Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[7.x] Undo change that added histogram to sample data (#93491) #93614

Merged
merged 2 commits into from
Mar 4, 2021

Conversation

wylieconlon
Copy link
Contributor

Backports the following commits to 7.x:

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
@wylieconlon wylieconlon enabled auto-merge (squash) March 4, 2021 14:51
@wylieconlon
Copy link
Contributor Author

@elasticmachine merge upstream

@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky


Test Failures

Kibana Pipeline / general / X-Pack Detection Engine API Integration Tests.x-pack/test/detection_engine_api_integration/security_and_spaces/tests/exception_operators_data_types/ip·ts.detection engine api security and spaces enabled Detection exceptions data types and operators Rule exception operators for data type ip "is in list" operator will return 1 result if we have a list which contains the range mixed syntax of "127.0.0.1/32,127.0.0.2-127.0.0.3"

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

[00:00:00]       │
[00:00:00]         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.ds-ilm-history-5-2021.03.04-000001] creating index, cause [initialize_data_stream], templates [ilm-history], shards [1]/[0]
[00:00:00]         │ info [o.e.c.m.MetadataCreateDataStreamService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding data stream [ilm-history-5] with write index [.ds-ilm-history-5-2021.03.04-000001] and backing indices []
[00:00:00]         └-: detection engine api security and spaces enabled
[00:00:00]           └-> "before all" hook in "detection engine api security and spaces enabled"
[00:00:00]           └-: 
[00:00:00]             └-> "before all" hook in ""
[00:00:00]             └-: Detection exceptions data types and operators
[00:00:00]               └-> "before all" hook in "Detection exceptions data types and operators"
[00:00:00]               └-: 
[00:00:00]                 └-> "before all" hook in ""
[00:00:00]                 └-: Rule exception operators for data type ip
[00:00:00]                   └-> "before all" hook in "Rule exception operators for data type ip"
[00:04:15]                   └-: "is in list" operator
[00:04:15]                     └-> "before all" hook for "will return 3 results if we have a list that includes 1 ip"
[00:04:15]                     └-> will return 3 results if we have a list that includes 1 ip
[00:04:15]                       └-> "before each" hook: global before each for "will return 3 results if we have a list that includes 1 ip"
[00:04:15]                       └-> "before each" hook for "will return 3 results if we have a list that includes 1 ip"
[00:04:15]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.siem-signals-default]
[00:04:15]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:04:15]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:04:15]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.lists-default]
[00:04:15]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.items-default]
[00:04:15]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.lists-default] for index patterns [.lists-default-*]
[00:04:15]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.items-default] for index patterns [.items-default-*]
[00:04:15]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:04:15]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:04:15]                         │ info [rule_exceptions/ip] Loading "mappings.json"
[00:04:15]                         │ info [rule_exceptions/ip] Loading "data.json"
[00:04:15]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip] creating index, cause [api], templates [], shards [1]/[1]
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:04:15]                         │ info [rule_exceptions/ip] Created index "ip"
[00:04:15]                         │ debg [rule_exceptions/ip] "ip" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:04:15]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:04:15]                         │ info [rule_exceptions/ip] Indexed 4 docs into "ip"
[00:04:27]                       │ proc [kibana]   log   [17:08:50.648] [info][plugins][securitySolution] [+] Finished indexing 3  signals searched between date ranges [
[00:04:27]                       │ proc [kibana]   {
[00:04:27]                       │ proc [kibana]     "to": "2021-03-04T17:08:49.642Z",
[00:04:27]                       │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:04:27]                       │ proc [kibana]     "maxSignals": 100
[00:04:27]                       │ proc [kibana]   }
[00:04:27]                       │ proc [kibana] ] name: "Signal Testing Query" id: "45975fc0-7d0c-11eb-b1b8-4103e5bb9c42" rule id: "rule-1" signals index: ".siem-signals-default"
[00:04:27]                       │ proc [kibana]   log   [17:08:50.659] [info][eventLog][plugins] event logged: {"@timestamp":"2021-03-04T17:08:48.234Z","event":{"provider":"alerting","action":"execute","start":"2021-03-04T17:08:48.234Z","outcome":"success","end":"2021-03-04T17:08:50.658Z","duration":2424000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"45975fc0-7d0c-11eb-b1b8-4103e5bb9c42"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:45975fc0-7d0c-11eb-b1b8-4103e5bb9c42: 'Signal Testing Query'","ecs":{"version":"1.6.0"}}
[00:04:27]                       └- ✓ pass  (11.4s) "detection engine api security and spaces enabled  Detection exceptions data types and operators  Rule exception operators for data type ip "is in list" operator will return 3 results if we have a list that includes 1 ip"
[00:04:27]                     └-> "after each" hook for "will return 3 results if we have a list that includes 1 ip"
[00:04:27]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001/BAdY3FPqQpujUJc428rDpQ] deleting index
[00:04:27]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.siem-signals-default]
[00:04:30]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001/O6WNR8ukTuWe7axHmRF6ZQ] deleting index
[00:04:30]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001/Caf3V9H-Tm2KcIVc7tOwNA] deleting index
[00:04:30]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.lists-default]
[00:04:30]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.items-default]
[00:04:30]                       │ info [rule_exceptions/ip] Unloading indices from "mappings.json"
[00:04:30]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip/V5CAGXcGRv-OWe6ybmO82Q] deleting index
[00:04:30]                       │ info [rule_exceptions/ip] Deleted existing index "ip"
[00:04:30]                       │ info [rule_exceptions/ip] Unloading indices from "data.json"
[00:04:30]                     └-> will return 2 results if we have a list that includes 2 ips
[00:04:30]                       └-> "before each" hook: global before each for "will return 2 results if we have a list that includes 2 ips"
[00:04:30]                       └-> "before each" hook for "will return 2 results if we have a list that includes 2 ips"
[00:04:30]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.siem-signals-default]
[00:04:30]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:04:30]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:04:30]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.lists-default]
[00:04:30]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.items-default]
[00:04:30]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.lists-default] for index patterns [.lists-default-*]
[00:04:30]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.items-default] for index patterns [.items-default-*]
[00:04:30]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:04:30]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:04:30]                         │ info [rule_exceptions/ip] Loading "mappings.json"
[00:04:30]                         │ info [rule_exceptions/ip] Loading "data.json"
[00:04:30]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip] creating index, cause [api], templates [], shards [1]/[1]
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:04:30]                         │ info [rule_exceptions/ip] Created index "ip"
[00:04:30]                         │ debg [rule_exceptions/ip] "ip" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:04:30]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:04:30]                         │ info [rule_exceptions/ip] Indexed 4 docs into "ip"
[00:04:42]                       │ proc [kibana]   log   [17:09:05.809] [info][plugins][securitySolution] [+] Finished indexing 2  signals searched between date ranges [
[00:04:42]                       │ proc [kibana]   {
[00:04:42]                       │ proc [kibana]     "to": "2021-03-04T17:09:04.801Z",
[00:04:42]                       │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:04:42]                       │ proc [kibana]     "maxSignals": 100
[00:04:42]                       │ proc [kibana]   }
[00:04:42]                       │ proc [kibana] ] name: "Signal Testing Query" id: "4ea0c250-7d0c-11eb-b1b8-4103e5bb9c42" rule id: "rule-1" signals index: ".siem-signals-default"
[00:04:42]                       │ proc [kibana]   log   [17:09:05.816] [info][eventLog][plugins] event logged: {"@timestamp":"2021-03-04T17:09:03.243Z","event":{"provider":"alerting","action":"execute","start":"2021-03-04T17:09:03.243Z","outcome":"success","end":"2021-03-04T17:09:05.815Z","duration":2572000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"4ea0c250-7d0c-11eb-b1b8-4103e5bb9c42"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:4ea0c250-7d0c-11eb-b1b8-4103e5bb9c42: 'Signal Testing Query'","ecs":{"version":"1.6.0"}}
[00:04:42]                       └- ✓ pass  (11.5s) "detection engine api security and spaces enabled  Detection exceptions data types and operators  Rule exception operators for data type ip "is in list" operator will return 2 results if we have a list that includes 2 ips"
[00:04:42]                     └-> "after each" hook for "will return 2 results if we have a list that includes 2 ips"
[00:04:42]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001/m_f0JiQdRfaDnt7H41RMxg] deleting index
[00:04:42]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.siem-signals-default]
[00:04:45]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001/tWpoxLpyR9mxDwzJRUJs3g] deleting index
[00:04:45]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001/UgG_a76KSUC1fYxuhLi_-Q] deleting index
[00:04:45]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.lists-default]
[00:04:45]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.items-default]
[00:04:45]                       │ info [rule_exceptions/ip] Unloading indices from "mappings.json"
[00:04:45]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip/hVOvDTniTKS45jVKgZOydg] deleting index
[00:04:45]                       │ info [rule_exceptions/ip] Deleted existing index "ip"
[00:04:45]                       │ info [rule_exceptions/ip] Unloading indices from "data.json"
[00:04:45]                     └-> will return 0 results if we have a list that includes all ips
[00:04:45]                       └-> "before each" hook: global before each for "will return 0 results if we have a list that includes all ips"
[00:04:45]                       └-> "before each" hook for "will return 0 results if we have a list that includes all ips"
[00:04:45]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.siem-signals-default]
[00:04:45]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:04:45]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:04:45]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:04:45]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:04:45]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:04:45]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.lists-default]
[00:04:45]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.items-default]
[00:04:45]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.lists-default] for index patterns [.lists-default-*]
[00:04:45]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.items-default] for index patterns [.items-default-*]
[00:04:45]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:04:45]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:04:45]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:04:46]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:04:46]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:04:46]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:04:46]                         │ info [rule_exceptions/ip] Loading "mappings.json"
[00:04:46]                         │ info [rule_exceptions/ip] Loading "data.json"
[00:04:46]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip] creating index, cause [api], templates [], shards [1]/[1]
[00:04:46]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:04:46]                         │ info [rule_exceptions/ip] Created index "ip"
[00:04:46]                         │ debg [rule_exceptions/ip] "ip" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:04:46]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:04:46]                         │ info [rule_exceptions/ip] Indexed 4 docs into "ip"
[00:04:57]                       │ proc [kibana]   log   [17:09:20.988] [info][plugins][securitySolution] [+] Finished indexing 0  signals searched between date ranges [
[00:04:57]                       │ proc [kibana]   {
[00:04:57]                       │ proc [kibana]     "to": "2021-03-04T17:09:20.210Z",
[00:04:57]                       │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:04:57]                       │ proc [kibana]     "maxSignals": 100
[00:04:57]                       │ proc [kibana]   }
[00:04:57]                       │ proc [kibana] ] name: "Signal Testing Query" id: "57a9afb0-7d0c-11eb-b1b8-4103e5bb9c42" rule id: "rule-1" signals index: ".siem-signals-default"
[00:04:57]                       │ proc [kibana]   log   [17:09:20.996] [info][eventLog][plugins] event logged: {"@timestamp":"2021-03-04T17:09:18.235Z","event":{"provider":"alerting","action":"execute","start":"2021-03-04T17:09:18.235Z","outcome":"success","end":"2021-03-04T17:09:20.996Z","duration":2761000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"57a9afb0-7d0c-11eb-b1b8-4103e5bb9c42"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:57a9afb0-7d0c-11eb-b1b8-4103e5bb9c42: 'Signal Testing Query'","ecs":{"version":"1.6.0"}}
[00:04:57]                       └- ✓ pass  (11.5s) "detection engine api security and spaces enabled  Detection exceptions data types and operators  Rule exception operators for data type ip "is in list" operator will return 0 results if we have a list that includes all ips"
[00:04:57]                     └-> "after each" hook for "will return 0 results if we have a list that includes all ips"
[00:04:57]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001/9mONScETTl6Gi6jctCRVMg] deleting index
[00:04:57]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.siem-signals-default]
[00:05:00]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001/JM4G-dJEROCsKlrO-ZoZsg] deleting index
[00:05:00]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001/Tpz0EzDsT7ysraXwBc8i6A] deleting index
[00:05:00]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.lists-default]
[00:05:00]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.items-default]
[00:05:00]                       │ info [rule_exceptions/ip] Unloading indices from "mappings.json"
[00:05:00]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip/1kC06W-yRn6PyNhuPcyccg] deleting index
[00:05:00]                       │ info [rule_exceptions/ip] Deleted existing index "ip"
[00:05:00]                       │ info [rule_exceptions/ip] Unloading indices from "data.json"
[00:05:00]                     └-> will return 1 result if we have a list which contains the CIDR range of "127.0.0.1/30"
[00:05:00]                       └-> "before each" hook: global before each for "will return 1 result if we have a list which contains the CIDR range of "127.0.0.1/30""
[00:05:00]                       └-> "before each" hook for "will return 1 result if we have a list which contains the CIDR range of "127.0.0.1/30""
[00:05:00]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.siem-signals-default]
[00:05:00]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:05:00]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:05:00]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:05:00]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:05:01]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:05:01]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.lists-default]
[00:05:01]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.items-default]
[00:05:01]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.lists-default] for index patterns [.lists-default-*]
[00:05:01]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.items-default] for index patterns [.items-default-*]
[00:05:01]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:05:01]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:05:01]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:05:01]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:05:01]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:05:01]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:05:01]                         │ info [rule_exceptions/ip] Loading "mappings.json"
[00:05:01]                         │ info [rule_exceptions/ip] Loading "data.json"
[00:05:01]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip] creating index, cause [api], templates [], shards [1]/[1]
[00:05:01]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:05:01]                         │ info [rule_exceptions/ip] Created index "ip"
[00:05:01]                         │ debg [rule_exceptions/ip] "ip" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:05:01]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:05:01]                         │ info [rule_exceptions/ip] Indexed 4 docs into "ip"
[00:05:12]                       │ proc [kibana]   log   [17:09:36.128] [info][plugins][securitySolution] [+] Finished indexing 1  signals searched between date ranges [
[00:05:12]                       │ proc [kibana]   {
[00:05:12]                       │ proc [kibana]     "to": "2021-03-04T17:09:35.121Z",
[00:05:12]                       │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:05:12]                       │ proc [kibana]     "maxSignals": 100
[00:05:12]                       │ proc [kibana]   }
[00:05:12]                       │ proc [kibana] ] name: "Signal Testing Query" id: "60b3fca0-7d0c-11eb-b1b8-4103e5bb9c42" rule id: "rule-1" signals index: ".siem-signals-default"
[00:05:12]                       │ proc [kibana]   log   [17:09:36.141] [info][eventLog][plugins] event logged: {"@timestamp":"2021-03-04T17:09:33.285Z","event":{"provider":"alerting","action":"execute","start":"2021-03-04T17:09:33.285Z","outcome":"success","end":"2021-03-04T17:09:36.140Z","duration":2855000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"60b3fca0-7d0c-11eb-b1b8-4103e5bb9c42"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:60b3fca0-7d0c-11eb-b1b8-4103e5bb9c42: 'Signal Testing Query'","ecs":{"version":"1.6.0"}}
[00:05:12]                       └- ✓ pass  (11.4s) "detection engine api security and spaces enabled  Detection exceptions data types and operators  Rule exception operators for data type ip "is in list" operator will return 1 result if we have a list which contains the CIDR range of "127.0.0.1/30""
[00:05:12]                     └-> "after each" hook for "will return 1 result if we have a list which contains the CIDR range of "127.0.0.1/30""
[00:05:12]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001/7iuXvjzZTMW2C8n8-Pu80Q] deleting index
[00:05:12]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.siem-signals-default]
[00:05:15]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001/ap9BTgpWRWiSU3M2r0fGmw] deleting index
[00:05:15]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001/IFimdYDKSeOjWE4Msjg6QQ] deleting index
[00:05:15]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.lists-default]
[00:05:15]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.items-default]
[00:05:15]                       │ info [rule_exceptions/ip] Unloading indices from "mappings.json"
[00:05:15]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip/10TJ8hIUSvOoMhbQ1wpWYA] deleting index
[00:05:15]                       │ info [rule_exceptions/ip] Deleted existing index "ip"
[00:05:15]                       │ info [rule_exceptions/ip] Unloading indices from "data.json"
[00:05:15]                     └-> will return 1 result if we have a list which contains the range syntax of "127.0.0.1-127.0.0.3"
[00:05:15]                       └-> "before each" hook: global before each for "will return 1 result if we have a list which contains the range syntax of "127.0.0.1-127.0.0.3""
[00:05:16]                       └-> "before each" hook for "will return 1 result if we have a list which contains the range syntax of "127.0.0.1-127.0.0.3""
[00:05:16]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.siem-signals-default]
[00:05:16]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:05:16]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:05:16]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.lists-default]
[00:05:16]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.items-default]
[00:05:16]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.lists-default] for index patterns [.lists-default-*]
[00:05:16]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.items-default] for index patterns [.items-default-*]
[00:05:16]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:05:16]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:05:16]                         │ info [rule_exceptions/ip] Loading "mappings.json"
[00:05:16]                         │ info [rule_exceptions/ip] Loading "data.json"
[00:05:16]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip] creating index, cause [api], templates [], shards [1]/[1]
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:05:16]                         │ info [rule_exceptions/ip] Created index "ip"
[00:05:16]                         │ debg [rule_exceptions/ip] "ip" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:05:16]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:05:16]                         │ info [rule_exceptions/ip] Indexed 4 docs into "ip"
[00:05:27]                       │ proc [kibana]   log   [17:09:51.283] [info][plugins][securitySolution] [+] Finished indexing 1  signals searched between date ranges [
[00:05:27]                       │ proc [kibana]   {
[00:05:27]                       │ proc [kibana]     "to": "2021-03-04T17:09:50.278Z",
[00:05:27]                       │ proc [kibana]     "from": "1900-01-01T00:00:00.000Z",
[00:05:27]                       │ proc [kibana]     "maxSignals": 100
[00:05:27]                       │ proc [kibana]   }
[00:05:27]                       │ proc [kibana] ] name: "Signal Testing Query" id: "69bd1110-7d0c-11eb-b1b8-4103e5bb9c42" rule id: "rule-1" signals index: ".siem-signals-default"
[00:05:27]                       │ proc [kibana]   log   [17:09:51.291] [info][eventLog][plugins] event logged: {"@timestamp":"2021-03-04T17:09:48.272Z","event":{"provider":"alerting","action":"execute","start":"2021-03-04T17:09:48.272Z","outcome":"success","end":"2021-03-04T17:09:51.290Z","duration":3018000000},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"69bd1110-7d0c-11eb-b1b8-4103e5bb9c42"}],"alerting":{"status":"ok"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert executed: siem.signals:69bd1110-7d0c-11eb-b1b8-4103e5bb9c42: 'Signal Testing Query'","ecs":{"version":"1.6.0"}}
[00:05:27]                       └- ✓ pass  (11.4s) "detection engine api security and spaces enabled  Detection exceptions data types and operators  Rule exception operators for data type ip "is in list" operator will return 1 result if we have a list which contains the range syntax of "127.0.0.1-127.0.0.3""
[00:05:27]                     └-> "after each" hook for "will return 1 result if we have a list which contains the range syntax of "127.0.0.1-127.0.0.3""
[00:05:27]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001/Lj3bnvSZT-2Qs2s0WRbHzg] deleting index
[00:05:27]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.siem-signals-default]
[00:05:30]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001/ZqdmCfD9TGWlnA5wzr9_Cg] deleting index
[00:05:30]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001/zuj8hangRbOI6ETEJtHVlA] deleting index
[00:05:31]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.lists-default]
[00:05:31]                       │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] removing template [.items-default]
[00:05:31]                       │ info [rule_exceptions/ip] Unloading indices from "mappings.json"
[00:05:31]                       │ info [o.e.c.m.MetadataDeleteIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip/8DdU7sjwRn2JKv2zkZpFGg] deleting index
[00:05:31]                       │ info [rule_exceptions/ip] Deleted existing index "ip"
[00:05:31]                       │ info [rule_exceptions/ip] Unloading indices from "data.json"
[00:05:31]                     └-> will return 1 result if we have a list which contains the range mixed syntax of "127.0.0.1/32,127.0.0.2-127.0.0.3"
[00:05:31]                       └-> "before each" hook: global before each for "will return 1 result if we have a list which contains the range mixed syntax of "127.0.0.1/32,127.0.0.2-127.0.0.3""
[00:05:31]                       └-> "before each" hook for "will return 1 result if we have a list which contains the range mixed syntax of "127.0.0.1/32,127.0.0.2-127.0.0.3""
[00:05:31]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.siem-signals-default]
[00:05:31]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.siem-signals-default] for index patterns [.siem-signals-default-*]
[00:05:31]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.siem-signals-default-000001] creating index, cause [api], templates [.siem-signals-default], shards [1]/[1]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.siem-signals-default]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.siem-signals-default]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.siem-signals-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.siem-signals-default]
[00:05:31]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.lists-default]
[00:05:31]                         │ info [o.e.x.i.a.TransportPutLifecycleAction] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding index lifecycle policy [.items-default]
[00:05:31]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.lists-default] for index patterns [.lists-default-*]
[00:05:31]                         │ info [o.e.c.m.MetadataIndexTemplateService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] adding template [.items-default] for index patterns [.items-default-*]
[00:05:31]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.lists-default-000001] creating index, cause [api], templates [.lists-default], shards [1]/[1]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.lists-default]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.lists-default]
[00:05:31]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [.items-default-000001] creating index, cause [api], templates [.items-default], shards [1]/[1]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.lists-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.lists-default]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [null] to [{"phase":"new","action":"complete","name":"complete"}] in policy [.items-default]
[00:05:31]                         │ info [rule_exceptions/ip] Loading "mappings.json"
[00:05:31]                         │ info [rule_exceptions/ip] Loading "data.json"
[00:05:31]                         │ info [o.e.c.m.MetadataCreateIndexService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] [ip] creating index, cause [api], templates [], shards [1]/[1]
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"new","action":"complete","name":"complete"}] to [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] in policy [.items-default]
[00:05:31]                         │ info [rule_exceptions/ip] Created index "ip"
[00:05:31]                         │ debg [rule_exceptions/ip] "ip" settings {"index":{"number_of_replicas":"1","number_of_shards":"1"}}
[00:05:31]                         │ info [o.e.x.i.IndexLifecycleTransition] [kibana-ci-immutable-ubuntu-16-tests-xxl-1614873471235821744] moving index [.items-default-000001] from [{"phase":"hot","action":"unfollow","name":"branch-check-unfollow-prerequisites"}] to [{"phase":"hot","action":"rollover","name":"check-rollover-ready"}] in policy [.items-default]
[00:05:31]                         │ info [rule_exceptions/ip] Indexed 4 docs into "ip"
[00:05:39]                       │ proc [kibana]   log   [17:10:03.428] [info][eventLog][plugins] event logged: {"@timestamp":"2021-03-04T17:10:03.286Z","event":{"provider":"alerting","action":"execute","start":"2021-03-04T17:10:03.286Z","outcome":"failure","end":"2021-03-04T17:10:03.427Z","duration":141000000,"reason":"execute"},"kibana":{"saved_objects":[{"rel":"primary","type":"alert","id":"72c4c5f0-7d0c-11eb-b1b8-4103e5bb9c42"}],"alerting":{"status":"error"},"server_uuid":"5b2de169-2785-441b-ae8c-186a1936b17d"},"message":"alert execution failure: siem.signals:72c4c5f0-7d0c-11eb-b1b8-4103e5bb9c42: 'Signal Testing Query'","error":{"message":"[siem-detection-engine-rule-status:75bf4140-7d0c-11eb-b1b8-4103e5bb9c42]: version conflict, required seqNo [466], primary term [1]. current document has seqNo [467] and primary term [1]: version_conflict_engine_exception"},"ecs":{"version":"1.6.0"}}
[00:05:39]                       │ proc [kibana]   log   [17:10:03.434] [error][alerting][alerts][plugins][plugins] Executing Alert "72c4c5f0-7d0c-11eb-b1b8-4103e5bb9c42" has resulted in Error: [siem-detection-engine-rule-status:75bf4140-7d0c-11eb-b1b8-4103e5bb9c42]: version conflict, required seqNo [466], primary term [1]. current document has seqNo [467] and primary term [1]: version_conflict_engine_exception
[00:06:17]                       └- ✖ fail: detection engine api security and spaces enabled  Detection exceptions data types and operators  Rule exception operators for data type ip "is in list" operator will return 1 result if we have a list which contains the range mixed syntax of "127.0.0.1/32,127.0.0.2-127.0.0.3"
[00:06:17]                       │      Error: timed out waiting for function condition to be true within waitForRuleSuccess
[00:06:17]                       │       at /dev/shm/workspace/parallel/7/kibana/x-pack/test/detection_engine_api_integration/utils.ts:740:9
[00:06:17]                       │ 
[00:06:17]                       │ 

Stack Trace

Error: timed out waiting for function condition to be true within waitForRuleSuccess
    at /dev/shm/workspace/parallel/7/kibana/x-pack/test/detection_engine_api_integration/utils.ts:740:9

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

@wylieconlon wylieconlon merged commit ec42331 into elastic:7.x Mar 4, 2021
@wylieconlon wylieconlon deleted the backport/7.x/pr-93491 branch March 4, 2021 18:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants