(indexPatterns = ['*']) { +export async function fetchFields(indexPatterns = [], signal) { const patterns = Array.isArray(indexPatterns) ? indexPatterns : [indexPatterns]; try { const indexFields = await Promise.all( - patterns.map((pattern) => { - return getCoreStart().http.get('/api/metrics/fields', { + patterns.map((pattern) => + getCoreStart().http.get(ROUTES.FIELDS, { query: { index: pattern, }, - }); - }) + signal, + }) + ) ); - const fields = patterns.reduce((cumulatedFields, currentPattern, index) => { - return { + + return patterns.reduce( + (cumulatedFields, currentPattern, index) => ({ ...cumulatedFields, [currentPattern]: indexFields[index], - }; - }, {}); - return fields; - } catch (error) { - getCoreStart().notifications.toasts.addDanger({ - title: i18n.translate('visTypeTimeseries.fetchFields.loadIndexPatternFieldsErrorMessage', { - defaultMessage: 'Unable to load index_pattern fields', }), - text: error.message, - }); + {} + ); + } catch (error) { + if (error.name !== 'AbortError') { + getCoreStart().notifications.toasts.addDanger({ + title: i18n.translate('visTypeTimeseries.fetchFields.loadIndexPatternFieldsErrorMessage', { + defaultMessage: 'Unable to load index_pattern fields', + }), + text: error.message, + }); + } } + return []; } export async function fetchIndexPatternFields({ params, fields = {} }) { diff --git a/src/plugins/vis_type_timeseries/server/routes/fields.ts b/src/plugins/vis_type_timeseries/server/routes/fields.ts index f9a600fa4b1f3..a9a890845d154 100644 --- a/src/plugins/vis_type_timeseries/server/routes/fields.ts +++ b/src/plugins/vis_type_timeseries/server/routes/fields.ts @@ -21,11 +21,12 @@ import { isBoom } from '@hapi/boom'; import { schema } from '@kbn/config-schema'; import { getFields } from '../lib/get_fields'; import { Framework } from '../plugin'; +import { ROUTES } from '../../common/constants'; export const fieldsRoutes = (framework: Framework) => { framework.router.get( { - path: '/api/metrics/fields', + path: ROUTES.FIELDS, validate: { query: schema.object({ index: schema.string() }), }, diff --git a/src/plugins/visualizations/public/legacy/build_pipeline.ts b/src/plugins/visualizations/public/legacy/build_pipeline.ts index d412ec918a71a..0c244876ca6a3 100644 --- a/src/plugins/visualizations/public/legacy/build_pipeline.ts +++ b/src/plugins/visualizations/public/legacy/build_pipeline.ts @@ -301,8 +301,10 @@ export const buildPipeline = async (vis: Vis, params: BuildPipelineParams) => { } else { const visConfig = { ...vis.params }; visConfig.dimensions = schemas; + visConfig.title = title; pipeline += `visualization type='${vis.type.name}' ${prepareJson('visConfig', visConfig)} + ${prepareJson('uiState', uiState)} metricsAtAllLevels=${vis.isHierarchical()} partialRows=${vis.params.showPartialRows || false} `; if (indexPattern) { diff --git a/test/functional/apps/discover/_discover.js b/test/functional/apps/discover/_discover.js index 61c4b21ed5cce..2270f3c815aaa 100644 --- a/test/functional/apps/discover/_discover.js +++ b/test/functional/apps/discover/_discover.js @@ -32,8 +32,7 @@ export default function ({ getService, getPageObjects }) { defaultIndex: 'logstash-*', }; - // Failing: See https://github.com/elastic/kibana/issues/82915 - describe.skip('discover test', function describeIndexTests() { + describe('discover test', function describeIndexTests() { before(async function () { log.debug('load kibana index with default index pattern'); await esArchiver.load('discover'); @@ -321,7 +320,6 @@ export default function ({ getService, getPageObjects }) { if (!requestStatsRow || !requestStatsRow[0] || !requestStatsRow[0][1]) { return ''; } - return requestStatsRow[0][1]; }; diff --git a/x-pack/plugins/apm/common/agent_name.test.ts b/x-pack/plugins/apm/common/agent_name.test.ts index f4ac2aa220e89..10afefc264ae9 100644 --- a/x-pack/plugins/apm/common/agent_name.test.ts +++ b/x-pack/plugins/apm/common/agent_name.test.ts @@ -4,43 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { - getFirstTransactionType, - isJavaAgentName, - isRumAgentName, -} from './agent_name'; +import { isJavaAgentName, isRumAgentName } from './agent_name'; describe('agent name helpers', () => { - describe('getFirstTransactionType', () => { - describe('with no transaction types', () => { - expect(getFirstTransactionType([])).toBeUndefined(); - }); - - describe('with a non-rum agent', () => { - it('returns "request"', () => { - expect(getFirstTransactionType(['worker', 'request'], 'java')).toEqual( - 'request' - ); - }); - - describe('with no request types', () => { - it('returns the first type', () => { - expect( - getFirstTransactionType(['worker', 'shirker'], 'java') - ).toEqual('worker'); - }); - }); - }); - - describe('with a rum agent', () => { - it('returns "page-load"', () => { - expect( - getFirstTransactionType(['http-request', 'page-load'], 'js-base') - ).toEqual('page-load'); - }); - }); - }); - describe('isJavaAgentName', () => { describe('when the agent name is java', () => { it('returns true', () => { diff --git a/x-pack/plugins/apm/common/agent_name.ts b/x-pack/plugins/apm/common/agent_name.ts index 916fe65684a6b..7fb79aa59595b 100644 --- a/x-pack/plugins/apm/common/agent_name.ts +++ b/x-pack/plugins/apm/common/agent_name.ts @@ -5,10 +5,6 @@ */ import { AgentName } from '../typings/es_schemas/ui/fields/agent'; -import { - TRANSACTION_PAGE_LOAD, - TRANSACTION_REQUEST, -} from './transaction_types'; /* * Agent names can be any string. This list only defines the official agents @@ -50,26 +46,6 @@ export const RUM_AGENT_NAMES: AgentName[] = [ 'opentelemetry/webjs', ]; -function getDefaultTransactionTypeForAgentName(agentName?: string) { - return isRumAgentName(agentName) - ? TRANSACTION_PAGE_LOAD - : TRANSACTION_REQUEST; -} - -export function getFirstTransactionType( - transactionTypes: string[], - agentName?: string -) { - const defaultTransactionType = getDefaultTransactionTypeForAgentName( - agentName - ); - - return ( - transactionTypes.find((type) => type === defaultTransactionType) ?? - transactionTypes[0] - ); -} - export function isJavaAgentName( agentName: string | undefined ): agentName is 'java' { diff --git a/x-pack/plugins/apm/common/utils/formatters/datetime.test.ts b/x-pack/plugins/apm/common/utils/formatters/datetime.test.ts index 733fb7bb5eea1..76f01c170ba99 100644 --- a/x-pack/plugins/apm/common/utils/formatters/datetime.test.ts +++ b/x-pack/plugins/apm/common/utils/formatters/datetime.test.ts @@ -73,19 +73,37 @@ describe('date time formatters', () => { const dateRange = asRelativeDateTimeRange(start, end); expect(dateRange).toEqual('Oct 29, 2019, 10:01 - 15:01 (UTC+1)'); }); - }); - describe('MMM D, YYYY, HH:mm:ss - HH:mm:ss (UTC)', () => { it('range: 14 minutes', () => { const start = formatDateToTimezone('2019-10-29 10:01:01'); const end = formatDateToTimezone('2019-10-29 10:15:01'); const dateRange = asRelativeDateTimeRange(start, end); - expect(dateRange).toEqual('Oct 29, 2019, 10:01:01 - 10:15:01 (UTC+1)'); + expect(dateRange).toEqual('Oct 29, 2019, 10:01 - 10:15 (UTC+1)'); }); it('range: 5 minutes', () => { const start = formatDateToTimezone('2019-10-29 10:01:01'); const end = formatDateToTimezone('2019-10-29 10:06:01'); const dateRange = asRelativeDateTimeRange(start, end); - expect(dateRange).toEqual('Oct 29, 2019, 10:01:01 - 10:06:01 (UTC+1)'); + expect(dateRange).toEqual('Oct 29, 2019, 10:01 - 10:06 (UTC+1)'); + }); + it('range: 1 minute', () => { + const start = formatDateToTimezone('2019-10-29 10:01:01'); + const end = formatDateToTimezone('2019-10-29 10:02:01'); + const dateRange = asRelativeDateTimeRange(start, end); + expect(dateRange).toEqual('Oct 29, 2019, 10:01 - 10:02 (UTC+1)'); + }); + }); + describe('MMM D, YYYY, HH:mm:ss - HH:mm:ss (UTC)', () => { + it('range: 50 seconds', () => { + const start = formatDateToTimezone('2019-10-29 10:01:01'); + const end = formatDateToTimezone('2019-10-29 10:01:50'); + const dateRange = asRelativeDateTimeRange(start, end); + expect(dateRange).toEqual('Oct 29, 2019, 10:01:01 - 10:01:50 (UTC+1)'); + }); + it('range: 10 seconds', () => { + const start = formatDateToTimezone('2019-10-29 10:01:01'); + const end = formatDateToTimezone('2019-10-29 10:01:11'); + const dateRange = asRelativeDateTimeRange(start, end); + expect(dateRange).toEqual('Oct 29, 2019, 10:01:01 - 10:01:11 (UTC+1)'); }); }); describe('MMM D, YYYY, HH:mm:ss.SSS - HH:mm:ss.SSS (UTC)', () => { diff --git a/x-pack/plugins/apm/common/utils/formatters/datetime.ts b/x-pack/plugins/apm/common/utils/formatters/datetime.ts index da08b3f49edce..6da71512befc5 100644 --- a/x-pack/plugins/apm/common/utils/formatters/datetime.ts +++ b/x-pack/plugins/apm/common/utils/formatters/datetime.ts @@ -80,14 +80,14 @@ function getFormatsAccordingToDateDifference( return { dateFormat: dateFormatWithDays }; } - if (getDateDifference(start, end, 'hours') >= 5) { + if (getDateDifference(start, end, 'minutes') >= 1) { return { dateFormat: dateFormatWithDays, timeFormat: getTimeFormat('minutes'), }; } - if (getDateDifference(start, end, 'minutes') >= 5) { + if (getDateDifference(start, end, 'seconds') >= 10) { return { dateFormat: dateFormatWithDays, timeFormat: getTimeFormat('seconds'), @@ -121,8 +121,8 @@ export function asAbsoluteDateTime( * | >= 5 years | YYYY - YYYY | * | >= 5 months | MMM YYYY - MMM YYYY | * | > 1 day | MMM D, YYYY - MMM D, YYYY | - * | >= 5 hours | MMM D, YYYY, HH:mm - HH:mm (UTC) | - * | >= 5 minutes | MMM D, YYYY, HH:mm:ss - HH:mm:ss (UTC) | + * | >= 1 minute | MMM D, YYYY, HH:mm - HH:mm (UTC) | + * | >= 10 seconds | MMM D, YYYY, HH:mm:ss - HH:mm:ss (UTC) | * | default | MMM D, YYYY, HH:mm:ss.SSS - HH:mm:ss.SSS (UTC) | * * @param start timestamp diff --git a/x-pack/plugins/apm/public/components/alerting/TransactionDurationAlertTrigger/index.tsx b/x-pack/plugins/apm/public/components/alerting/TransactionDurationAlertTrigger/index.tsx index ce98354c94c7e..b7220de8079c9 100644 --- a/x-pack/plugins/apm/public/components/alerting/TransactionDurationAlertTrigger/index.tsx +++ b/x-pack/plugins/apm/public/components/alerting/TransactionDurationAlertTrigger/index.tsx @@ -11,7 +11,6 @@ import React from 'react'; import { ForLastExpression } from '../../../../../triggers_actions_ui/public'; import { ALERT_TYPES_CONFIG } from '../../../../common/alert_types'; import { useEnvironments } from '../../../hooks/useEnvironments'; -import { useServiceTransactionTypes } from '../../../hooks/useServiceTransactionTypes'; import { useUrlParams } from '../../../hooks/useUrlParams'; import { ServiceAlertTrigger } from '../ServiceAlertTrigger'; import { PopoverExpression } from '../ServiceAlertTrigger/PopoverExpression'; @@ -22,6 +21,7 @@ import { TransactionTypeField, IsAboveField, } from '../fields'; +import { useApmService } from '../../../hooks/use_apm_service'; interface AlertParams { windowSize: number; @@ -63,7 +63,7 @@ interface Props { export function TransactionDurationAlertTrigger(props: Props) { const { setAlertParams, alertParams, setAlertProperty } = props; const { urlParams } = useUrlParams(); - const transactionTypes = useServiceTransactionTypes(urlParams); + const { transactionTypes } = useApmService(); const { serviceName } = useParams<{ serviceName?: string }>(); const { start, end, transactionType } = urlParams; const { environmentOptions } = useEnvironments({ serviceName, start, end }); diff --git a/x-pack/plugins/apm/public/components/alerting/TransactionDurationAnomalyAlertTrigger/index.tsx b/x-pack/plugins/apm/public/components/alerting/TransactionDurationAnomalyAlertTrigger/index.tsx index 4f87e13104371..e13ed6c1bcd6f 100644 --- a/x-pack/plugins/apm/public/components/alerting/TransactionDurationAnomalyAlertTrigger/index.tsx +++ b/x-pack/plugins/apm/public/components/alerting/TransactionDurationAnomalyAlertTrigger/index.tsx @@ -10,7 +10,6 @@ import React from 'react'; import { ANOMALY_SEVERITY } from '../../../../../ml/common'; import { ALERT_TYPES_CONFIG } from '../../../../common/alert_types'; import { useEnvironments } from '../../../hooks/useEnvironments'; -import { useServiceTransactionTypes } from '../../../hooks/useServiceTransactionTypes'; import { useUrlParams } from '../../../hooks/useUrlParams'; import { ServiceAlertTrigger } from '../ServiceAlertTrigger'; import { PopoverExpression } from '../ServiceAlertTrigger/PopoverExpression'; @@ -24,6 +23,7 @@ import { ServiceField, TransactionTypeField, } from '../fields'; +import { useApmService } from '../../../hooks/use_apm_service'; interface Params { windowSize: number; @@ -47,7 +47,7 @@ interface Props { export function TransactionDurationAnomalyAlertTrigger(props: Props) { const { setAlertParams, alertParams, setAlertProperty } = props; const { urlParams } = useUrlParams(); - const transactionTypes = useServiceTransactionTypes(urlParams); + const { transactionTypes } = useApmService(); const { serviceName } = useParams<{ serviceName?: string }>(); const { start, end, transactionType } = urlParams; const { environmentOptions } = useEnvironments({ serviceName, start, end }); diff --git a/x-pack/plugins/apm/public/components/alerting/TransactionErrorRateAlertTrigger/index.tsx b/x-pack/plugins/apm/public/components/alerting/TransactionErrorRateAlertTrigger/index.tsx index a9ad212393ac4..464409ed332e8 100644 --- a/x-pack/plugins/apm/public/components/alerting/TransactionErrorRateAlertTrigger/index.tsx +++ b/x-pack/plugins/apm/public/components/alerting/TransactionErrorRateAlertTrigger/index.tsx @@ -8,7 +8,6 @@ import React from 'react'; import { ForLastExpression } from '../../../../../triggers_actions_ui/public'; import { ALERT_TYPES_CONFIG, AlertType } from '../../../../common/alert_types'; import { useEnvironments } from '../../../hooks/useEnvironments'; -import { useServiceTransactionTypes } from '../../../hooks/useServiceTransactionTypes'; import { useUrlParams } from '../../../hooks/useUrlParams'; import { ServiceAlertTrigger } from '../ServiceAlertTrigger'; @@ -19,6 +18,7 @@ import { EnvironmentField, IsAboveField, } from '../fields'; +import { useApmService } from '../../../hooks/use_apm_service'; interface AlertParams { windowSize: number; @@ -38,7 +38,7 @@ interface Props { export function TransactionErrorRateAlertTrigger(props: Props) { const { setAlertParams, alertParams, setAlertProperty } = props; const { urlParams } = useUrlParams(); - const transactionTypes = useServiceTransactionTypes(urlParams); + const { transactionTypes } = useApmService(); const { serviceName } = useParams<{ serviceName?: string }>(); const { start, end, transactionType } = urlParams; const { environmentOptions } = useEnvironments({ serviceName, start, end }); diff --git a/x-pack/plugins/apm/public/components/app/Main/route_config/index.tsx b/x-pack/plugins/apm/public/components/app/Main/route_config/index.tsx index 63fb69d6d7cbf..ce8f2b0ba611a 100644 --- a/x-pack/plugins/apm/public/components/app/Main/route_config/index.tsx +++ b/x-pack/plugins/apm/public/components/app/Main/route_config/index.tsx @@ -7,6 +7,7 @@ import { i18n } from '@kbn/i18n'; import React from 'react'; import { Redirect, RouteComponentProps } from 'react-router-dom'; +import { ApmServiceContextProvider } from '../../../../context/apm_service_context'; import { UNIDENTIFIED_SERVICE_NODES_LABEL } from '../../../../../common/i18n'; import { SERVICE_NODE_NAME_MISSING } from '../../../../../common/service_nodes'; import { APMRouteDefinition } from '../../../../application/routes'; @@ -227,19 +228,19 @@ export const routes: APMRouteDefinition[] = [ breadcrumb: i18n.translate('xpack.apm.breadcrumb.overviewTitle', { defaultMessage: 'Overview', }), - component: ServiceDetailsOverview, + component: withApmServiceContext(ServiceDetailsOverview), } as APMRouteDefinition<{ serviceName: string }>, // errors { exact: true, path: '/services/:serviceName/errors/:groupId', - component: ErrorGroupDetails, + component: withApmServiceContext(ErrorGroupDetails), breadcrumb: ({ match }) => match.params.groupId, } as APMRouteDefinition<{ groupId: string; serviceName: string }>, { exact: true, path: '/services/:serviceName/errors', - component: ServiceDetailsErrors, + component: withApmServiceContext(ServiceDetailsErrors), breadcrumb: i18n.translate('xpack.apm.breadcrumb.errorsTitle', { defaultMessage: 'Errors', }), @@ -248,7 +249,7 @@ export const routes: APMRouteDefinition[] = [ { exact: true, path: '/services/:serviceName/transactions', - component: ServiceDetailsTransactions, + component: withApmServiceContext(ServiceDetailsTransactions), breadcrumb: i18n.translate('xpack.apm.breadcrumb.transactionsTitle', { defaultMessage: 'Transactions', }), @@ -257,7 +258,7 @@ export const routes: APMRouteDefinition[] = [ { exact: true, path: '/services/:serviceName/metrics', - component: ServiceDetailsMetrics, + component: withApmServiceContext(ServiceDetailsMetrics), breadcrumb: i18n.translate('xpack.apm.breadcrumb.metricsTitle', { defaultMessage: 'Metrics', }), @@ -266,7 +267,7 @@ export const routes: APMRouteDefinition[] = [ { exact: true, path: '/services/:serviceName/nodes', - component: ServiceDetailsNodes, + component: withApmServiceContext(ServiceDetailsNodes), breadcrumb: i18n.translate('xpack.apm.breadcrumb.nodesTitle', { defaultMessage: 'JVMs', }), @@ -275,7 +276,7 @@ export const routes: APMRouteDefinition[] = [ { exact: true, path: '/services/:serviceName/nodes/:serviceNodeName/metrics', - component: ServiceNodeMetrics, + component: withApmServiceContext(ServiceNodeMetrics), breadcrumb: ({ match }) => { const { serviceNodeName } = match.params; @@ -289,12 +290,20 @@ export const routes: APMRouteDefinition[] = [ { exact: true, path: '/services/:serviceName/transactions/view', - component: TransactionDetails, + component: withApmServiceContext(TransactionDetails), breadcrumb: ({ location }) => { const query = toQuery(location.search); return query.transactionName as string; }, }, + { + exact: true, + path: '/services/:serviceName/service-map', + component: withApmServiceContext(ServiceDetailsServiceMap), + breadcrumb: i18n.translate('xpack.apm.breadcrumb.serviceMapTitle', { + defaultMessage: 'Service Map', + }), + }, { exact: true, path: '/link-to/trace/:traceId', @@ -309,14 +318,6 @@ export const routes: APMRouteDefinition[] = [ defaultMessage: 'Service Map', }), }, - { - exact: true, - path: '/services/:serviceName/service-map', - component: ServiceDetailsServiceMap, - breadcrumb: i18n.translate('xpack.apm.breadcrumb.serviceMapTitle', { - defaultMessage: 'Service Map', - }), - }, { exact: true, path: '/settings/customize-ui', @@ -337,3 +338,13 @@ export const routes: APMRouteDefinition[] = [ ), }, ]; + +function withApmServiceContext(WrappedComponent: React.ComponentType) { + return (props: any) => { + return ( + + + + ); + }; +} diff --git a/x-pack/plugins/apm/public/components/app/service_details/service_detail_tabs.tsx b/x-pack/plugins/apm/public/components/app/service_details/service_detail_tabs.tsx index 92eb3753e7989..003bd6ba4c122 100644 --- a/x-pack/plugins/apm/public/components/app/service_details/service_detail_tabs.tsx +++ b/x-pack/plugins/apm/public/components/app/service_details/service_detail_tabs.tsx @@ -9,7 +9,6 @@ import { i18n } from '@kbn/i18n'; import React, { ReactNode } from 'react'; import { isJavaAgentName, isRumAgentName } from '../../../../common/agent_name'; import { enableServiceOverview } from '../../../../common/ui_settings_keys'; -import { useAgentName } from '../../../hooks/useAgentName'; import { useApmPluginContext } from '../../../hooks/useApmPluginContext'; import { useErrorOverviewHref } from '../../shared/Links/apm/ErrorOverviewLink'; import { useMetricOverviewHref } from '../../shared/Links/apm/MetricOverviewLink'; @@ -24,6 +23,7 @@ import { ServiceMetrics } from '../service_metrics'; import { ServiceNodeOverview } from '../ServiceNodeOverview'; import { ServiceOverview } from '../service_overview'; import { TransactionOverview } from '../transaction_overview'; +import { useApmService } from '../../../hooks/use_apm_service'; interface Tab { key: string; @@ -44,7 +44,7 @@ interface Props { } export function ServiceDetailTabs({ serviceName, tab }: Props) { - const { agentName } = useAgentName(); + const { agentName } = useApmService(); const { uiSettings } = useApmPluginContext().core; const overviewTab = { diff --git a/x-pack/plugins/apm/public/components/app/service_node_metrics/index.tsx b/x-pack/plugins/apm/public/components/app/service_node_metrics/index.tsx index a886c3f29d57c..11de40b47ff86 100644 --- a/x-pack/plugins/apm/public/components/app/service_node_metrics/index.tsx +++ b/x-pack/plugins/apm/public/components/app/service_node_metrics/index.tsx @@ -23,10 +23,10 @@ import { RouteComponentProps } from 'react-router-dom'; import styled from 'styled-components'; import { SERVICE_NODE_NAME_MISSING } from '../../../../common/service_nodes'; import { ChartPointerEventContextProvider } from '../../../context/chart_pointer_event_context'; -import { useAgentName } from '../../../hooks/useAgentName'; import { FETCH_STATUS, useFetcher } from '../../../hooks/useFetcher'; import { useServiceMetricCharts } from '../../../hooks/useServiceMetricCharts'; import { useUrlParams } from '../../../hooks/useUrlParams'; +import { useApmService } from '../../../hooks/use_apm_service'; import { px, truncate, unit } from '../../../style/variables'; import { ApmHeader } from '../../shared/ApmHeader'; import { MetricsChart } from '../../shared/charts/metrics_chart'; @@ -58,7 +58,7 @@ type ServiceNodeMetricsProps = RouteComponentProps<{ export function ServiceNodeMetrics({ match }: ServiceNodeMetricsProps) { const { urlParams, uiFilters } = useUrlParams(); const { serviceName, serviceNodeName } = match.params; - const { agentName } = useAgentName(); + const { agentName } = useApmService(); const { data } = useServiceMetricCharts( urlParams, agentName, diff --git a/x-pack/plugins/apm/public/components/app/service_overview/index.tsx b/x-pack/plugins/apm/public/components/app/service_overview/index.tsx index ddf3107a8ab1e..15125128d9781 100644 --- a/x-pack/plugins/apm/public/components/app/service_overview/index.tsx +++ b/x-pack/plugins/apm/public/components/app/service_overview/index.tsx @@ -21,6 +21,7 @@ import { TransactionErrorRateChart } from '../../shared/charts/transaction_error import { ServiceMapLink } from '../../shared/Links/apm/ServiceMapLink'; import { SearchBar } from '../../shared/search_bar'; import { ServiceOverviewErrorsTable } from './service_overview_errors_table'; +import { ServiceOverviewThroughputChart } from './service_overview_throughput_chart'; import { ServiceOverviewTransactionsTable } from './service_overview_transactions_table'; import { TableLinkFlexItem } from './table_link_flex_item'; @@ -64,18 +65,7 @@ export function ServiceOverview({ - - -

- {i18n.translate( - 'xpack.apm.serviceOverview.trafficChartTitle', - { - defaultMessage: 'Traffic', - } - )} -

- - + diff --git a/x-pack/plugins/apm/public/components/app/service_overview/service_overview.test.tsx b/x-pack/plugins/apm/public/components/app/service_overview/service_overview.test.tsx index e4ef7428ba8d4..b364f027538a6 100644 --- a/x-pack/plugins/apm/public/components/app/service_overview/service_overview.test.tsx +++ b/x-pack/plugins/apm/public/components/app/service_overview/service_overview.test.tsx @@ -72,6 +72,7 @@ describe('ServiceOverview', () => { sort: { direction: 'desc', field: 'test field' }, }, totalItemCount: 0, + throughput: [], }, refetch: () => {}, status: FETCH_STATUS.SUCCESS, diff --git a/x-pack/plugins/apm/public/components/app/service_overview/service_overview_throughput_chart.tsx b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_throughput_chart.tsx new file mode 100644 index 0000000000000..94d92bfbe89dd --- /dev/null +++ b/x-pack/plugins/apm/public/components/app/service_overview/service_overview_throughput_chart.tsx @@ -0,0 +1,80 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { EuiPanel, EuiTitle } from '@elastic/eui'; +import { i18n } from '@kbn/i18n'; +import React from 'react'; +import { useParams } from 'react-router-dom'; +import { asTransactionRate } from '../../../../common/utils/formatters'; +import { useFetcher } from '../../../hooks/useFetcher'; +import { useTheme } from '../../../hooks/useTheme'; +import { useUrlParams } from '../../../hooks/useUrlParams'; +import { useApmService } from '../../../hooks/use_apm_service'; +import { callApmApi } from '../../../services/rest/createCallApmApi'; +import { TimeseriesChart } from '../../shared/charts/timeseries_chart'; + +export function ServiceOverviewThroughputChart({ + height, +}: { + height?: number; +}) { + const theme = useTheme(); + const { serviceName } = useParams<{ serviceName?: string }>(); + const { urlParams, uiFilters } = useUrlParams(); + const { transactionType } = useApmService(); + const { start, end } = urlParams; + + const { data, status } = useFetcher(() => { + if (serviceName && transactionType && start && end) { + return callApmApi({ + endpoint: 'GET /api/apm/services/{serviceName}/throughput', + params: { + path: { + serviceName, + }, + query: { + start, + end, + transactionType, + uiFilters: JSON.stringify(uiFilters), + }, + }, + }); + } + }, [serviceName, start, end, uiFilters, transactionType]); + + return ( + + +

+ {i18n.translate('xpack.apm.serviceOverview.throughtputChartTitle', { + defaultMessage: 'Traffic', + })} +

+ + + + ); +} diff --git a/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx b/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx index 45a6114c88afd..28a27c034265a 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx +++ b/x-pack/plugins/apm/public/components/app/transaction_overview/index.tsx @@ -24,11 +24,9 @@ import { useTrackPageview } from '../../../../../observability/public'; import { Projection } from '../../../../common/projections'; import { TRANSACTION_PAGE_LOAD } from '../../../../common/transaction_types'; import { IUrlParams } from '../../../context/UrlParamsContext/types'; -import { useServiceTransactionTypes } from '../../../hooks/useServiceTransactionTypes'; import { useTransactionCharts } from '../../../hooks/useTransactionCharts'; import { useTransactionList } from '../../../hooks/useTransactionList'; import { useUrlParams } from '../../../hooks/useUrlParams'; -import { useTransactionType } from '../../../hooks/use_transaction_type'; import { TransactionCharts } from '../../shared/charts/transaction_charts'; import { ElasticDocsLink } from '../../shared/Links/ElasticDocsLink'; import { fromQuery, toQuery } from '../../shared/Links/url_helpers'; @@ -39,6 +37,7 @@ import { Correlations } from '../Correlations'; import { TransactionList } from './TransactionList'; import { useRedirect } from './useRedirect'; import { UserExperienceCallout } from './user_experience_callout'; +import { useApmService } from '../../../hooks/use_apm_service'; function getRedirectLocation({ location, @@ -69,8 +68,7 @@ interface TransactionOverviewProps { export function TransactionOverview({ serviceName }: TransactionOverviewProps) { const location = useLocation(); const { urlParams } = useUrlParams(); - const transactionType = useTransactionType(); - const serviceTransactionTypes = useServiceTransactionTypes(urlParams); + const { transactionType, transactionTypes } = useApmService(); // redirect to first transaction type useRedirect(getRedirectLocation({ location, transactionType, urlParams })); @@ -122,9 +120,7 @@ export function TransactionOverview({ serviceName }: TransactionOverviewProps) { - + diff --git a/x-pack/plugins/apm/public/components/app/transaction_overview/transaction_overview.test.tsx b/x-pack/plugins/apm/public/components/app/transaction_overview/transaction_overview.test.tsx index 2d7992feb3760..d4a8b3a46991c 100644 --- a/x-pack/plugins/apm/public/components/app/transaction_overview/transaction_overview.test.tsx +++ b/x-pack/plugins/apm/public/components/app/transaction_overview/transaction_overview.test.tsx @@ -11,10 +11,12 @@ import React from 'react'; import { Router } from 'react-router-dom'; import { createKibanaReactContext } from 'src/plugins/kibana_react/public'; import { MockApmPluginContextWrapper } from '../../../context/ApmPluginContext/MockApmPluginContext'; +import { ApmServiceContextProvider } from '../../../context/apm_service_context'; import { UrlParamsProvider } from '../../../context/UrlParamsContext'; import { IUrlParams } from '../../../context/UrlParamsContext/types'; import * as useFetcherHook from '../../../hooks/useFetcher'; -import * as useServiceTransactionTypesHook from '../../../hooks/useServiceTransactionTypes'; +import * as useServiceTransactionTypesHook from '../../../hooks/use_service_transaction_types'; +import * as useServiceAgentNameHook from '../../../hooks/use_service_agent_name'; import { disableConsoleWarning, renderWithTheme, @@ -37,19 +39,23 @@ function setup({ urlParams: IUrlParams; serviceTransactionTypes: string[]; }) { - const defaultLocation = { + history.replace({ pathname: '/services/foo/transactions', search: fromQuery(urlParams), - } as any; - - history.replace({ - ...defaultLocation, }); + // mock transaction types jest .spyOn(useServiceTransactionTypesHook, 'useServiceTransactionTypes') .mockReturnValue(serviceTransactionTypes); + // mock agent + jest.spyOn(useServiceAgentNameHook, 'useServiceAgentName').mockReturnValue({ + agentName: 'nodejs', + error: undefined, + status: useFetcherHook.FETCH_STATUS.SUCCESS, + }); + jest.spyOn(useFetcherHook, 'useFetcher').mockReturnValue({} as any); return renderWithTheme( @@ -57,7 +63,9 @@ function setup({ - + + + @@ -80,7 +88,7 @@ describe('TransactionOverview', () => { jest.clearAllMocks(); }); - describe('when no transaction type is given', () => { + describe('when no transaction type is given in urlParams', () => { it('should redirect to first type', () => { setup({ serviceTransactionTypes: ['firstType', 'secondType'], diff --git a/x-pack/plugins/apm/public/context/apm_service_context.test.tsx b/x-pack/plugins/apm/public/context/apm_service_context.test.tsx new file mode 100644 index 0000000000000..eb08cc22a0549 --- /dev/null +++ b/x-pack/plugins/apm/public/context/apm_service_context.test.tsx @@ -0,0 +1,70 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { getTransactionType } from './apm_service_context'; + +describe('getTransactionType', () => { + describe('with transaction type in url', () => { + it('returns the transaction type in the url ', () => { + expect( + getTransactionType({ + transactionTypes: ['worker', 'request'], + urlParams: { transactionType: 'custom' }, + agentName: 'nodejs', + }) + ).toBe('custom'); + }); + }); + + describe('with no transaction types', () => { + it('returns undefined', () => { + expect( + getTransactionType({ + transactionTypes: [], + urlParams: {}, + }) + ).toBeUndefined(); + }); + }); + + describe('with a non-rum agent', () => { + describe('with default transaction type', () => { + it('returns "request"', () => { + expect( + getTransactionType({ + transactionTypes: ['worker', 'request'], + urlParams: {}, + agentName: 'nodejs', + }) + ).toEqual('request'); + }); + }); + + describe('with no default transaction type', () => { + it('returns the first type', () => { + expect( + getTransactionType({ + transactionTypes: ['worker', 'custom'], + urlParams: {}, + agentName: 'nodejs', + }) + ).toEqual('worker'); + }); + }); + }); + + describe('with a rum agent', () => { + it('returns "page-load"', () => { + expect( + getTransactionType({ + transactionTypes: ['http-request', 'page-load'], + urlParams: {}, + agentName: 'js-base', + }) + ).toEqual('page-load'); + }); + }); +}); diff --git a/x-pack/plugins/apm/public/context/apm_service_context.tsx b/x-pack/plugins/apm/public/context/apm_service_context.tsx new file mode 100644 index 0000000000000..2f1b33dea5aa6 --- /dev/null +++ b/x-pack/plugins/apm/public/context/apm_service_context.tsx @@ -0,0 +1,72 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React, { createContext, ReactNode } from 'react'; +import { isRumAgentName } from '../../common/agent_name'; +import { + TRANSACTION_PAGE_LOAD, + TRANSACTION_REQUEST, +} from '../../common/transaction_types'; +import { useServiceTransactionTypes } from '../hooks/use_service_transaction_types'; +import { useUrlParams } from '../hooks/useUrlParams'; +import { useServiceAgentName } from '../hooks/use_service_agent_name'; +import { IUrlParams } from './UrlParamsContext/types'; + +export const APMServiceContext = createContext<{ + agentName?: string; + transactionType?: string; + transactionTypes: string[]; +}>({ transactionTypes: [] }); + +export function ApmServiceContextProvider({ + children, +}: { + children: ReactNode; +}) { + const { urlParams } = useUrlParams(); + const { agentName } = useServiceAgentName(); + const transactionTypes = useServiceTransactionTypes(); + const transactionType = getTransactionType({ + urlParams, + transactionTypes, + agentName, + }); + + return ( + + ); +} + +export function getTransactionType({ + urlParams, + transactionTypes, + agentName, +}: { + urlParams: IUrlParams; + transactionTypes: string[]; + agentName?: string; +}) { + if (urlParams.transactionType) { + return urlParams.transactionType; + } + + if (!agentName || transactionTypes.length === 0) { + return; + } + + // The default transaction type is "page-load" for RUM agents and "request" for all others + const defaultTransactionType = isRumAgentName(agentName) + ? TRANSACTION_PAGE_LOAD + : TRANSACTION_REQUEST; + + // If the default transaction type is not in transactionTypes the first in the list is returned + return transactionTypes.includes(defaultTransactionType) + ? defaultTransactionType + : transactionTypes[0]; +} diff --git a/x-pack/plugins/apm/public/hooks/useComponentId.tsx b/x-pack/plugins/apm/public/hooks/use_apm_service.ts similarity index 56% rename from x-pack/plugins/apm/public/hooks/useComponentId.tsx rename to x-pack/plugins/apm/public/hooks/use_apm_service.ts index c1de5c8ba3971..bc80c3771c39d 100644 --- a/x-pack/plugins/apm/public/hooks/useComponentId.tsx +++ b/x-pack/plugins/apm/public/hooks/use_apm_service.ts @@ -4,12 +4,9 @@ * you may not use this file except in compliance with the Elastic License. */ -import { useRef } from 'react'; +import { useContext } from 'react'; +import { APMServiceContext } from '../context/apm_service_context'; -let uniqueId = 0; -const getUniqueId = () => uniqueId++; - -export function useComponentId() { - const idRef = useRef(getUniqueId()); - return idRef.current; +export function useApmService() { + return useContext(APMServiceContext); } diff --git a/x-pack/plugins/apm/public/hooks/useAgentName.ts b/x-pack/plugins/apm/public/hooks/use_service_agent_name.ts similarity index 81% rename from x-pack/plugins/apm/public/hooks/useAgentName.ts rename to x-pack/plugins/apm/public/hooks/use_service_agent_name.ts index b226971762fab..199f14532f7b4 100644 --- a/x-pack/plugins/apm/public/hooks/useAgentName.ts +++ b/x-pack/plugins/apm/public/hooks/use_service_agent_name.ts @@ -3,16 +3,16 @@ * or more contributor license agreements. Licensed under the Elastic License; * you may not use this file except in compliance with the Elastic License. */ + import { useParams } from 'react-router-dom'; import { useFetcher } from './useFetcher'; import { useUrlParams } from './useUrlParams'; -export function useAgentName() { +export function useServiceAgentName() { const { serviceName } = useParams<{ serviceName?: string }>(); const { urlParams } = useUrlParams(); const { start, end } = urlParams; - - const { data: agentName, error, status } = useFetcher( + const { data, error, status } = useFetcher( (callApmApi) => { if (serviceName && start && end) { return callApmApi({ @@ -21,15 +21,11 @@ export function useAgentName() { path: { serviceName }, query: { start, end }, }, - }).then((res) => res.agentName); + }); } }, [serviceName, start, end] ); - return { - agentName, - status, - error, - }; + return { agentName: data?.agentName, status, error }; } diff --git a/x-pack/plugins/apm/public/hooks/useServiceTransactionTypes.tsx b/x-pack/plugins/apm/public/hooks/use_service_transaction_types.tsx similarity index 86% rename from x-pack/plugins/apm/public/hooks/useServiceTransactionTypes.tsx rename to x-pack/plugins/apm/public/hooks/use_service_transaction_types.tsx index 5f778e3d8834b..9d8892ac79b7d 100644 --- a/x-pack/plugins/apm/public/hooks/useServiceTransactionTypes.tsx +++ b/x-pack/plugins/apm/public/hooks/use_service_transaction_types.tsx @@ -5,13 +5,14 @@ */ import { useParams } from 'react-router-dom'; -import { IUrlParams } from '../context/UrlParamsContext/types'; import { useFetcher } from './useFetcher'; +import { useUrlParams } from './useUrlParams'; const INITIAL_DATA = { transactionTypes: [] }; -export function useServiceTransactionTypes(urlParams: IUrlParams) { +export function useServiceTransactionTypes() { const { serviceName } = useParams<{ serviceName?: string }>(); + const { urlParams } = useUrlParams(); const { start, end } = urlParams; const { data = INITIAL_DATA } = useFetcher( (callApmApi) => { diff --git a/x-pack/plugins/apm/public/hooks/use_transaction_breakdown.ts b/x-pack/plugins/apm/public/hooks/use_transaction_breakdown.ts index 686501c1eef4c..f1671ed7aa6d9 100644 --- a/x-pack/plugins/apm/public/hooks/use_transaction_breakdown.ts +++ b/x-pack/plugins/apm/public/hooks/use_transaction_breakdown.ts @@ -7,13 +7,13 @@ import { useParams } from 'react-router-dom'; import { useFetcher } from './useFetcher'; import { useUrlParams } from './useUrlParams'; -import { useTransactionType } from './use_transaction_type'; +import { useApmService } from './use_apm_service'; export function useTransactionBreakdown() { const { serviceName } = useParams<{ serviceName?: string }>(); const { urlParams, uiFilters } = useUrlParams(); const { start, end, transactionName } = urlParams; - const transactionType = useTransactionType(); + const { transactionType } = useApmService(); const { data = { timeseries: undefined }, error, status } = useFetcher( (callApmApi) => { diff --git a/x-pack/plugins/apm/public/hooks/use_transaction_type.ts b/x-pack/plugins/apm/public/hooks/use_transaction_type.ts deleted file mode 100644 index fd4e6516f9ca3..0000000000000 --- a/x-pack/plugins/apm/public/hooks/use_transaction_type.ts +++ /dev/null @@ -1,28 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import { getFirstTransactionType } from '../../common/agent_name'; -import { useAgentName } from './useAgentName'; -import { useServiceTransactionTypes } from './useServiceTransactionTypes'; -import { useUrlParams } from './useUrlParams'; - -/** - * Get either the transaction type from the URL parameters, "request" - * (for non-RUM agents), "page-load" (for RUM agents) if this service uses them, - * or the first available transaction type. - */ -export function useTransactionType() { - const { agentName } = useAgentName(); - const { urlParams } = useUrlParams(); - const transactionTypeFromUrlParams = urlParams.transactionType; - const transactionTypes = useServiceTransactionTypes(urlParams); - const firstTransactionType = getFirstTransactionType( - transactionTypes, - agentName - ); - - return transactionTypeFromUrlParams ?? firstTransactionType; -} diff --git a/x-pack/plugins/apm/server/lib/services/get_throughput.ts b/x-pack/plugins/apm/server/lib/services/get_throughput.ts new file mode 100644 index 0000000000000..0ac0ad17ef8fa --- /dev/null +++ b/x-pack/plugins/apm/server/lib/services/get_throughput.ts @@ -0,0 +1,84 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { ESFilter } from '../../../../../typings/elasticsearch'; +import { PromiseReturnType } from '../../../../observability/typings/common'; +import { + SERVICE_NAME, + TRANSACTION_TYPE, +} from '../../../common/elasticsearch_fieldnames'; +import { rangeFilter } from '../../../common/utils/range_filter'; +import { + getDocumentTypeFilterForAggregatedTransactions, + getProcessorEventForAggregatedTransactions, +} from '../helpers/aggregated_transactions'; +import { getBucketSize } from '../helpers/get_bucket_size'; +import { Setup, SetupTimeRange } from '../helpers/setup_request'; + +interface Options { + searchAggregatedTransactions: boolean; + serviceName: string; + setup: Setup & SetupTimeRange; + transactionType: string; +} + +type ESResponse = PromiseReturnType; + +function transform(response: ESResponse) { + const buckets = response.aggregations?.throughput?.buckets ?? []; + return buckets.map(({ key: x, doc_count: y }) => ({ x, y })); +} + +async function fetcher({ + searchAggregatedTransactions, + serviceName, + setup, + transactionType, +}: Options) { + const { start, end, apmEventClient } = setup; + const { intervalString } = getBucketSize({ start, end }); + const filter: ESFilter[] = [ + { term: { [SERVICE_NAME]: serviceName } }, + { term: { [TRANSACTION_TYPE]: transactionType } }, + { range: rangeFilter(start, end) }, + ...getDocumentTypeFilterForAggregatedTransactions( + searchAggregatedTransactions + ), + ...setup.esFilter, + ]; + + const params = { + apm: { + events: [ + getProcessorEventForAggregatedTransactions( + searchAggregatedTransactions + ), + ], + }, + body: { + size: 0, + query: { bool: { filter } }, + aggs: { + throughput: { + date_histogram: { + field: '@timestamp', + fixed_interval: intervalString, + min_doc_count: 0, + extended_bounds: { min: start, max: end }, + }, + }, + }, + }, + }; + + return apmEventClient.search(params); +} + +export async function getThroughput(options: Options) { + return { + throughput: transform(await fetcher(options)), + }; +} diff --git a/x-pack/plugins/apm/server/routes/create_apm_api.ts b/x-pack/plugins/apm/server/routes/create_apm_api.ts index 019482dd44485..9334ce60a3f9e 100644 --- a/x-pack/plugins/apm/server/routes/create_apm_api.ts +++ b/x-pack/plugins/apm/server/routes/create_apm_api.ts @@ -22,6 +22,7 @@ import { serviceAnnotationsRoute, serviceAnnotationsCreateRoute, serviceErrorGroupsRoute, + serviceThroughputRoute, serviceTransactionGroupsRoute, } from './services'; import { @@ -117,6 +118,7 @@ const createApmApi = () => { .add(serviceAnnotationsRoute) .add(serviceAnnotationsCreateRoute) .add(serviceErrorGroupsRoute) + .add(serviceThroughputRoute) .add(serviceTransactionGroupsRoute) // Agent configuration diff --git a/x-pack/plugins/apm/server/routes/services.ts b/x-pack/plugins/apm/server/routes/services.ts index 5e02fad2155ad..4c5738ecef581 100644 --- a/x-pack/plugins/apm/server/routes/services.ts +++ b/x-pack/plugins/apm/server/routes/services.ts @@ -20,6 +20,7 @@ import { getSearchAggregatedTransactions } from '../lib/helpers/aggregated_trans import { getServiceErrorGroups } from '../lib/services/get_service_error_groups'; import { toNumberRt } from '../../common/runtime_types/to_number_rt'; import { getServiceTransactionGroups } from '../lib/services/get_service_transaction_groups'; +import { getThroughput } from '../lib/services/get_throughput'; export const servicesRoute = createRoute({ endpoint: 'GET /api/apm/services', @@ -246,6 +247,36 @@ export const serviceErrorGroupsRoute = createRoute({ }, }); +export const serviceThroughputRoute = createRoute({ + endpoint: 'GET /api/apm/services/{serviceName}/throughput', + params: t.type({ + path: t.type({ + serviceName: t.string, + }), + query: t.intersection([ + t.type({ transactionType: t.string }), + uiFiltersRt, + rangeRt, + ]), + }), + options: { tags: ['access:apm'] }, + handler: async ({ context, request }) => { + const setup = await setupRequest(context, request); + const { serviceName } = context.params.path; + const { transactionType } = context.params.query; + const searchAggregatedTransactions = await getSearchAggregatedTransactions( + setup + ); + + return getThroughput({ + searchAggregatedTransactions, + serviceName, + setup, + transactionType, + }); + }, +}); + export const serviceTransactionGroupsRoute = createRoute({ endpoint: 'GET /api/apm/services/{serviceName}/overview_transaction_groups', params: t.type({ diff --git a/x-pack/plugins/ml/common/types/saved_objects.ts b/x-pack/plugins/ml/common/types/saved_objects.ts index d6c9ad758e8c6..aa3220747e849 100644 --- a/x-pack/plugins/ml/common/types/saved_objects.ts +++ b/x-pack/plugins/ml/common/types/saved_objects.ts @@ -11,7 +11,7 @@ export interface SavedObjectResult { [jobId: string]: { success: boolean; error?: any }; } -export interface RepairSavedObjectResponse { +export interface SyncSavedObjectResponse { savedObjectsCreated: SavedObjectResult; savedObjectsDeleted: SavedObjectResult; datafeedsAdded: SavedObjectResult; diff --git a/x-pack/plugins/ml/public/application/components/job_spaces_repair/index.ts b/x-pack/plugins/ml/public/application/components/job_spaces_sync/index.ts similarity index 78% rename from x-pack/plugins/ml/public/application/components/job_spaces_repair/index.ts rename to x-pack/plugins/ml/public/application/components/job_spaces_sync/index.ts index 3a9c22c1f3688..314071d5be1d8 100644 --- a/x-pack/plugins/ml/public/application/components/job_spaces_repair/index.ts +++ b/x-pack/plugins/ml/public/application/components/job_spaces_sync/index.ts @@ -4,4 +4,4 @@ * you may not use this file except in compliance with the Elastic License. */ -export { JobSpacesRepairFlyout } from './job_spaces_repair_flyout'; +export { JobSpacesSyncFlyout } from './job_spaces_sync_flyout'; diff --git a/x-pack/plugins/ml/public/application/components/job_spaces_repair/job_spaces_repair_flyout.tsx b/x-pack/plugins/ml/public/application/components/job_spaces_sync/job_spaces_sync_flyout.tsx similarity index 59% rename from x-pack/plugins/ml/public/application/components/job_spaces_repair/job_spaces_repair_flyout.tsx rename to x-pack/plugins/ml/public/application/components/job_spaces_sync/job_spaces_sync_flyout.tsx index 47d3fe065dd66..db80d0aa330f8 100644 --- a/x-pack/plugins/ml/public/application/components/job_spaces_repair/job_spaces_repair_flyout.tsx +++ b/x-pack/plugins/ml/public/application/components/job_spaces_sync/job_spaces_sync_flyout.tsx @@ -23,34 +23,31 @@ import { } from '@elastic/eui'; import { ml } from '../../services/ml_api_service'; -import { - RepairSavedObjectResponse, - SavedObjectResult, -} from '../../../../common/types/saved_objects'; -import { RepairList } from './repair_list'; +import { SyncSavedObjectResponse, SavedObjectResult } from '../../../../common/types/saved_objects'; +import { SyncList } from './sync_list'; import { useToastNotificationService } from '../../services/toast_notification_service'; interface Props { onClose: () => void; } -export const JobSpacesRepairFlyout: FC = ({ onClose }) => { +export const JobSpacesSyncFlyout: FC = ({ onClose }) => { const { displayErrorToast, displaySuccessToast } = useToastNotificationService(); const [loading, setLoading] = useState(false); - const [repairable, setRepairable] = useState(false); - const [repairResp, setRepairResp] = useState(null); + const [canSync, setCanSync] = useState(false); + const [syncResp, setSyncResp] = useState(null); - async function loadRepairList(simulate: boolean = true) { + async function loadSyncList(simulate: boolean = true) { setLoading(true); try { - const resp = await ml.savedObjects.repairSavedObjects(simulate); - setRepairResp(resp); + const resp = await ml.savedObjects.syncSavedObjects(simulate); + setSyncResp(resp); const count = Object.values(resp).reduce((acc, cur) => acc + Object.keys(cur).length, 0); - setRepairable(count > 0); + setCanSync(count > 0); setLoading(false); return resp; } catch (error) { - // this shouldn't be hit as errors are returned per-repair task + // this shouldn't be hit as errors are returned per-sync task // as part of the response displayErrorToast(error); setLoading(false); @@ -59,32 +56,33 @@ export const JobSpacesRepairFlyout: FC = ({ onClose }) => { } useEffect(() => { - loadRepairList(); + loadSyncList(); }, []); - async function repair() { - if (repairable) { - // perform the repair - const resp = await loadRepairList(false); - // check simulate the repair again to check that all - // items have been repaired. - await loadRepairList(true); + async function sync() { + if (canSync) { + // perform the sync + const resp = await loadSyncList(false); + // check simulate the sync again to check that all + // items have been synchronized. + await loadSyncList(true); if (resp === null) { return; } const { successCount, errorCount } = getResponseCounts(resp); if (errorCount > 0) { - const title = i18n.translate('xpack.ml.management.repairSavedObjectsFlyout.repair.error', { - defaultMessage: 'Some jobs cannot be repaired.', + const title = i18n.translate('xpack.ml.management.syncSavedObjectsFlyout.sync.error', { + defaultMessage: 'Some jobs cannot be synchronized.', }); displayErrorToast(resp as any, title); return; } displaySuccessToast( - i18n.translate('xpack.ml.management.repairSavedObjectsFlyout.repair.success', { - defaultMessage: '{successCount} {successCount, plural, one {job} other {jobs}} repaired', + i18n.translate('xpack.ml.management.syncSavedObjectsFlyout.sync.success', { + defaultMessage: + '{successCount} {successCount, plural, one {job} other {jobs}} synchronized', values: { successCount }, }) ); @@ -98,8 +96,8 @@ export const JobSpacesRepairFlyout: FC = ({ onClose }) => {

@@ -108,33 +106,29 @@ export const JobSpacesRepairFlyout: FC = ({ onClose }) => { - + - + @@ -145,7 +139,7 @@ export const JobSpacesRepairFlyout: FC = ({ onClose }) => { ); }; -function getResponseCounts(resp: RepairSavedObjectResponse) { +function getResponseCounts(resp: SyncSavedObjectResponse) { let successCount = 0; let errorCount = 0; Object.values(resp).forEach((result: SavedObjectResult) => { diff --git a/x-pack/plugins/ml/public/application/components/job_spaces_repair/repair_list.tsx b/x-pack/plugins/ml/public/application/components/job_spaces_sync/sync_list.tsx similarity index 60% rename from x-pack/plugins/ml/public/application/components/job_spaces_repair/repair_list.tsx rename to x-pack/plugins/ml/public/application/components/job_spaces_sync/sync_list.tsx index 3eab255ba34e6..573842c2f35e7 100644 --- a/x-pack/plugins/ml/public/application/components/job_spaces_repair/repair_list.tsx +++ b/x-pack/plugins/ml/public/application/components/job_spaces_sync/sync_list.tsx @@ -9,38 +9,36 @@ import { FormattedMessage } from '@kbn/i18n/react'; import { EuiText, EuiTitle, EuiAccordion, EuiTextColor, EuiHorizontalRule } from '@elastic/eui'; -import { RepairSavedObjectResponse } from '../../../../common/types/saved_objects'; +import { SyncSavedObjectResponse } from '../../../../common/types/saved_objects'; -export const RepairList: FC<{ repairItems: RepairSavedObjectResponse | null }> = ({ - repairItems, -}) => { - if (repairItems === null) { +export const SyncList: FC<{ syncItems: SyncSavedObjectResponse | null }> = ({ syncItems }) => { + if (syncItems === null) { return null; } return ( <> - + - + - + - + ); }; -const SavedObjectsCreated: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repairItems }) => { - const items = Object.keys(repairItems.savedObjectsCreated); +const SavedObjectsCreated: FC<{ syncItems: SyncSavedObjectResponse }> = ({ syncItems }) => { + const items = Object.keys(syncItems.savedObjectsCreated); const title = ( <> @@ -48,7 +46,7 @@ const SavedObjectsCreated: FC<{ repairItems: RepairSavedObjectResponse }> = ({ r

@@ -59,7 +57,7 @@ const SavedObjectsCreated: FC<{ repairItems: RepairSavedObjectResponse }> = ({ r

@@ -67,11 +65,11 @@ const SavedObjectsCreated: FC<{ repairItems: RepairSavedObjectResponse }> = ({ r ); - return ; + return ; }; -const SavedObjectsDeleted: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repairItems }) => { - const items = Object.keys(repairItems.savedObjectsDeleted); +const SavedObjectsDeleted: FC<{ syncItems: SyncSavedObjectResponse }> = ({ syncItems }) => { + const items = Object.keys(syncItems.savedObjectsDeleted); const title = ( <> @@ -79,7 +77,7 @@ const SavedObjectsDeleted: FC<{ repairItems: RepairSavedObjectResponse }> = ({ r

@@ -90,7 +88,7 @@ const SavedObjectsDeleted: FC<{ repairItems: RepairSavedObjectResponse }> = ({ r

@@ -98,11 +96,11 @@ const SavedObjectsDeleted: FC<{ repairItems: RepairSavedObjectResponse }> = ({ r ); - return ; + return ; }; -const DatafeedsAdded: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repairItems }) => { - const items = Object.keys(repairItems.datafeedsAdded); +const DatafeedsAdded: FC<{ syncItems: SyncSavedObjectResponse }> = ({ syncItems }) => { + const items = Object.keys(syncItems.datafeedsAdded); const title = ( <> @@ -110,7 +108,7 @@ const DatafeedsAdded: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repair

@@ -121,7 +119,7 @@ const DatafeedsAdded: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repair

@@ -129,11 +127,11 @@ const DatafeedsAdded: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repair ); - return ; + return ; }; -const DatafeedsRemoved: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repairItems }) => { - const items = Object.keys(repairItems.datafeedsRemoved); +const DatafeedsRemoved: FC<{ syncItems: SyncSavedObjectResponse }> = ({ syncItems }) => { + const items = Object.keys(syncItems.datafeedsRemoved); const title = ( <> @@ -141,7 +139,7 @@ const DatafeedsRemoved: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repa

@@ -152,7 +150,7 @@ const DatafeedsRemoved: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repa

@@ -160,23 +158,21 @@ const DatafeedsRemoved: FC<{ repairItems: RepairSavedObjectResponse }> = ({ repa ); - return ; + return ; }; -const RepairItem: FC<{ id: string; title: JSX.Element; items: string[] }> = ({ +const SyncItem: FC<{ id: string; title: JSX.Element; items: string[] }> = ({ id, title, items, }) => ( - {items.length && ( -

    - {items.map((item) => ( -
  • {item}
    • - ))} -
- )} +
    + {items.map((item) => ( +
  • {item}
    • + ))} +
); diff --git a/x-pack/plugins/ml/public/application/management/jobs_list/components/jobs_list_page/jobs_list_page.tsx b/x-pack/plugins/ml/public/application/management/jobs_list/components/jobs_list_page/jobs_list_page.tsx index 8ad18e2b821b6..18d45c02a3c95 100644 --- a/x-pack/plugins/ml/public/application/management/jobs_list/components/jobs_list_page/jobs_list_page.tsx +++ b/x-pack/plugins/ml/public/application/management/jobs_list/components/jobs_list_page/jobs_list_page.tsx @@ -39,7 +39,7 @@ import { DataFrameAnalyticsList } from '../../../../data_frame_analytics/pages/a import { AccessDeniedPage } from '../access_denied_page'; import { SharePluginStart } from '../../../../../../../../../src/plugins/share/public'; import { SpacesPluginStart } from '../../../../../../../spaces/public'; -import { JobSpacesRepairFlyout } from '../../../../components/job_spaces_repair'; +import { JobSpacesSyncFlyout } from '../../../../components/job_spaces_sync'; import { getDefaultAnomalyDetectionJobsListState } from '../../../../jobs/jobs_list/jobs'; import { getMlGlobalServices } from '../../../../app'; import { ListingPageUrlState } from '../../../../../../common/types/common'; @@ -125,7 +125,7 @@ export const JobsListPage: FC<{ const spacesEnabled = spaces !== undefined; const [initialized, setInitialized] = useState(false); const [accessDenied, setAccessDenied] = useState(false); - const [showRepairFlyout, setShowRepairFlyout] = useState(false); + const [showSyncFlyout, setShowSyncFlyout] = useState(false); const [isMlEnabledInSpace, setIsMlEnabledInSpace] = useState(false); const tabs = useTabs(isMlEnabledInSpace, spacesEnabled); const [currentTabId, setCurrentTabId] = useState(tabs[0].id); @@ -184,8 +184,8 @@ export const JobsListPage: FC<{ ); } - function onCloseRepairFlyout() { - setShowRepairFlyout(false); + function onCloseSyncFlyout() { + setShowSyncFlyout(false); } if (accessDenied) { @@ -244,12 +244,12 @@ export const JobsListPage: FC<{ {spacesEnabled && ( <> - setShowRepairFlyout(true)}> - {i18n.translate('xpack.ml.management.jobsList.repairFlyoutButton', { - defaultMessage: 'Repair saved objects', + setShowSyncFlyout(true)}> + {i18n.translate('xpack.ml.management.jobsList.syncFlyoutButton', { + defaultMessage: 'Synchronize saved objects', })} - {showRepairFlyout && } + {showSyncFlyout && } )} diff --git a/x-pack/plugins/ml/public/application/services/ml_api_service/saved_objects.ts b/x-pack/plugins/ml/public/application/services/ml_api_service/saved_objects.ts index b47cf3f62871c..e821fa3da4d66 100644 --- a/x-pack/plugins/ml/public/application/services/ml_api_service/saved_objects.ts +++ b/x-pack/plugins/ml/public/application/services/ml_api_service/saved_objects.ts @@ -11,7 +11,7 @@ import { HttpService } from '../http_service'; import { basePath } from './index'; import { JobType, - RepairSavedObjectResponse, + SyncSavedObjectResponse, SavedObjectResult, JobsSpacesResponse, } from '../../../../common/types/saved_objects'; @@ -40,9 +40,9 @@ export const savedObjectsApiProvider = (httpService: HttpService) => ({ }); }, - repairSavedObjects(simulate: boolean = false) { - return httpService.http({ - path: `${basePath()}/saved_objects/repair`, + syncSavedObjects(simulate: boolean = false) { + return httpService.http({ + path: `${basePath()}/saved_objects/sync`, method: 'GET', query: { simulate }, }); diff --git a/x-pack/plugins/ml/server/lib/ml_client/ml_client.ts b/x-pack/plugins/ml/server/lib/ml_client/ml_client.ts index a75ba46a9b22a..8cfb066c9d092 100644 --- a/x-pack/plugins/ml/server/lib/ml_client/ml_client.ts +++ b/x-pack/plugins/ml/server/lib/ml_client/ml_client.ts @@ -39,15 +39,19 @@ export function getMlClient( const jobIds = jobType === 'anomaly-detector' ? getADJobIdsFromRequest(p) : getDFAJobIdsFromRequest(p); if (jobIds.length) { - const filteredJobIds = await jobSavedObjectService.filterJobIdsForSpace(jobType, jobIds); - let missingIds = jobIds.filter((j) => filteredJobIds.indexOf(j) === -1); - if (allowWildcards === true && missingIds.join().match('\\*') !== null) { - // filter out wildcard ids from the error - missingIds = missingIds.filter((id) => id.match('\\*') === null); - } - if (missingIds.length) { - throw new MLJobNotFound(`No known job with id '${missingIds.join(',')}'`); - } + await checkIds(jobType, jobIds, allowWildcards); + } + } + + async function checkIds(jobType: JobType, jobIds: string[], allowWildcards: boolean = false) { + const filteredJobIds = await jobSavedObjectService.filterJobIdsForSpace(jobType, jobIds); + let missingIds = jobIds.filter((j) => filteredJobIds.indexOf(j) === -1); + if (allowWildcards === true && missingIds.join().match('\\*') !== null) { + // filter out wildcard ids from the error + missingIds = missingIds.filter((id) => id.match('\\*') === null); + } + if (missingIds.length) { + throw new MLJobNotFound(`No known job with id '${missingIds.join(',')}'`); } } @@ -59,8 +63,17 @@ export function getMlClient( if (ids.length) { // find all groups from unfiltered jobs const responseGroupIds = [...new Set(allJobs.map((j) => j.groups ?? []).flat())]; - // work out which ids requested are actually groups - const requestedGroupIds = ids.filter((id) => responseGroupIds.includes(id)); + + // work out which ids requested are actually groups and which are jobs + const requestedGroupIds: string[] = []; + const requestedJobIds: string[] = []; + ids.forEach((id) => { + if (responseGroupIds.includes(id)) { + requestedGroupIds.push(id); + } else { + requestedJobIds.push(id); + } + }); // find all groups from filtered jobs const groupIdsFromFilteredJobs = [ @@ -77,10 +90,15 @@ export function getMlClient( ); if (groupsIdsThatDidNotMatch.length) { - // is there are group ids which were requested but didn't + // if there are group ids which were requested but didn't // exist in filtered jobs, list them in an error throw new MLJobNotFound(`No known job with id '${groupsIdsThatDidNotMatch.join(',')}'`); } + + // check the remaining jobs ids + if (requestedJobIds.length) { + await checkIds('anomaly-detector', requestedJobIds, true); + } } } diff --git a/x-pack/plugins/ml/server/routes/apidoc.json b/x-pack/plugins/ml/server/routes/apidoc.json index 5672824f3d040..85df7228fe929 100644 --- a/x-pack/plugins/ml/server/routes/apidoc.json +++ b/x-pack/plugins/ml/server/routes/apidoc.json @@ -145,7 +145,7 @@ "JobSavedObjects", "SavedObjectsStatus", - "RepairJobSavedObjects", + "SyncJobSavedObjects", "InitializeJobSavedObjects", "AssignJobsToSpaces", "RemoveJobsFromSpaces", diff --git a/x-pack/plugins/ml/server/routes/saved_objects.ts b/x-pack/plugins/ml/server/routes/saved_objects.ts index 3ba69b0d6b505..57c6084d9971b 100644 --- a/x-pack/plugins/ml/server/routes/saved_objects.ts +++ b/x-pack/plugins/ml/server/routes/saved_objects.ts @@ -6,8 +6,8 @@ import { wrapError } from '../client/error_wrapper'; import { RouteInitialization, SavedObjectsRouteDeps } from '../types'; -import { checksFactory, repairFactory } from '../saved_objects'; -import { jobsAndSpaces, repairJobObjects, jobTypeSchema } from './schemas/saved_objects'; +import { checksFactory, syncSavedObjectsFactory } from '../saved_objects'; +import { jobsAndSpaces, syncJobObjects, jobTypeSchema } from './schemas/saved_objects'; import { jobIdsSchema } from './schemas/job_service_schema'; /** @@ -50,8 +50,8 @@ export function savedObjectsRoutes( /** * @apiGroup JobSavedObjects * - * @api {get} /api/ml/saved_objects/repair Repair job saved objects - * @apiName RepairJobSavedObjects + * @api {get} /api/ml/saved_objects/sync Sync job saved objects + * @apiName SyncJobSavedObjects * @apiDescription Create saved objects for jobs which are missing them. * Delete saved objects for jobs which no longer exist. * Update missing datafeed ids in saved objects for datafeeds which exist. @@ -60,9 +60,9 @@ export function savedObjectsRoutes( */ router.get( { - path: '/api/ml/saved_objects/repair', + path: '/api/ml/saved_objects/sync', validate: { - query: repairJobObjects, + query: syncJobObjects, }, options: { tags: ['access:ml:canCreateJob', 'access:ml:canCreateDataFrameAnalytics'], @@ -71,8 +71,8 @@ export function savedObjectsRoutes( routeGuard.fullLicenseAPIGuard(async ({ client, request, response, jobSavedObjectService }) => { try { const { simulate } = request.query; - const { repairJobs } = repairFactory(client, jobSavedObjectService); - const savedObjects = await repairJobs(simulate); + const { syncSavedObjects } = syncSavedObjectsFactory(client, jobSavedObjectService); + const savedObjects = await syncSavedObjects(simulate); return response.ok({ body: savedObjects, @@ -95,7 +95,7 @@ export function savedObjectsRoutes( { path: '/api/ml/saved_objects/initialize', validate: { - query: repairJobObjects, + query: syncJobObjects, }, options: { tags: ['access:ml:canCreateJob', 'access:ml:canCreateDataFrameAnalytics'], @@ -104,7 +104,7 @@ export function savedObjectsRoutes( routeGuard.fullLicenseAPIGuard(async ({ client, request, response, jobSavedObjectService }) => { try { const { simulate } = request.query; - const { initSavedObjects } = repairFactory(client, jobSavedObjectService); + const { initSavedObjects } = syncSavedObjectsFactory(client, jobSavedObjectService); const savedObjects = await initSavedObjects(simulate); return response.ok({ diff --git a/x-pack/plugins/ml/server/routes/schemas/saved_objects.ts b/x-pack/plugins/ml/server/routes/schemas/saved_objects.ts index 6b8c64714a82c..c2d091bd16052 100644 --- a/x-pack/plugins/ml/server/routes/schemas/saved_objects.ts +++ b/x-pack/plugins/ml/server/routes/schemas/saved_objects.ts @@ -12,7 +12,7 @@ export const jobsAndSpaces = schema.object({ spaces: schema.arrayOf(schema.string()), }); -export const repairJobObjects = schema.object({ simulate: schema.maybe(schema.boolean()) }); +export const syncJobObjects = schema.object({ simulate: schema.maybe(schema.boolean()) }); export const jobTypeSchema = schema.object({ jobType: schema.string(), diff --git a/x-pack/plugins/ml/server/saved_objects/index.ts b/x-pack/plugins/ml/server/saved_objects/index.ts index fdd675f40d083..a082f3c3ec54a 100644 --- a/x-pack/plugins/ml/server/saved_objects/index.ts +++ b/x-pack/plugins/ml/server/saved_objects/index.ts @@ -7,6 +7,6 @@ export { setupSavedObjects } from './saved_objects'; export { JobObject, JobSavedObjectService, jobSavedObjectServiceFactory } from './service'; export { checksFactory } from './checks'; -export { repairFactory } from './repair'; +export { syncSavedObjectsFactory } from './sync'; export { jobSavedObjectsInitializationFactory } from './initialization'; export { savedObjectClientsFactory } from './util'; diff --git a/x-pack/plugins/ml/server/saved_objects/initialization/initialization.ts b/x-pack/plugins/ml/server/saved_objects/initialization/initialization.ts index 5edf35c033177..a81fc925b824b 100644 --- a/x-pack/plugins/ml/server/saved_objects/initialization/initialization.ts +++ b/x-pack/plugins/ml/server/saved_objects/initialization/initialization.ts @@ -6,7 +6,7 @@ import { IScopedClusterClient, CoreStart, SavedObjectsClientContract } from 'kibana/server'; import { savedObjectClientsFactory } from '../util'; -import { repairFactory } from '../repair'; +import { syncSavedObjectsFactory } from '../sync'; import { jobSavedObjectServiceFactory, JobObject } from '../service'; import { mlLog } from '../../lib/log'; import { ML_SAVED_OBJECT_TYPE } from '../../../common/types/saved_objects'; @@ -58,7 +58,7 @@ export function jobSavedObjectsInitializationFactory( // create space overrides for specific jobs const jobSpaceOverrides = await createJobSpaceOverrides(client); // initialize jobs - const { initSavedObjects } = repairFactory(client, jobSavedObjectService); + const { initSavedObjects } = syncSavedObjectsFactory(client, jobSavedObjectService); const { jobs } = await initSavedObjects(false, jobSpaceOverrides); mlLog.info(`${jobs.length} job saved objects initialized`); } catch (error) { diff --git a/x-pack/plugins/ml/server/saved_objects/initialization/space_overrides/space_overrides.ts b/x-pack/plugins/ml/server/saved_objects/initialization/space_overrides/space_overrides.ts index d8c713888051f..969024ee58b51 100644 --- a/x-pack/plugins/ml/server/saved_objects/initialization/space_overrides/space_overrides.ts +++ b/x-pack/plugins/ml/server/saved_objects/initialization/space_overrides/space_overrides.ts @@ -5,7 +5,7 @@ */ import { IScopedClusterClient } from 'kibana/server'; -import type { JobSpaceOverrides } from '../../repair'; +import type { JobSpaceOverrides } from '../../sync'; import { logJobsSpaces } from './logs'; import { metricsJobsSpaces } from './metrics'; diff --git a/x-pack/plugins/ml/server/saved_objects/repair.ts b/x-pack/plugins/ml/server/saved_objects/sync.ts similarity index 97% rename from x-pack/plugins/ml/server/saved_objects/repair.ts rename to x-pack/plugins/ml/server/saved_objects/sync.ts index 692217e5fac36..16e0520567056 100644 --- a/x-pack/plugins/ml/server/saved_objects/repair.ts +++ b/x-pack/plugins/ml/server/saved_objects/sync.ts @@ -9,7 +9,7 @@ import { IScopedClusterClient } from 'kibana/server'; import type { JobObject, JobSavedObjectService } from './service'; import { JobType, - RepairSavedObjectResponse, + SyncSavedObjectResponse, InitializeSavedObjectResponse, } from '../../common/types/saved_objects'; import { checksFactory } from './checks'; @@ -23,14 +23,14 @@ export interface JobSpaceOverrides { }; } -export function repairFactory( +export function syncSavedObjectsFactory( client: IScopedClusterClient, jobSavedObjectService: JobSavedObjectService ) { const { checkStatus } = checksFactory(client, jobSavedObjectService); - async function repairJobs(simulate: boolean = false) { - const results: RepairSavedObjectResponse = { + async function syncSavedObjects(simulate: boolean = false) { + const results: SyncSavedObjectResponse = { savedObjectsCreated: {}, savedObjectsDeleted: {}, datafeedsAdded: {}, @@ -232,5 +232,5 @@ export function repairFactory( return results; } - return { checkStatus, repairJobs, initSavedObjects }; + return { checkStatus, syncSavedObjects, initSavedObjects }; } diff --git a/x-pack/plugins/monitoring/server/kibana_monitoring/__tests__/bulk_uploader.js b/x-pack/plugins/monitoring/server/kibana_monitoring/__tests__/bulk_uploader.js index da12bde966091..1aa9e49bc5f35 100644 --- a/x-pack/plugins/monitoring/server/kibana_monitoring/__tests__/bulk_uploader.js +++ b/x-pack/plugins/monitoring/server/kibana_monitoring/__tests__/bulk_uploader.js @@ -71,7 +71,6 @@ describe('BulkUploader', () => { type: 'type_collector_test', fetch: noop, // empty payloads, isReady: () => true, - formatForBulkUpload: (result) => result, }, ]); @@ -111,13 +110,11 @@ describe('BulkUploader', () => { type: 'type_collector_test', fetch: noop, // empty payloads, isReady: () => false, - formatForBulkUpload: (result) => result, }, { type: 'type_collector_test2', fetch: noop, // empty payloads, isReady: () => true, - formatForBulkUpload: (result) => result, }, ]); @@ -153,7 +150,6 @@ describe('BulkUploader', () => { { fetch: () => ({ type: 'type_collector_test', result: { testData: 12345 } }), isReady: () => true, - formatForBulkUpload: (result) => result, }, ]); const uploader = new BulkUploader({ ...server, interval: FETCH_INTERVAL }); @@ -191,13 +187,11 @@ describe('BulkUploader', () => { { fetch: usageCollectorFetch, isReady: () => true, - formatForBulkUpload: (result) => result, isUsageCollector: true, }, { fetch: collectorFetch, isReady: () => true, - formatForBulkUpload: (result) => result, isUsageCollector: false, }, ]); @@ -223,7 +217,6 @@ describe('BulkUploader', () => { { fetch: usageCollectorFetch, isReady: () => true, - formatForBulkUpload: (result) => result, isUsageCollector: true, }, ]); @@ -253,13 +246,11 @@ describe('BulkUploader', () => { { fetch: statsCollectorFetch, isReady: () => true, - formatForBulkUpload: (result) => result, isUsageCollector: false, }, { fetch: usageCollectorFetch, isReady: () => true, - formatForBulkUpload: (result) => result, isUsageCollector: true, }, ]); @@ -290,13 +281,11 @@ describe('BulkUploader', () => { { fetch: usageCollectorFetch, isReady: () => true, - formatForBulkUpload: (result) => result, isUsageCollector: true, }, { fetch: collectorFetch, isReady: () => true, - formatForBulkUpload: (result) => result, isUsageCollector: false, }, ]); diff --git a/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_settings_collector.ts b/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_settings_collector.ts index 858c50790fc2e..44ae0147f6c52 100644 --- a/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_settings_collector.ts +++ b/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_settings_collector.ts @@ -89,7 +89,6 @@ export function getSettingsCollector( ) { return usageCollection.makeStatsCollector< EmailSettingData | undefined, - unknown, false, KibanaSettingsCollectorExtraOptions >({ diff --git a/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_usage_collector.ts b/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_usage_collector.ts index 038042f109817..e5171c4901dd4 100644 --- a/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_usage_collector.ts +++ b/x-pack/plugins/monitoring/server/kibana_monitoring/collectors/get_usage_collector.ts @@ -20,7 +20,7 @@ export function getMonitoringUsageCollector( config: MonitoringConfig, legacyEsClient: ILegacyClusterClient ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'monitoring', isReady: () => true, schema: { diff --git a/x-pack/plugins/monitoring/server/telemetry_collection/get_kibana_stats.ts b/x-pack/plugins/monitoring/server/telemetry_collection/get_kibana_stats.ts index 3bf1d087b973a..57e75d9c9c12e 100644 --- a/x-pack/plugins/monitoring/server/telemetry_collection/get_kibana_stats.ts +++ b/x-pack/plugins/monitoring/server/telemetry_collection/get_kibana_stats.ts @@ -114,7 +114,6 @@ export function getUsageStats(rawStats: SearchResponse) { } = currUsage; // Stats filtered by telemetry collectors need to be flattened since they're pulled in a generic way. - // A plugin might not provide flat stats if it implements formatForBulkUpload in its collector. // e.g: we want `xpack.reporting` to just be `reporting` const plugins = { ...pluginsTop, ...xpack }; diff --git a/x-pack/plugins/monitoring/server/telemetry_collection/register_monitoring_telemetry_collection.ts b/x-pack/plugins/monitoring/server/telemetry_collection/register_monitoring_telemetry_collection.ts index 91d6c2374acba..8351c30a4f712 100644 --- a/x-pack/plugins/monitoring/server/telemetry_collection/register_monitoring_telemetry_collection.ts +++ b/x-pack/plugins/monitoring/server/telemetry_collection/register_monitoring_telemetry_collection.ts @@ -23,7 +23,6 @@ export function registerMonitoringTelemetryCollection( ) { const monitoringStatsCollector = usageCollection.makeStatsCollector< UsageStatsPayload[], - unknown, true, MonitoringCollectorOptions >({ diff --git a/x-pack/plugins/reporting/server/usage/reporting_usage_collector.test.ts b/x-pack/plugins/reporting/server/usage/reporting_usage_collector.test.ts index fff18353c58b0..7cae5e9b6f956 100644 --- a/x-pack/plugins/reporting/server/usage/reporting_usage_collector.test.ts +++ b/x-pack/plugins/reporting/server/usage/reporting_usage_collector.test.ts @@ -463,7 +463,6 @@ describe('Ready for collection observable', () => { expect(args).toMatchInlineSnapshot(` Object { "fetch": [Function], - "formatForBulkUpload": [Function], "isReady": [Function], "schema": Object { "PNG": Object { diff --git a/x-pack/plugins/reporting/server/usage/reporting_usage_collector.ts b/x-pack/plugins/reporting/server/usage/reporting_usage_collector.ts index 2ef7a7995b839..f4209730b68ce 100644 --- a/x-pack/plugins/reporting/server/usage/reporting_usage_collector.ts +++ b/x-pack/plugins/reporting/server/usage/reporting_usage_collector.ts @@ -14,16 +14,6 @@ import { getReportingUsage } from './get_reporting_usage'; import { ReportingUsageType } from './types'; import { reportingSchema } from './schema'; -// places the reporting data as kibana stats -const METATYPE = 'kibana_stats'; - -interface XpackBulkUpload { - usage: { - xpack: { - reporting: ReportingUsageType; - }; - }; -} /* * @return {Object} kibana usage stats type collection object */ @@ -34,7 +24,7 @@ export function getReportingUsageCollector( exportTypesRegistry: ExportTypesRegistry, isReady: () => Promise ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'reporting', fetch: ({ callCluster }: CollectorFetchContext) => { const config = reporting.getConfig(); @@ -42,23 +32,6 @@ export function getReportingUsageCollector( }, isReady, schema: reportingSchema, - /* - * Format the response data into a model for internal upload - * 1. Make this data part of the "kibana_stats" type - * 2. Organize the payload in the usage.xpack.reporting namespace of the data payload - */ - formatForBulkUpload: (result: ReportingUsageType) => { - return { - type: METATYPE, - payload: { - usage: { - xpack: { - reporting: result, - }, - }, - }, - }; - }, }); } diff --git a/x-pack/plugins/security_solution/cypress/integration/alerts_detection_exceptions.spec.ts b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_exceptions.spec.ts new file mode 100644 index 0000000000000..b1d7163ac70e0 --- /dev/null +++ b/x-pack/plugins/security_solution/cypress/integration/alerts_detection_exceptions.spec.ts @@ -0,0 +1,178 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import { exception } from '../objects/exception'; +import { newRule } from '../objects/rule'; + +import { RULE_STATUS } from '../screens/create_new_rule'; +import { SERVER_SIDE_EVENT_COUNT } from '../screens/timeline'; + +import { + addExceptionFromFirstAlert, + goToClosedAlerts, + goToManageAlertsDetectionRules, + goToOpenedAlerts, + waitForAlertsIndexToBeCreated, +} from '../tasks/alerts'; +import { createCustomRule, deleteCustomRule, removeSignalsIndex } from '../tasks/api_calls'; +import { goToRuleDetails } from '../tasks/alerts_detection_rules'; +import { waitForAlertsToPopulate } from '../tasks/create_new_rule'; +import { esArchiverLoad, esArchiverUnload } from '../tasks/es_archiver'; +import { loginAndWaitForPageWithoutDateRange } from '../tasks/login'; +import { + activatesRule, + addsException, + addsExceptionFromRuleSettings, + goToAlertsTab, + goToExceptionsTab, + removeException, + waitForTheRuleToBeExecuted, +} from '../tasks/rule_details'; +import { refreshPage } from '../tasks/security_header'; + +import { DETECTIONS_URL } from '../urls/navigation'; + +const NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS = 1; + +describe('Exceptions', () => { + beforeEach(() => { + loginAndWaitForPageWithoutDateRange(DETECTIONS_URL); + waitForAlertsIndexToBeCreated(); + createCustomRule(newRule); + goToManageAlertsDetectionRules(); + goToRuleDetails(); + + cy.get(RULE_STATUS).should('have.text', '—'); + + esArchiverLoad('auditbeat_for_exceptions'); + activatesRule(); + waitForTheRuleToBeExecuted(); + waitForAlertsToPopulate(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfInitialAlertsText) => { + cy.wrap(parseInt(numberOfInitialAlertsText, 10)).should( + 'eql', + NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS + ); + }); + }); + + afterEach(() => { + esArchiverUnload('auditbeat_for_exceptions'); + esArchiverUnload('auditbeat_for_exceptions2'); + removeSignalsIndex(); + deleteCustomRule(); + }); + context('From rule', () => { + it('Creates an exception and deletes it', () => { + goToExceptionsTab(); + addsExceptionFromRuleSettings(exception); + esArchiverLoad('auditbeat_for_exceptions2'); + waitForTheRuleToBeExecuted(); + goToAlertsTab(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfAlertsAfterCreatingExceptionText) => { + cy.wrap(parseInt(numberOfAlertsAfterCreatingExceptionText, 10)).should('eql', 0); + }); + + goToClosedAlerts(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfClosedAlertsAfterCreatingExceptionText) => { + cy.wrap(parseInt(numberOfClosedAlertsAfterCreatingExceptionText, 10)).should( + 'eql', + NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS + ); + }); + + goToOpenedAlerts(); + waitForTheRuleToBeExecuted(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfOpenedAlertsAfterCreatingExceptionText) => { + cy.wrap(parseInt(numberOfOpenedAlertsAfterCreatingExceptionText, 10)).should('eql', 0); + }); + + goToExceptionsTab(); + removeException(); + refreshPage(); + goToAlertsTab(); + waitForTheRuleToBeExecuted(); + waitForAlertsToPopulate(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfAlertsAfterRemovingExceptionsText) => { + cy.wrap(parseInt(numberOfAlertsAfterRemovingExceptionsText, 10)).should( + 'eql', + NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS + ); + }); + }); + }); + + context('From alert', () => { + it('Creates an exception and deletes it', () => { + addExceptionFromFirstAlert(); + addsException(exception); + esArchiverLoad('auditbeat_for_exceptions2'); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfAlertsAfterCreatingExceptionText) => { + cy.wrap(parseInt(numberOfAlertsAfterCreatingExceptionText, 10)).should('eql', 0); + }); + + goToClosedAlerts(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfClosedAlertsAfterCreatingExceptionText) => { + cy.wrap(parseInt(numberOfClosedAlertsAfterCreatingExceptionText, 10)).should( + 'eql', + NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS + ); + }); + + goToOpenedAlerts(); + waitForTheRuleToBeExecuted(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfOpenedAlertsAfterCreatingExceptionText) => { + cy.wrap(parseInt(numberOfOpenedAlertsAfterCreatingExceptionText, 10)).should('eql', 0); + }); + + goToExceptionsTab(); + removeException(); + goToAlertsTab(); + waitForTheRuleToBeExecuted(); + waitForAlertsToPopulate(); + refreshPage(); + + cy.get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((numberOfAlertsAfterRemovingExceptionsText) => { + cy.wrap(parseInt(numberOfAlertsAfterRemovingExceptionsText, 10)).should( + 'eql', + NUMBER_OF_AUDITBEAT_EXCEPTIONS_ALERTS + ); + }); + }); + }); +}); diff --git a/x-pack/plugins/security_solution/cypress/objects/exception.ts b/x-pack/plugins/security_solution/cypress/objects/exception.ts new file mode 100644 index 0000000000000..775a83dee2543 --- /dev/null +++ b/x-pack/plugins/security_solution/cypress/objects/exception.ts @@ -0,0 +1,17 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export interface Exception { + field: string; + operator: string; + values: string[]; +} + +export const exception: Exception = { + field: 'host.name', + operator: 'is', + values: ['suricata-iowa'], +}; diff --git a/x-pack/plugins/security_solution/cypress/screens/alerts.ts b/x-pack/plugins/security_solution/cypress/screens/alerts.ts index ed05874bd4c4d..2c80d02cad83d 100644 --- a/x-pack/plugins/security_solution/cypress/screens/alerts.ts +++ b/x-pack/plugins/security_solution/cypress/screens/alerts.ts @@ -4,6 +4,8 @@ * you may not use this file except in compliance with the Elastic License. */ +export const ADD_EXCEPTION_BTN = '[data-test-subj="addExceptionButton"]'; + export const ALERTS = '[data-test-subj="event"]'; export const ALERT_CHECKBOX = '[data-test-subj="select-event-container"] .euiCheckbox__input'; diff --git a/x-pack/plugins/security_solution/cypress/screens/exceptions.ts b/x-pack/plugins/security_solution/cypress/screens/exceptions.ts new file mode 100644 index 0000000000000..4e263903a34a6 --- /dev/null +++ b/x-pack/plugins/security_solution/cypress/screens/exceptions.ts @@ -0,0 +1,24 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +export const ADD_EXCEPTIONS_BTN = '[data-test-subj="exceptionsHeaderAddExceptionBtn"]'; + +export const CLOSE_ALERTS_CHECKBOX = + '[data-test-subj="bulk-close-alert-on-add-add-exception-checkbox"]'; + +export const CONFIRM_BTN = '[data-test-subj="add-exception-confirm-button"]'; + +export const FIELD_INPUT = + '[data-test-subj="fieldAutocompleteComboBox"] [data-test-subj="comboBoxInput"]'; + +export const FIELD_INPUT_RESULT = '.euiFilterSelectItem'; + +export const LOADING_SPINNER = '[data-test-subj="loading-spinner"]'; + +export const OPERATOR_INPUT = '[data-test-subj="operatorAutocompleteComboBox"]'; + +export const VALUES_INPUT = + '[data-test-subj="valuesAutocompleteMatch"] [data-test-subj="comboBoxInput"]'; diff --git a/x-pack/plugins/security_solution/cypress/screens/rule_details.ts b/x-pack/plugins/security_solution/cypress/screens/rule_details.ts index 8cf0dfb5f6661..8e93d5dcd6315 100644 --- a/x-pack/plugins/security_solution/cypress/screens/rule_details.ts +++ b/x-pack/plugins/security_solution/cypress/screens/rule_details.ts @@ -15,6 +15,8 @@ export const ABOUT_DETAILS = export const ADDITIONAL_LOOK_BACK_DETAILS = 'Additional look-back time'; +export const ALERTS_TAB = '[data-test-subj="alertsTab"]'; + export const ANOMALY_SCORE_DETAILS = 'Anomaly score'; export const CUSTOM_QUERY_DETAILS = 'Custom query'; @@ -22,11 +24,13 @@ export const CUSTOM_QUERY_DETAILS = 'Custom query'; export const DEFINITION_DETAILS = '[data-test-subj=definitionRule] [data-test-subj="listItemColumnStepRuleDescription"]'; +export const DELETE_RULE = '[data-test-subj=rules-details-delete-rule]'; + export const DETAILS_DESCRIPTION = '.euiDescriptionList__description'; export const DETAILS_TITLE = '.euiDescriptionList__title'; -export const DELETE_RULE = '[data-test-subj=rules-details-delete-rule]'; +export const EXCEPTIONS_TAB = '[data-test-subj="exceptionsTab"]'; export const FALSE_POSITIVES_DETAILS = 'False positive examples'; @@ -42,6 +46,8 @@ export const MACHINE_LEARNING_JOB_STATUS = '[data-test-subj="machineLearningJobS export const MITRE_ATTACK_DETAILS = 'MITRE ATT&CK'; +export const REFRESH_BUTTON = '[data-test-subj="refreshButton"]'; + export const RULE_ABOUT_DETAILS_HEADER_TOGGLE = '[data-test-subj="stepAboutDetailsToggle"]'; export const RULE_NAME_HEADER = '[data-test-subj="header-page-title"]'; @@ -54,6 +60,12 @@ export const RISK_SCORE_OVERRIDE_DETAILS = 'Risk score override'; export const REFERENCE_URLS_DETAILS = 'Reference URLs'; +export const REMOVE_EXCEPTION_BTN = '[data-test-subj="exceptionsViewerDeleteBtn"]'; + +export const RULE_SWITCH = '[data-test-subj="ruleSwitch"]'; + +export const RULE_SWITCH_LOADER = '[data-test-subj="rule-switch-loader"]'; + export const RULE_TYPE_DETAILS = 'Rule type'; export const RUNS_EVERY_DETAILS = 'Runs every'; diff --git a/x-pack/plugins/security_solution/cypress/tasks/alerts.ts b/x-pack/plugins/security_solution/cypress/tasks/alerts.ts index c846ced2febfd..39e57f39a145d 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/alerts.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/alerts.ts @@ -5,28 +5,34 @@ */ import { - CLOSED_ALERTS_FILTER_BTN, - EXPAND_ALERT_BTN, - LOADING_ALERTS_PANEL, - MANAGE_ALERT_DETECTION_RULES_BTN, - OPENED_ALERTS_FILTER_BTN, - SEND_ALERT_TO_TIMELINE_BTN, + ADD_EXCEPTION_BTN, + ALERT_RISK_SCORE_HEADER, ALERTS, ALERT_CHECKBOX, - TIMELINE_CONTEXT_MENU_BTN, CLOSE_ALERT_BTN, - TAKE_ACTION_POPOVER_BTN, CLOSE_SELECTED_ALERTS_BTN, + CLOSED_ALERTS_FILTER_BTN, + EXPAND_ALERT_BTN, IN_PROGRESS_ALERTS_FILTER_BTN, - OPEN_ALERT_BTN, - OPEN_SELECTED_ALERTS_BTN, + LOADING_ALERTS_PANEL, + MANAGE_ALERT_DETECTION_RULES_BTN, MARK_ALERT_IN_PROGRESS_BTN, MARK_SELECTED_ALERTS_IN_PROGRESS_BTN, - ALERT_RISK_SCORE_HEADER, + OPEN_ALERT_BTN, + OPEN_SELECTED_ALERTS_BTN, + OPENED_ALERTS_FILTER_BTN, + SEND_ALERT_TO_TIMELINE_BTN, + TAKE_ACTION_POPOVER_BTN, + TIMELINE_CONTEXT_MENU_BTN, } from '../screens/alerts'; import { REFRESH_BUTTON } from '../screens/security_header'; import { TIMELINE_COLUMN_SPINNER } from '../screens/timeline'; +export const addExceptionFromFirstAlert = () => { + cy.get(TIMELINE_CONTEXT_MENU_BTN).first().click(); + cy.get(ADD_EXCEPTION_BTN).click(); +}; + export const closeFirstAlert = () => { cy.get(TIMELINE_CONTEXT_MENU_BTN).first().click({ force: true }); cy.get(CLOSE_ALERT_BTN).click(); @@ -43,6 +49,9 @@ export const expandFirstAlert = () => { export const goToClosedAlerts = () => { cy.get(CLOSED_ALERTS_FILTER_BTN).click(); + cy.get(REFRESH_BUTTON).should('not.have.text', 'Updating'); + cy.get(REFRESH_BUTTON).should('have.text', 'Refresh'); + cy.get(TIMELINE_COLUMN_SPINNER).should('not.exist'); }; export const goToManageAlertsDetectionRules = () => { @@ -51,6 +60,9 @@ export const goToManageAlertsDetectionRules = () => { export const goToOpenedAlerts = () => { cy.get(OPENED_ALERTS_FILTER_BTN).click({ force: true }); + cy.get(REFRESH_BUTTON).should('not.have.text', 'Updating'); + cy.get(REFRESH_BUTTON).should('have.text', 'Refresh'); + cy.get(TIMELINE_COLUMN_SPINNER).should('not.exist'); }; export const openFirstAlert = () => { diff --git a/x-pack/plugins/security_solution/cypress/tasks/api_calls.ts b/x-pack/plugins/security_solution/cypress/tasks/api_calls.ts new file mode 100644 index 0000000000000..4c42eb26cf62f --- /dev/null +++ b/x-pack/plugins/security_solution/cypress/tasks/api_calls.ts @@ -0,0 +1,45 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { CustomRule } from '../objects/rule'; + +export const createCustomRule = (rule: CustomRule) => { + cy.request({ + method: 'POST', + url: 'api/detection_engine/rules', + body: { + rule_id: 'rule_testing', + risk_score: parseInt(rule.riskScore, 10), + description: rule.description, + interval: '10s', + name: rule.name, + severity: rule.severity.toLocaleLowerCase(), + type: 'query', + from: 'now-17520h', + index: ['exceptions-*'], + query: rule.customQuery, + language: 'kuery', + enabled: false, + }, + headers: { 'kbn-xsrf': 'cypress-creds' }, + }); +}; + +export const deleteCustomRule = () => { + cy.request({ + method: 'DELETE', + url: 'api/detection_engine/rules?rule_id=rule_testing', + headers: { 'kbn-xsrf': 'cypress-creds' }, + }); +}; + +export const removeSignalsIndex = () => { + cy.request({ + method: 'DELETE', + url: `api/detection_engine/index`, + headers: { 'kbn-xsrf': 'delete-signals' }, + }); +}; diff --git a/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts b/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts index 251a7ccc4b9c9..9b809dbe524ae 100644 --- a/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts +++ b/x-pack/plugins/security_solution/cypress/tasks/create_new_rule.ts @@ -11,7 +11,6 @@ import { OverrideRule, ThresholdRule, } from '../objects/rule'; -import { NUMBER_OF_ALERTS } from '../screens/alerts'; import { ABOUT_CONTINUE_BTN, ABOUT_EDIT_TAB, @@ -65,6 +64,7 @@ import { EQL_QUERY_PREVIEW_HISTOGRAM, EQL_QUERY_VALIDATION_SPINNER, } from '../screens/create_new_rule'; +import { SERVER_SIDE_EVENT_COUNT } from '../screens/timeline'; import { NOTIFICATION_TOASTS, TOAST_ERROR_CLASS } from '../screens/shared'; import { TIMELINE } from '../screens/timelines'; import { refreshPage } from './security_header'; @@ -273,6 +273,22 @@ export const selectThresholdRuleType = () => { cy.get(THRESHOLD_TYPE).click({ force: true }); }; +export const waitForAlertsToPopulate = async () => { + cy.waitUntil( + () => { + refreshPage(); + return cy + .get(SERVER_SIDE_EVENT_COUNT) + .invoke('text') + .then((countText) => { + const alertCount = parseInt(countText, 10) || 0; + return alertCount > 0; + }); + }, + { interval: 500, timeout: 12000 } + ); +}; + export const waitForTheRuleToBeExecuted = () => { cy.waitUntil(() => { cy.get(REFRESH_BUTTON).click(); @@ -283,19 +299,6 @@ export const waitForTheRuleToBeExecuted = () => { }); }; -export const waitForAlertsToPopulate = async () => { - cy.waitUntil(() => { - refreshPage(); - return cy - .get(NUMBER_OF_ALERTS) - .invoke('text') - .then((countText) => { - const alertCount = parseInt(countText, 10) || 0; - return alertCount > 0; - }); - }); -}; - export const selectEqlRuleType = () => { cy.get(EQL_TYPE).click({ force: true }); }; diff --git a/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts b/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts new file mode 100644 index 0000000000000..9dd23a1dfa71f --- /dev/null +++ b/x-pack/plugins/security_solution/cypress/tasks/rule_details.ts @@ -0,0 +1,92 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import { Exception } from '../objects/exception'; +import { RULE_STATUS } from '../screens/create_new_rule'; +import { + ADD_EXCEPTIONS_BTN, + CLOSE_ALERTS_CHECKBOX, + CONFIRM_BTN, + FIELD_INPUT, + LOADING_SPINNER, + OPERATOR_INPUT, + VALUES_INPUT, +} from '../screens/exceptions'; +import { + ALERTS_TAB, + EXCEPTIONS_TAB, + REFRESH_BUTTON, + REMOVE_EXCEPTION_BTN, + RULE_SWITCH, +} from '../screens/rule_details'; + +export const activatesRule = () => { + cy.server(); + cy.route('PATCH', '**/api/detection_engine/rules/_bulk_update').as('bulk_update'); + cy.get(RULE_SWITCH).should('be.visible'); + cy.get(RULE_SWITCH).click(); + cy.wait('@bulk_update').then((response) => { + cy.wrap(response.status).should('eql', 200); + }); +}; + +export const deactivatesRule = () => { + cy.get(RULE_SWITCH).should('be.visible'); + cy.get(RULE_SWITCH).click(); +}; + +export const addsException = (exception: Exception) => { + cy.get(LOADING_SPINNER).should('exist'); + cy.get(LOADING_SPINNER).should('not.exist'); + cy.get(FIELD_INPUT).should('exist'); + cy.get(FIELD_INPUT).type(`${exception.field}{enter}`); + cy.get(OPERATOR_INPUT).type(`${exception.operator}{enter}`); + exception.values.forEach((value) => { + cy.get(VALUES_INPUT).type(`${value}{enter}`); + }); + cy.get(CLOSE_ALERTS_CHECKBOX).click({ force: true }); + cy.get(CONFIRM_BTN).click(); + cy.get(CONFIRM_BTN).should('have.attr', 'disabled'); + cy.get(CONFIRM_BTN).should('not.have.attr', 'disabled'); +}; + +export const addsExceptionFromRuleSettings = (exception: Exception) => { + cy.get(ADD_EXCEPTIONS_BTN).click(); + cy.get(LOADING_SPINNER).should('exist'); + cy.get(LOADING_SPINNER).should('not.exist'); + cy.get(LOADING_SPINNER).should('exist'); + cy.get(LOADING_SPINNER).should('not.exist'); + cy.get(FIELD_INPUT).should('be.visible'); + cy.get(FIELD_INPUT).type(`${exception.field}{enter}`); + cy.get(OPERATOR_INPUT).type(`${exception.operator}{enter}`); + exception.values.forEach((value) => { + cy.get(VALUES_INPUT).type(`${value}{enter}`); + }); + cy.get(CLOSE_ALERTS_CHECKBOX).click({ force: true }); + cy.get(CONFIRM_BTN).click(); + cy.get(CONFIRM_BTN).should('have.attr', 'disabled'); + cy.get(CONFIRM_BTN).should('not.have.attr', 'disabled'); +}; + +export const goToAlertsTab = () => { + cy.get(ALERTS_TAB).click(); +}; + +export const goToExceptionsTab = () => { + cy.get(EXCEPTIONS_TAB).click(); +}; + +export const removeException = () => { + cy.get(REMOVE_EXCEPTION_BTN).click(); +}; + +export const waitForTheRuleToBeExecuted = async () => { + let status = ''; + while (status !== 'succeeded') { + cy.get(REFRESH_BUTTON).click({ force: true }); + status = await cy.get(RULE_STATUS).invoke('text').promisify(); + } +}; diff --git a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx index fcef88b3f189a..cf8204478a955 100644 --- a/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx +++ b/x-pack/plugins/security_solution/public/detections/components/alerts_table/timeline_actions/alert_context_menu.tsx @@ -334,7 +334,9 @@ const AlertContextMenuComponent: React.FC = ({ onClick={handleAddExceptionClick} disabled={!canUserCRUD || !hasIndexWrite || !areExceptionsAllowed} > - {i18n.ACTION_ADD_EXCEPTION} + + {i18n.ACTION_ADD_EXCEPTION} + ); diff --git a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx index d7cc389507463..ba676835d60f1 100644 --- a/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx +++ b/x-pack/plugins/security_solution/public/detections/pages/detection_engine/rules/details/index.tsx @@ -110,16 +110,19 @@ const getRuleDetailsTabs = (rule: Rule | null) => { id: RuleDetailTabs.alerts, name: detectionI18n.ALERT, disabled: false, + dataTestSubj: 'alertsTab', }, { id: RuleDetailTabs.exceptions, name: i18n.EXCEPTIONS_TAB, disabled: !canUseExceptions, + dataTestSubj: 'exceptionsTab', }, { id: RuleDetailTabs.failures, name: i18n.FAILURE_HISTORY_TAB, disabled: false, + dataTestSubj: 'failureHistoryTab', }, ]; }; @@ -263,6 +266,7 @@ export const RuleDetailsPageComponent: FC = ({ isSelected={tab.id === ruleDetailTab} disabled={tab.disabled} key={tab.id} + data-test-subj={tab.dataTestSubj} > {tab.name} diff --git a/x-pack/plugins/spaces/server/usage_collection/spaces_usage_collector.ts b/x-pack/plugins/spaces/server/usage_collection/spaces_usage_collector.ts index 0e31c930a926b..d563a4a9b100d 100644 --- a/x-pack/plugins/spaces/server/usage_collection/spaces_usage_collector.ts +++ b/x-pack/plugins/spaces/server/usage_collection/spaces_usage_collector.ts @@ -8,7 +8,6 @@ import { LegacyCallAPIOptions } from 'src/core/server'; import { take } from 'rxjs/operators'; import { CollectorFetchContext, UsageCollectionSetup } from 'src/plugins/usage_collection/server'; import { Observable } from 'rxjs'; -import { KIBANA_STATS_TYPE_MONITORING } from '../../../monitoring/common/constants'; import { PluginsSetup } from '../plugin'; type CallCluster = ( @@ -146,11 +145,6 @@ interface CollectorDeps { licensing: PluginsSetup['licensing']; } -interface BulkUpload { - usage: { - spaces: UsageStats; - }; -} /* * @param {Object} server * @return {Object} kibana usage stats type collection object @@ -159,7 +153,7 @@ export function getSpacesUsageCollector( usageCollection: UsageCollectionSetup, deps: CollectorDeps ) { - return usageCollection.makeUsageCollector({ + return usageCollection.makeUsageCollector({ type: 'spaces', isReady: () => true, schema: { @@ -202,22 +196,6 @@ export function getSpacesUsageCollector( ...usageStats, } as UsageStats; }, - - /* - * Format the response data into a model for internal upload - * 1. Make this data part of the "kibana_stats" type - * 2. Organize the payload in the usage.xpack.spaces namespace of the data payload - */ - formatForBulkUpload: (result: UsageStats) => { - return { - type: KIBANA_STATS_TYPE_MONITORING, - payload: { - usage: { - spaces: result, - }, - }, - }; - }, }); } diff --git a/x-pack/plugins/translations/translations/ja-JP.json b/x-pack/plugins/translations/translations/ja-JP.json index ed514eda000aa..261458a8e7793 100644 --- a/x-pack/plugins/translations/translations/ja-JP.json +++ b/x-pack/plugins/translations/translations/ja-JP.json @@ -20634,11 +20634,8 @@ "xpack.uptime.monitorList.defineConnector.description": "アラートを有効にするには、デフォルトのアラートアクションコネクターを定義してください。", "xpack.uptime.monitorList.disableDownAlert": "ステータスアラートを無効にする", "xpack.uptime.monitorList.downLineSeries.downLabel": "ダウン", - "xpack.uptime.monitorList.drawer.locations.statusDown": "{locations}でダウン", - "xpack.uptime.monitorList.drawer.locations.statusUp": "{locations}でアップ", "xpack.uptime.monitorList.drawer.missingLocation": "一部のHeartbeatインスタンスには位置情報が定義されていません。Heartbeat構成への{link}。", "xpack.uptime.monitorList.enabledAlerts.noAlert": "このモニターではアラートが有効ではありません。", - "xpack.uptime.monitorList.enabledAlerts.title": "有効なアラート:", "xpack.uptime.monitorList.enableDownAlert": "ステータスアラートを有効にする", "xpack.uptime.monitorList.expandDrawerButton.ariaLabel": "ID {id}のモニターの行を展開", "xpack.uptime.monitorList.geoName.helpLinkAnnotation": "場所を追加", diff --git a/x-pack/plugins/translations/translations/zh-CN.json b/x-pack/plugins/translations/translations/zh-CN.json index a500b63fbf863..f18c899f67652 100644 --- a/x-pack/plugins/translations/translations/zh-CN.json +++ b/x-pack/plugins/translations/translations/zh-CN.json @@ -20654,11 +20654,8 @@ "xpack.uptime.monitorList.defineConnector.description": "要开始启用告警,请在以下位置定义默认告警操作连接器", "xpack.uptime.monitorList.disableDownAlert": "禁用状态告警", "xpack.uptime.monitorList.downLineSeries.downLabel": "关闭", - "xpack.uptime.monitorList.drawer.locations.statusDown": "在 {locations} 已关闭", - "xpack.uptime.monitorList.drawer.locations.statusUp": "在 {locations} 正运行", "xpack.uptime.monitorList.drawer.missingLocation": "某些 Heartbeat 实例未定义位置。{link}到您的 Heartbeat 配置。", "xpack.uptime.monitorList.enabledAlerts.noAlert": "没有为此监测启用告警。", - "xpack.uptime.monitorList.enabledAlerts.title": "已启用的告警:", "xpack.uptime.monitorList.enableDownAlert": "启用状态告警", "xpack.uptime.monitorList.expandDrawerButton.ariaLabel": "展开 ID {id} 的监测行", "xpack.uptime.monitorList.geoName.helpLinkAnnotation": "添加位置", diff --git a/x-pack/plugins/uptime/common/runtime_types/monitor/state.ts b/x-pack/plugins/uptime/common/runtime_types/monitor/state.ts index d32c47bb5d3f9..46290b9e53b8e 100644 --- a/x-pack/plugins/uptime/common/runtime_types/monitor/state.ts +++ b/x-pack/plugins/uptime/common/runtime_types/monitor/state.ts @@ -23,9 +23,14 @@ export const StateType = t.intersection([ up: t.number, down: t.number, }), - monitor: t.partial({ - name: t.string, - }), + monitor: t.intersection([ + t.partial({ + name: t.string, + }), + t.type({ + type: t.string, + }), + ]), }), t.partial({ tls: t.partial({ diff --git a/x-pack/plugins/uptime/public/apps/uptime_app.tsx b/x-pack/plugins/uptime/public/apps/uptime_app.tsx index c928ac0dc458f..9535cfdb8c8b0 100644 --- a/x-pack/plugins/uptime/public/apps/uptime_app.tsx +++ b/x-pack/plugins/uptime/public/apps/uptime_app.tsx @@ -32,9 +32,11 @@ import { import { store } from '../state'; import { kibanaService } from '../state/kibana_service'; import { ScopedHistory } from '../../../../../src/core/public'; +import { EuiThemeProvider } from '../../../observability/public'; export interface UptimeAppColors { danger: string; + dangerBehindText: string; success: string; gray: string; range: string; @@ -103,24 +105,26 @@ const Application = (props: UptimeAppProps) => { services={{ ...core, ...plugins, triggersActionsUi: startPlugins.triggersActionsUi }} > - - - - - - - -
- - -
- - - - - - - + + + + + + + + +
+ + +
+ + + + + + + + diff --git a/x-pack/plugins/uptime/public/components/monitor/status_details/status_bar/ssl_certificate.tsx b/x-pack/plugins/uptime/public/components/monitor/status_details/status_bar/ssl_certificate.tsx index ffe4f5d759e03..4c0824b5dfa4f 100644 --- a/x-pack/plugins/uptime/public/components/monitor/status_details/status_bar/ssl_certificate.tsx +++ b/x-pack/plugins/uptime/public/components/monitor/status_details/status_bar/ssl_certificate.tsx @@ -11,7 +11,7 @@ import { FormattedMessage } from '@kbn/i18n/react'; import { Tls, X509Expiry } from '../../../../../common/runtime_types'; import { CERTIFICATES_ROUTE } from '../../../../../common/constants'; import { MonListDescription, MonListTitle } from './status_bar'; -import { CertStatusColumn } from '../../../overview/monitor_list/cert_status_column'; +import { CertStatusColumn } from '../../../overview/monitor_list/columns/cert_status_column'; interface Props { /** diff --git a/x-pack/plugins/uptime/public/components/overview/filter_group/filter_popover.tsx b/x-pack/plugins/uptime/public/components/overview/filter_group/filter_popover.tsx index da66e4179e1ac..e79c036d54e0e 100644 --- a/x-pack/plugins/uptime/public/components/overview/filter_group/filter_popover.tsx +++ b/x-pack/plugins/uptime/public/components/overview/filter_group/filter_popover.tsx @@ -54,6 +54,7 @@ export const FilterPopover = ({ const mItems = selectedItems.concat(allItems ?? []); const newItems = mItems.filter((item, index) => mItems.indexOf(item) === index); setItems(newItems); + setTempSelectedItems(selectedItems); }, [allItems, selectedItems]); useEffect(() => { @@ -73,7 +74,7 @@ export const FilterPopover = ({ isDisabled={disabled && selectedItems.length === 0} isSelected={tempSelectedItems.length > 0} numFilters={items.length} - numActiveFilters={tempSelectedItems.length} + numActiveFilters={isOpen ? tempSelectedItems.length : selectedItems.length} onClick={() => { setIsOpen(!isOpen); onFilterFieldChange(fieldName, tempSelectedItems); diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/__tests__/__snapshots__/monitor_list.test.tsx.snap b/x-pack/plugins/uptime/public/components/overview/monitor_list/__tests__/__snapshots__/monitor_list.test.tsx.snap index 1f5e86dc67386..edd901253f509 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/__tests__/__snapshots__/monitor_list.test.tsx.snap +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/__tests__/__snapshots__/monitor_list.test.tsx.snap @@ -199,7 +199,9 @@ exports[`MonitorList component MonitorListPagination component renders the pagin Object { "monitor_id": "foo", "state": Object { - "monitor": Object {}, + "monitor": Object { + "type": "http", + }, "summary": Object { "down": 2, "up": 1, @@ -255,7 +257,9 @@ exports[`MonitorList component MonitorListPagination component renders the pagin Object { "monitor_id": "bar", "state": Object { - "monitor": Object {}, + "monitor": Object { + "type": "http", + }, "summary": Object { "down": 0, "up": 2, @@ -507,7 +511,9 @@ exports[`MonitorList component renders error list 1`] = ` Object { "monitor_id": "foo", "state": Object { - "monitor": Object {}, + "monitor": Object { + "type": "http", + }, "summary": Object { "down": 2, "up": 1, @@ -563,7 +569,9 @@ exports[`MonitorList component renders error list 1`] = ` Object { "monitor_id": "bar", "state": Object { - "monitor": Object {}, + "monitor": Object { + "type": "http", + }, "summary": Object { "down": 0, "up": 2, @@ -710,7 +718,9 @@ exports[`MonitorList component renders loading state 1`] = ` Object { "monitor_id": "foo", "state": Object { - "monitor": Object {}, + "monitor": Object { + "type": "http", + }, "summary": Object { "down": 2, "up": 1, @@ -766,7 +776,9 @@ exports[`MonitorList component renders loading state 1`] = ` Object { "monitor_id": "bar", "state": Object { - "monitor": Object {}, + "monitor": Object { + "type": "http", + }, "summary": Object { "down": 0, "up": 2, @@ -820,10 +832,10 @@ exports[`MonitorList component renders loading state 1`] = ` exports[`MonitorList component renders the monitor list 1`] = ` .c3 { - padding-left: 17px; + padding-right: 4px; } -.c5 { +.c4 { padding-top: 12px; } @@ -837,12 +849,6 @@ exports[`MonitorList component renders the monitor list 1`] = ` position: relative; } -.c4 { - white-space: nowrap; - overflow: hidden; - text-overflow: ellipsis; -} - @media (max-width:574px) { .c2 { min-width: 230px; @@ -966,7 +972,7 @@ exports[`MonitorList component renders the monitor list 1`] = `

@@ -1012,6 +1018,7 @@ exports[`MonitorList component renders the monitor list 1`] = ` data-test-subj="tableHeaderCell_state.url.full_2" role="columnheader" scope="col" + style="width:40%" >
-
+
+ + + +
+
+
+
+
- + in 0/1 location,
-
-
+ -
-
- 5m ago -
+ Checked Sept 4, 2020 9:31:38 AM
- +
-
-
- in 0/1 Location -
-
@@ -1172,21 +1176,46 @@ exports[`MonitorList component renders the monitor list 1`] = `
- + + Unnamed - foo + + +
+ +
+
@@ -1395,21 +1415,46 @@ exports[`MonitorList component renders the monitor list 1`] = `
- + + Unnamed - bar + + +
+ +
+
+ />
-
+
+ + + +
+
+
+
+
- + in 0/1 location,
-
-
+ -
-
- 5m ago -
+ Checked Sept 4, 2020 9:31:38 AM
- +
-
-
- in 0/1 Location -
-
+ />
, -] + + Get https://expired.badssl.com: x509: certificate has expired or is not yet valid + + + + `; exports[`MostRecentError component validates props with shallow render 1`] = ` diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/integration_group.test.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/integration_group.test.tsx index 3e7860e4e6ab4..62e34354dd356 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/integration_group.test.tsx +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/integration_group.test.tsx @@ -17,7 +17,7 @@ describe('IntegrationGroup', () => { monitor_id: '12345', state: { summary: {}, - monitor: {}, + monitor: { type: 'http' }, summaryPings: [], timestamp: '123', url: {}, @@ -48,7 +48,7 @@ describe('IntegrationGroup', () => { state: { timestamp: 'foo', summaryPings: [], - monitor: {}, + monitor: { type: 'http' }, summary: { up: 0, down: 0, diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/monitor_list_drawer.test.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/monitor_list_drawer.test.tsx index 4e8ffc64cfe92..6da19b2ccc4d2 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/monitor_list_drawer.test.tsx +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/__tests__/monitor_list_drawer.test.tsx @@ -17,7 +17,7 @@ describe('MonitorListDrawer component', () => { summary = { monitor_id: 'foo', state: { - monitor: {}, + monitor: { type: 'http' }, summaryPings: [ makePing({ docId: 'foo', diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/actions_popover/actions_popover.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/actions_popover/actions_popover.tsx index 9e96f0ca76535..3e1276b26b727 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/actions_popover/actions_popover.tsx +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/actions_popover/actions_popover.tsx @@ -46,7 +46,12 @@ export const ActionsPopoverComponent = ({ iconType="arrowDown" iconSide="right" > - Integrations + {i18n.translate( + 'xpack.uptime.monitorList.observabilityInvestigateColumn.popoverIconButton.label', + { + defaultMessage: 'Investigate', + } + )} } closePopover={() => togglePopoverIsVisible({ id: popoverId, open: false })} diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/enabled_alerts.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/enabled_alerts.tsx index d869c6d78ec11..b39162b70eda4 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/enabled_alerts.tsx +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/enabled_alerts.tsx @@ -5,9 +5,17 @@ */ import React, { useContext } from 'react'; -import { EuiCallOut, EuiListGroup, EuiLoadingSpinner, EuiSpacer, EuiText } from '@elastic/eui'; +import { + EuiCallOut, + EuiDescriptionList, + EuiDescriptionListDescription, + EuiDescriptionListTitle, + EuiListGroup, + EuiLoadingSpinner, +} from '@elastic/eui'; import { EuiListGroupItemProps } from '@elastic/eui/src/components/list_group/list_group_item'; import { i18n } from '@kbn/i18n'; +import styled from 'styled-components'; import { UptimeSettingsContext } from '../../../../contexts'; import { Alert } from '../../../../../../triggers_actions_ui/public'; @@ -16,6 +24,15 @@ interface Props { loading: boolean; } +const LinkGroupList = styled(EuiListGroup)` + &&& { + a { + padding-left: 0; + padding-top: 0; + } + } +`; + export const EnabledAlerts = ({ monitorAlerts, loading }: Props) => { const { basePath } = useContext(UptimeSettingsContext); @@ -31,27 +48,24 @@ export const EnabledAlerts = ({ monitorAlerts, loading }: Props) => { }); return ( - <> - - - -

- {i18n.translate('xpack.uptime.monitorList.enabledAlerts.title', { - defaultMessage: 'Enabled alerts:', - description: 'Alerts enabled for this monitor', + + + {i18n.translate('xpack.uptime.monitorList.enabledAlerts.title', { + defaultMessage: 'Enabled alerts', + description: 'Alerts enabled for this monitor', + })} + + + {listItems.length === 0 && !loading && ( + - - - {listItems.length === 0 && !loading && ( - - )} - {loading ? : } - + /> + )} + {loading ? : } + + ); }; diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_list_drawer.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_list_drawer.tsx index 4b359099bc58c..ca7a608986e85 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_list_drawer.tsx +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_list_drawer.tsx @@ -6,13 +6,15 @@ import React from 'react'; import styled from 'styled-components'; -import { EuiLink, EuiFlexGroup, EuiFlexItem, EuiIcon, EuiText } from '@elastic/eui'; +import { EuiFlexGroup, EuiFlexItem, EuiSpacer } from '@elastic/eui'; +import { Alert } from '../../../../../../triggers_actions_ui/public'; import { MostRecentError } from './most_recent_error'; import { MonitorStatusList } from './monitor_status_list'; import { MonitorDetails, MonitorSummary } from '../../../../../common/runtime_types'; import { ActionsPopover } from './actions_popover/actions_popover_container'; import { EnabledAlerts } from './enabled_alerts'; -import { Alert } from '../../../../../../triggers_actions_ui/public'; +import { MonitorUrl } from './monitor_url'; +import { MostRecentRun } from './most_recent_run'; const ContainerDiv = styled.div` padding: 10px; @@ -47,19 +49,25 @@ export function MonitorListDrawerComponent({ - - - {monitorUrl} - - - + + + + + + + {/* TODO: add link to details page */} + + + + + {monitorDetails && monitorDetails.error && ( { return ( <> - - + + + + + + + + {(downChecks.has(UNNAMED_LOCATION) || upChecks.has(UNNAMED_LOCATION)) && ( <> diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_status_row.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_status_row.tsx index d0cc71ece989a..5bcb4ef97c3a4 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_status_row.tsx +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_status_row.tsx @@ -4,11 +4,10 @@ * you may not use this file except in compliance with the Elastic License. */ -import React, { useContext } from 'react'; -import { EuiHealth, EuiSpacer } from '@elastic/eui'; -import { FormattedMessage } from '@kbn/i18n/react'; -import { UptimeThemeContext } from '../../../../contexts'; +import React from 'react'; +import { EuiBadge, EuiSpacer } from '@elastic/eui'; import { UNNAMED_LOCATION, STATUS } from '../../../../../common/constants'; +import { getHealthMessage } from '../columns/monitor_status_column'; interface MonitorStatusRowProps { /** @@ -22,11 +21,7 @@ interface MonitorStatusRowProps { } export const MonitorStatusRow = ({ locationNames, status }: MonitorStatusRowProps) => { - const { - colors: { success, danger }, - } = useContext(UptimeThemeContext); - - const color = status === STATUS.UP ? success : danger; + const color = status === STATUS.UP ? 'secondary' : 'danger'; let checkListArray = [...locationNames]; // If un-named location exists, move it to end @@ -35,29 +30,13 @@ export const MonitorStatusRow = ({ locationNames, status }: MonitorStatusRowProp checkListArray.push(UNNAMED_LOCATION); } - if (locationNames.size === 0) { - return null; - } - const locations = checkListArray.join(', '); return ( - <> - - {status === STATUS.UP ? ( - - ) : ( - - )} - + + {getHealthMessage(status)} + + {locations || '--'} - + ); }; diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_url.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_url.tsx new file mode 100644 index 0000000000000..d988f5a582495 --- /dev/null +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/monitor_url.tsx @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +import React from 'react'; +import { i18n } from '@kbn/i18n'; +import { + EuiLink, + EuiDescriptionList, + EuiDescriptionListDescription, + EuiDescriptionListTitle, +} from '@elastic/eui'; + +interface Props { + monitorUrl: string; +} +export const MonitorUrl = ({ monitorUrl }: Props) => { + return ( + + + {i18n.translate('xpack.uptime.monitorList.drawer.url', { + defaultMessage: 'Url', + })} + + + + {monitorUrl} + + + + ); +}; diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/most_recent_error.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/most_recent_error.tsx index e7d9885680340..d611278d91033 100644 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/most_recent_error.tsx +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/most_recent_error.tsx @@ -4,7 +4,11 @@ * you may not use this file except in compliance with the Elastic License. */ import React from 'react'; -import { EuiText, EuiSpacer } from '@elastic/eui'; +import { + EuiDescriptionList, + EuiDescriptionListTitle, + EuiDescriptionListDescription, +} from '@elastic/eui'; import moment from 'moment'; import { i18n } from '@kbn/i18n'; import { MonitorPageLink } from '../../../common/monitor_page_link'; @@ -37,21 +41,19 @@ export const MostRecentError = ({ error, monitorId, timestamp }: MostRecentError const timestampStr = timestamp ? moment(new Date(timestamp).valueOf()).fromNow() : ''; return ( - <> - - -

- {i18n.translate('xpack.uptime.monitorList.mostRecentError.title', { - defaultMessage: 'Most recent error ({timestamp})', - values: { timestamp: timestampStr }, - description: 'Most Recent Error title in Monitor List Expanded row', - })} -

- - - - {error?.message} - - + + + {i18n.translate('xpack.uptime.monitorList.mostRecentError.title', { + defaultMessage: 'Most recent error ({timestamp})', + values: { timestamp: timestampStr }, + description: 'Most Recent Error title in Monitor List Expanded row', + })} + + + + {error?.message} + + + ); }; diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/most_recent_run.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/most_recent_run.tsx new file mode 100644 index 0000000000000..cd9108a36f332 --- /dev/null +++ b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_drawer/most_recent_run.tsx @@ -0,0 +1,34 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import React from 'react'; +import { + EuiDescriptionList, + EuiDescriptionListTitle, + EuiDescriptionListDescription, + EuiText, +} from '@elastic/eui'; +import moment from 'moment'; +import { i18n } from '@kbn/i18n'; +import { MonitorSummary } from '../../../../../common/runtime_types'; + +interface Props { + summary: MonitorSummary; +} + +export const MostRecentRun = ({ summary }: Props) => { + return ( + + + {i18n.translate('xpack.uptime.monitorList.drawer.mostRecentRun', { + defaultMessage: 'Most recent test run', + })} + + + {moment(summary.state.timestamp).format('LLL').toString()} + + + ); +}; diff --git a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_status_column.tsx b/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_status_column.tsx deleted file mode 100644 index 7140211d18807..0000000000000 --- a/x-pack/plugins/uptime/public/components/overview/monitor_list/monitor_list_status_column.tsx +++ /dev/null @@ -1,146 +0,0 @@ -/* - * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one - * or more contributor license agreements. Licensed under the Elastic License; - * you may not use this file except in compliance with the Elastic License. - */ - -import React from 'react'; -import moment from 'moment'; -import { i18n } from '@kbn/i18n'; -import styled from 'styled-components'; -import { EuiHealth, EuiFlexGroup, EuiFlexItem, EuiText, EuiToolTip } from '@elastic/eui'; -import { parseTimestamp } from './parse_timestamp'; -import { Ping } from '../../../../common/runtime_types'; -import { - STATUS, - SHORT_TIMESPAN_LOCALE, - UNNAMED_LOCATION, - SHORT_TS_LOCALE, -} from '../../../../common/constants'; - -import * as labels from './translations'; - -interface MonitorListStatusColumnProps { - status: string; - timestamp: string; - summaryPings: Ping[]; -} - -const PaddedSpan = styled.span` - padding-left: 17px; -`; - -const StatusColumnFlexG = styled(EuiFlexGroup)` - @media (max-width: 574px) { - min-width: 230px; - } -`; - -const getHealthColor = (status: string): string => { - switch (status) { - case STATUS.UP: - return 'success'; - case STATUS.DOWN: - return 'danger'; - default: - return ''; - } -}; - -const getHealthMessage = (status: string): string | null => { - switch (status) { - case STATUS.UP: - return labels.UP; - case STATUS.DOWN: - return labels.DOWN; - default: - return null; - } -}; - -const getRelativeShortTimeStamp = (timeStamp: any) => { - const prevLocale: string = moment.locale() ?? 'en'; - - const shortLocale = moment.locale(SHORT_TS_LOCALE) === SHORT_TS_LOCALE; - - if (!shortLocale) { - moment.defineLocale(SHORT_TS_LOCALE, SHORT_TIMESPAN_LOCALE); - } - - const shortTimestamp = parseTimestamp(timeStamp).fromNow(); - - // Reset it so, it does't impact other part of the app - moment.locale(prevLocale); - return shortTimestamp; -}; - -export const getLocationStatus = (summaryPings: Ping[], status: string) => { - const upPings: Set = new Set(); - const downPings: Set = new Set(); - - summaryPings.forEach((summaryPing: Ping) => { - const location = summaryPing?.observer?.geo?.name ?? UNNAMED_LOCATION; - - if (summaryPing.monitor.status === STATUS.UP) { - upPings.add(location); - } else if (summaryPing.monitor.status === STATUS.DOWN) { - downPings.add(location); - } - }); - - // if monitor is down in one dns, it will be considered down so removing it from up list - const absUpChecks: Set = new Set([...upPings].filter((item) => !downPings.has(item))); - - const totalLocations = absUpChecks.size + downPings.size; - let statusMessage = ''; - if (status === STATUS.DOWN) { - statusMessage = `${downPings.size}/${totalLocations}`; - } else { - statusMessage = `${absUpChecks.size}/${totalLocations}`; - } - - if (totalLocations > 1) { - return i18n.translate('xpack.uptime.monitorList.statusColumn.locStatusMessage.multiple', { - defaultMessage: 'in {noLoc} Locations', - values: { noLoc: statusMessage }, - }); - } - - return i18n.translate('xpack.uptime.monitorList.statusColumn.locStatusMessage', { - defaultMessage: 'in {noLoc} Location', - values: { noLoc: statusMessage }, - }); -}; - -export const MonitorListStatusColumn = ({ - status, - summaryPings = [], - timestamp: tsString, -}: MonitorListStatusColumnProps) => { - const timestamp = parseTimestamp(tsString); - return ( - - - - {getHealthMessage(status)} - - - - {timestamp.toLocaleString()} - - } - > - - {getRelativeShortTimeStamp(tsString)} - - - - - - {getLocationStatus(summaryPings, status)} - - - ); -}; diff --git a/x-pack/plugins/uptime/public/contexts/uptime_theme_context.tsx b/x-pack/plugins/uptime/public/contexts/uptime_theme_context.tsx index f0a702b9c0b75..a2f50c44f8ca4 100644 --- a/x-pack/plugins/uptime/public/contexts/uptime_theme_context.tsx +++ b/x-pack/plugins/uptime/public/contexts/uptime_theme_context.tsx @@ -26,6 +26,7 @@ export interface UptimeThemeContextValues { const defaultContext: UptimeThemeContextValues = { colors: { danger: euiLightVars.euiColorDanger, + dangerBehindText: euiDarkVars.euiColorVis9_behindText, mean: euiLightVars.euiColorPrimary, range: euiLightVars.euiFocusBackgroundColor, success: euiLightVars.euiColorSuccess, @@ -49,7 +50,8 @@ export const UptimeThemeContextProvider: React.FC = ({ darkMo let colors: UptimeAppColors; if (darkMode) { colors = { - danger: euiDarkVars.euiColorDanger, + danger: euiDarkVars.euiColorVis9, + dangerBehindText: euiDarkVars.euiColorVis9_behindText, mean: euiDarkVars.euiColorPrimary, gray: euiDarkVars.euiColorLightShade, range: euiDarkVars.euiFocusBackgroundColor, @@ -59,7 +61,8 @@ export const UptimeThemeContextProvider: React.FC = ({ darkMo }; } else { colors = { - danger: euiLightVars.euiColorDanger, + danger: euiLightVars.euiColorVis9, + dangerBehindText: euiLightVars.euiColorVis9_behindText, mean: euiLightVars.euiColorPrimary, gray: euiLightVars.euiColorLightShade, range: euiLightVars.euiFocusBackgroundColor, diff --git a/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_apm_href.test.ts b/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_apm_href.test.ts index 2444cfbee63d5..bbd389195d9dc 100644 --- a/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_apm_href.test.ts +++ b/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_apm_href.test.ts @@ -14,7 +14,7 @@ describe('getApmHref', () => { monitor_id: 'foo', state: { summary: {}, - monitor: {}, + monitor: { type: 'http' }, summaryPings: [ makePing({ docId: 'foo', diff --git a/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_infra_href.test.ts b/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_infra_href.test.ts index b1247ad5b8935..44e29c81f43f8 100644 --- a/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_infra_href.test.ts +++ b/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_infra_href.test.ts @@ -30,7 +30,7 @@ describe('getInfraHref', () => { summaryPings: [ping], summary: {}, url: {}, - monitor: {}, + monitor: { type: 'http' }, timestamp: '123', }, }; diff --git a/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_logging_href.test.ts b/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_logging_href.test.ts index d2a7a96a8b6f9..ae94e6cadd541 100644 --- a/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_logging_href.test.ts +++ b/x-pack/plugins/uptime/public/lib/helper/observability_integration/__tests__/get_logging_href.test.ts @@ -38,7 +38,7 @@ describe('getLoggingHref', () => { summary: {}, summaryPings: [ping], timestamp: '123', - monitor: {}, + monitor: { type: 'http' }, url: {}, }, }; diff --git a/x-pack/plugins/uptime/public/lib/helper/test_helpers.ts b/x-pack/plugins/uptime/public/lib/helper/test_helpers.ts new file mode 100644 index 0000000000000..d18f2aa2a4e78 --- /dev/null +++ b/x-pack/plugins/uptime/public/lib/helper/test_helpers.ts @@ -0,0 +1,22 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ + +/* global jest */ + +import moment from 'moment'; +import { Moment } from 'moment-timezone'; + +export function mockMoment() { + // avoid timezone issues + jest.spyOn(moment.prototype, 'format').mockImplementation(function (this: Moment) { + return `Sept 4, 2020 9:31:38 AM`; + }); + + // convert relative time to absolute time to avoid timing issues + jest.spyOn(moment.prototype, 'fromNow').mockImplementation(function (this: Moment) { + return `15 minutes ago`; + }); +} diff --git a/x-pack/plugins/uptime/public/pages/overview.tsx b/x-pack/plugins/uptime/public/pages/overview.tsx index 9594819e385c0..e2b8e911b5a88 100644 --- a/x-pack/plugins/uptime/public/pages/overview.tsx +++ b/x-pack/plugins/uptime/public/pages/overview.tsx @@ -10,7 +10,6 @@ import styled from 'styled-components'; import { i18n } from '@kbn/i18n'; import { useDispatch } from 'react-redux'; import { useGetUrlParams } from '../hooks'; -import { stringifyUrlParams } from '../lib/helper/stringify_url_params'; import { PageHeader } from './page_header'; import { IIndexPattern } from '../../../../../src/plugins/data/public'; import { useUpdateKueryString } from '../hooks'; @@ -63,8 +62,6 @@ export const OverviewPageComponent = React.memo( dispatch(getMonitorAlertsAction.get()); }, [dispatch]); - const linkParameters = stringifyUrlParams(params, true); - const heading = i18n.translate('xpack.uptime.overviewPage.headerText', { defaultMessage: 'Overview', description: `The text that will be displayed in the app's heading when the Overview page loads.`, @@ -93,7 +90,7 @@ export const OverviewPageComponent = React.memo( - + ); diff --git a/x-pack/plugins/uptime/server/lib/requests/search/__tests__/monitor_summary_iterator.test.ts b/x-pack/plugins/uptime/server/lib/requests/search/__tests__/monitor_summary_iterator.test.ts index 8ba5be943304c..6705bcac3c0ff 100644 --- a/x-pack/plugins/uptime/server/lib/requests/search/__tests__/monitor_summary_iterator.test.ts +++ b/x-pack/plugins/uptime/server/lib/requests/search/__tests__/monitor_summary_iterator.test.ts @@ -98,7 +98,7 @@ const makeMonitorSummaries = (count: number): MonitorSummary[] => { summaries.push({ monitor_id: id, state: { - monitor: {}, + monitor: { type: 'http' }, timestamp: (123 + i).toString(), url: {}, summaryPings: [], diff --git a/x-pack/plugins/uptime/server/lib/requests/search/refine_potential_matches.ts b/x-pack/plugins/uptime/server/lib/requests/search/refine_potential_matches.ts index dc3af2805d13f..bf0c7fce2be75 100644 --- a/x-pack/plugins/uptime/server/lib/requests/search/refine_potential_matches.ts +++ b/x-pack/plugins/uptime/server/lib/requests/search/refine_potential_matches.ts @@ -86,6 +86,7 @@ export const summaryPingsToSummary = (summaryPings: Ping[]): MonitorSummary => { timestamp: latest.timestamp, monitor: { name: latest.monitor?.name, + type: latest.monitor?.type, }, url: latest.url ?? {}, summary: { diff --git a/x-pack/test/api_integration/apis/uptime/rest/__snapshots__/monitor_states_real_data.snap b/x-pack/test/api_integration/apis/uptime/rest/__snapshots__/monitor_states_real_data.snap index 50625683b605d..93abfaf67a009 100644 --- a/x-pack/test/api_integration/apis/uptime/rest/__snapshots__/monitor_states_real_data.snap +++ b/x-pack/test/api_integration/apis/uptime/rest/__snapshots__/monitor_states_real_data.snap @@ -63,6 +63,7 @@ Object { "state": Object { "monitor": Object { "name": "", + "type": "http", }, "observer": Object { "geo": Object { @@ -242,6 +243,7 @@ Object { "state": Object { "monitor": Object { "name": "", + "type": "http", }, "observer": Object { "geo": Object { diff --git a/x-pack/test/apm_api_integration/basic/tests/index.ts b/x-pack/test/apm_api_integration/basic/tests/index.ts index e9bc59df96108..27e9528a658a9 100644 --- a/x-pack/test/apm_api_integration/basic/tests/index.ts +++ b/x-pack/test/apm_api_integration/basic/tests/index.ts @@ -16,9 +16,10 @@ export default function apmApiIntegrationTests({ loadTestFile }: FtrProviderCont }); describe('Services', function () { + loadTestFile(require.resolve('./services/agent_name')); loadTestFile(require.resolve('./services/annotations')); + loadTestFile(require.resolve('./services/throughput')); loadTestFile(require.resolve('./services/top_services')); - loadTestFile(require.resolve('./services/agent_name')); loadTestFile(require.resolve('./services/transaction_types')); }); diff --git a/x-pack/test/apm_api_integration/basic/tests/services/__snapshots__/throughput.snap b/x-pack/test/apm_api_integration/basic/tests/services/__snapshots__/throughput.snap new file mode 100644 index 0000000000000..434660cdc2c62 --- /dev/null +++ b/x-pack/test/apm_api_integration/basic/tests/services/__snapshots__/throughput.snap @@ -0,0 +1,250 @@ +// Jest Snapshot v1, https://goo.gl/fbAQLP + +exports[`Throughput when data is loaded returns the service throughput has the correct throughput 1`] = ` +Array [ + Object { + "x": 1601389800000, + "y": 6, + }, + Object { + "x": 1601389830000, + "y": 0, + }, + Object { + "x": 1601389860000, + "y": 0, + }, + Object { + "x": 1601389890000, + "y": 0, + }, + Object { + "x": 1601389920000, + "y": 3, + }, + Object { + "x": 1601389950000, + "y": 1, + }, + Object { + "x": 1601389980000, + "y": 0, + }, + Object { + "x": 1601390010000, + "y": 0, + }, + Object { + "x": 1601390040000, + "y": 3, + }, + Object { + "x": 1601390070000, + "y": 2, + }, + Object { + "x": 1601390100000, + "y": 0, + }, + Object { + "x": 1601390130000, + "y": 0, + }, + Object { + "x": 1601390160000, + "y": 7, + }, + Object { + "x": 1601390190000, + "y": 3, + }, + Object { + "x": 1601390220000, + "y": 2, + }, + Object { + "x": 1601390250000, + "y": 0, + }, + Object { + "x": 1601390280000, + "y": 0, + }, + Object { + "x": 1601390310000, + "y": 8, + }, + Object { + "x": 1601390340000, + "y": 0, + }, + Object { + "x": 1601390370000, + "y": 0, + }, + Object { + "x": 1601390400000, + "y": 3, + }, + Object { + "x": 1601390430000, + "y": 0, + }, + Object { + "x": 1601390460000, + "y": 0, + }, + Object { + "x": 1601390490000, + "y": 0, + }, + Object { + "x": 1601390520000, + "y": 4, + }, + Object { + "x": 1601390550000, + "y": 3, + }, + Object { + "x": 1601390580000, + "y": 2, + }, + Object { + "x": 1601390610000, + "y": 0, + }, + Object { + "x": 1601390640000, + "y": 1, + }, + Object { + "x": 1601390670000, + "y": 2, + }, + Object { + "x": 1601390700000, + "y": 0, + }, + Object { + "x": 1601390730000, + "y": 0, + }, + Object { + "x": 1601390760000, + "y": 4, + }, + Object { + "x": 1601390790000, + "y": 1, + }, + Object { + "x": 1601390820000, + "y": 1, + }, + Object { + "x": 1601390850000, + "y": 0, + }, + Object { + "x": 1601390880000, + "y": 6, + }, + Object { + "x": 1601390910000, + "y": 0, + }, + Object { + "x": 1601390940000, + "y": 3, + }, + Object { + "x": 1601390970000, + "y": 0, + }, + Object { + "x": 1601391000000, + "y": 4, + }, + Object { + "x": 1601391030000, + "y": 0, + }, + Object { + "x": 1601391060000, + "y": 1, + }, + Object { + "x": 1601391090000, + "y": 0, + }, + Object { + "x": 1601391120000, + "y": 2, + }, + Object { + "x": 1601391150000, + "y": 1, + }, + Object { + "x": 1601391180000, + "y": 2, + }, + Object { + "x": 1601391210000, + "y": 0, + }, + Object { + "x": 1601391240000, + "y": 1, + }, + Object { + "x": 1601391270000, + "y": 0, + }, + Object { + "x": 1601391300000, + "y": 1, + }, + Object { + "x": 1601391330000, + "y": 0, + }, + Object { + "x": 1601391360000, + "y": 1, + }, + Object { + "x": 1601391390000, + "y": 0, + }, + Object { + "x": 1601391420000, + "y": 0, + }, + Object { + "x": 1601391450000, + "y": 0, + }, + Object { + "x": 1601391480000, + "y": 10, + }, + Object { + "x": 1601391510000, + "y": 3, + }, + Object { + "x": 1601391540000, + "y": 1, + }, + Object { + "x": 1601391570000, + "y": 0, + }, + Object { + "x": 1601391600000, + "y": 0, + }, +] +`; diff --git a/x-pack/test/apm_api_integration/basic/tests/services/throughput.ts b/x-pack/test/apm_api_integration/basic/tests/services/throughput.ts new file mode 100644 index 0000000000000..aea4213f7e657 --- /dev/null +++ b/x-pack/test/apm_api_integration/basic/tests/services/throughput.ts @@ -0,0 +1,85 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the Elastic License; + * you may not use this file except in compliance with the Elastic License. + */ +import expect from '@kbn/expect'; +import qs from 'querystring'; +import { first, last } from 'lodash'; +import archives_metadata from '../../../common/archives_metadata'; +import { FtrProviderContext } from '../../../common/ftr_provider_context'; + +export default function ApiTest({ getService }: FtrProviderContext) { + const supertest = getService('supertest'); + const esArchiver = getService('esArchiver'); + + const archiveName = 'apm_8.0.0'; + const metadata = archives_metadata[archiveName]; + + describe('Throughput', () => { + describe('when data is not loaded', () => { + it('handles the empty state', async () => { + const response = await supertest.get( + `/api/apm/services/opbeans-java/throughput?${qs.stringify({ + start: metadata.start, + end: metadata.end, + uiFilters: encodeURIComponent('{}'), + transactionType: 'request', + })}` + ); + expect(response.status).to.be(200); + expect(response.body.throughput.length).to.be(0); + }); + }); + + describe('when data is loaded', () => { + before(() => esArchiver.load(archiveName)); + after(() => esArchiver.unload(archiveName)); + + describe('returns the service throughput', () => { + let throughputResponse: { + throughput: Array<{ x: number; y: number | null }>; + }; + before(async () => { + const response = await supertest.get( + `/api/apm/services/opbeans-java/throughput?${qs.stringify({ + start: metadata.start, + end: metadata.end, + uiFilters: encodeURIComponent('{}'), + transactionType: 'request', + })}` + ); + throughputResponse = response.body; + }); + + it('returns some data', () => { + expect(throughputResponse.throughput.length).to.be.greaterThan(0); + + const nonNullDataPoints = throughputResponse.throughput.filter(({ y }) => y !== null); + + expect(nonNullDataPoints.length).to.be.greaterThan(0); + }); + + it('has the correct start date', () => { + expectSnapshot( + new Date(first(throughputResponse.throughput)?.x ?? NaN).toISOString() + ).toMatchInline(`"2020-09-29T14:30:00.000Z"`); + }); + + it('has the correct end date', () => { + expectSnapshot( + new Date(last(throughputResponse.throughput)?.x ?? NaN).toISOString() + ).toMatchInline(`"2020-09-29T15:00:00.000Z"`); + }); + + it('has the correct number of buckets', () => { + expectSnapshot(throughputResponse.throughput.length).toMatchInline(`61`); + }); + + it('has the correct throughput', () => { + expectSnapshot(throughputResponse.throughput).toMatch(); + }); + }); + }); + }); +} diff --git a/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions/data.json.gz b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions/data.json.gz new file mode 100644 index 0000000000000..4139fd9d28f46 Binary files /dev/null and b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions/data.json.gz differ diff --git a/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions/mappings.json b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions/mappings.json new file mode 100644 index 0000000000000..4e5c6e9955310 --- /dev/null +++ b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions/mappings.json @@ -0,0 +1,3577 @@ +{ + "type": "index", + "value": { + "aliases": { + "exceptions-8.0.0": { + "is_write_index": false + }, + "beats": { + }, + "siem-read-alias": { + } + }, + "index": "exceptions-8.0.0-2019.08.30-000021", + "mappings": { + "_meta": { + "beat": "auditbeat", + "version": "8.0.0" + }, + "date_detection": false, + "dynamic_templates": [ + { + "labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "labels.*" + } + }, + { + "container.labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "container.labels.*" + } + }, + { + "fields": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + }, + { + "docker.container.labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "docker.container.labels.*" + } + }, + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "agent": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "auditd": { + "properties": { + "data": { + "properties": { + "a0": { + "ignore_above": 1024, + "type": "keyword" + }, + "a1": { + "ignore_above": 1024, + "type": "keyword" + }, + "a2": { + "ignore_above": 1024, + "type": "keyword" + }, + "a3": { + "ignore_above": 1024, + "type": "keyword" + }, + "a[0-3]": { + "ignore_above": 1024, + "type": "keyword" + }, + "acct": { + "ignore_above": 1024, + "type": "keyword" + }, + "acl": { + "ignore_above": 1024, + "type": "keyword" + }, + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "added": { + "ignore_above": 1024, + "type": "keyword" + }, + "addr": { + "ignore_above": 1024, + "type": "keyword" + }, + "apparmor": { + "ignore_above": 1024, + "type": "keyword" + }, + "arch": { + "ignore_above": 1024, + "type": "keyword" + }, + "argc": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_backlog_limit": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_backlog_wait_time": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_enabled": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_failure": { + "ignore_above": 1024, + "type": "keyword" + }, + "banners": { + "ignore_above": 1024, + "type": "keyword" + }, + "bool": { + "ignore_above": 1024, + "type": "keyword" + }, + "bus": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fe": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fi": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fp": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fver": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "capability": { + "ignore_above": 1024, + "type": "keyword" + }, + "cgroup": { + "ignore_above": 1024, + "type": "keyword" + }, + "changed": { + "ignore_above": 1024, + "type": "keyword" + }, + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "cmd": { + "ignore_above": 1024, + "type": "keyword" + }, + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "compat": { + "ignore_above": 1024, + "type": "keyword" + }, + "daddr": { + "ignore_above": 1024, + "type": "keyword" + }, + "data": { + "ignore_above": 1024, + "type": "keyword" + }, + "default-context": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "dir": { + "ignore_above": 1024, + "type": "keyword" + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "dmac": { + "ignore_above": 1024, + "type": "keyword" + }, + "dport": { + "ignore_above": 1024, + "type": "keyword" + }, + "enforcing": { + "ignore_above": 1024, + "type": "keyword" + }, + "entries": { + "ignore_above": 1024, + "type": "keyword" + }, + "exit": { + "ignore_above": 1024, + "type": "keyword" + }, + "fam": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "fd": { + "ignore_above": 1024, + "type": "keyword" + }, + "fe": { + "ignore_above": 1024, + "type": "keyword" + }, + "feature": { + "ignore_above": 1024, + "type": "keyword" + }, + "fi": { + "ignore_above": 1024, + "type": "keyword" + }, + "file": { + "ignore_above": 1024, + "type": "keyword" + }, + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "format": { + "ignore_above": 1024, + "type": "keyword" + }, + "fp": { + "ignore_above": 1024, + "type": "keyword" + }, + "fver": { + "ignore_above": 1024, + "type": "keyword" + }, + "grantors": { + "ignore_above": 1024, + "type": "keyword" + }, + "grp": { + "ignore_above": 1024, + "type": "keyword" + }, + "hook": { + "ignore_above": 1024, + "type": "keyword" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "icmp_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "igid": { + "ignore_above": 1024, + "type": "keyword" + }, + "img-ctx": { + "ignore_above": 1024, + "type": "keyword" + }, + "info": { + "ignore_above": 1024, + "type": "keyword" + }, + "inif": { + "ignore_above": 1024, + "type": "keyword" + }, + "ino": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode_gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode_uid": { + "ignore_above": 1024, + "type": "keyword" + }, + "invalid_context": { + "ignore_above": 1024, + "type": "keyword" + }, + "ioctlcmd": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "ipid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ipx-net": { + "ignore_above": 1024, + "type": "keyword" + }, + "items": { + "ignore_above": 1024, + "type": "keyword" + }, + "iuid": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "ksize": { + "ignore_above": 1024, + "type": "keyword" + }, + "laddr": { + "ignore_above": 1024, + "type": "keyword" + }, + "len": { + "ignore_above": 1024, + "type": "keyword" + }, + "list": { + "ignore_above": 1024, + "type": "keyword" + }, + "lport": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "macproto": { + "ignore_above": 1024, + "type": "keyword" + }, + "maj": { + "ignore_above": 1024, + "type": "keyword" + }, + "major": { + "ignore_above": 1024, + "type": "keyword" + }, + "minor": { + "ignore_above": 1024, + "type": "keyword" + }, + "model": { + "ignore_above": 1024, + "type": "keyword" + }, + "msg": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "nargs": { + "ignore_above": 1024, + "type": "keyword" + }, + "net": { + "ignore_above": 1024, + "type": "keyword" + }, + "new": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-chardev": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-disk": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-enabled": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-fs": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-level": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-log_passwd": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-mem": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-net": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-range": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-rng": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-role": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-seuser": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-vcpu": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_lock": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "nlnk-fam": { + "ignore_above": 1024, + "type": "keyword" + }, + "nlnk-grp": { + "ignore_above": 1024, + "type": "keyword" + }, + "nlnk-pid": { + "ignore_above": 1024, + "type": "keyword" + }, + "oauid": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_uid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ocomm": { + "ignore_above": 1024, + "type": "keyword" + }, + "oflag": { + "ignore_above": 1024, + "type": "keyword" + }, + "old": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-chardev": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-disk": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-enabled": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-fs": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-level": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-log_passwd": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-mem": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-net": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-range": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-rng": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-role": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-seuser": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-vcpu": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_enforcing": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_lock": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pa": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_prom": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_val": { + "ignore_above": 1024, + "type": "keyword" + }, + "op": { + "ignore_above": 1024, + "type": "keyword" + }, + "operation": { + "ignore_above": 1024, + "type": "keyword" + }, + "opid": { + "ignore_above": 1024, + "type": "keyword" + }, + "oses": { + "ignore_above": 1024, + "type": "keyword" + }, + "outif": { + "ignore_above": 1024, + "type": "keyword" + }, + "pa": { + "ignore_above": 1024, + "type": "keyword" + }, + "parent": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "per": { + "ignore_above": 1024, + "type": "keyword" + }, + "perm": { + "ignore_above": 1024, + "type": "keyword" + }, + "perm_mask": { + "ignore_above": 1024, + "type": "keyword" + }, + "permissive": { + "ignore_above": 1024, + "type": "keyword" + }, + "pfs": { + "ignore_above": 1024, + "type": "keyword" + }, + "pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "printer": { + "ignore_above": 1024, + "type": "keyword" + }, + "profile": { + "ignore_above": 1024, + "type": "keyword" + }, + "prom": { + "ignore_above": 1024, + "type": "keyword" + }, + "proto": { + "ignore_above": 1024, + "type": "keyword" + }, + "qbytes": { + "ignore_above": 1024, + "type": "keyword" + }, + "range": { + "ignore_above": 1024, + "type": "keyword" + }, + "reason": { + "ignore_above": 1024, + "type": "keyword" + }, + "removed": { + "ignore_above": 1024, + "type": "keyword" + }, + "res": { + "ignore_above": 1024, + "type": "keyword" + }, + "resrc": { + "ignore_above": 1024, + "type": "keyword" + }, + "rport": { + "ignore_above": 1024, + "type": "keyword" + }, + "sauid": { + "ignore_above": 1024, + "type": "keyword" + }, + "scontext": { + "ignore_above": 1024, + "type": "keyword" + }, + "selected-context": { + "ignore_above": 1024, + "type": "keyword" + }, + "seperm": { + "ignore_above": 1024, + "type": "keyword" + }, + "seperms": { + "ignore_above": 1024, + "type": "keyword" + }, + "seqno": { + "ignore_above": 1024, + "type": "keyword" + }, + "seresult": { + "ignore_above": 1024, + "type": "keyword" + }, + "ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "seuser": { + "ignore_above": 1024, + "type": "keyword" + }, + "sig": { + "ignore_above": 1024, + "type": "keyword" + }, + "sigev_signo": { + "ignore_above": 1024, + "type": "keyword" + }, + "smac": { + "ignore_above": 1024, + "type": "keyword" + }, + "socket": { + "properties": { + "addr": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "ignore_above": 1024, + "type": "keyword" + }, + "saddr": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "spid": { + "ignore_above": 1024, + "type": "keyword" + }, + "sport": { + "ignore_above": 1024, + "type": "keyword" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "subj": { + "ignore_above": 1024, + "type": "keyword" + }, + "success": { + "ignore_above": 1024, + "type": "keyword" + }, + "syscall": { + "ignore_above": 1024, + "type": "keyword" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + }, + "tclass": { + "ignore_above": 1024, + "type": "keyword" + }, + "tcontext": { + "ignore_above": 1024, + "type": "keyword" + }, + "terminal": { + "ignore_above": 1024, + "type": "keyword" + }, + "tty": { + "ignore_above": 1024, + "type": "keyword" + }, + "unit": { + "ignore_above": 1024, + "type": "keyword" + }, + "uri": { + "ignore_above": 1024, + "type": "keyword" + }, + "uuid": { + "ignore_above": 1024, + "type": "keyword" + }, + "val": { + "ignore_above": 1024, + "type": "keyword" + }, + "ver": { + "ignore_above": 1024, + "type": "keyword" + }, + "virt": { + "ignore_above": 1024, + "type": "keyword" + }, + "vm": { + "ignore_above": 1024, + "type": "keyword" + }, + "vm-ctx": { + "ignore_above": 1024, + "type": "keyword" + }, + "vm-pid": { + "ignore_above": 1024, + "type": "keyword" + }, + "watch": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "message_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "paths": { + "properties": { + "cap_fe": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fi": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fp": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fver": { + "ignore_above": 1024, + "type": "keyword" + }, + "dev": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode": { + "ignore_above": 1024, + "type": "keyword" + }, + "item": { + "ignore_above": 1024, + "type": "keyword" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "nametype": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_level": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_role": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_user": { + "ignore_above": 1024, + "type": "keyword" + }, + "objtype": { + "ignore_above": 1024, + "type": "keyword" + }, + "ogid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ouid": { + "ignore_above": 1024, + "type": "keyword" + }, + "rdev": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "result": { + "ignore_above": 1024, + "type": "keyword" + }, + "sequence": { + "type": "long" + }, + "session": { + "ignore_above": 1024, + "type": "keyword" + }, + "summary": { + "properties": { + "actor": { + "properties": { + "primary": { + "ignore_above": 1024, + "type": "keyword" + }, + "secondary": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "how": { + "ignore_above": 1024, + "type": "keyword" + }, + "object": { + "properties": { + "primary": { + "ignore_above": 1024, + "type": "keyword" + }, + "secondary": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "client": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "cloud": { + "properties": { + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "container": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "tag": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "runtime": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "docker": { + "properties": { + "container": { + "properties": { + "labels": { + "type": "object" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "properties": { + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "type": "date" + }, + "dataset": { + "ignore_above": 1024, + "type": "keyword" + }, + "duration": { + "type": "long" + }, + "end": { + "type": "date" + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + }, + "risk_score": { + "type": "float" + }, + "risk_score_norm": { + "type": "float" + }, + "severity": { + "type": "long" + }, + "start": { + "type": "date" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "fields": { + "type": "object" + }, + "file": { + "properties": { + "ctime": { + "type": "date" + }, + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mtime": { + "type": "date" + }, + "origin": { + "fields": { + "raw": { + "ignore_above": 1024, + "type": "keyword" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "owner": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "selinux": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "role": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "setgid": { + "type": "boolean" + }, + "setuid": { + "type": "boolean" + }, + "size": { + "type": "long" + }, + "target_path": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "flow": { + "properties": { + "complete": { + "type": "boolean" + }, + "final": { + "type": "boolean" + } + } + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "properties": { + "blake2b_256": { + "ignore_above": 1024, + "type": "keyword" + }, + "blake2b_384": { + "ignore_above": 1024, + "type": "keyword" + }, + "blake2b_512": { + "ignore_above": 1024, + "type": "keyword" + }, + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha224": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha384": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_224": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_384": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_512": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512_224": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512_256": { + "ignore_above": 1024, + "type": "keyword" + }, + "xxh64": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "containerized": { + "type": "boolean" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "referrer": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "status_code": { + "type": "long" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "jolokia": { + "properties": { + "agent": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "secured": { + "type": "boolean" + }, + "server": { + "properties": { + "product": { + "ignore_above": 1024, + "type": "keyword" + }, + "vendor": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "kubernetes": { + "properties": { + "annotations": { + "type": "object" + }, + "container": { + "properties": { + "image": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "deployment": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "namespace": { + "ignore_above": 1024, + "type": "keyword" + }, + "node": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "pod": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "replicaset": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "statefulset": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "labels": { + "type": "object" + }, + "log": { + "properties": { + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "message": { + "norms": false, + "type": "text" + }, + "network": { + "properties": { + "application": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "community_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "forwarded_ip": { + "type": "ip" + }, + "iana_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + }, + "transport": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "observer": { + "properties": { + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "serial_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "vendor": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "organization": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "process": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "executable": { + "ignore_above": 1024, + "type": "keyword" + }, + "hash": { + "properties": { + "sha1": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + }, + "title": { + "ignore_above": 1024, + "type": "keyword" + }, + "working_directory": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "related": { + "properties": { + "ip": { + "type": "ip" + } + } + }, + "server": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "service": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "socket": { + "properties": { + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "system": { + "properties": { + "audit": { + "properties": { + "host": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "boottime": { + "type": "date" + }, + "containerized": { + "type": "boolean" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "timezone": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "offset": { + "properties": { + "sec": { + "type": "long" + } + } + } + } + }, + "uptime": { + "type": "long" + } + } + }, + "newsocket": { + "properties": { + "egid": { + "type": "long" + }, + "euid": { + "type": "long" + }, + "gid": { + "type": "long" + }, + "internal_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel_sock_address": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "type": "long" + } + } + }, + "package": { + "properties": { + "arch": { + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "installtime": { + "type": "date" + }, + "license": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "release": { + "ignore_above": 1024, + "type": "keyword" + }, + "size": { + "type": "long" + }, + "summary": { + "ignore_above": 1024, + "type": "keyword" + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "socket": { + "properties": { + "egid": { + "type": "long" + }, + "euid": { + "type": "long" + }, + "gid": { + "type": "long" + }, + "internal_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel_sock_address": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "type": "long" + } + } + }, + "user": { + "properties": { + "dir": { + "ignore_above": 1024, + "type": "keyword" + }, + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "password": { + "properties": { + "last_changed": { + "type": "date" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "shell": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + }, + "user_information": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "url": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "fragment": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "password": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "scheme": { + "ignore_above": 1024, + "type": "keyword" + }, + "username": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "audit": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "effective": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "filesystem": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "name_map": { + "type": "object" + }, + "saved": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "selinux": { + "properties": { + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "role": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "terminal": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "settings": { + "index": { + "lifecycle": { + "indexing_complete": "true", + "name": "auditbeat-8.0.0", + "rollover_alias": "auditbeat-8.0.0" + }, + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "number_of_replicas": "0", + "number_of_shards": "1", + "query": { + "default_field": [ + "message", + "tags", + "agent.ephemeral_id", + "agent.id", + "agent.name", + "agent.type", + "agent.version", + "client.address", + "client.domain", + "client.geo.city_name", + "client.geo.continent_name", + "client.geo.country_iso_code", + "client.geo.country_name", + "client.geo.name", + "client.geo.region_iso_code", + "client.geo.region_name", + "client.mac", + "client.user.email", + "client.user.full_name", + "client.user.group.id", + "client.user.group.name", + "client.user.hash", + "client.user.id", + "client.user.name", + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "container.id", + "container.image.name", + "container.image.tag", + "container.name", + "container.runtime", + "destination.address", + "destination.domain", + "destination.geo.city_name", + "destination.geo.continent_name", + "destination.geo.country_iso_code", + "destination.geo.country_name", + "destination.geo.name", + "destination.geo.region_iso_code", + "destination.geo.region_name", + "destination.mac", + "destination.user.email", + "destination.user.full_name", + "destination.user.group.id", + "destination.user.group.name", + "destination.user.hash", + "destination.user.id", + "destination.user.name", + "ecs.version", + "error.code", + "error.id", + "error.message", + "event.action", + "event.category", + "event.dataset", + "event.hash", + "event.id", + "event.kind", + "event.module", + "event.original", + "event.outcome", + "event.timezone", + "event.type", + "file.device", + "file.extension", + "file.gid", + "file.group", + "file.inode", + "file.mode", + "file.owner", + "file.path", + "file.target_path", + "file.type", + "file.uid", + "geo.city_name", + "geo.continent_name", + "geo.country_iso_code", + "geo.country_name", + "geo.name", + "geo.region_iso_code", + "geo.region_name", + "group.id", + "group.name", + "host.architecture", + "host.geo.city_name", + "host.geo.continent_name", + "host.geo.country_iso_code", + "host.geo.country_name", + "host.geo.name", + "host.geo.region_iso_code", + "host.geo.region_name", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.full", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.user.email", + "host.user.full_name", + "host.user.group.id", + "host.user.group.name", + "host.user.hash", + "host.user.id", + "host.user.name", + "http.request.body.content", + "http.request.method", + "http.request.referrer", + "http.response.body.content", + "http.version", + "log.level", + "log.original", + "network.application", + "network.community_id", + "network.direction", + "network.iana_number", + "network.name", + "network.protocol", + "network.transport", + "network.type", + "observer.geo.city_name", + "observer.geo.continent_name", + "observer.geo.country_iso_code", + "observer.geo.country_name", + "observer.geo.name", + "observer.geo.region_iso_code", + "observer.geo.region_name", + "observer.hostname", + "observer.mac", + "observer.os.family", + "observer.os.full", + "observer.os.kernel", + "observer.os.name", + "observer.os.platform", + "observer.os.version", + "observer.serial_number", + "observer.type", + "observer.vendor", + "observer.version", + "organization.id", + "organization.name", + "os.family", + "os.full", + "os.kernel", + "os.name", + "os.platform", + "os.version", + "process.args", + "process.executable", + "process.name", + "process.title", + "process.working_directory", + "server.address", + "server.domain", + "server.geo.city_name", + "server.geo.continent_name", + "server.geo.country_iso_code", + "server.geo.country_name", + "server.geo.name", + "server.geo.region_iso_code", + "server.geo.region_name", + "server.mac", + "server.user.email", + "server.user.full_name", + "server.user.group.id", + "server.user.group.name", + "server.user.hash", + "server.user.id", + "server.user.name", + "service.ephemeral_id", + "service.id", + "service.name", + "service.state", + "service.type", + "service.version", + "source.address", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.name", + "source.geo.region_iso_code", + "source.geo.region_name", + "source.mac", + "source.user.email", + "source.user.full_name", + "source.user.group.id", + "source.user.group.name", + "source.user.hash", + "source.user.id", + "source.user.name", + "url.domain", + "url.fragment", + "url.full", + "url.original", + "url.password", + "url.path", + "url.query", + "url.scheme", + "url.username", + "user.email", + "user.full_name", + "user.group.id", + "user.group.name", + "user.hash", + "user.id", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.family", + "user_agent.os.full", + "user_agent.os.kernel", + "user_agent.os.name", + "user_agent.os.platform", + "user_agent.os.version", + "user_agent.version", + "agent.hostname", + "error.type", + "cloud.project.id", + "host.os.build", + "kubernetes.pod.name", + "kubernetes.pod.uid", + "kubernetes.namespace", + "kubernetes.node.name", + "kubernetes.replicaset.name", + "kubernetes.deployment.name", + "kubernetes.statefulset.name", + "kubernetes.container.name", + "kubernetes.container.image", + "jolokia.agent.version", + "jolokia.agent.id", + "jolokia.server.product", + "jolokia.server.version", + "jolokia.server.vendor", + "jolokia.url", + "raw", + "file.origin", + "file.selinux.user", + "file.selinux.role", + "file.selinux.domain", + "file.selinux.level", + "user.audit.id", + "user.audit.name", + "user.effective.id", + "user.effective.name", + "user.effective.group.id", + "user.effective.group.name", + "user.filesystem.id", + "user.filesystem.name", + "user.filesystem.group.id", + "user.filesystem.group.name", + "user.saved.id", + "user.saved.name", + "user.saved.group.id", + "user.saved.group.name", + "user.selinux.user", + "user.selinux.role", + "user.selinux.domain", + "user.selinux.level", + "user.selinux.category", + "source.path", + "destination.path", + "auditd.message_type", + "auditd.session", + "auditd.result", + "auditd.summary.actor.primary", + "auditd.summary.actor.secondary", + "auditd.summary.object.type", + "auditd.summary.object.primary", + "auditd.summary.object.secondary", + "auditd.summary.how", + "auditd.paths.inode", + "auditd.paths.dev", + "auditd.paths.obj_user", + "auditd.paths.obj_role", + "auditd.paths.obj_domain", + "auditd.paths.obj_level", + "auditd.paths.objtype", + "auditd.paths.ouid", + "auditd.paths.rdev", + "auditd.paths.nametype", + "auditd.paths.ogid", + "auditd.paths.item", + "auditd.paths.mode", + "auditd.paths.name", + "auditd.data.action", + "auditd.data.minor", + "auditd.data.acct", + "auditd.data.addr", + "auditd.data.cipher", + "auditd.data.id", + "auditd.data.entries", + "auditd.data.kind", + "auditd.data.ksize", + "auditd.data.spid", + "auditd.data.arch", + "auditd.data.argc", + "auditd.data.major", + "auditd.data.unit", + "auditd.data.table", + "auditd.data.terminal", + "auditd.data.grantors", + "auditd.data.direction", + "auditd.data.op", + "auditd.data.tty", + "auditd.data.syscall", + "auditd.data.data", + "auditd.data.family", + "auditd.data.mac", + "auditd.data.pfs", + "auditd.data.items", + "auditd.data.a0", + "auditd.data.a1", + "auditd.data.a2", + "auditd.data.a3", + "auditd.data.hostname", + "auditd.data.lport", + "auditd.data.rport", + "auditd.data.exit", + "auditd.data.fp", + "auditd.data.laddr", + "auditd.data.sport", + "auditd.data.capability", + "auditd.data.nargs", + "auditd.data.new-enabled", + "auditd.data.audit_backlog_limit", + "auditd.data.dir", + "auditd.data.cap_pe", + "auditd.data.model", + "auditd.data.new_pp", + "auditd.data.old-enabled", + "auditd.data.oauid", + "auditd.data.old", + "auditd.data.banners", + "auditd.data.feature", + "auditd.data.vm-ctx", + "auditd.data.opid", + "auditd.data.seperms", + "auditd.data.seresult", + "auditd.data.new-rng", + "auditd.data.old-net", + "auditd.data.sigev_signo", + "auditd.data.ino", + "auditd.data.old_enforcing", + "auditd.data.old-vcpu", + "auditd.data.range", + "auditd.data.res", + "auditd.data.added", + "auditd.data.fam", + "auditd.data.nlnk-pid", + "auditd.data.subj", + "auditd.data.a[0-3]", + "auditd.data.cgroup", + "auditd.data.kernel", + "auditd.data.ocomm", + "auditd.data.new-net", + "auditd.data.permissive", + "auditd.data.class", + "auditd.data.compat", + "auditd.data.fi", + "auditd.data.changed", + "auditd.data.msg", + "auditd.data.dport", + "auditd.data.new-seuser", + "auditd.data.invalid_context", + "auditd.data.dmac", + "auditd.data.ipx-net", + "auditd.data.iuid", + "auditd.data.macproto", + "auditd.data.obj", + "auditd.data.ipid", + "auditd.data.new-fs", + "auditd.data.vm-pid", + "auditd.data.cap_pi", + "auditd.data.old-auid", + "auditd.data.oses", + "auditd.data.fd", + "auditd.data.igid", + "auditd.data.new-disk", + "auditd.data.parent", + "auditd.data.len", + "auditd.data.oflag", + "auditd.data.uuid", + "auditd.data.code", + "auditd.data.nlnk-grp", + "auditd.data.cap_fp", + "auditd.data.new-mem", + "auditd.data.seperm", + "auditd.data.enforcing", + "auditd.data.new-chardev", + "auditd.data.old-rng", + "auditd.data.outif", + "auditd.data.cmd", + "auditd.data.hook", + "auditd.data.new-level", + "auditd.data.sauid", + "auditd.data.sig", + "auditd.data.audit_backlog_wait_time", + "auditd.data.printer", + "auditd.data.old-mem", + "auditd.data.perm", + "auditd.data.old_pi", + "auditd.data.state", + "auditd.data.format", + "auditd.data.new_gid", + "auditd.data.tcontext", + "auditd.data.maj", + "auditd.data.watch", + "auditd.data.device", + "auditd.data.grp", + "auditd.data.bool", + "auditd.data.icmp_type", + "auditd.data.new_lock", + "auditd.data.old_prom", + "auditd.data.acl", + "auditd.data.ip", + "auditd.data.new_pi", + "auditd.data.default-context", + "auditd.data.inode_gid", + "auditd.data.new-log_passwd", + "auditd.data.new_pe", + "auditd.data.selected-context", + "auditd.data.cap_fver", + "auditd.data.file", + "auditd.data.net", + "auditd.data.virt", + "auditd.data.cap_pp", + "auditd.data.old-range", + "auditd.data.resrc", + "auditd.data.new-range", + "auditd.data.obj_gid", + "auditd.data.proto", + "auditd.data.old-disk", + "auditd.data.audit_failure", + "auditd.data.inif", + "auditd.data.vm", + "auditd.data.flags", + "auditd.data.nlnk-fam", + "auditd.data.old-fs", + "auditd.data.old-ses", + "auditd.data.seqno", + "auditd.data.fver", + "auditd.data.qbytes", + "auditd.data.seuser", + "auditd.data.cap_fe", + "auditd.data.new-vcpu", + "auditd.data.old-level", + "auditd.data.old_pp", + "auditd.data.daddr", + "auditd.data.old-role", + "auditd.data.ioctlcmd", + "auditd.data.smac", + "auditd.data.apparmor", + "auditd.data.fe", + "auditd.data.perm_mask", + "auditd.data.ses", + "auditd.data.cap_fi", + "auditd.data.obj_uid", + "auditd.data.reason", + "auditd.data.list", + "auditd.data.old_lock", + "auditd.data.bus", + "auditd.data.old_pe", + "auditd.data.new-role", + "auditd.data.prom", + "auditd.data.uri", + "auditd.data.audit_enabled", + "auditd.data.old-log_passwd", + "auditd.data.old-seuser", + "auditd.data.per", + "auditd.data.scontext", + "auditd.data.tclass", + "auditd.data.ver", + "auditd.data.new", + "auditd.data.val", + "auditd.data.img-ctx", + "auditd.data.old-chardev", + "auditd.data.old_val", + "auditd.data.success", + "auditd.data.inode_uid", + "auditd.data.removed", + "auditd.data.socket.port", + "auditd.data.socket.saddr", + "auditd.data.socket.addr", + "auditd.data.socket.family", + "auditd.data.socket.path", + "geoip.continent_name", + "geoip.city_name", + "geoip.region_name", + "geoip.country_iso_code", + "hash.blake2b_256", + "hash.blake2b_384", + "hash.blake2b_512", + "hash.md5", + "hash.sha1", + "hash.sha224", + "hash.sha256", + "hash.sha384", + "hash.sha3_224", + "hash.sha3_256", + "hash.sha3_384", + "hash.sha3_512", + "hash.sha512", + "hash.sha512_224", + "hash.sha512_256", + "hash.xxh64", + "event.origin", + "user.entity_id", + "user.terminal", + "process.entity_id", + "socket.entity_id", + "system.audit.host.timezone.name", + "system.audit.host.hostname", + "system.audit.host.id", + "system.audit.host.architecture", + "system.audit.host.mac", + "system.audit.host.os.platform", + "system.audit.host.os.name", + "system.audit.host.os.family", + "system.audit.host.os.version", + "system.audit.host.os.kernel", + "system.audit.package.entity_id", + "system.audit.package.name", + "system.audit.package.version", + "system.audit.package.release", + "system.audit.package.arch", + "system.audit.package.license", + "system.audit.package.summary", + "system.audit.package.url", + "system.audit.user.name", + "system.audit.user.uid", + "system.audit.user.gid", + "system.audit.user.dir", + "system.audit.user.shell", + "system.audit.user.user_information", + "system.audit.user.password.type", + "fields.*" + ] + }, + "refresh_interval": "5s" + } + } + } +} diff --git a/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions2/data.json.gz b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions2/data.json.gz new file mode 100644 index 0000000000000..0fdcb7d783ea6 Binary files /dev/null and b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions2/data.json.gz differ diff --git a/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions2/mappings.json b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions2/mappings.json new file mode 100644 index 0000000000000..4e5c6e9955310 --- /dev/null +++ b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions2/mappings.json @@ -0,0 +1,3577 @@ +{ + "type": "index", + "value": { + "aliases": { + "exceptions-8.0.0": { + "is_write_index": false + }, + "beats": { + }, + "siem-read-alias": { + } + }, + "index": "exceptions-8.0.0-2019.08.30-000021", + "mappings": { + "_meta": { + "beat": "auditbeat", + "version": "8.0.0" + }, + "date_detection": false, + "dynamic_templates": [ + { + "labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "labels.*" + } + }, + { + "container.labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "container.labels.*" + } + }, + { + "fields": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "fields.*" + } + }, + { + "docker.container.labels": { + "mapping": { + "type": "keyword" + }, + "match_mapping_type": "string", + "path_match": "docker.container.labels.*" + } + }, + { + "strings_as_keyword": { + "mapping": { + "ignore_above": 1024, + "type": "keyword" + }, + "match_mapping_type": "string" + } + } + ], + "properties": { + "@timestamp": { + "type": "date" + }, + "agent": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "auditd": { + "properties": { + "data": { + "properties": { + "a0": { + "ignore_above": 1024, + "type": "keyword" + }, + "a1": { + "ignore_above": 1024, + "type": "keyword" + }, + "a2": { + "ignore_above": 1024, + "type": "keyword" + }, + "a3": { + "ignore_above": 1024, + "type": "keyword" + }, + "a[0-3]": { + "ignore_above": 1024, + "type": "keyword" + }, + "acct": { + "ignore_above": 1024, + "type": "keyword" + }, + "acl": { + "ignore_above": 1024, + "type": "keyword" + }, + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "added": { + "ignore_above": 1024, + "type": "keyword" + }, + "addr": { + "ignore_above": 1024, + "type": "keyword" + }, + "apparmor": { + "ignore_above": 1024, + "type": "keyword" + }, + "arch": { + "ignore_above": 1024, + "type": "keyword" + }, + "argc": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_backlog_limit": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_backlog_wait_time": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_enabled": { + "ignore_above": 1024, + "type": "keyword" + }, + "audit_failure": { + "ignore_above": 1024, + "type": "keyword" + }, + "banners": { + "ignore_above": 1024, + "type": "keyword" + }, + "bool": { + "ignore_above": 1024, + "type": "keyword" + }, + "bus": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fe": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fi": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fp": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fver": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "capability": { + "ignore_above": 1024, + "type": "keyword" + }, + "cgroup": { + "ignore_above": 1024, + "type": "keyword" + }, + "changed": { + "ignore_above": 1024, + "type": "keyword" + }, + "cipher": { + "ignore_above": 1024, + "type": "keyword" + }, + "class": { + "ignore_above": 1024, + "type": "keyword" + }, + "cmd": { + "ignore_above": 1024, + "type": "keyword" + }, + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "compat": { + "ignore_above": 1024, + "type": "keyword" + }, + "daddr": { + "ignore_above": 1024, + "type": "keyword" + }, + "data": { + "ignore_above": 1024, + "type": "keyword" + }, + "default-context": { + "ignore_above": 1024, + "type": "keyword" + }, + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "dir": { + "ignore_above": 1024, + "type": "keyword" + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "dmac": { + "ignore_above": 1024, + "type": "keyword" + }, + "dport": { + "ignore_above": 1024, + "type": "keyword" + }, + "enforcing": { + "ignore_above": 1024, + "type": "keyword" + }, + "entries": { + "ignore_above": 1024, + "type": "keyword" + }, + "exit": { + "ignore_above": 1024, + "type": "keyword" + }, + "fam": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "fd": { + "ignore_above": 1024, + "type": "keyword" + }, + "fe": { + "ignore_above": 1024, + "type": "keyword" + }, + "feature": { + "ignore_above": 1024, + "type": "keyword" + }, + "fi": { + "ignore_above": 1024, + "type": "keyword" + }, + "file": { + "ignore_above": 1024, + "type": "keyword" + }, + "flags": { + "ignore_above": 1024, + "type": "keyword" + }, + "format": { + "ignore_above": 1024, + "type": "keyword" + }, + "fp": { + "ignore_above": 1024, + "type": "keyword" + }, + "fver": { + "ignore_above": 1024, + "type": "keyword" + }, + "grantors": { + "ignore_above": 1024, + "type": "keyword" + }, + "grp": { + "ignore_above": 1024, + "type": "keyword" + }, + "hook": { + "ignore_above": 1024, + "type": "keyword" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "icmp_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "igid": { + "ignore_above": 1024, + "type": "keyword" + }, + "img-ctx": { + "ignore_above": 1024, + "type": "keyword" + }, + "info": { + "ignore_above": 1024, + "type": "keyword" + }, + "inif": { + "ignore_above": 1024, + "type": "keyword" + }, + "ino": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode_gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode_uid": { + "ignore_above": 1024, + "type": "keyword" + }, + "invalid_context": { + "ignore_above": 1024, + "type": "keyword" + }, + "ioctlcmd": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "ignore_above": 1024, + "type": "keyword" + }, + "ipid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ipx-net": { + "ignore_above": 1024, + "type": "keyword" + }, + "items": { + "ignore_above": 1024, + "type": "keyword" + }, + "iuid": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "ksize": { + "ignore_above": 1024, + "type": "keyword" + }, + "laddr": { + "ignore_above": 1024, + "type": "keyword" + }, + "len": { + "ignore_above": 1024, + "type": "keyword" + }, + "list": { + "ignore_above": 1024, + "type": "keyword" + }, + "lport": { + "ignore_above": 1024, + "type": "keyword" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "macproto": { + "ignore_above": 1024, + "type": "keyword" + }, + "maj": { + "ignore_above": 1024, + "type": "keyword" + }, + "major": { + "ignore_above": 1024, + "type": "keyword" + }, + "minor": { + "ignore_above": 1024, + "type": "keyword" + }, + "model": { + "ignore_above": 1024, + "type": "keyword" + }, + "msg": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "nargs": { + "ignore_above": 1024, + "type": "keyword" + }, + "net": { + "ignore_above": 1024, + "type": "keyword" + }, + "new": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-chardev": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-disk": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-enabled": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-fs": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-level": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-log_passwd": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-mem": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-net": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-range": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-rng": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-role": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-seuser": { + "ignore_above": 1024, + "type": "keyword" + }, + "new-vcpu": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_lock": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "new_pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "nlnk-fam": { + "ignore_above": 1024, + "type": "keyword" + }, + "nlnk-grp": { + "ignore_above": 1024, + "type": "keyword" + }, + "nlnk-pid": { + "ignore_above": 1024, + "type": "keyword" + }, + "oauid": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_uid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ocomm": { + "ignore_above": 1024, + "type": "keyword" + }, + "oflag": { + "ignore_above": 1024, + "type": "keyword" + }, + "old": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-auid": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-chardev": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-disk": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-enabled": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-fs": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-level": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-log_passwd": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-mem": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-net": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-range": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-rng": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-role": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-seuser": { + "ignore_above": 1024, + "type": "keyword" + }, + "old-vcpu": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_enforcing": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_lock": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pa": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_prom": { + "ignore_above": 1024, + "type": "keyword" + }, + "old_val": { + "ignore_above": 1024, + "type": "keyword" + }, + "op": { + "ignore_above": 1024, + "type": "keyword" + }, + "operation": { + "ignore_above": 1024, + "type": "keyword" + }, + "opid": { + "ignore_above": 1024, + "type": "keyword" + }, + "oses": { + "ignore_above": 1024, + "type": "keyword" + }, + "outif": { + "ignore_above": 1024, + "type": "keyword" + }, + "pa": { + "ignore_above": 1024, + "type": "keyword" + }, + "parent": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "pe": { + "ignore_above": 1024, + "type": "keyword" + }, + "per": { + "ignore_above": 1024, + "type": "keyword" + }, + "perm": { + "ignore_above": 1024, + "type": "keyword" + }, + "perm_mask": { + "ignore_above": 1024, + "type": "keyword" + }, + "permissive": { + "ignore_above": 1024, + "type": "keyword" + }, + "pfs": { + "ignore_above": 1024, + "type": "keyword" + }, + "pi": { + "ignore_above": 1024, + "type": "keyword" + }, + "pp": { + "ignore_above": 1024, + "type": "keyword" + }, + "printer": { + "ignore_above": 1024, + "type": "keyword" + }, + "profile": { + "ignore_above": 1024, + "type": "keyword" + }, + "prom": { + "ignore_above": 1024, + "type": "keyword" + }, + "proto": { + "ignore_above": 1024, + "type": "keyword" + }, + "qbytes": { + "ignore_above": 1024, + "type": "keyword" + }, + "range": { + "ignore_above": 1024, + "type": "keyword" + }, + "reason": { + "ignore_above": 1024, + "type": "keyword" + }, + "removed": { + "ignore_above": 1024, + "type": "keyword" + }, + "res": { + "ignore_above": 1024, + "type": "keyword" + }, + "resrc": { + "ignore_above": 1024, + "type": "keyword" + }, + "rport": { + "ignore_above": 1024, + "type": "keyword" + }, + "sauid": { + "ignore_above": 1024, + "type": "keyword" + }, + "scontext": { + "ignore_above": 1024, + "type": "keyword" + }, + "selected-context": { + "ignore_above": 1024, + "type": "keyword" + }, + "seperm": { + "ignore_above": 1024, + "type": "keyword" + }, + "seperms": { + "ignore_above": 1024, + "type": "keyword" + }, + "seqno": { + "ignore_above": 1024, + "type": "keyword" + }, + "seresult": { + "ignore_above": 1024, + "type": "keyword" + }, + "ses": { + "ignore_above": 1024, + "type": "keyword" + }, + "seuser": { + "ignore_above": 1024, + "type": "keyword" + }, + "sig": { + "ignore_above": 1024, + "type": "keyword" + }, + "sigev_signo": { + "ignore_above": 1024, + "type": "keyword" + }, + "smac": { + "ignore_above": 1024, + "type": "keyword" + }, + "socket": { + "properties": { + "addr": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "ignore_above": 1024, + "type": "keyword" + }, + "saddr": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "spid": { + "ignore_above": 1024, + "type": "keyword" + }, + "sport": { + "ignore_above": 1024, + "type": "keyword" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "subj": { + "ignore_above": 1024, + "type": "keyword" + }, + "success": { + "ignore_above": 1024, + "type": "keyword" + }, + "syscall": { + "ignore_above": 1024, + "type": "keyword" + }, + "table": { + "ignore_above": 1024, + "type": "keyword" + }, + "tclass": { + "ignore_above": 1024, + "type": "keyword" + }, + "tcontext": { + "ignore_above": 1024, + "type": "keyword" + }, + "terminal": { + "ignore_above": 1024, + "type": "keyword" + }, + "tty": { + "ignore_above": 1024, + "type": "keyword" + }, + "unit": { + "ignore_above": 1024, + "type": "keyword" + }, + "uri": { + "ignore_above": 1024, + "type": "keyword" + }, + "uuid": { + "ignore_above": 1024, + "type": "keyword" + }, + "val": { + "ignore_above": 1024, + "type": "keyword" + }, + "ver": { + "ignore_above": 1024, + "type": "keyword" + }, + "virt": { + "ignore_above": 1024, + "type": "keyword" + }, + "vm": { + "ignore_above": 1024, + "type": "keyword" + }, + "vm-ctx": { + "ignore_above": 1024, + "type": "keyword" + }, + "vm-pid": { + "ignore_above": 1024, + "type": "keyword" + }, + "watch": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "message_type": { + "ignore_above": 1024, + "type": "keyword" + }, + "paths": { + "properties": { + "cap_fe": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fi": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fp": { + "ignore_above": 1024, + "type": "keyword" + }, + "cap_fver": { + "ignore_above": 1024, + "type": "keyword" + }, + "dev": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode": { + "ignore_above": 1024, + "type": "keyword" + }, + "item": { + "ignore_above": 1024, + "type": "keyword" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "nametype": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_level": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_role": { + "ignore_above": 1024, + "type": "keyword" + }, + "obj_user": { + "ignore_above": 1024, + "type": "keyword" + }, + "objtype": { + "ignore_above": 1024, + "type": "keyword" + }, + "ogid": { + "ignore_above": 1024, + "type": "keyword" + }, + "ouid": { + "ignore_above": 1024, + "type": "keyword" + }, + "rdev": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "result": { + "ignore_above": 1024, + "type": "keyword" + }, + "sequence": { + "type": "long" + }, + "session": { + "ignore_above": 1024, + "type": "keyword" + }, + "summary": { + "properties": { + "actor": { + "properties": { + "primary": { + "ignore_above": 1024, + "type": "keyword" + }, + "secondary": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "how": { + "ignore_above": 1024, + "type": "keyword" + }, + "object": { + "properties": { + "primary": { + "ignore_above": 1024, + "type": "keyword" + }, + "secondary": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "client": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "cloud": { + "properties": { + "account": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "availability_zone": { + "ignore_above": 1024, + "type": "keyword" + }, + "instance": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "machine": { + "properties": { + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "project": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "provider": { + "ignore_above": 1024, + "type": "keyword" + }, + "region": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "container": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "image": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "tag": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "runtime": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "destination": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "docker": { + "properties": { + "container": { + "properties": { + "labels": { + "type": "object" + } + } + } + } + }, + "ecs": { + "properties": { + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "error": { + "properties": { + "code": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "message": { + "norms": false, + "type": "text" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "event": { + "properties": { + "action": { + "ignore_above": 1024, + "type": "keyword" + }, + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "type": "date" + }, + "dataset": { + "ignore_above": 1024, + "type": "keyword" + }, + "duration": { + "type": "long" + }, + "end": { + "type": "date" + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "kind": { + "ignore_above": 1024, + "type": "keyword" + }, + "module": { + "ignore_above": 1024, + "type": "keyword" + }, + "origin": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "outcome": { + "ignore_above": 1024, + "type": "keyword" + }, + "risk_score": { + "type": "float" + }, + "risk_score_norm": { + "type": "float" + }, + "severity": { + "type": "long" + }, + "start": { + "type": "date" + }, + "timezone": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "fields": { + "type": "object" + }, + "file": { + "properties": { + "ctime": { + "type": "date" + }, + "device": { + "ignore_above": 1024, + "type": "keyword" + }, + "extension": { + "ignore_above": 1024, + "type": "keyword" + }, + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "ignore_above": 1024, + "type": "keyword" + }, + "inode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mode": { + "ignore_above": 1024, + "type": "keyword" + }, + "mtime": { + "type": "date" + }, + "origin": { + "fields": { + "raw": { + "ignore_above": 1024, + "type": "keyword" + } + }, + "ignore_above": 1024, + "type": "keyword" + }, + "owner": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "selinux": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "role": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "setgid": { + "type": "boolean" + }, + "setuid": { + "type": "boolean" + }, + "size": { + "type": "long" + }, + "target_path": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "flow": { + "properties": { + "complete": { + "type": "boolean" + }, + "final": { + "type": "boolean" + } + } + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "geoip": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "properties": { + "blake2b_256": { + "ignore_above": 1024, + "type": "keyword" + }, + "blake2b_384": { + "ignore_above": 1024, + "type": "keyword" + }, + "blake2b_512": { + "ignore_above": 1024, + "type": "keyword" + }, + "md5": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha1": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha224": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha384": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_224": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_256": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_384": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha3_512": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512_224": { + "ignore_above": 1024, + "type": "keyword" + }, + "sha512_256": { + "ignore_above": 1024, + "type": "keyword" + }, + "xxh64": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "host": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "containerized": { + "type": "boolean" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "build": { + "ignore_above": 1024, + "type": "keyword" + }, + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "http": { + "properties": { + "request": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "method": { + "ignore_above": 1024, + "type": "keyword" + }, + "referrer": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "response": { + "properties": { + "body": { + "properties": { + "bytes": { + "type": "long" + }, + "content": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "bytes": { + "type": "long" + }, + "status_code": { + "type": "long" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "jolokia": { + "properties": { + "agent": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "secured": { + "type": "boolean" + }, + "server": { + "properties": { + "product": { + "ignore_above": 1024, + "type": "keyword" + }, + "vendor": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "kubernetes": { + "properties": { + "annotations": { + "type": "object" + }, + "container": { + "properties": { + "image": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "deployment": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "labels": { + "type": "object" + }, + "namespace": { + "ignore_above": 1024, + "type": "keyword" + }, + "node": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "pod": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "replicaset": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "statefulset": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "labels": { + "type": "object" + }, + "log": { + "properties": { + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "message": { + "norms": false, + "type": "text" + }, + "network": { + "properties": { + "application": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "community_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "direction": { + "ignore_above": 1024, + "type": "keyword" + }, + "forwarded_ip": { + "type": "ip" + }, + "iana_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "protocol": { + "ignore_above": 1024, + "type": "keyword" + }, + "transport": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "observer": { + "properties": { + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "serial_number": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "vendor": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "organization": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "process": { + "properties": { + "args": { + "ignore_above": 1024, + "type": "keyword" + }, + "created": { + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "executable": { + "ignore_above": 1024, + "type": "keyword" + }, + "hash": { + "properties": { + "sha1": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "pid": { + "type": "long" + }, + "ppid": { + "type": "long" + }, + "start": { + "type": "date" + }, + "thread": { + "properties": { + "id": { + "type": "long" + } + } + }, + "title": { + "ignore_above": 1024, + "type": "keyword" + }, + "working_directory": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "related": { + "properties": { + "ip": { + "type": "ip" + } + } + }, + "server": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "service": { + "properties": { + "ephemeral_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "state": { + "ignore_above": 1024, + "type": "keyword" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "socket": { + "properties": { + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "source": { + "properties": { + "address": { + "ignore_above": 1024, + "type": "keyword" + }, + "bytes": { + "type": "long" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "geo": { + "properties": { + "city_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "continent_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "country_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "location": { + "type": "geo_point" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_iso_code": { + "ignore_above": 1024, + "type": "keyword" + }, + "region_name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "packets": { + "type": "long" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "user": { + "properties": { + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "system": { + "properties": { + "audit": { + "properties": { + "host": { + "properties": { + "architecture": { + "ignore_above": 1024, + "type": "keyword" + }, + "boottime": { + "type": "date" + }, + "containerized": { + "type": "boolean" + }, + "hostname": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "ip": { + "type": "ip" + }, + "mac": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "codename": { + "ignore_above": 1024, + "type": "keyword" + }, + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "timezone": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "offset": { + "properties": { + "sec": { + "type": "long" + } + } + } + } + }, + "uptime": { + "type": "long" + } + } + }, + "newsocket": { + "properties": { + "egid": { + "type": "long" + }, + "euid": { + "type": "long" + }, + "gid": { + "type": "long" + }, + "internal_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel_sock_address": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "type": "long" + } + } + }, + "package": { + "properties": { + "arch": { + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "installtime": { + "type": "date" + }, + "license": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "release": { + "ignore_above": 1024, + "type": "keyword" + }, + "size": { + "type": "long" + }, + "summary": { + "ignore_above": 1024, + "type": "keyword" + }, + "url": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "socket": { + "properties": { + "egid": { + "type": "long" + }, + "euid": { + "type": "long" + }, + "gid": { + "type": "long" + }, + "internal_version": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel_sock_address": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "type": "long" + } + } + }, + "user": { + "properties": { + "dir": { + "ignore_above": 1024, + "type": "keyword" + }, + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "gid": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "password": { + "properties": { + "last_changed": { + "type": "date" + }, + "type": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "shell": { + "ignore_above": 1024, + "type": "keyword" + }, + "uid": { + "ignore_above": 1024, + "type": "keyword" + }, + "user_information": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + } + } + }, + "tags": { + "ignore_above": 1024, + "type": "keyword" + }, + "url": { + "properties": { + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "fragment": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "password": { + "ignore_above": 1024, + "type": "keyword" + }, + "path": { + "ignore_above": 1024, + "type": "keyword" + }, + "port": { + "type": "long" + }, + "query": { + "ignore_above": 1024, + "type": "keyword" + }, + "scheme": { + "ignore_above": 1024, + "type": "keyword" + }, + "username": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user": { + "properties": { + "audit": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "effective": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "email": { + "ignore_above": 1024, + "type": "keyword" + }, + "entity_id": { + "ignore_above": 1024, + "type": "keyword" + }, + "filesystem": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "full_name": { + "ignore_above": 1024, + "type": "keyword" + }, + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "hash": { + "ignore_above": 1024, + "type": "keyword" + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "name_map": { + "type": "object" + }, + "saved": { + "properties": { + "group": { + "properties": { + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "id": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "selinux": { + "properties": { + "category": { + "ignore_above": 1024, + "type": "keyword" + }, + "domain": { + "ignore_above": 1024, + "type": "keyword" + }, + "level": { + "ignore_above": 1024, + "type": "keyword" + }, + "role": { + "ignore_above": 1024, + "type": "keyword" + }, + "user": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "terminal": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "user_agent": { + "properties": { + "device": { + "properties": { + "name": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "original": { + "ignore_above": 1024, + "type": "keyword" + }, + "os": { + "properties": { + "family": { + "ignore_above": 1024, + "type": "keyword" + }, + "full": { + "ignore_above": 1024, + "type": "keyword" + }, + "kernel": { + "ignore_above": 1024, + "type": "keyword" + }, + "name": { + "ignore_above": 1024, + "type": "keyword" + }, + "platform": { + "ignore_above": 1024, + "type": "keyword" + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + }, + "version": { + "ignore_above": 1024, + "type": "keyword" + } + } + } + } + }, + "settings": { + "index": { + "lifecycle": { + "indexing_complete": "true", + "name": "auditbeat-8.0.0", + "rollover_alias": "auditbeat-8.0.0" + }, + "mapping": { + "total_fields": { + "limit": "10000" + } + }, + "number_of_replicas": "0", + "number_of_shards": "1", + "query": { + "default_field": [ + "message", + "tags", + "agent.ephemeral_id", + "agent.id", + "agent.name", + "agent.type", + "agent.version", + "client.address", + "client.domain", + "client.geo.city_name", + "client.geo.continent_name", + "client.geo.country_iso_code", + "client.geo.country_name", + "client.geo.name", + "client.geo.region_iso_code", + "client.geo.region_name", + "client.mac", + "client.user.email", + "client.user.full_name", + "client.user.group.id", + "client.user.group.name", + "client.user.hash", + "client.user.id", + "client.user.name", + "cloud.account.id", + "cloud.availability_zone", + "cloud.instance.id", + "cloud.instance.name", + "cloud.machine.type", + "cloud.provider", + "cloud.region", + "container.id", + "container.image.name", + "container.image.tag", + "container.name", + "container.runtime", + "destination.address", + "destination.domain", + "destination.geo.city_name", + "destination.geo.continent_name", + "destination.geo.country_iso_code", + "destination.geo.country_name", + "destination.geo.name", + "destination.geo.region_iso_code", + "destination.geo.region_name", + "destination.mac", + "destination.user.email", + "destination.user.full_name", + "destination.user.group.id", + "destination.user.group.name", + "destination.user.hash", + "destination.user.id", + "destination.user.name", + "ecs.version", + "error.code", + "error.id", + "error.message", + "event.action", + "event.category", + "event.dataset", + "event.hash", + "event.id", + "event.kind", + "event.module", + "event.original", + "event.outcome", + "event.timezone", + "event.type", + "file.device", + "file.extension", + "file.gid", + "file.group", + "file.inode", + "file.mode", + "file.owner", + "file.path", + "file.target_path", + "file.type", + "file.uid", + "geo.city_name", + "geo.continent_name", + "geo.country_iso_code", + "geo.country_name", + "geo.name", + "geo.region_iso_code", + "geo.region_name", + "group.id", + "group.name", + "host.architecture", + "host.geo.city_name", + "host.geo.continent_name", + "host.geo.country_iso_code", + "host.geo.country_name", + "host.geo.name", + "host.geo.region_iso_code", + "host.geo.region_name", + "host.hostname", + "host.id", + "host.mac", + "host.name", + "host.os.family", + "host.os.full", + "host.os.kernel", + "host.os.name", + "host.os.platform", + "host.os.version", + "host.type", + "host.user.email", + "host.user.full_name", + "host.user.group.id", + "host.user.group.name", + "host.user.hash", + "host.user.id", + "host.user.name", + "http.request.body.content", + "http.request.method", + "http.request.referrer", + "http.response.body.content", + "http.version", + "log.level", + "log.original", + "network.application", + "network.community_id", + "network.direction", + "network.iana_number", + "network.name", + "network.protocol", + "network.transport", + "network.type", + "observer.geo.city_name", + "observer.geo.continent_name", + "observer.geo.country_iso_code", + "observer.geo.country_name", + "observer.geo.name", + "observer.geo.region_iso_code", + "observer.geo.region_name", + "observer.hostname", + "observer.mac", + "observer.os.family", + "observer.os.full", + "observer.os.kernel", + "observer.os.name", + "observer.os.platform", + "observer.os.version", + "observer.serial_number", + "observer.type", + "observer.vendor", + "observer.version", + "organization.id", + "organization.name", + "os.family", + "os.full", + "os.kernel", + "os.name", + "os.platform", + "os.version", + "process.args", + "process.executable", + "process.name", + "process.title", + "process.working_directory", + "server.address", + "server.domain", + "server.geo.city_name", + "server.geo.continent_name", + "server.geo.country_iso_code", + "server.geo.country_name", + "server.geo.name", + "server.geo.region_iso_code", + "server.geo.region_name", + "server.mac", + "server.user.email", + "server.user.full_name", + "server.user.group.id", + "server.user.group.name", + "server.user.hash", + "server.user.id", + "server.user.name", + "service.ephemeral_id", + "service.id", + "service.name", + "service.state", + "service.type", + "service.version", + "source.address", + "source.domain", + "source.geo.city_name", + "source.geo.continent_name", + "source.geo.country_iso_code", + "source.geo.country_name", + "source.geo.name", + "source.geo.region_iso_code", + "source.geo.region_name", + "source.mac", + "source.user.email", + "source.user.full_name", + "source.user.group.id", + "source.user.group.name", + "source.user.hash", + "source.user.id", + "source.user.name", + "url.domain", + "url.fragment", + "url.full", + "url.original", + "url.password", + "url.path", + "url.query", + "url.scheme", + "url.username", + "user.email", + "user.full_name", + "user.group.id", + "user.group.name", + "user.hash", + "user.id", + "user.name", + "user_agent.device.name", + "user_agent.name", + "user_agent.original", + "user_agent.os.family", + "user_agent.os.full", + "user_agent.os.kernel", + "user_agent.os.name", + "user_agent.os.platform", + "user_agent.os.version", + "user_agent.version", + "agent.hostname", + "error.type", + "cloud.project.id", + "host.os.build", + "kubernetes.pod.name", + "kubernetes.pod.uid", + "kubernetes.namespace", + "kubernetes.node.name", + "kubernetes.replicaset.name", + "kubernetes.deployment.name", + "kubernetes.statefulset.name", + "kubernetes.container.name", + "kubernetes.container.image", + "jolokia.agent.version", + "jolokia.agent.id", + "jolokia.server.product", + "jolokia.server.version", + "jolokia.server.vendor", + "jolokia.url", + "raw", + "file.origin", + "file.selinux.user", + "file.selinux.role", + "file.selinux.domain", + "file.selinux.level", + "user.audit.id", + "user.audit.name", + "user.effective.id", + "user.effective.name", + "user.effective.group.id", + "user.effective.group.name", + "user.filesystem.id", + "user.filesystem.name", + "user.filesystem.group.id", + "user.filesystem.group.name", + "user.saved.id", + "user.saved.name", + "user.saved.group.id", + "user.saved.group.name", + "user.selinux.user", + "user.selinux.role", + "user.selinux.domain", + "user.selinux.level", + "user.selinux.category", + "source.path", + "destination.path", + "auditd.message_type", + "auditd.session", + "auditd.result", + "auditd.summary.actor.primary", + "auditd.summary.actor.secondary", + "auditd.summary.object.type", + "auditd.summary.object.primary", + "auditd.summary.object.secondary", + "auditd.summary.how", + "auditd.paths.inode", + "auditd.paths.dev", + "auditd.paths.obj_user", + "auditd.paths.obj_role", + "auditd.paths.obj_domain", + "auditd.paths.obj_level", + "auditd.paths.objtype", + "auditd.paths.ouid", + "auditd.paths.rdev", + "auditd.paths.nametype", + "auditd.paths.ogid", + "auditd.paths.item", + "auditd.paths.mode", + "auditd.paths.name", + "auditd.data.action", + "auditd.data.minor", + "auditd.data.acct", + "auditd.data.addr", + "auditd.data.cipher", + "auditd.data.id", + "auditd.data.entries", + "auditd.data.kind", + "auditd.data.ksize", + "auditd.data.spid", + "auditd.data.arch", + "auditd.data.argc", + "auditd.data.major", + "auditd.data.unit", + "auditd.data.table", + "auditd.data.terminal", + "auditd.data.grantors", + "auditd.data.direction", + "auditd.data.op", + "auditd.data.tty", + "auditd.data.syscall", + "auditd.data.data", + "auditd.data.family", + "auditd.data.mac", + "auditd.data.pfs", + "auditd.data.items", + "auditd.data.a0", + "auditd.data.a1", + "auditd.data.a2", + "auditd.data.a3", + "auditd.data.hostname", + "auditd.data.lport", + "auditd.data.rport", + "auditd.data.exit", + "auditd.data.fp", + "auditd.data.laddr", + "auditd.data.sport", + "auditd.data.capability", + "auditd.data.nargs", + "auditd.data.new-enabled", + "auditd.data.audit_backlog_limit", + "auditd.data.dir", + "auditd.data.cap_pe", + "auditd.data.model", + "auditd.data.new_pp", + "auditd.data.old-enabled", + "auditd.data.oauid", + "auditd.data.old", + "auditd.data.banners", + "auditd.data.feature", + "auditd.data.vm-ctx", + "auditd.data.opid", + "auditd.data.seperms", + "auditd.data.seresult", + "auditd.data.new-rng", + "auditd.data.old-net", + "auditd.data.sigev_signo", + "auditd.data.ino", + "auditd.data.old_enforcing", + "auditd.data.old-vcpu", + "auditd.data.range", + "auditd.data.res", + "auditd.data.added", + "auditd.data.fam", + "auditd.data.nlnk-pid", + "auditd.data.subj", + "auditd.data.a[0-3]", + "auditd.data.cgroup", + "auditd.data.kernel", + "auditd.data.ocomm", + "auditd.data.new-net", + "auditd.data.permissive", + "auditd.data.class", + "auditd.data.compat", + "auditd.data.fi", + "auditd.data.changed", + "auditd.data.msg", + "auditd.data.dport", + "auditd.data.new-seuser", + "auditd.data.invalid_context", + "auditd.data.dmac", + "auditd.data.ipx-net", + "auditd.data.iuid", + "auditd.data.macproto", + "auditd.data.obj", + "auditd.data.ipid", + "auditd.data.new-fs", + "auditd.data.vm-pid", + "auditd.data.cap_pi", + "auditd.data.old-auid", + "auditd.data.oses", + "auditd.data.fd", + "auditd.data.igid", + "auditd.data.new-disk", + "auditd.data.parent", + "auditd.data.len", + "auditd.data.oflag", + "auditd.data.uuid", + "auditd.data.code", + "auditd.data.nlnk-grp", + "auditd.data.cap_fp", + "auditd.data.new-mem", + "auditd.data.seperm", + "auditd.data.enforcing", + "auditd.data.new-chardev", + "auditd.data.old-rng", + "auditd.data.outif", + "auditd.data.cmd", + "auditd.data.hook", + "auditd.data.new-level", + "auditd.data.sauid", + "auditd.data.sig", + "auditd.data.audit_backlog_wait_time", + "auditd.data.printer", + "auditd.data.old-mem", + "auditd.data.perm", + "auditd.data.old_pi", + "auditd.data.state", + "auditd.data.format", + "auditd.data.new_gid", + "auditd.data.tcontext", + "auditd.data.maj", + "auditd.data.watch", + "auditd.data.device", + "auditd.data.grp", + "auditd.data.bool", + "auditd.data.icmp_type", + "auditd.data.new_lock", + "auditd.data.old_prom", + "auditd.data.acl", + "auditd.data.ip", + "auditd.data.new_pi", + "auditd.data.default-context", + "auditd.data.inode_gid", + "auditd.data.new-log_passwd", + "auditd.data.new_pe", + "auditd.data.selected-context", + "auditd.data.cap_fver", + "auditd.data.file", + "auditd.data.net", + "auditd.data.virt", + "auditd.data.cap_pp", + "auditd.data.old-range", + "auditd.data.resrc", + "auditd.data.new-range", + "auditd.data.obj_gid", + "auditd.data.proto", + "auditd.data.old-disk", + "auditd.data.audit_failure", + "auditd.data.inif", + "auditd.data.vm", + "auditd.data.flags", + "auditd.data.nlnk-fam", + "auditd.data.old-fs", + "auditd.data.old-ses", + "auditd.data.seqno", + "auditd.data.fver", + "auditd.data.qbytes", + "auditd.data.seuser", + "auditd.data.cap_fe", + "auditd.data.new-vcpu", + "auditd.data.old-level", + "auditd.data.old_pp", + "auditd.data.daddr", + "auditd.data.old-role", + "auditd.data.ioctlcmd", + "auditd.data.smac", + "auditd.data.apparmor", + "auditd.data.fe", + "auditd.data.perm_mask", + "auditd.data.ses", + "auditd.data.cap_fi", + "auditd.data.obj_uid", + "auditd.data.reason", + "auditd.data.list", + "auditd.data.old_lock", + "auditd.data.bus", + "auditd.data.old_pe", + "auditd.data.new-role", + "auditd.data.prom", + "auditd.data.uri", + "auditd.data.audit_enabled", + "auditd.data.old-log_passwd", + "auditd.data.old-seuser", + "auditd.data.per", + "auditd.data.scontext", + "auditd.data.tclass", + "auditd.data.ver", + "auditd.data.new", + "auditd.data.val", + "auditd.data.img-ctx", + "auditd.data.old-chardev", + "auditd.data.old_val", + "auditd.data.success", + "auditd.data.inode_uid", + "auditd.data.removed", + "auditd.data.socket.port", + "auditd.data.socket.saddr", + "auditd.data.socket.addr", + "auditd.data.socket.family", + "auditd.data.socket.path", + "geoip.continent_name", + "geoip.city_name", + "geoip.region_name", + "geoip.country_iso_code", + "hash.blake2b_256", + "hash.blake2b_384", + "hash.blake2b_512", + "hash.md5", + "hash.sha1", + "hash.sha224", + "hash.sha256", + "hash.sha384", + "hash.sha3_224", + "hash.sha3_256", + "hash.sha3_384", + "hash.sha3_512", + "hash.sha512", + "hash.sha512_224", + "hash.sha512_256", + "hash.xxh64", + "event.origin", + "user.entity_id", + "user.terminal", + "process.entity_id", + "socket.entity_id", + "system.audit.host.timezone.name", + "system.audit.host.hostname", + "system.audit.host.id", + "system.audit.host.architecture", + "system.audit.host.mac", + "system.audit.host.os.platform", + "system.audit.host.os.name", + "system.audit.host.os.family", + "system.audit.host.os.version", + "system.audit.host.os.kernel", + "system.audit.package.entity_id", + "system.audit.package.name", + "system.audit.package.version", + "system.audit.package.release", + "system.audit.package.arch", + "system.audit.package.license", + "system.audit.package.summary", + "system.audit.package.url", + "system.audit.user.name", + "system.audit.user.uid", + "system.audit.user.gid", + "system.audit.user.dir", + "system.audit.user.shell", + "system.audit.user.user_information", + "system.audit.user.password.type", + "fields.*" + ] + }, + "refresh_interval": "5s" + } + } + } +} diff --git a/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions3/data.json.gz b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions3/data.json.gz new file mode 100644 index 0000000000000..b378aa64d5ec8 Binary files /dev/null and b/x-pack/test/security_solution_cypress/es_archives/auditbeat_for_exceptions3/data.json.gz differ