From 6b04610f9cd1c62e64b0e80641b3c5a3ff8906f4 Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Fri, 18 Apr 2025 13:35:52 -0500 Subject: [PATCH 1/7] fix various syntax and rendering issues --- docs/docset.yml | 1 + docs/extend/development-documentation.md | 4 +- docs/extend/development-tests.md | 22 +- docs/extend/interpreting-ci-failures.md | 2 +- docs/extend/plugin-list.md | 6 +- docs/extend/sample-data.md | 4 +- docs/extend/saved-objects-service.md | 94 +++--- docs/extend/sharing-saved-objects.md | 22 +- docs/reference/advanced-settings.md | 42 ++- .../configuration-reference/fleet-settings.md | 76 ++--- .../general-settings.md | 7 +- .../monitoring-settings.md | 6 +- .../reporting-settings.md | 12 +- .../task-manager-settings.md | 6 +- .../cases-webhook-action-type.md | 5 +- .../connectors-kibana/email-action-type.md | 4 +- .../pre-configured-connectors.md | 51 +++- .../servicenow-action-type.md | 4 +- .../servicenow-itom-action-type.md | 4 +- .../servicenow-sir-action-type.md | 20 +- .../connectors-kibana/thehive-action-type.md | 6 +- .../connectors-kibana/webhook-action-type.md | 1 - docs/reference/kibana-audit-events.md | 279 +++++++++--------- docs/reference/kibana-plugins.md | 4 +- docs/release-notes/index.md | 2 - .../prebuilt_rules/prebuilt_rule_import.md | 4 +- .../prebuilt_rule_upgrade_without_preview.md | 4 +- 27 files changed, 394 insertions(+), 298 deletions(-) diff --git a/docs/docset.yml b/docs/docset.yml index 242c3114a9534..3a94f77933989 100644 --- a/docs/docset.yml +++ b/docs/docset.yml @@ -13,6 +13,7 @@ toc: - toc: release-notes - toc: extend subs: + version: "9.0.0" ecloud: "Elastic Cloud" ech: "Elastic Cloud Hosted" ess: "Elasticsearch Service" diff --git a/docs/extend/development-documentation.md b/docs/extend/development-documentation.md index b2130d3ce6ccc..b11e8ed1d723f 100644 --- a/docs/extend/development-documentation.md +++ b/docs/extend/development-documentation.md @@ -10,7 +10,7 @@ Docs should be written during development and accompany PRs when relevant. There ## End user documentation [_end_user_documentation] -Documentation about user facing features should be written in [asciidoc](http://asciidoc.org/) at [[https://github.com/elastic/kibana/tree/main/docs](https://github.com/elastic/kibana//tree/master/docs)(https://github.com/elastic/kibana/tree/main/docs)] +Documentation about user facing features should be written in [asciidoc](http://asciidoc.org/) at [https://github.com/elastic/kibana/tree/main/docs](https://github.com/elastic/kibana//tree/master/docs). To build the docs, you must clone the [elastic/docs](https://github.com/elastic/docs) repo as a sibling of your {{kib}} repo. Follow the instructions in that project’s README for getting the docs tooling set up. @@ -31,4 +31,4 @@ REST APIs should be documented using the following recommended formats: ## General developer documentation and guidelines [_general_developer_documentation_and_guidelines] -General developer guildlines and documentation, like this right here, should be written in [asciidoc](http://asciidoc.org/) at [[https://github.com/elastic/kibana/tree/main/docs/developer](https://github.com/elastic/kibana//tree/master/docs/developer)(https://github.com/elastic/kibana/tree/main/docs/developer)] +General developer guildlines and documentation, like this right here, should be written in [asciidoc](http://asciidoc.org/) at [https://github.com/elastic/kibana/tree/main/docs/developer](https://github.com/elastic/kibana//tree/master/docs/developer). diff --git a/docs/extend/development-tests.md b/docs/extend/development-tests.md index ed8bb573583d6..a10172ae19ea8 100644 --- a/docs/extend/development-tests.md +++ b/docs/extend/development-tests.md @@ -75,7 +75,20 @@ We use functional tests to make sure the {{kib}} UI works as expected. It replac #### Running functional tests [_running_functional_tests] -The `FunctionalTestRunner` (FTR) is very bare bones and gets most of its functionality from its config file. The {{kib}} repo contains many FTR config files which use slightly different configurations for the {{kib}} server or {{es}}, have different test files, and potentially other config differences. FTR config files are organised in manifest files, based on testing area and type of distribution: serverless: - ftr_base_serverless_configs.yml - ftr_oblt_serverless_configs.yml - ftr_security_serverless_configs.yml - ftr_search_serverless_configs.yml stateful: - ftr_platform_stateful_configs.yml - ftr_oblt_stateful_configs.yml - ftr_security_stateful_configs.yml - ftr_search_stateful_configs.yml If you’re writing a plugin outside the {{kib}} repo, you will have your own config file. See [Functional Tests for Plugins outside the {{kib}} repo](/extend/external-plugin-functional-tests.md) for more info. +The `FunctionalTestRunner` (FTR) is very bare bones and gets most of its functionality from its config file. The {{kib}} repo contains many FTR config files which use slightly different configurations for the {{kib}} server or {{es}}, have different test files, and potentially other config differences. FTR config files are organised in manifest files, based on testing area and type of distribution: + +- serverless: + - `ftr_base_serverless_configs.yml` + - `ftr_oblt_serverless_configs.yml` + - `ftr_security_serverless_configs.yml` + - `ftr_search_serverless_configs.yml` +- stateful: + - `ftr_platform_stateful_configs.yml` + - `ftr_oblt_stateful_configs.yml` + - `ftr_security_stateful_configs.yml` + - `ftr_search_stateful_configs.yml` + +If you’re writing a plugin outside the {{kib}} repo, you will have your own config file. See [Functional Tests for Plugins outside the {{kib}} repo](/extend/external-plugin-functional-tests.md) for more info. There are three ways to run the tests depending on your goals: @@ -586,7 +599,12 @@ log.debug(‘done clicking menu’); #### MacOS testing performance tip [_macos_testing_performance_tip] -macOS users on a machine with a discrete graphics card may see significant speedups (up to 2x) when running tests by changing your terminal emulator’s GPU settings. In iTerm2: * Open Preferences (Command + ,) * In the General tab, under the "Magic" section, ensure "GPU rendering" is checked * Open "Advanced GPU Settings…​" * Uncheck the "Prefer integrated to discrete GPU" option * Restart iTerm +macOS users on a machine with a discrete graphics card may see significant speedups (up to 2x) when running tests by changing your terminal emulator’s GPU settings. In iTerm2: +* Open Preferences (Command + ,) +* In the General tab, under the "Magic" section, ensure "GPU rendering" is checked +* Open "Advanced GPU Settings…​" +* Uncheck the "Prefer integrated to discrete GPU" option +* Restart iTerm ### Flaky Test Runner [_flaky_test_runner] diff --git a/docs/extend/interpreting-ci-failures.md b/docs/extend/interpreting-ci-failures.md index 83775d7e98b99..59e314cf097f7 100644 --- a/docs/extend/interpreting-ci-failures.md +++ b/docs/extend/interpreting-ci-failures.md @@ -36,7 +36,7 @@ The logs in Pipeline Steps contain `Info` level logging. To debug Functional UI Looking at the failure, we first look at the Error and stack trace. In the example below, this test failed to find an element within the timeout; `Error: retry.try timeout: TimeoutError: Waiting for element to be located By(css selector, [data-test-subj="createSpace"])` -We know the test file from the stack trace was on line 50 of `test/accessibility/apps/spaces.ts` (this test and the stack trace context is kibana/x-pack/ so the file is {{kib-repo}}blob/master/x-pack/test/accessibility/apps/group1/spaces.ts#L50). The function to click on the element was called from a page object method in `test/functional/page_objects/space_selector_page.ts` {{kib-repo}}blob/master/x-pack/test/functional/page_objects/space_selector_page.ts#L58 +We know the test file from the stack trace was on line 50 of `test/accessibility/apps/spaces.ts` (this test and the stack trace context is kibana/x-pack/ so the file is [`x-pack/test/accessibility/apps/group1/spaces.ts`](https://github.com/elastic/kibana/blob/master/x-pack/test/accessibility/apps/group1/spaces.ts#L50). The function to click on the element was called from a page object method in [`test/functional/page_objects/space_selector_page.ts`](https://github.com/elastic/kibana/blob/master/x-pack/test/functional/page_objects/space_selector_page.ts#L58). ``` [00:03:36] │ debg --- retry.try error: Waiting for element to be located By(css selector, [data-test-subj="createSpace"]) diff --git a/docs/extend/plugin-list.md b/docs/extend/plugin-list.md index 354c32326b561..72327830a8979 100644 --- a/docs/extend/plugin-list.md +++ b/docs/extend/plugin-list.md @@ -24,12 +24,12 @@ mapped_pages: | [contentManagement](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/content_management/README.md) | The content management plugin provides functionality to manage content in Kibana. | | [controls](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/controls/README.mdx) | The Controls plugin contains Embeddables which can be used to add user-friendly interactivity to apps. | | [customIntegrations](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/custom_integrations/README.md) | Register add-data cards | -| [dashboard](kibana-dashboard-plugin.md) | - Registers the dashboard application. - Adds a dashboard embeddable that can be used in other applications. | +| [dashboard](kibana-dashboard-plugin.md) | * Registers the dashboard application.
* Adds a dashboard embeddable that can be used in other applications. | | [data](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data/README.mdx) | The data plugin provides common data access services, such as search and query, for solutions and application developers. | | [dataViewEditor](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data_view_editor/README.md) | Create data views from within Kibana apps. | | [dataViewFieldEditor](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data_view_field_editor/README.md) | The reusable field editor across Kibana! | | [dataViewManagement](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data_view_management) | WARNING: Missing or empty README. | -| [dataViews](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data_views/README.mdx) | The data views API provides a consistent method of structuring and formatting documents and field lists across the various Kibana apps. It's typically used in conjunction with for composing queries. | +| [dataViews](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data_views/README.mdx) | The data views API provides a consistent method of structuring and formatting documents and field lists across the various Kibana apps. It's typically used in conjunction with `SearchSource` for composing queries. | | [devTools](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/dev_tools/README.md) | The ui/registry/dev_tools is removed in favor of the devTools plugin which exposes a register method in the setup contract. Registering app works mostly the same as registering apps in core.application.register. Routing will be handled by the id of the dev tool - your dev tool will be mounted when the URL matches /app/dev_tools#/. This API doesn't support angular, for registering angular dev tools, bootstrap a local module on mount into the given HTML element. | | [discover](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/discover/README.md) | Contains the Discover application and the saved search embeddable. | | [discoverShared](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/discover_shared/README.md) | A stateful layer to register shared features and provide an access point to discover without a direct dependency. | @@ -79,7 +79,7 @@ mapped_pages: | [telemetry](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/telemetry/README.md) | Telemetry allows Kibana features to have usage tracked in the wild. The general term "telemetry" refers to multiple things: | | [telemetryCollectionManager](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/telemetry_collection_manager/README.md) | Telemetry's collection manager to go through all the telemetry sources when fetching it before reporting. | | [telemetryManagementSection](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/telemetry_management_section/README.md) | This plugin adds the Advanced Settings section for the Usage and Security Data collection (aka Telemetry). | -| [uiActions](uiactions-plugin.md) | UI Actions plugins provides API to manage *triggers* and *actions*. *Trigger* is an abstract description of user's intent to perform an action (like user clicking on a value inside chart). It allows us to do runtime binding between code from different plugins. For, example one such trigger is when somebody applies filters on dashboard; another one is when somebody opens a Dashboard panel context menu. *Actions* are pieces of code that execute in response to a trigger. For example, to the dashboard filtering trigger multiple actions can be attached. Once a user filters on the dashboard all possible actions are displayed to the user in a popup menu and the user has to chose one. In general this plugin provides: - Creating custom functionality (actions). - Creating custom user interaction events (triggers). - Attaching and detaching actions to triggers. - Emitting trigger events. - Executing actions attached to a given trigger. - Exposing a context menu for the user to choose the appropriate action when there are multiple actions attached to a single trigger. | +| [uiActions](uiactions-plugin.md) | UI Actions plugins provides API to manage *triggers* and *actions*. *Trigger* is an abstract description of user's intent to perform an action (like user clicking on a value inside chart). It allows us to do runtime binding between code from different plugins. For, example one such trigger is when somebody applies filters on dashboard; another one is when somebody opens a Dashboard panel context menu. *Actions* are pieces of code that execute in response to a trigger. For example, to the dashboard filtering trigger multiple actions can be attached. Once a user filters on the dashboard all possible actions are displayed to the user in a popup menu and the user has to chose one.
In general this plugin provides:
- Creating custom functionality (actions).
- Creating custom user interaction events (triggers).
- Attaching and detaching actions to triggers.
- Emitting trigger events.
- Executing actions attached to a given trigger.
- Exposing a context menu for the user to choose the appropriate action when there are multiple actions attached to a single trigger. | | [uiActionsEnhanced](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/ui_actions_enhanced/README.md) | Registers commercially licensed generic actions like per panel time range and contains some code that supports drilldown work. | | [unifiedDocViewer](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/unified_doc_viewer/README.md) | This plugin contains services reliant on the plugin lifecycle for the unified doc viewer component (see @kbn/unified-doc-viewer). | | [unifiedHistogram](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/unified_histogram/README.md) | Unified Histogram is a UX Building Block including a layout with a resizable histogram and a main display. It manages its own state and data fetching, and can easily be dropped into pages with minimal setup. | diff --git a/docs/extend/sample-data.md b/docs/extend/sample-data.md index d82e5e243b9ef..a5650a993e779 100644 --- a/docs/extend/sample-data.md +++ b/docs/extend/sample-data.md @@ -10,7 +10,7 @@ There are a couple ways to easily get data ingested into {{es}}. ## Sample data packages available for one click installation [_sample_data_packages_available_for_one_click_installation] -The easiest is to install one or more of our available sample data packages. If you have no data, you should be prompted to install when running {{kib}} for the first time. You can also access and install the sample data packages by going to the **Integrations*** page and selecting ***Sample data**. +The easiest is to install one or more of our available sample data packages. If you have no data, you should be prompted to install when running {{kib}} for the first time. You can also access and install the sample data packages by going to the **Integrations** page and selecting **Sample data**. ## makelogs script [_makelogs_script] @@ -28,4 +28,4 @@ Make sure to execute `node scripts/makelogs` **after** {{es}} is up and running! ## CSV upload [_csv_upload] -You can also use the CSV uploader provided on the **Upload file*** page available in the list of ***Integrations***. Navigate to ***Add data*** > ***Upload file** to upload your data from a file. +You can also use the CSV uploader provided on the **Upload file** page available in the list of **Integrations**. Navigate to **Add data** > **Upload file** to upload your data from a file. diff --git a/docs/extend/saved-objects-service.md b/docs/extend/saved-objects-service.md index d883aafc2a0b5..5ced69203bcef 100644 --- a/docs/extend/saved-objects-service.md +++ b/docs/extend/saved-objects-service.md @@ -140,7 +140,7 @@ Since {{es}} has a default limit of 1000 fields per index, plugins should carefu ### Writing Migrations by defining model versions [saved-objects-service-writing-migrations] -Saved Objects support changes using `modelVersions``. The modelVersion API is a new way to define transformations (*`migrations'*) for your savedObject types, and will replace the legacy migration API after Kibana version `8.10.0`. The legacy migration API has been deprecated, meaning it is no longer possible to register migrations using the legacy system. +Saved Objects support changes using `modelVersions`. The modelVersion API is a new way to define transformations (*'migrations'*) for your savedObject types, and will replace the legacy migration API after Kibana version `8.10.0`. The legacy migration API has been deprecated, meaning it is no longer possible to register migrations using the legacy system. Model versions are decoupled from the stack version and satisfy the requirements for zero downtime and backward-compatibility. @@ -158,7 +158,9 @@ This map follows a similar `{ [version number] => version definition }` format a The first version must be numbered as version 1, incrementing by one for each new version. -That way: - SO type versions are decoupled from stack versioning - SO type versions are independent between types +That way: +- SO type versions are decoupled from stack versioning +- SO type versions are independent between types *a **valid** version numbering:* @@ -223,7 +225,9 @@ const myType: SavedObjectsType = { }; ``` -**Note:** Having multiple changes of the same type for a given version is supported by design to allow merging different sources (to prepare for an eventual higher-level API) +:::{note} +Having multiple changes of the same type for a given version is supported by design to allow merging different sources (to prepare for an eventual higher-level API) +::: *This definition would be perfectly valid:* @@ -258,7 +262,7 @@ Describes the list of changes applied during this version. The current types of changes are: -#### - mappings_addition [_mappings_addition] +#### mappings_addition [_mappings_addition] Used to define new mappings introduced in a given version. @@ -278,10 +282,12 @@ const change: SavedObjectsModelMappingsAdditionChange = { }; ``` -**note:** *When adding mappings, the root `type.mappings` must also be updated accordingly (as it was done previously).* +:::{note} +When adding mappings, the root `type.mappings` must also be updated accordingly (as it was done previously). +::: -#### - mappings_deprecation [_mappings_deprecation] +#### mappings_deprecation [_mappings_deprecation] Used to flag mappings as no longer being used and ready to be removed. @@ -294,10 +300,12 @@ let change: SavedObjectsModelMappingsDeprecationChange = { }; ``` -**note:** *It is currently not possible to remove fields from an existing index’s mapping (without reindexing into another index), so the mappings flagged with this change type won’t be deleted for now, but this should still be used to allow our system to clean the mappings once upstream (ES) unblock us.* +:::{note} +It is currently not possible to remove fields from an existing index’s mapping (without reindexing into another index), so the mappings flagged with this change type won’t be deleted for now, but this should still be used to allow our system to clean the mappings once upstream (ES) unblock us. +::: -#### - data_backfill [_data_backfill] +#### data_backfill [_data_backfill] Used to populate fields (indexed or not) added in the same version. @@ -312,10 +320,12 @@ let change: SavedObjectsModelDataBackfillChange = { }; ``` -**note:** *Even if no check is performed to ensure it, this type of model change should only be used to backfill newly introduced fields.* +:::{note} +Even if no check is performed to ensure it, this type of model change should only be used to backfill newly introduced fields. +::: -#### - data_removal [_data_removal] +#### data_removal [_data_removal] Used to remove data (unset fields) from all documents of the type. @@ -328,10 +338,12 @@ let change: SavedObjectsModelDataRemovalChange = { }; ``` -**note:** *Due to backward compatibility, field utilization must be stopped in a prior release before actual data removal (in case of rollback). Please refer to the field removal migration example below in this document* +:::{note} +Due to backward compatibility, field utilization must be stopped in a prior release before actual data removal (in case of rollback). Please refer to the field removal migration example below in this document +::: -#### - unsafe_transform [_unsafe_transform] +#### unsafe_transform [_unsafe_transform] Used to execute an arbitrary transformation function. @@ -347,7 +359,9 @@ let change: SavedObjectsModelUnsafeTransformChange = { }; ``` -**note:** *Using such transformations is potentially unsafe, given the migration system will have no knowledge of which kind of operations will effectively be executed against the documents. Those should only be used when there’s no other way to cover one’s migration needs.* **Please reach out to the development team if you think you need to use this, as you theoretically shouldn’t.** +:::{note} +Using such transformations is potentially unsafe, given the migration system will have no knowledge of which kind of operations will effectively be executed against the documents. Those should only be used when there’s no other way to cover one’s migration needs.* **Please reach out to the development team if you think you need to use this, as you theoretically shouldn’t.** +::: @@ -373,32 +387,36 @@ Forward compatibility schema can be implemented in two different ways. 1. Using `config-schema` -*Example of schema for a version having two fields: someField and anotherField* + *Example of schema for a version having two fields: someField and anotherField* -```ts -const versionSchema = schema.object( - { - someField: schema.maybe(schema.string()), - anotherField: schema.maybe(schema.string()), - }, - { unknowns: 'ignore' } -); -``` + ```ts + const versionSchema = schema.object( + { + someField: schema.maybe(schema.string()), + anotherField: schema.maybe(schema.string()), + }, + { unknowns: 'ignore' } + ); + ``` -**Important:** Note the `{ unknowns: 'ignore' }` in the schema’s options. This is required when using `config-schema` based schemas, as this what will evict the additional fields without throwing an error. + :::{important} + Note the `{ unknowns: 'ignore' }` in the schema’s options. This is required when using `config-schema` based schemas, as this what will evict the additional fields without throwing an error. + ::: 1. Using a plain javascript function -*Example of schema for a version having two fields: someField and anotherField* + *Example of schema for a version having two fields: someField and anotherField* -```ts -const versionSchema: SavedObjectModelVersionEvictionFn = (attributes) => { - const knownFields = ['someField', 'anotherField']; - return pick(attributes, knownFields); -} -``` + ```ts + const versionSchema: SavedObjectModelVersionEvictionFn = (attributes) => { + const knownFields = ['someField', 'anotherField']; + return pick(attributes, knownFields); + } + ``` -**note:** *Even if highly recommended, implementing this schema is not strictly required. Type owners can manage unknown fields and inter-version compatibility themselves in their service layer instead.* + :::{note} + Even if highly recommended, implementing this schema is not strictly required. Type owners can manage unknown fields and inter-version compatibility themselves in their service layer instead. + ::: #### create [_create] @@ -407,7 +425,9 @@ This is a direct replacement for [the old SavedObjectType.schemas](https://githu As a refresher the `create` schema is a `@kbn/config-schema` object-type schema, and is used to validate the properties of the document during `create` and `bulkCreate` operations. -**note:** *Implementing this schema is optional, but still recommended, as otherwise there will be no validating when importing objects* +:::{note} +Implementing this schema is optional, but still recommended, as otherwise there will be no validating when importing objects. +::: For implementation examples, refer to [Use case examples](#saved-objects-service-use-case-examples). @@ -417,7 +437,9 @@ For implementation examples, refer to [Use case examples](#saved-objects-service These are example of the migration scenario currently supported (out of the box) by the system. -**note:** *more complex scenarios (e.g field mutation by copy/sync) could already be implemented, but without the proper tooling exposed from Core, most of the work related to sync and compatibility would have to be implemented in the domain layer of the type owners, which is why we’re not documenting them yet.* +:::{note} +More complex scenarios (e.g field mutation by copy/sync) could already be implemented, but without the proper tooling exposed from Core, most of the work related to sync and compatibility would have to be implemented in the domain layer of the type owners, which is why we’re not documenting them yet. +::: #### Adding a non-indexed field without default value [_adding_a_non_indexed_field_without_default_value] @@ -729,7 +751,9 @@ const myType: SavedObjectsType = { }; ``` -**Note:** *if the field was non-indexed, we would just not use the `mappings_addition` change or update the mappings (as done in example 1)* +:::{note} +If the field was non-indexed, we would just not use the `mappings_addition` change or update the mappings (as done in example 1) +::: #### Removing an existing field [_removing_an_existing_field] diff --git a/docs/extend/sharing-saved-objects.md b/docs/extend/sharing-saved-objects.md index 803de364aaf9b..3a511e36d62e2 100644 --- a/docs/extend/sharing-saved-objects.md +++ b/docs/extend/sharing-saved-objects.md @@ -64,7 +64,7 @@ There is a proof-of-concept (POC) pull request to demonstrate these changes. It ### Question 1 [sharing-saved-objects-q1] -[TBC: QUOTE] +% [TBC: QUOTE] If your objects store *any* links to other objects (with an object type/ID), you need to take specific steps to ensure that these links continue functioning after the 8.0 upgrade. @@ -72,7 +72,7 @@ If your objects store *any* links to other objects (with an object type/ID), you ⚠️ This step **must** be completed no later than the 7.16 release. ⚠️ -[TBC: QUOTE] +% [TBC: QUOTE] If you answered "Yes" to [Question 1](#sharing-saved-objects-q1), you need to make sure that your object links are *only* stored in the root-level `references` field. When a given object’s ID is changed, this field will be updated accordingly for other objects. The image below shows two different examples of object links from a "case" object to an "action" object. The top shows the incorrect way to link to another object, and the bottom shows the correct way. @@ -115,7 +115,7 @@ Reminder, don’t forget to add unit tests and integration tests! ### Question 2 [sharing-saved-objects-q2] -[TBC: QUOTE] +% [TBC: QUOTE] A deep link is a URL to a page that shows a specific object. End-users may bookmark these URLs or schedule reports with them, so it is critical to ensure that these URLs continue working. The image below shows an example of a deep link to a Canvas workpad object: ![Sharing Saved Objects deep link example](images/sharing-saved-objects-q2.png) @@ -127,7 +127,7 @@ Note that some URLs may contain [deep links to multiple objects](#sharing-saved- ⚠️ This step will preferably be completed in the 7.16 release; it **must** be completed no later than the 8.0 release. ⚠️ -[TBC: QUOTE] +% [TBC: QUOTE] If you answered "Yes" to [Question 2](#sharing-saved-objects-q2), you need to make sure that when you use the SavedObjectsClient to fetch an object using its ID, you use a different API to do so. The existing `get()` function will only find an object using its current ID. To make sure your existing deep link URLs don’t break, you should use the new `resolve()` function; [this attempts to find an object using its old ID *and* its current ID](#sharing-saved-objects-faq-legacy-url-alias). In a nutshell, if your deep link page had something like this before: @@ -167,7 +167,7 @@ You don’t need to use `resolve()` everywhere, [you should only use it for deep ⚠️ This step will preferably be completed in the 7.16 release; it **must** be completed no later than the 8.0 release. ⚠️ -[TBC: QUOTE] +% [TBC: QUOTE] The Spaces plugin API exposes React components and functions that you should use to render your UI in a consistent manner for end-users. Your UI will need to use the Core HTTP service and the Spaces plugin API to do this. Your page should change [according to the outcome](#sharing-saved-objects-faq-resolve-outcomes): @@ -289,7 +289,7 @@ Reminder, don’t forget to add unit tests and functional tests! ⚠️ This step **must** be completed in the 8.0 release (no earlier and no later). ⚠️ -[TBC: QUOTE] +% [TBC: QUOTE] After [Step 3](#sharing-saved-objects-step-3) is complete, you can add the code to convert your objects. ::::{warning} @@ -314,7 +314,7 @@ Reminder, don’t forget to add integration tests! ### Question 3 [sharing-saved-objects-q3] -[TBC: QUOTE] +% [TBC: QUOTE] Saved objects can optionally be [encrypted](docs-content://deploy-manage/security/secure-saved-objects.md) by using the Encrypted Saved Objects plugin. Very few object types are encrypted, so most plugin developers will not be affected. @@ -322,7 +322,7 @@ Saved objects can optionally be [encrypted](docs-content://deploy-manage/securit ⚠️ This step **must** be completed in the 8.0 release (no earlier and no later). ⚠️ -[TBC: QUOTE] +% [TBC: QUOTE] If you answered "Yes" to [Question 3](#sharing-saved-objects-q3), you need to take additional steps to make sure that your objects can still be decrypted after the conversion process. Encrypted saved objects use some fields as part of "additionally authenticated data" (AAD) to defend against different types of cryptographic attacks. The object ID is part of this AAD, and so it follows that the after the object’s ID is changed, the object will not be able to be decrypted with the standard process. To mitigate this, you need to add a "no-op" ESO migration that will be applied immediately after the object is converted during the 8.0 upgrade process. This will decrypt the object using its old ID and then re-encrypt it using its new ID: @@ -344,7 +344,7 @@ This section covers switching a share-capable object type into a shareable one * ### Step 6 [sharing-saved-objects-step-6] -[TBC: QUOTE] +% [TBC: QUOTE] When you register your object, you need to set the proper `namespaceType`. If you have an existing object type that is "share-capable", you can simply change it: ![Sharing Saved Objects registration (shareable)](images/sharing-saved-objects-step-6.png) @@ -352,7 +352,7 @@ When you register your object, you need to set the proper `namespaceType`. If yo ### Step 7 [sharing-saved-objects-step-7] -[TBC: QUOTE] +% [TBC: QUOTE] If an object is shared to multiple spaces, it cannot be deleted without using the [`force` delete option](https://github.com/elastic/kibana/blob/master/src/core/packages/saved-objects/api-server/src/apis/delete.ts). You should always be aware when a saved object exists in multiple spaces, and you should warn users in that case. If your UI allows users to delete your objects, you can define a warning message like this: @@ -375,7 +375,7 @@ The [Data Views page](docs-content://explore-analyze/find-and-organize/data-view ### Step 8 [sharing-saved-objects-step-8] -[TBC: QUOTE] +% [TBC: QUOTE] Users will need a way to view what spaces your objects are currently assigned to and share them to additional spaces. You can accomplish this in two ways, and many consumers will want to implement both: 1. (Highly recommended) Add reusable components to your application, making it "space-aware". The space-related components are exported by the spaces plugin, and you can use them in your own application. diff --git a/docs/reference/advanced-settings.md b/docs/reference/advanced-settings.md index 21d3682b38ef7..07eaeafa7a12c 100644 --- a/docs/reference/advanced-settings.md +++ b/docs/reference/advanced-settings.md @@ -43,10 +43,18 @@ $$$auto-complete-use-time-tange$$$`autocomplete:useTimeRange` : When disabled, autocompletes the suggestions from your data set instead of the time range. $$$bfetch-disable$$$`bfetch:disable` -: [8.15.0] When disabled, search requests from Kibana will be made in individual HTTP requests rather than bundled together. +: :::{admonition} Deprecated in 8.15.0 + This setting was deprecated in 8.15.0. + ::: + + When disabled, search requests from Kibana will be made in individual HTTP requests rather than bundled together. $$$bfetch-disable-compression$$$`bfetch:disableCompression` -: [8.15.0] When disabled, allows you to debug individual requests, but increases the response size. +: :::{admonition} Deprecated in 8.15.0 + This setting was deprecated in 8.15.0. + ::: + + When disabled, allows you to debug individual requests, but increases the response size. $$$csv-quotevalues$$$`csv:quoteValues` : Set this property to `true` to quote exported values. @@ -157,7 +165,11 @@ $$$state-storeinsessionstorage$$$`state:storeInSessionStorage` : [preview] Kibana tracks UI state in the URL, which can lead to problems when there is a lot of state information, and the URL gets very long. Enabling this setting stores part of the URL in your browser session to keep the URL short. $$$theme-darkmode$$$`theme:darkMode` -: [9.0.0] The UI theme that the {{kib}} UI should use. Set to `enabled` or `disabled` to enable or disable the dark theme. Set to `system` to have the {{kib}} UI theme follow the system theme. You must refresh the page to apply the setting. +: :::{admonition} Deprecated in 9.0.0 + This setting was deprecated in 9.0.0. + ::: + + The UI theme that the {{kib}} UI should use. Set to `enabled` or `disabled` to enable or disable the dark theme. Set to `system` to have the {{kib}} UI theme follow the system theme. You must refresh the page to apply the setting. $$$theme-version$$$`theme:version` : Kibana only ships with the v8 theme now, so this setting can no longer be edited. @@ -220,7 +232,11 @@ $$$banners-backgroundcolor$$$`banners:backgroundColor` ### Dashboard [kibana-dashboard-settings] $$$xpackdashboardmode-roles$$$`xpackDashboardMode:roles` -: [7.7.0] Deprecated; use [feature privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges) instead. The roles that belong to [dashboard only mode](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). +: :::{admonition} Deprecated in 7.7.0 + This setting was deprecated in 7.7.0. + ::: + + use [feature privileges](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md#kibana-feature-privileges) instead. The roles that belong to [dashboard only mode](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/kibana-privileges.md). ### Discover [kibana-discover-settings] @@ -416,7 +432,11 @@ Rollups are deprecated and will be removed in a future version. Use [downsamplin $$$rollups-enableindexpatterns$$$`rollups:enableIndexPatterns` -: [8.15.0] Enables the creation of data views that capture rollup indices, which in turn enables visualizations based on rollup data. Refresh the page to apply the changes. +: :::{admonition} Deprecated in 8.15.0 + This setting was deprecated in 8.15.0. + ::: + + Enables the creation of data views that capture rollup indices, which in turn enables visualizations based on rollup data. Refresh the page to apply the changes. ### Search [kibana-search-settings] @@ -439,7 +459,11 @@ $$$courier-setrequestpreference$$$`courier:setRequestPreference` $$$search-includefrozen$$$`search:includeFrozen` -: [7.16.0] Includes [frozen indices](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-unfreeze) in results. Searching through frozen indices might increase the search time. This setting is off by default. Users must opt-in to include frozen indices. +: :::{admonition} Deprecated in 7.16.0 + This setting was deprecated in 7.16.0. + ::: + + Includes [frozen indices](https://www.elastic.co/docs/api/doc/elasticsearch/operation/operation-indices-unfreeze) in results. Searching through frozen indices might increase the search time. This setting is off by default. Users must opt-in to include frozen indices. $$$search-timeout$$$`search:timeout` : Change the maximum timeout, in milliseconds (ms), for search requests. To disable the timeout and allow queries to run to completion, set to 0. The default is `600000`, or 10 minutes. @@ -502,7 +526,11 @@ $$$timelion-targetbuckets$$$`timelion:target_buckets` ### Visualization [kibana-visualization-settings] $$$visualization-uselegacytimeaxis$$$`visualization:useLegacyTimeAxis` -: [8.10.0] Enables the legacy time axis for charts in Lens, Discover, Visualize and TSVB +: :::{admonition} Deprecated in 8.10.0 + This setting was deprecated in 8.10.0. + ::: + + Enables the legacy time axis for charts in Lens, Discover, Visualize and TSVB $$$visualization-heatmap-maxbuckets$$$`visualization:heatmap:maxBuckets` : The maximum number of buckets a datasource can return. High numbers can have a negative impact on your browser rendering performance. diff --git a/docs/reference/configuration-reference/fleet-settings.md b/docs/reference/configuration-reference/fleet-settings.md index 722343e866252..c731f8ab2b2e6 100644 --- a/docs/reference/configuration-reference/fleet-settings.md +++ b/docs/reference/configuration-reference/fleet-settings.md @@ -73,30 +73,29 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `xpack.fleet.packages` : List of integrations that are installed when the {{fleet}} app starts up for the first time. - ::::{dropdown} Required properties of `xpack.fleet.packages` + **Required properties of `xpack.fleet.packages`**: + `name` : Name of the integration from the package registry. `version` : Either an exact semantic version, or the keyword `latest` to fetch the latest integration version. - :::: - `xpack.fleet.agentPolicies` : List of agent policies that are configured when the {{fleet}} app starts. - ::::{dropdown} Required properties of `xpack.fleet.agentPolicies` + **Required properties of `xpack.fleet.agentPolicies`**: + `id` : Unique ID for this policy. The ID may be a number or string. `name` : Policy name. - :::: + **Optional properties of `xpack.fleet.agentPolicies`**: - ::::{dropdown} Optional properties of `xpack.fleet.agentPolicies` `description` : Text description of this policy. @@ -130,7 +129,8 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `package_policies` : List of integration policies to add to this policy. - ::::{dropdown} Properties of `package_policies` + **Properties of `package_policies`**: + `id` : Unique ID of the integration policy. The ID may be a number or string. @@ -140,13 +140,11 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `package` : (required) Integration that this policy configures. - ::::{dropdown} Properties of `package` + **Properties of `package`**: + `name` : Name of the integration associated with this policy. - :::: - - `description` : Text string describing this integration policy. @@ -156,12 +154,6 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `inputs` : Map of input for the integration. Follows the same schema as the package policy API inputs, with the exception that any object in `vars` can be passed `frozen: true` in order to prevent that specific `var` from being edited by the user. - :::: - - - :::: - - Example configuration: ```yaml @@ -206,7 +198,8 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit :::: - ::::{dropdown} Required properties of `xpack.fleet.outputs` + **Required properties of `xpack.fleet.outputs`**: + `id` : Unique ID for this output. The ID should be a string. @@ -219,10 +212,9 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `hosts` : Array that contains the list of host for that output. - :::: + **Optional properties of `xpack.fleet.outputs`**: - ::::{dropdown} Optional properties of `xpack.fleet.outputs` `is_default` : If `true`, the output specified in `xpack.fleet.outputs` will be the one used to send agent data unless there is another one configured specifically for the agent policy. @@ -241,26 +233,19 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `ssl` : Set to enable authentication using the Secure Sockets Layer (SSL) protocol. - ::::{dropdown} Properties of `ssl` + **Properties of `ssl`**: + `certificate` : The SSL certificate that {{agents}} use to authenticate with the output. Include the full contents of the certificate here. - :::: - - `secrets` : Include here any values for preconfigured outputs that should be stored as secrets. A secret value is replaced in the `kibana.yml` settings file with a reference, with the original value stored externally as a secure hash. Note that this type of secret storage requires all configured {{fleet-server}}s to be on version 8.12.0 or later. - ::::{dropdown} Properties of `secrets` + **Properties of `secrets`** + `key`: : The private certificate key that {{agents}} use to authenticate with the output. - :::: - - - :::: - - Example `xpack.fleet.outputs` configuration: ```yaml @@ -280,7 +265,8 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `xpack.fleet.fleetServerHosts` : List of {{fleet-server}} hosts that are configured when the {{fleet}} app starts. - ::::{dropdown} Required properties of `xpack.fleet.fleetServerHosts` + **Required properties of `xpack.fleet.fleetServerHosts`** + `id` : Unique ID for the host server. @@ -290,10 +276,8 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `host_urls` : Array of one or more host URLs that {{agents}} will use to connect to {{fleet-server}}. - :::: - + **Optional properties of `xpack.fleet.fleetServerHosts`**: - ::::{dropdown} Optional properties of `xpack.fleet.fleetServerHosts` `is_default` : Whether or not this host should be the default to use for {{fleet-server}}. @@ -303,13 +287,11 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `proxy_id` : Unique ID of the proxy to access the {{fleet-server}} host. - :::: - - `xpack.fleet.proxy` : List of proxies to access {{fleet-server}} that are configured when the {{fleet}} app starts. - ::::{dropdown} Required properties of `xpack.fleet.proxy` + **Required properties of `xpack.fleet.proxy`**: + `id` : Unique ID of the proxy to access the {{fleet-server}} host. @@ -319,21 +301,17 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `url` : URL that {{agents}} use to connect to the proxy to access {{fleet-server}}. - :::: - + **Optional properties of `xpack.fleet.proxy`**: - :::::{dropdown} Optional properties of `xpack.fleet.proxy` `proxy_headers` : Map of headers to use with the proxy. .Properties of `proxy_headers` - ::::{dropdown} - `key` - : Key to use for the proxy header. - `value` - : Value to use for the proxy header. + `key` + : Key to use for the proxy header. - :::: + `value` + : Value to use for the proxy header. `certificate_authorities` @@ -345,8 +323,6 @@ These settings are not supported to pre-configure the Endpoint and Cloud Securit `certificate_key` : The certificate key used to authenticate the proxy. - ::::: - `xpack.fleet.enableExperimental` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on {{ess}}") : List of experimental feature flag to enable in Fleet. diff --git a/docs/reference/configuration-reference/general-settings.md b/docs/reference/configuration-reference/general-settings.md index 568476077dde2..aa7b15decbc68 100644 --- a/docs/reference/configuration-reference/general-settings.md +++ b/docs/reference/configuration-reference/general-settings.md @@ -325,8 +325,12 @@ $$$server-compression$$$ `server.compression.enabled` : Specifies an array of trusted hostnames, such as the {{kib}} host, or a reverse proxy sitting in front of it. This determines whether HTTP compression may be used for responses, based on the request `Referer` header. This setting may not be used when [`server.compression.enabled`](#server-compression) is set to `false`. **Default: `none`** `server.compression.brotli.enabled` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on {{ess}}") -: Set to `true` to enable brotli (br) compression format. NOTE: Browsers not supporting brotli compression will fallback to using gzip instead. This setting may not be used when [`server.compression.enabled`](#server-compression) is set to `false`. **Default: `false`** +: Set to `true` to enable brotli (br) compression format. + + :::{note} + Browsers not supporting brotli compression will fallback to using gzip instead. This setting may not be used when [`server.compression.enabled`](#server-compression) is set to `false`. **Default: `false`** It is available in {{ecloud}} 8.6.0 and later versions. + ::: $$$server-securityResponseHeaders-strictTransportSecurity$$$ `server.securityResponseHeaders.strictTransportSecurity` ![logo cloud](https://doc-icons.s3.us-east-2.amazonaws.com/logo_cloud.svg "Supported on {{ess}}") : Controls whether the [`Strict-Transport-Security`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security) header is used in all responses to the client from the {{kib}} server, and specifies what value is used. Allowed values are any text value or `null`. To disable, set to `null`. **Default:** `null` @@ -547,7 +551,6 @@ $$$settings-explore-data-in-chart$$$ `xpack.discoverEnhanced.actions.exploreData ::::{admonition} Deprecated in 8.11.0. :class: warning - Rollups are deprecated and will be removed in a future version. Use [downsampling](docs-content://manage-data/data-store/data-streams/downsampling-time-series-data-stream.md) instead. :::: diff --git a/docs/reference/configuration-reference/monitoring-settings.md b/docs/reference/configuration-reference/monitoring-settings.md index e98597341cba4..54367c0723000 100644 --- a/docs/reference/configuration-reference/monitoring-settings.md +++ b/docs/reference/configuration-reference/monitoring-settings.md @@ -90,7 +90,11 @@ $$$monitoring-ui-enabled$$$ `monitoring.ui.enabled` : Specifies the name of the indices that are shown on the [**Logs**](docs-content://deploy-manage/monitor/monitoring-data/elasticsearch-metrics.md#logs-monitor-page) page in **{{stack-monitor-app}}**. The default value is `filebeat-*`. `monitoring.ui.metricbeat.index` -: [8.1.1] Used as a workaround to avoid querying `metricbeat-*` indices which are now no longer queried. The default value is `metricbeat-*`. +: :::{admonition} Deprecated in 8.15.0 + This setting was deprecated in 8.15.0. + ::: + + Used as a workaround to avoid querying `metricbeat-*` indices which are now no longer queried. The default value is `metricbeat-*`. `monitoring.ui.max_bucket_size` : Specifies the number of term buckets to return out of the overall terms list when performing terms aggregations to retrieve index and node metrics. For more information about the `size` parameter, see [Terms Aggregation](elasticsearch://reference/aggregations/search-aggregations-bucket-terms-aggregation.md#search-aggregations-bucket-terms-aggregation-size). Defaults to `10000`. diff --git a/docs/reference/configuration-reference/reporting-settings.md b/docs/reference/configuration-reference/reporting-settings.md index 05d264da6f9d9..479ad6bf39666 100644 --- a/docs/reference/configuration-reference/reporting-settings.md +++ b/docs/reference/configuration-reference/reporting-settings.md @@ -65,7 +65,11 @@ Reporting generates reports on the {{kib}} server as background tasks, and jobs : If capturing a report fails for any reason, {{kib}} will re-queue the report job for retry, as many times as this setting. Defaults to `3`. `xpack.reporting.queue.indexInterval` -: [8.15.0] How often Reporting creates a new index to store report jobs and file contents. Valid values are `year`, `month`, `week`, `day`, and `hour`. Defaults to `week`. **NOTE**: This setting exists for backwards compatibility, but is unused. Use the built-in ILM policy provided for the reporting plugin to customize the rollover of Reporting data. +: :::{admonition} Deprecated in 8.15.0 + This setting was deprecated in 8.15.0. + ::: + + How often Reporting creates a new index to store report jobs and file contents. Valid values are `year`, `month`, `week`, `day`, and `hour`. Defaults to `week`. **NOTE**: This setting exists for backwards compatibility, but is unused. Use the built-in ILM policy provided for the reporting plugin to customize the rollover of Reporting data. $$$xpack-reportingQueue-pollEnabled$$$ `xpack.reporting.queue.pollEnabled` : When `true`, enables the {{kib}} instance to poll {{es}} for pending jobs and claim them for execution. When `false`, allows the {{kib}} instance to only add new jobs to the reporting queue, list jobs, and provide the downloads to completed reports through the UI. This requires a deployment where at least one other {{kib}} instance in the Elastic cluster has this setting to `true`. The default is `true`. @@ -111,7 +115,11 @@ If any timeouts from `xpack.screenshotting.capture.timeouts.*` settings occur wh `xpack.screenshotting.capture.loadDelay` -: [8.0.0] Specify the [amount of time](elasticsearch://reference/elasticsearch/rest-apis/api-conventions.md#time-units) before taking a screenshot when visualizations are not evented. All visualizations that ship with {{kib}} are evented, so this setting should not have much effect. If you are seeing empty images instead of visualizations, try increasing this value. **NOTE**: This setting exists for backwards compatibility, but is unused and therefore does not have an affect on reporting performance. +: :::{admonition} Deprecated in 8.0.0 + This setting was deprecated in 8.0.0. + ::: + + Specify the [amount of time](elasticsearch://reference/elasticsearch/rest-apis/api-conventions.md#time-units) before taking a screenshot when visualizations are not evented. All visualizations that ship with {{kib}} are evented, so this setting should not have much effect. If you are seeing empty images instead of visualizations, try increasing this value. **NOTE**: This setting exists for backwards compatibility, but is unused and therefore does not have an affect on reporting performance. ### Chromium headless browser settings [reporting-chromium-settings] diff --git a/docs/reference/configuration-reference/task-manager-settings.md b/docs/reference/configuration-reference/task-manager-settings.md index 73a6e46735419..f9a91466945dd 100644 --- a/docs/reference/configuration-reference/task-manager-settings.md +++ b/docs/reference/configuration-reference/task-manager-settings.md @@ -25,7 +25,11 @@ Task Manager runs background tasks by polling for work on an interval. You can : How many requests can Task Manager buffer before it rejects new requests. Defaults to 1000. `xpack.task_manager.max_workers` -: [8.16.0] The maximum number of tasks that this Kibana instance will run simultaneously. Defaults to 10. Starting in 8.0, it will not be possible to set the value greater than 100. +: :::{admonition} Deprecated in 8.16.0 + This setting was deprecated in 8.16.0. + ::: + + The maximum number of tasks that this Kibana instance will run simultaneously. Defaults to 10. Starting in 8.0, it will not be possible to set the value greater than 100. `xpack.task_manager.monitored_stats_health_verbose_log.enabled` : This flag will enable automatic warn and error logging if task manager self detects a performance issue, such as the time between when a task is scheduled to execute and when it actually executes. Defaults to false. diff --git a/docs/reference/connectors-kibana/cases-webhook-action-type.md b/docs/reference/connectors-kibana/cases-webhook-action-type.md index f83a982b118ac..71f2dc525f557 100644 --- a/docs/reference/connectors-kibana/cases-webhook-action-type.md +++ b/docs/reference/connectors-kibana/cases-webhook-action-type.md @@ -7,8 +7,11 @@ mapped_pages: # {{webhook-cm}} connector and action [cases-webhook-action-type] -The {{webhook-cm}} connector uses [axios](https://github.com/axios/axios) to send POST, PUT, and GET requests to a case management RESTful API web service. [8.15.0] +The {{webhook-cm}} connector uses [axios](https://github.com/axios/axios) to send POST, PUT, and GET requests to a case management RESTful API web service. +:::{admonition} Added in 8.15.0 +The {{webhook-cm}} connector was added in 8.15.0. +::: ## Create connectors in {{kib}} [define-cases-webhook-ui] diff --git a/docs/reference/connectors-kibana/email-action-type.md b/docs/reference/connectors-kibana/email-action-type.md index 18e01d90e6979..9fe2ccc73746d 100644 --- a/docs/reference/connectors-kibana/email-action-type.md +++ b/docs/reference/connectors-kibana/email-action-type.md @@ -140,7 +140,9 @@ You must use your Amazon SES SMTP credentials to send email through Amazon SES. ### Microsoft Exchange with basic authentication [exchange-basic-auth] -[7.16.0] +:::{admonition} Deprecated in 7.16.0 +Microsoft Exchange with basic authentication was deprecated in 7.16.0. +::: To prepare for the removal of Basic Auth, you must update all existing Microsoft Exchange connectors with the new configuration based on the [OAuth 2.0 Client Credentials Authentication](https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow). diff --git a/docs/reference/connectors-kibana/pre-configured-connectors.md b/docs/reference/connectors-kibana/pre-configured-connectors.md index 2519b14db57d2..55259378de4d6 100644 --- a/docs/reference/connectors-kibana/pre-configured-connectors.md +++ b/docs/reference/connectors-kibana/pre-configured-connectors.md @@ -244,7 +244,9 @@ Use the following email connector configuration to send email from the [Gmail](h #### Microsoft Exchange with basic authentication [preconfigured-email-configuration-exchange-basic-auth] -[7.16.0] +:::{admonition} Deprecated in 7.16.0 +Microsoft Exchange with basic authentication was deprecated in 7.16.0. +::: ```text config: @@ -343,7 +345,11 @@ xpack.actions.preconfigured: 1. The {{ibm-r}} instance URL. 2. The {{ibm-r}} organization identifier. 3. The authentication key ID for HTTP basic authentication. -4. The authentication key secret for HTTP basic authentication. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +4. The authentication key secret for HTTP basic authentication. + + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: @@ -386,7 +392,11 @@ xpack.actions.preconfigured: 1. The Jira instance URL. 2. The Jira project key. 3. The account email for HTTP basic authentication. -4. The API authentication token for HTTP basic authentication. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +4. The API authentication token for HTTP basic authentication. + + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: @@ -477,7 +487,11 @@ xpack.actions.preconfigured: 1. The ServiceNow instance URL. 2. A user name. -3. A password. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +3. A password. + + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: The following example creates a {{sn-itom}} connector with OAuth authentication: @@ -532,7 +546,11 @@ xpack.actions.preconfigured: 1. The ServiceNow instance URL. 2. Specifies whether the connector uses the Table API or the Import Set API. If `usesTableApi` is `false`, the Elastic application should be installed in {{sn}}. 3. The user name. -4. The password. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +4. The password. + + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: The following example creates a {{sn-itsm}} connector with OAuth authentication: @@ -588,7 +606,11 @@ xpack.actions.preconfigured: 1. The ServiceNow instance URL. 2. Specifies whether the connector uses the Table API or the Import Set API. If `usesTableApi` is false, the Elastic application should be installed in {{sn}}. 3. The user name. -4. The password. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +4. The password. + + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: The following example creates a {{sn-sir}} connector with OAuth authentication: @@ -710,7 +732,11 @@ xpack.actions.preconfigured: 1. The {{swimlane}} instance URL. 2. The {{swimlane}} application identifier. 3. Field mappings for properties such as the alert identifer, severity, and rule name. -4. The API authentication token for HTTP basic authentication. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +4. The API authentication token for HTTP basic authentication. + + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: @@ -781,8 +807,11 @@ xpack.actions.preconfigured: 3. A set of key-value pairs sent as headers with the request. 4. If `true`, this connector will require values for `user` and `password` inside the secrets configuration. Defaults to `true`. 5. A valid user name. Required if `hasAuth` is set to `true`. -6. A valid password. Required if `hasAuth` is set to `true`. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +6. A valid password. Required if `hasAuth` is set to `true`. + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: ::::{note} SSL authentication is not supported in preconfigured webhook connectors. @@ -859,7 +888,11 @@ xpack.actions.preconfigured: 1. The request URL for the Elastic Alerts trigger in xMatters. 2. Indicates whether the connector uses HTTP basic authentication. If `true`, you must provide `user` and `password` values. Defaults to `true`. 3. A user name for authentication, which is required when `usesBasic` is `true`. -4. A password for authentication, which is required when `usesBasic` is `true`. NOTE: This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). +4. A password for authentication, which is required when `usesBasic` is `true`. + + :::{note} + This value should be stored in the [{{kib}} keystore](docs-content://deploy-manage/security/secure-settings.md#creating-keystore). + ::: The following example creates an xMatters connector with URL authentication: diff --git a/docs/reference/connectors-kibana/servicenow-action-type.md b/docs/reference/connectors-kibana/servicenow-action-type.md index cfe599f94a5a5..07b8e480d86f0 100644 --- a/docs/reference/connectors-kibana/servicenow-action-type.md +++ b/docs/reference/connectors-kibana/servicenow-action-type.md @@ -260,8 +260,8 @@ This step is required to use OAuth for authentication between Elastic and {{sn}} * **Name**: Name the application. * **User field**: Select the field to use as the user identifier. -% TO DO: Use `:class: screenshot` -![Shows new application form in ServiceNow](../images/servicenow-new-application.png) + % TO DO: Use `:class: screenshot` + ![Shows new application form in ServiceNow](../images/servicenow-new-application.png) ::::{important} Remember the selected user field. You will use this as the **User Identifier Value** when creating the connector. For example, if you selected **Email** for **User field**, you will use the user’s email for the **User Identifier Value**. diff --git a/docs/reference/connectors-kibana/servicenow-itom-action-type.md b/docs/reference/connectors-kibana/servicenow-itom-action-type.md index 97686f96b2354..3123e9bba3f3c 100644 --- a/docs/reference/connectors-kibana/servicenow-itom-action-type.md +++ b/docs/reference/connectors-kibana/servicenow-itom-action-type.md @@ -187,8 +187,8 @@ This step is required to use OAuth for authentication between Elastic and {{sn}} * **Name**: Name the application. * **User field**: Select the field to use as the user identifier. -% TO DO: Use `:class: screenshot` -![Shows new application form in ServiceNow](../images/servicenow-new-application.png) + % TO DO: Use `:class: screenshot` + ![Shows new application form in ServiceNow](../images/servicenow-new-application.png) ::::{important} Remember the selected user field. You will use this as the **User Identifier Value** when creating the connector. For example, if you selected **Email** for **User field**, you will use the user’s email for the **User Identifier Value**. diff --git a/docs/reference/connectors-kibana/servicenow-sir-action-type.md b/docs/reference/connectors-kibana/servicenow-sir-action-type.md index c4def517d31d5..b1dd76c5c5e86 100644 --- a/docs/reference/connectors-kibana/servicenow-sir-action-type.md +++ b/docs/reference/connectors-kibana/servicenow-sir-action-type.md @@ -235,8 +235,8 @@ This step is required to use OAuth for authentication between Elastic and {{sn}} * **Name**: Name the certificate. * **PEM Certificate**: Copy the generated public key into this text field. -% TO DO: Use `:class: screenshot` -![Shows new certificate form in ServiceNow](../images/servicenow-new-certificate.png) + % TO DO: Use `:class: screenshot` + ![Shows new certificate form in ServiceNow](../images/servicenow-new-certificate.png) 3. Click **Submit** to create the certificate. @@ -248,16 +248,16 @@ This step is required to use OAuth for authentication between Elastic and {{sn}} 1. In your {{sn}} instance, go to **Application Registry** and select **New**. 2. Select **Create an OAuth JWT API endpoint for external clients** from the list of options. -% TO DO: Use `:class: screenshot` -![Shows application type selection](../images/servicenow-jwt-endpoint.png) + % TO DO: Use `:class: screenshot` + ![Shows application type selection](../images/servicenow-jwt-endpoint.png) 3. Configure the application as follows: * **Name**: Name the application. * **User field**: Select the field to use as the user identifier. -% TO DO: Use `:class: screenshot` -![Shows new application form in ServiceNow](../images/servicenow-new-application.png) + % TO DO: Use `:class: screenshot` + ![Shows new application form in ServiceNow](../images/servicenow-new-application.png) ::::{important} Remember the selected user field. You will use this as the **User Identifier Value** when creating the connector. For example, if you selected **Email** for **User field**, you will use the user’s email for the **User Identifier Value**. @@ -271,14 +271,14 @@ This step is required to use OAuth for authentication between Elastic and {{sn}} * **Name**: Name the JWT Verifier Map. * **Sys certificate**: Click the search icon and select the name of the certificate created in the previous step. -% TO DO: Use `:class: screenshot` -![Shows new JWT Verifier Map form in ServiceNow](../images/servicenow-new-jwt-verifier-map.png) + % TO DO: Use `:class: screenshot` + ![Shows new JWT Verifier Map form in ServiceNow](../images/servicenow-new-jwt-verifier-map.png) 8. Click **Submit** to create the verifier map. 9. Note the **Client ID**, **Client Secret** and **JWT Key ID**. You will need these values to create your {{sn}} connector. -% TO DO: Use `:class: screenshot` -![Shows where to find OAuth values in ServiceNow](../images/servicenow-oauth-values.png) + % TO DO: Use `:class: screenshot` + ![Shows where to find OAuth values in ServiceNow](../images/servicenow-oauth-values.png) diff --git a/docs/reference/connectors-kibana/thehive-action-type.md b/docs/reference/connectors-kibana/thehive-action-type.md index 328d2840072ef..449b3c9e67b6b 100644 --- a/docs/reference/connectors-kibana/thehive-action-type.md +++ b/docs/reference/connectors-kibana/thehive-action-type.md @@ -7,7 +7,11 @@ mapped_pages: # {{hive}} connector and action [thehive-action-type] -{{hive}} connector uses the [{{hive}} (v1) REST API](https://docs.strangebee.com/thehive/api-docs/) to create cases and alerts. [8.16.0] +{{hive}} connector uses the [{{hive}} (v1) REST API](https://docs.strangebee.com/thehive/api-docs/) to create cases and alerts. + +:::{admonition} Added in 8.16.0 +The {{hive}} connector was added in 8.16.0. +::: ::::{note} If you use this connector with [cases](docs-content://explore-analyze/alerts-cases/cases.md), the status values differ in {{kib}} and {{hive}}. The status values are not synchronized when you update a case. diff --git a/docs/reference/connectors-kibana/webhook-action-type.md b/docs/reference/connectors-kibana/webhook-action-type.md index ab3ddf4bb1e06..de8bce6630416 100644 --- a/docs/reference/connectors-kibana/webhook-action-type.md +++ b/docs/reference/connectors-kibana/webhook-action-type.md @@ -45,7 +45,6 @@ Certificate authority Verification mode : Controls the certificate verification. - * Use `full` to validate that the certificate has an issue date within the `not_before` and `not_after` dates, chains to a trusted certificate authority, and has a hostname or IP address that matches the names within the certificate. * Use `certificate` to validate the certificate and verifies that it is signed by a trusted authority; this option does not check the certificate hostname. * Use `none` to skip certificate validation. diff --git a/docs/reference/kibana-audit-events.md b/docs/reference/kibana-audit-events.md index 3c0c7eaf25b92..b911a8499852c 100644 --- a/docs/reference/kibana-audit-events.md +++ b/docs/reference/kibana-audit-events.md @@ -22,114 +22,111 @@ To ensure that a record of every operation is persisted even in case of an unexp ### Category: authentication -| | -| --- | | **Action** | **Outcome** | **Description** | +| --- | --- | --- | | `user_login` | `success` | User has logged in successfully. | -| `failure` | Failed login attempt (e.g. due to invalid credentials). | -| `user_logout` | `unknown` | User is logging out. | +| `user_login` | `failure` | Failed login attempt (e.g. due to invalid credentials). | +| `user_logout`| `unknown` | User is logging out. | | `session_cleanup` | `unknown` | Removing invalid or expired session. | | `access_agreement_acknowledged` | n/a | User has acknowledged the access agreement. | ### Category: database #### Type: creation -| | -| --- | | **Action** | **Outcome** | **Description** | +| --- | --- | --- | | `saved_object_create` | `unknown` | User is creating a saved object. | -| `failure` | User is not authorized to create a saved object. | +| `saved_object_create` | `failure` | User is not authorized to create a saved object. | | `saved_object_open_point_in_time` | `unknown` | User is creating a Point In Time to use when querying saved objects. | -| `failure` | User is not authorized to create a Point In Time for the provided saved object types. | +| `saved_object_open_point_in_time` | `failure` | User is not authorized to create a Point In Time for the provided saved object types. | | `connector_create` | `unknown` | User is creating a connector. | -| `failure` | User is not authorized to create a connector. | +| `connector_create` | `failure` | User is not authorized to create a connector. | | `rule_create` | `unknown` | User is creating a rule. | -| `failure` | User is not authorized to create a rule. | +| `rule_create` | `failure` | User is not authorized to create a rule. | | `ad_hoc_run_create` | `unknown` | User is creating an ad hoc run. | -| `failure` | User is not authorized to create an ad hoc run. | +| `ad_hoc_run_create` | `failure` | User is not authorized to create an ad hoc run. | | `space_create` | `unknown` | User is creating a space. | -| `failure` | User is not authorized to create a space. | +| `space_create` | `failure` | User is not authorized to create a space. | | `case_create` | `unknown` | User is creating a case. | -| `failure` | User is not authorized to create a case. | +| `case_create` | `failure` | User is not authorized to create a case. | | `case_configuration_create` | `unknown` | User is creating a case configuration. | -| `failure` | User is not authorized to create a case configuration. | +| `case_configuration_create` | `failure` | User is not authorized to create a case configuration. | | `case_comment_create` | `unknown` | User is creating a case comment. | -| `failure` | User is not authorized to create a case comment. | +| `case_comment_create` | `failure` | User is not authorized to create a case comment. | | `case_comment_bulk_create` | `unknown` | User is creating multiple case comments. | -| `failure` | User is not authorized to create multiple case comments. | +| `case_comment_bulk_create` | `failure` | User is not authorized to create multiple case comments. | | `case_user_action_create_comment` | `success` | User has created a case comment. | | `case_user_action_create_case` | `success` | User has created a case. | | `ml_put_ad_job` | `success` | Creating anomaly detection job. | -| `failure` | Failed to create anomaly detection job. | +| `ml_put_ad_job` | `failure` | Failed to create anomaly detection job. | | `ml_put_ad_datafeed` | `success` | Creating anomaly detection datafeed. | -| `failure` | Failed to create anomaly detection datafeed. | +| `ml_put_ad_datafeed` | `failure` | Failed to create anomaly detection datafeed. | | `ml_put_calendar` | `success` | Creating calendar. | -| `failure` | Failed to create calendar. | +| `ml_put_calendar` | `failure` | Failed to create calendar. | | `ml_post_calendar_events` | `success` | Adding events to calendar. | -| `failure` | Failed to add events to calendar. | +| `ml_post_calendar_events` | `failure` | Failed to add events to calendar. | | `ml_forecast` | `success` | Creating anomaly detection forecast. | -| `failure` | Failed to create anomaly detection forecast. | +| `ml_forecast` | `failure` | Failed to create anomaly detection forecast. | | `ml_put_filter` | `success` | Creating filter. | -| `failure` | Failed to create filter. | +| `ml_put_filter` | `failure` | Failed to create filter. | | `ml_put_dfa_job` | `success` | Creating data frame analytics job. | -| `failure` | Failed to create data frame analytics job. | +| `ml_put_dfa_job` | `failure` | Failed to create data frame analytics job. | | `ml_put_trained_model` | `success` | Creating trained model. | -| `failure` | Failed to create trained model. | +| `ml_put_trained_model` | `failure` | Failed to create trained model. | | `product_documentation_create` | `unknown` | User requested to install the product documentation for use in AI Assistants. | | `knowledge_base_entry_create` | `success` | User has created knowledge base entry [id=x] | -| `failure` | Failed attempt to create a knowledge base entry | +| `knowledge_base_entry_create` | `failure` | Failed attempt to create a knowledge base entry | | `knowledge_base_entry_update` | `success` | User has updated knowledge base entry [id=x] | -| `failure` | Failed attempt to update a knowledge base entry | +| `knowledge_base_entry_update` | `failure` | Failed attempt to update a knowledge base entry | | `knowledge_base_entry_delete` | `success` | User has deleted knowledge base entry [id=x] | -| `failure` | Failed attempt to delete a knowledge base entry | +| `knowledge_base_entry_delete` | `failure` | Failed attempt to delete a knowledge base entry | #### Type: change -| | -| --- | | **Action** | **Outcome** | **Description** | +| --- | --- | --- | | `saved_object_update` | `unknown` | User is updating a saved object. | -| `failure` | User is not authorized to update a saved object. | -| `saved_object_update_objects_spaces` | `unknown` | User is adding and/or removing a saved object to/from other spaces. | -| `failure` | User is not authorized to add or remove a saved object to or from other spaces. | +| `saved_object_update` | `failure` | User is not authorized to update a saved object. | +| `saved_object_update_objects_spaces` | `unknown` | User is adding and/or removing a saved object to/from other | +| `saved_object_update_objects_spaces` spaces. | `failure` | User is not authorized to add or remove a saved object to or from other spaces. | | `saved_object_remove_references` | `unknown` | User is removing references to a saved object. | -| `failure` | User is not authorized to remove references to a saved object. | -| `saved_object_collect_multinamespace_references` | `success` | User has accessed references to a multi-space saved object. | -| `failure` | User is not authorized to access references to a multi-space saved object. | +| `saved_object_remove_references` | `failure` | User is not authorized to remove references to a saved object. | +| `saved_object_collect_multinamespace_references` | `success` | User has accessed references to a multi-space saved | +| `saved_object_collect_multinamespace_references` object. | `failure` | User is not authorized to access references to a multi-space saved object. | | `connector_update` | `unknown` | User is updating a connector. | -| `failure` | User is not authorized to update a connector. | +| `connector_update` | `failure` | User is not authorized to update a connector. | | `rule_update` | `unknown` | User is updating a rule. | -| `failure` | User is not authorized to update a rule. | +| `rule_update` | `failure` | User is not authorized to update a rule. | | `rule_update_api_key` | `unknown` | User is updating the API key of a rule. | -| `failure` | User is not authorized to update the API key of a rule. | +| `rule_update_api_key` | `failure` | User is not authorized to update the API key of a rule. | | `rule_enable` | `unknown` | User is enabling a rule. | -| `failure` | User is not authorized to enable a rule. | +| `rule_enable` | `failure` | User is not authorized to enable a rule. | | `rule_disable` | `unknown` | User is disabling a rule. | -| `failure` | User is not authorized to disable a rule. | +| `rule_disable` | `failure` | User is not authorized to disable a rule. | | `rule_mute` | `unknown` | User is muting a rule. | -| `failure` | User is not authorized to mute a rule. | +| `rule_mute` | `failure` | User is not authorized to mute a rule. | | `rule_unmute` | `unknown` | User is unmuting a rule. | -| `failure` | User is not authorized to unmute a rule. | +| `rule_unmute` | `failure` | User is not authorized to unmute a rule. | | `rule_alert_mute` | `unknown` | User is muting an alert. | -| `failure` | User is not authorized to mute an alert. | +| `rule_alert_mute` | `failure` | User is not authorized to mute an alert. | | `rule_alert_unmute` | `unknown` | User is unmuting an alert. | -| `failure` | User is not authorized to unmute an alert. | +| `rule_alert_unmute` | `failure` | User is not authorized to unmute an alert. | | `space_update` | `unknown` | User is updating a space. | -| `failure` | User is not authorized to update a space. | +| `space_update` | `failure` | User is not authorized to update a space. | | `alert_update` | `unknown` | User is updating an alert. | -| `failure` | User is not authorized to update an alert. | +| `alert_update` | `failure` | User is not authorized to update an alert. | | `rule_snooze` | `unknown` | User is snoozing a rule. | -| `failure` | User is not authorized to snooze a rule. | +| `rule_snooze` | `failure` | User is not authorized to snooze a rule. | | `rule_unsnooze` | `unknown` | User is unsnoozing a rule. | -| `failure` | User is not authorized to unsnooze a rule. | +| `rule_unsnooze` | `failure` | User is not authorized to unsnooze a rule. | | `case_update` | `unknown` | User is updating a case. | -| `failure` | User is not authorized to update a case. | +| `case_update` | `failure` | User is not authorized to update a case. | | `case_push` | `unknown` | User is pushing a case to an external service. | -| `failure` | User is not authorized to push a case to an external service. | +| `case_push` | `failure` | User is not authorized to push a case to an external service. | | `case_configuration_update` | `unknown` | User is updating a case configuration. | -| `failure` | User is not authorized to update a case configuration. | +| `case_configuration_update` | `failure` | User is not authorized to update a case configuration. | | `case_comment_update` | `unknown` | User is updating a case comment. | -| `failure` | User is not authorized to update a case comment. | +| `case_comment_update` | `failure` | User is not authorized to update a case comment. | | `case_user_action_add_case_assignees` | `success` | User has added a case assignee. | | `case_user_action_update_case_connector` | `success` | User has updated a case connector. | | `case_user_action_update_case_description` | `success` | User has updated a case description. | @@ -140,177 +137,174 @@ To ensure that a record of every operation is persisted even in case of an unexp | `case_user_action_add_case_tags` | `success` | User has added tags to a case. | | `case_user_action_update_case_title` | `success` | User has updated the case title. | | `ml_open_ad_job` | `success` | Opening anomaly detection job. | -| `failure` | Failed to open anomaly detection job. | +| `ml_open_ad_job` | `failure` | Failed to open anomaly detection job. | | `ml_close_ad_job` | `success` | Closing anomaly detection job. | -| `failure` | Failed to close anomaly detection job. | +| `ml_close_ad_job` | `failure` | Failed to close anomaly detection job. | | `ml_start_ad_datafeed` | `success` | Starting anomaly detection datafeed. | -| `failure` | Failed to start anomaly detection datafeed. | +| `ml_start_ad_datafeed` | `failure` | Failed to start anomaly detection datafeed. | | `ml_stop_ad_datafeed` | `success` | Stopping anomaly detection datafeed. | -| `failure` | Failed to stop anomaly detection datafeed. | +| `ml_stop_ad_datafeed` | `failure` | Failed to stop anomaly detection datafeed. | | `ml_update_ad_job` | `success` | Updating anomaly detection job. | -| `failure` | Failed to update anomaly detection job. | +| `ml_update_ad_job` | `failure` | Failed to update anomaly detection job. | | `ml_reset_ad_job` | `success` | Resetting anomaly detection job. | -| `failure` | Failed to reset anomaly detection job. | +| `ml_reset_ad_job` | `failure` | Failed to reset anomaly detection job. | | `ml_revert_ad_snapshot` | `success` | Reverting anomaly detection snapshot. | -| `failure` | Failed to revert anomaly detection snapshot. | +| `ml_revert_ad_snapshot` | `failure` | Failed to revert anomaly detection snapshot. | | `ml_update_ad_datafeed` | `success` | Updating anomaly detection datafeed. | -| `failure` | Failed to update anomaly detection datafeed. | +| `ml_update_ad_datafeed` | `failure` | Failed to update anomaly detection datafeed. | | `ml_put_calendar_job` | `success` | Adding job to calendar. | -| `failure` | Failed to add job to calendar. | +| `ml_put_calendar_job` | `failure` | Failed to add job to calendar. | | `ml_delete_calendar_job` | `success` | Removing job from calendar. | -| `failure` | Failed to remove job from calendar. | +| `ml_delete_calendar_job` | `failure` | Failed to remove job from calendar. | | `ml_update_filter` | `success` | Updating filter. | -| `failure` | Failed to update filter. | +| `ml_update_filter` | `failure` | Failed to update filter. | | `ml_start_dfa_job` | `success` | Starting data frame analytics job. | -| `failure` | Failed to start data frame analytics job. | +| `ml_start_dfa_job` | `failure` | Failed to start data frame analytics job. | | `ml_stop_dfa_job` | `success` | Stopping data frame analytics job. | -| `failure` | Failed to stop data frame analytics job. | +| `ml_stop_dfa_job` | `failure` | Failed to stop data frame analytics job. | | `ml_update_dfa_job` | `success` | Updating data frame analytics job. | -| `failure` | Failed to update data frame analytics job. | +| `ml_update_dfa_job` | `failure` | Failed to update data frame analytics job. | | `ml_start_trained_model_deployment` | `success` | Starting trained model deployment. | -| `failure` | Failed to start trained model deployment. | +| `ml_start_trained_model_deployment` | `failure` | Failed to start trained model deployment. | | `ml_stop_trained_model_deployment` | `success` | Stopping trained model deployment. | -| `failure` | Failed to stop trained model deployment. | +| `ml_stop_trained_model_deployment` | `failure` | Failed to stop trained model deployment. | | `ml_update_trained_model_deployment` | `success` | Updating trained model deployment. | -| `failure` | Failed to update trained model deployment. | +| `ml_update_trained_model_deployment` | `failure` | Failed to update trained model deployment. | | `product_documentation_update` | `unknown` | User requested to update the product documentation for use in AI Assistants. | #### Type: deletion -| | -| --- | | **Action** | **Outcome** | **Description** | +| --- | --- | --- | | `saved_object_delete` | `unknown` | User is deleting a saved object. | -| `failure` | User is not authorized to delete a saved object. | +| `saved_object_delete` | `failure` | User is not authorized to delete a saved object. | | `saved_object_close_point_in_time` | `unknown` | User is deleting a Point In Time that was used to query saved objects. | -| `failure` | User is not authorized to delete a Point In Time. | +| `saved_object_close_point_in_time` | `failure` | User is not authorized to delete a Point In Time. | | `connector_delete` | `unknown` | User is deleting a connector. | -| `failure` | User is not authorized to delete a connector. | +| `connector_delete` | `failure` | User is not authorized to delete a connector. | | `rule_delete` | `unknown` | User is deleting a rule. | -| `failure` | User is not authorized to delete a rule. | +| `rule_delete` | `failure` | User is not authorized to delete a rule. | | `ad_hoc_run_delete` | `unknown` | User is deleting an ad hoc run. | -| `failure` | User is not authorized to delete an ad hoc run. | +| `ad_hoc_run_delete` | `failure` | User is not authorized to delete an ad hoc run. | | `space_delete` | `unknown` | User is deleting a space. | -| `failure` | User is not authorized to delete a space. | +| `space_delete` | `failure` | User is not authorized to delete a space. | | `case_delete` | `unknown` | User is deleting a case. | -| `failure` | User is not authorized to delete a case. | +| `case_delete` | `failure` | User is not authorized to delete a case. | | `case_comment_delete_all` | `unknown` | User is deleting all comments associated with a case. | -| `failure` | User is not authorized to delete all comments associated with a case. | +| `case_comment_delete_all` | `failure` | User is not authorized to delete all comments associated with a case. | | `case_comment_delete` | `unknown` | User is deleting a case comment. | -| `failure` | User is not authorized to delete a case comment. | +| `case_comment_delete` | `failure` | User is not authorized to delete a case comment. | | `case_user_action_delete_case_assignees` | `success` | User has removed a case assignee. | | `case_user_action_delete_comment` | `success` | User has deleted a case comment. | | `case_user_action_delete_case` | `success` | User has deleted a case. | | `case_user_action_delete_case_tags` | `success` | User has removed tags from a case. | | `ml_delete_ad_job` | `success` | Deleting anomaly detection job. | -| `failure` | Failed to delete anomaly detection job. | +| `ml_delete_ad_job` | `failure` | Failed to delete anomaly detection job. | | `ml_delete_model_snapshot` | `success` | Deleting model snapshot. | -| `failure` | Failed to delete model snapshot. | +| `ml_delete_model_snapshot` | `failure` | Failed to delete model snapshot. | | `ml_delete_ad_datafeed` | `success` | Deleting anomaly detection datafeed. | -| `failure` | Failed to delete anomaly detection datafeed. | +| `ml_delete_ad_datafeed` | `failure` | Failed to delete anomaly detection datafeed. | | `ml_delete_calendar` | `success` | Deleting calendar. | -| `failure` | Failed to delete calendar. | +| `ml_delete_calendar` | `failure` | Failed to delete calendar. | | `ml_delete_calendar_event` | `success` | Deleting calendar event. | -| `failure` | Failed to delete calendar event. | +| `ml_delete_calendar_event` | `failure` | Failed to delete calendar event. | | `ml_delete_filter` | `success` | Deleting filter. | -| `failure` | Failed to delete filter. | +| `ml_delete_filter` | `failure` | Failed to delete filter. | | `ml_delete_forecast` | `success` | Deleting forecast. | -| `failure` | Failed to delete forecast. | +| `ml_delete_forecast` | `failure` | Failed to delete forecast. | | `ml_delete_dfa_job` | `success` | Deleting data frame analytics job. | -| `failure` | Failed to delete data frame analytics job. | +| `ml_delete_dfa_job` | `failure` | Failed to delete data frame analytics job. | | `ml_delete_trained_model` | `success` | Deleting trained model. | -| `failure` | Failed to delete trained model. | +| `ml_delete_trained_model` | `failure` | Failed to delete trained model. | | `product_documentation_delete` | `unknown` | User requested to delete the product documentation for use in AI Assistants. | #### Type: access -| | -| --- | | **Action** | **Outcome** | **Description** | +| --- | --- | --- | | `saved_object_get` | `success` | User has accessed a saved object. | -| `failure` | User is not authorized to access a saved object. | +| `saved_object_get` | `failure` | User is not authorized to access a saved object. | | `saved_object_resolve` | `success` | User has accessed a saved object. | -| `failure` | User is not authorized to access a saved object. | +| `saved_object_resolve` | `failure` | User is not authorized to access a saved object. | | `saved_object_find` | `success` | User has accessed a saved object as part of a search operation. | -| `failure` | User is not authorized to search for saved objects. | +| `saved_object_find` | `failure` | User is not authorized to search for saved objects. | | `connector_get` | `success` | User has accessed a connector. | -| `failure` | User is not authorized to access a connector. | +| `connector_get` | `failure` | User is not authorized to access a connector. | | `connector_find` | `success` | User has accessed a connector as part of a search operation. | -| `failure` | User is not authorized to search for connectors. | +| `connector_find` | `failure` | User is not authorized to search for connectors. | | `rule_get` | `success` | User has accessed a rule. | -| `failure` | User is not authorized to access a rule. | +| `rule_get` | `failure` | User is not authorized to access a rule. | | `rule_get_execution_log` | `success` | User has accessed execution log for a rule. | -| `failure` | User is not authorized to access execution log for a rule. | +| `rule_get_execution_log` | `failure` | User is not authorized to access execution log for a rule. | | `rule_find` | `success` | User has accessed a rule as part of a search operation. | -| `failure` | User is not authorized to search for rules. | +| `rule_find` | `failure` | User is not authorized to search for rules. | | `rule_schedule_backfill` | `success` | User has accessed a rule as part of a backfill schedule operation. | -| `failure` | User is not authorized to access rule for backfill scheduling. | +| `rule_schedule_backfill` | `failure` | User is not authorized to access rule for backfill scheduling. | | `ad_hoc_run_get` | `success` | User has accessed an ad hoc run. | -| `failure` | User is not authorized to access ad hoc run. | +| `ad_hoc_run_get` | `failure` | User is not authorized to access ad hoc run. | | `ad_hoc_run_find` | `success` | User has accessed an ad hoc run as part of a search operation. | -| `failure` | User is not authorized to search for ad hoc runs. | +| `ad_hoc_run_find` | `failure` | User is not authorized to search for ad hoc runs. | | `space_get` | `success` | User has accessed a space. | -| `failure` | User is not authorized to access a space. | +| `space_get` | `failure` | User is not authorized to access a space. | | `space_find` | `success` | User has accessed a space as part of a search operation. | -| `failure` | User is not authorized to search for spaces. | +| `space_find` | `failure` | User is not authorized to search for spaces. | | `alert_get` | `success` | User has accessed an alert. | -| `failure` | User is not authorized to access an alert. | +| `alert_get` | `failure` | User is not authorized to access an alert. | | `alert_find` | `success` | User has accessed an alert as part of a search operation. | -| `failure` | User is not authorized to access alerts. | +| `alert_find` | `failure` | User is not authorized to access alerts. | | `case_get` | `success` | User has accessed a case. | -| `failure` | User is not authorized to access a case. | +| `case_get` | `failure` | User is not authorized to access a case. | | `case_bulk_get` | `success` | User has accessed multiple cases. | -| `failure` | User is not authorized to access multiple cases. | +| `case_bulk_get` | `failure` | User is not authorized to access multiple cases. | | `case_resolve` | `success` | User has accessed a case. | -| `failure` | User is not authorized to access a case. | +| `case_resolve` | `failure` | User is not authorized to access a case. | | `case_find` | `success` | User has accessed a case as part of a search operation. | -| `failure` | User is not authorized to search for cases. | +| `case_find` | `failure` | User is not authorized to search for cases. | | `case_ids_by_alert_id_get` | `success` | User has accessed cases. | -| `failure` | User is not authorized to access cases. | +| `case_ids_by_alert_id_get` | `failure` | User is not authorized to access cases. | | `case_get_metrics` | `success` | User has accessed metrics for a case. | -| `failure` | User is not authorized to access metrics for a case. | +| `case_get_metrics` | `failure` | User is not authorized to access metrics for a case. | | `cases_get_metrics` | `success` | User has accessed metrics for cases. | -| `failure` | User is not authorized to access metrics for cases. | +| `cases_get_metrics` | `failure` | User is not authorized to access metrics for cases. | | `case_configuration_find` | `success` | User has accessed a case configuration as part of a search operation. | -| `failure` | User is not authorized to search for case configurations. | +| `case_configuration_find` | `failure` | User is not authorized to search for case configurations. | | `case_comment_get_metrics` | `success` | User has accessed metrics for case comments. | -| `failure` | User is not authorized to access metrics for case comments. | +| `case_comment_get_metrics` | `failure` | User is not authorized to access metrics for case comments. | | `case_comment_alerts_attach_to_case` | `success` | User has accessed case alerts. | -| `failure` | User is not authorized to access case alerts. | +| `case_comment_alerts_attach_to_case` | `failure` | User is not authorized to access case alerts. | | `case_comment_get` | `success` | User has accessed a case comment. | -| `failure` | User is not authorized to access a case comment. | +| `case_comment_get` | `failure` | User is not authorized to access a case comment. | | `case_comment_bulk_get` | `success` | User has accessed multiple case comments. | -| `failure` | User is not authorized to access multiple case comments. | +| `case_comment_bulk_get` | `failure` | User is not authorized to access multiple case comments. | | `case_comment_get_all` | `success` | User has accessed case comments. | -| `failure` | User is not authorized to access case comments. | +| `case_comment_get_all` | `failure` | User is not authorized to access case comments. | | `case_comment_find` | `success` | User has accessed a case comment as part of a search operation. | -| `failure` | User is not authorized to search for case comments. | +| `case_comment_find` | `failure` | User is not authorized to search for case comments. | | `case_categories_get` | `success` | User has accessed a case. | -| `failure` | User is not authorized to access a case. | +| `case_categories_get` | `failure` | User is not authorized to access a case. | | `case_tags_get` | `success` | User has accessed a case. | -| `failure` | User is not authorized to access a case. | +| `case_tags_get` | `failure` | User is not authorized to access a case. | | `case_reporters_get` | `success` | User has accessed a case. | -| `failure` | User is not authorized to access a case. | +| `case_reporters_get` | `failure` | User is not authorized to access a case. | | `case_find_statuses` | `success` | User has accessed a case as part of a search operation. | -| `failure` | User is not authorized to search for cases. | +| `case_find_statuses` | `failure` | User is not authorized to search for cases. | | `case_user_actions_get` | `success` | User has accessed the user activity of a case. | -| `failure` | User is not authorized to access the user activity of a case. | +| `case_user_actions_get` | `failure` | User is not authorized to access the user activity of a case. | | `case_user_actions_find` | `success` | User has accessed the user activity of a case as part of a search operation. | -| `failure` | User is not authorized to access the user activity of a case. | +| `case_user_actions_find` | `failure` | User is not authorized to access the user activity of a case. | | `case_user_action_get_metrics` | `success` | User has accessed metrics for the user activity of a case. | -| `failure` | User is not authorized to access metrics for the user activity of a case. | +| `case_user_action_get_metrics` | `failure` | User is not authorized to access metrics for the user activity of a case. | | `case_user_action_get_users` | `success` | User has accessed the users associated with a case. | -| `failure` | User is not authorized to access the users associated with a case. | +| `case_user_action_get_users` | `failure` | User is not authorized to access the users associated with a case. | | `case_connectors_get` | `success` | User has accessed the connectors of a case. | -| `failure` | User is not authorized to access the connectors of a case. | +| `case_connectors_get` | `failure` | User is not authorized to access the connectors of a case. | | `ml_infer_trained_model` | `success` | Inferring using trained model. | -| `failure` | Failed to infer using trained model. | +| `ml_infer_trained_model` | `failure` | Failed to infer using trained model. | ### Category: web -| | -| --- | | **Action** | **Outcome** | **Description** | +| --- | --- | --- | | `http_request` | `unknown` | User is making an HTTP request. | @@ -320,17 +314,15 @@ Audit logs are written in JSON using [Elastic Common Schema (ECS)][Elastic Commo ### Base fields -| | -| --- | | **Field** | **Description** | +| --- | --- | | `@timestamp` | Time when the event was generated.
Example: `2016-05-23T08:05:34.853Z` | | `message` | Human readable description of the event. | ### Event fields -| | -| --- | | **Field** | **Description** | +| --- | --- | | `event.action` | The action captured by the event.
Refer to [Audit events](./kibana-audit-events.md#xpack-security-ecs-audit-logging) for a table of possible actions. | | `event.category` | High level category associated with the event.
This field is closely related to `event.type`, which is used as a subcategory.
Possible values:`database`,`web`,`authentication` | | `event.type` | Subcategory associated with the event.
This field can be used along with the `event.category` field to enable filtering events down to a level appropriate for single visualization.
Possible values:`creation`,`access`,`change`,`deletion` | @@ -338,9 +330,8 @@ Audit logs are written in JSON using [Elastic Common Schema (ECS)][Elastic Commo ### User fields -| | -| --- | | **Field** | **Description** | +| --- | --- | | `user.id` | Unique identifier of the user across sessions (See [user profiles](docs-content://deploy-manage/users-roles/cluster-or-deployment-auth/user-profiles.md)). | | `user.name` | Login name of the user.
Example: `jdoe` | | `user.roles[]` | Set of user roles at the time of the event.
Example: `[kibana_admin, reporting_user]` | @@ -348,9 +339,8 @@ Audit logs are written in JSON using [Elastic Common Schema (ECS)][Elastic Commo ### Kibana fields -| | -| --- | | **Field** | **Description** | +| --- | --- | | `kibana.space_id` | ID of the space associated with the event.
Example: `default` | | `kibana.session_id` | ID of the user session associated with the event.
Each login attempt results in a unique session id. | | `kibana.saved_object.type` | Type of saved object associated with the event.
Example: `dashboard` | @@ -364,18 +354,16 @@ Audit logs are written in JSON using [Elastic Common Schema (ECS)][Elastic Commo ### Error fields -| | -| --- | | **Field** | **Description** | +| --- | --- | | `error.code` | Error code describing the error. | | `error.message` | Error message. | ### HTTP and URL fields -| | -| --- | | **Field** | **Description** | +| --- | --- | | `client.ip` | Client IP address. | | `http.request.method` | HTTP request method.
Example: `get`, `post`, `put`, `delete` | | `http.request.headers.x-forwarded-for` | `X-Forwarded-For` request header used to identify the originating client IP address when connecting through proxy servers.
Example: `161.66.20.177, 236.198.214.101` | @@ -388,7 +376,6 @@ Audit logs are written in JSON using [Elastic Common Schema (ECS)][Elastic Commo ### Tracing fields -| | -| --- | | **Field** | **Description** | +| --- | --- | | `trace.id` | Unique identifier allowing events of the same transaction from {{kib}} and {{es}} to be correlated. | diff --git a/docs/reference/kibana-plugins.md b/docs/reference/kibana-plugins.md index 1c230579d1d2f..abfe7b3467caa 100644 --- a/docs/reference/kibana-plugins.md +++ b/docs/reference/kibana-plugins.md @@ -113,8 +113,8 @@ $ bin/kibana-plugin install x-pack You can download official Elastic plugins simply by specifying their name. You can alternatively specify a URL or file path to a specific plugin, as in the following examples: -```shell -$ bin/kibana-plugin install https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-9.0.0-beta1.zip +```shell subs=true +$ bin/kibana-plugin install https://artifacts.elastic.co/downloads/packs/x-pack/x-pack-{{version}}.zip ``` or diff --git a/docs/release-notes/index.md b/docs/release-notes/index.md index 675f9dde9ceac..ee175caa2a303 100644 --- a/docs/release-notes/index.md +++ b/docs/release-notes/index.md @@ -3,8 +3,6 @@ navigation_title: "Kibana" mapped_pages: - https://www.elastic.co/guide/en/kibana/current/release-notes.html - https://www.elastic.co/guide/en/kibana/current/whats-new.html - - https://www.elastic.co/guide/en/kibana/master/release-notes-9.0.0.html - - https://www.elastic.co/guide/en/kibana/master/enhancements-and-bug-fixes-v9.0.0.html --- # Kibana release notes [kibana-release-notes] diff --git a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md index a945e0578be0d..9db7c823334bd 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md +++ b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md @@ -523,7 +523,9 @@ Examples: ### Handling missing base versions -NOTE: These are not edge cases but rather normal cases. In many package upgrade scenarios, hundreds of prebuilt rules (out of ~1300 of them at the time of writing) won't have a base version. +:::{note} +These are not edge cases but rather normal cases. In many package upgrade scenarios, hundreds of prebuilt rules (out of ~1300 of them at the time of writing) won't have a base version. +::: **When the base version** of a prebuilt rule that is being imported **is missing** among the `security-rule` asset saved objects, and the user imports this rule, the following scenarios apply. diff --git a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md index 23897e574776f..47d68a9c90afa 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md +++ b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md @@ -736,7 +736,9 @@ TODO: Check why for the legacy API Dmitrii has added 2 integration tests for `ru - `should update outdated prebuilt rules when previous historical versions available` - `should update outdated prebuilt rules when previous historical versions unavailable` -(NOTE: the second scenario tests that, if a new version of a rule is released, it can upgrade the current instance of that rule even if the historical versions of that rule are no longer in the package) +:::{note} +The second scenario tests that, if a new version of a rule is released, it can upgrade the current instance of that rule even if the historical versions of that rule are no longer in the package) +::: Notes: From ba3a24679fe9021a92cf96d894006aee927feb1b Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Tue, 22 Apr 2025 14:25:10 -0500 Subject: [PATCH 2/7] more fixes --- docs/docset.yml | 1 + docs/extend/development-security.md | 6 +++--- docs/extend/development-tests.md | 4 ++-- docs/extend/external-plugin-functional-tests.md | 10 +++++----- docs/extend/external-plugin-localization.md | 2 +- docs/extend/sharing-saved-objects.md | 7 +++---- docs/extend/stability.md | 2 +- 7 files changed, 16 insertions(+), 16 deletions(-) diff --git a/docs/docset.yml b/docs/docset.yml index 3a94f77933989..076ff2802479a 100644 --- a/docs/docset.yml +++ b/docs/docset.yml @@ -14,6 +14,7 @@ toc: - toc: extend subs: version: "9.0.0" + branch: "9.0" ecloud: "Elastic Cloud" ech: "Elastic Cloud Hosted" ess: "Elasticsearch Service" diff --git a/docs/extend/development-security.md b/docs/extend/development-security.md index 6169f0aaf2854..47a508717b7f5 100644 --- a/docs/extend/development-security.md +++ b/docs/extend/development-security.md @@ -21,10 +21,10 @@ Role-based access control (RBAC) in {{kib}} relies upon the [application privile When {{kib}} first starts up, it executes the following `POST` request against {{es}}. This synchronizes the definition of the privileges with various `actions` which are later used to authorize a user: -```js +```js subs=true POST /_security/privilege Content-Type: application/json -Authorization: Basic {kib} changeme +Authorization: Basic {{kib}} changeme { "kibana-.kibana":{ @@ -256,7 +256,7 @@ public setup(core, { features }) { }, privilegesTooltip: i18n.translate('xpack.features.devToolsPrivilegesTooltip', { defaultMessage: - 'User should also be granted the appropriate {es} cluster and index privileges', + 'User should also be granted the appropriate Elasticsearch cluster and index privileges', }), }); } diff --git a/docs/extend/development-tests.md b/docs/extend/development-tests.md index a10172ae19ea8..bc573131f1c51 100644 --- a/docs/extend/development-tests.md +++ b/docs/extend/development-tests.md @@ -305,7 +305,7 @@ export default function ({ getService, getPageObject }) { describe('My Test Suite', () => { // most suites start with a before hook that navigates to a specific - // app/page and restores some archives into {es} with esArchiver + // app/page and restores some archives into Elasticsearch with esArchiver before(async () => { await Promise.all([ // start by clearing Saved Objects from the .kibana index @@ -318,7 +318,7 @@ export default function ({ getService, getPageObject }) { }); // right after the before() hook definition, add the teardown steps - // that will tidy up {es} for other test suites + // that will tidy up Elasticsearch for other test suites after(async () => { // we clear Kibana Saved Objects but not the makelogs // archive because we don't make any changes to it, and subsequent diff --git a/docs/extend/external-plugin-functional-tests.md b/docs/extend/external-plugin-functional-tests.md index d8b1056bbc63a..7570c10134d07 100644 --- a/docs/extend/external-plugin-functional-tests.md +++ b/docs/extend/external-plugin-functional-tests.md @@ -14,7 +14,7 @@ Every project or plugin should have its own `FunctionalTestRunner` config file. To get started copy and paste this example to `src/platform/test/functional/config.js`: -```js +```js subs=true import { resolve } from 'path'; import { REPO_ROOT } from '@kbn/utils'; @@ -25,7 +25,7 @@ import { MyAppPageProvider } from './services/my_app_page'; // that returns an object with the projects config values export default async function ({ readConfigFile }) { - // read the {kib} config file so that we can utilize some of + // read the Kibana config file so that we can utilize some of // its services and PageObjects const kibanaConfig = await readConfigFile(resolve(REPO_ROOT, 'src/platform/test/functional/config.base.js')); @@ -44,7 +44,7 @@ export default async function ({ readConfigFile }) { }, // just like services, PageObjects are defined as a map of - // names to Providers. Merge in {kib}'s or pick specific ones + // names to Providers. Merge in Kibana's or pick specific ones pageObjects: { management: kibanaConfig.get('pageObjects.management'), myApp: MyAppPageProvider, @@ -53,7 +53,7 @@ export default async function ({ readConfigFile }) { // the apps section defines the urls that // `PageObjects.common.navigateTo(appKey)` will use. // Merge urls for your plugin with the urls defined in - // {kib}'s config in order to use this helper + // Kibana's config in order to use this helper apps: { ...kibanaConfig.get('apps'), myApp: { @@ -68,7 +68,7 @@ export default async function ({ readConfigFile }) { // more settings, like timeouts, mochaOpts, etc are // defined in the config schema. - // See {kibana-blob}packages/kbn-test/src/functional_test_runner/lib/config/schema.ts + // https://github.com/elastic/kibana/blob/{{branch}}/src/platform/packages/shared/kbn-test/src/functional_test_runner/lib/config/schema.ts }; } ``` diff --git a/docs/extend/external-plugin-localization.md b/docs/extend/external-plugin-localization.md index 2f4fd77ee9a77..c971b2ca566e9 100644 --- a/docs/extend/external-plugin-localization.md +++ b/docs/extend/external-plugin-localization.md @@ -27,7 +27,7 @@ You must add a `translations` directory at the root of your plugin. This directo To simplify the localization process, {{kib}} provides tools for the following functions: * Verify all translations have translatable strings and extract default messages from templates -* Verify translation files and integrate them into {kib} +* Verify translation files and integrate them into {{kib}} To use {{kib}} i18n tooling, create a `.i18nrc.json` file with the following configs: diff --git a/docs/extend/sharing-saved-objects.md b/docs/extend/sharing-saved-objects.md index 3a511e36d62e2..d340318102fad 100644 --- a/docs/extend/sharing-saved-objects.md +++ b/docs/extend/sharing-saved-objects.md @@ -17,9 +17,8 @@ From 8.7.0, as a step towards *zero downtime upgrades*, plugins are no longer al Each plugin can register different object types to be used in {{kib}}. Historically, objects could be *isolated* (existing in a single [space](docs-content://deploy-manage/manage-spaces.md)) or *global* (existing in all spaces), there was no in-between. As of the 7.12 release, {{kib}} now supports two additional types of objects: -| | | | | -| --- | --- | --- | --- | | | **Where it exists** | **Object IDs** | **Registered as:** | +| --- | --- | --- | --- | | Global | All spaces | Globally unique | `namespaceType: 'agnostic'` | | Isolated | 1 space | Unique in each space | `namespaceType: 'single'` | | (NEW) Share-capable | 1 space | Globally unique | `namespaceType: 'multiple-isolated'` | @@ -486,11 +485,11 @@ As mentioned in [Question 2](#sharing-saved-objects-q2), some URLs may contain m * Embeddables should use `spacesApi.ui.components.getEmbeddableLegacyUrlConflict` to render conflict errors: -![Sharing Saved Objects embeddable legacy URL conflict](images/sharing-saved-objects-faq-multiple-deep-link-objects-1.png) + ![Sharing Saved Objects embeddable legacy URL conflict](images/sharing-saved-objects-faq-multiple-deep-link-objects-1.png) Viewing details shows the user how to disable the alias and fix the problem using the [_disable_legacy_url_aliases API](https://www.elastic.co/docs/api/doc/kibana/v8/group/endpoint-spaces): -![Sharing Saved Objects embeddable legacy URL conflict (showing details)](images/sharing-saved-objects-faq-multiple-deep-link-objects-2.png) + ![Sharing Saved Objects embeddable legacy URL conflict (showing details)](images/sharing-saved-objects-faq-multiple-deep-link-objects-2.png) * If the secondary object is resolved by an external service (such as the index pattern service), the service should simply make the full outcome available to consumers. diff --git a/docs/extend/stability.md b/docs/extend/stability.md index 99b3872dc6b1a..8501354164cb0 100644 --- a/docs/extend/stability.md +++ b/docs/extend/stability.md @@ -29,7 +29,7 @@ Ensure your feature will work under all possible {{kib}} scenarios. * We need to make sure security is set up in a specific way for non-standard {{kib}} indices. (create their own custom roles) * {{kib}} running behind a reverse proxy or load balancer, without sticky sessions. -* If a proxy/loadbalancer is running between ES and {kib} +* If a proxy/loadbalancer is running between ES and {{kib}} ## Kibana.yml settings [_kibana_yml_settings] From 9a2fc1d818119753a73c44a11b187458389c079c Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Thu, 24 Apr 2025 12:53:45 -0500 Subject: [PATCH 3/7] visually check --- .../configuration-reference/ai-assistant-settings.md | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/reference/configuration-reference/ai-assistant-settings.md b/docs/reference/configuration-reference/ai-assistant-settings.md index c14c0609ebb77..ad193488c3f75 100644 --- a/docs/reference/configuration-reference/ai-assistant-settings.md +++ b/docs/reference/configuration-reference/ai-assistant-settings.md @@ -24,11 +24,19 @@ Deploying a custom product documentation repository can be done in 2 ways: using The artifact names follow this pattern: `kb-product-doc-{{productName}}-{{versionMajor}}.{{versionMinor}}.zip` -The available products are: - elasticsearch - kibana - observability - security +The available products are: +- elasticsearch +- kibana +- observability +- security You must download, from the source repository (`https://kibana-knowledge-base-artifacts.elastic.co/`), the artifacts for your current version of Kibana. -For example, for Kibana 8.16: - `kb-product-doc-elasticsearch-8.16.zip` - `kb-product-doc-kibana-8.16.zip` - `kb-product-doc-observability-8.16.zip` - `kb-product-doc-security-8.16.zip` +For example, for Kibana 8.16: +- `kb-product-doc-elasticsearch-8.16.zip` +- `kb-product-doc-kibana-8.16.zip` +- `kb-product-doc-observability-8.16.zip` +- `kb-product-doc-security-8.16.zip` **2. Upload the artifacts to your local S3 bucket** From 91df0097d08f641879d0b327f4a41439a7881a5e Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Thu, 24 Apr 2025 12:59:27 -0500 Subject: [PATCH 4/7] fix links --- docs/extend/development-documentation.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/extend/development-documentation.md b/docs/extend/development-documentation.md index b11e8ed1d723f..d1aaa39a29ee7 100644 --- a/docs/extend/development-documentation.md +++ b/docs/extend/development-documentation.md @@ -10,7 +10,7 @@ Docs should be written during development and accompany PRs when relevant. There ## End user documentation [_end_user_documentation] -Documentation about user facing features should be written in [asciidoc](http://asciidoc.org/) at [https://github.com/elastic/kibana/tree/main/docs](https://github.com/elastic/kibana//tree/master/docs). +Documentation about user facing features should be written in [asciidoc](http://asciidoc.org/) at [https://github.com/elastic/kibana/tree/main/docs](https://github.com/elastic/kibana/tree/main/docs). To build the docs, you must clone the [elastic/docs](https://github.com/elastic/docs) repo as a sibling of your {{kib}} repo. Follow the instructions in that project’s README for getting the docs tooling set up. @@ -31,4 +31,4 @@ REST APIs should be documented using the following recommended formats: ## General developer documentation and guidelines [_general_developer_documentation_and_guidelines] -General developer guildlines and documentation, like this right here, should be written in [asciidoc](http://asciidoc.org/) at [https://github.com/elastic/kibana/tree/main/docs/developer](https://github.com/elastic/kibana//tree/master/docs/developer). +General developer guildlines and documentation, like this right here, should be written in [asciidoc](http://asciidoc.org/) at [https://github.com/elastic/kibana/tree/main/docs/extend](https://github.com/elastic/kibana/tree/main/docs/extend). From 47ce2d9823e54a99c460cf10f1dad211545a21db Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Thu, 24 Apr 2025 13:00:40 -0500 Subject: [PATCH 5/7] consistify bullets in tables --- docs/extend/plugin-list.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/extend/plugin-list.md b/docs/extend/plugin-list.md index be50d1fc7f4ba..a194272a9ecbd 100644 --- a/docs/extend/plugin-list.md +++ b/docs/extend/plugin-list.md @@ -24,7 +24,7 @@ mapped_pages: | [contentManagement](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/content_management/README.md) | The content management plugin provides functionality to manage content in Kibana. | | [controls](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/controls/README.mdx) | The Controls plugin contains Embeddables which can be used to add user-friendly interactivity to apps. | | [customIntegrations](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/custom_integrations/README.md) | Register add-data cards | -| [dashboard](kibana-dashboard-plugin.md) | * Registers the dashboard application.
* Adds a dashboard embeddable that can be used in other applications. | +| [dashboard](kibana-dashboard-plugin.md) | - Registers the dashboard application.
- Adds a dashboard embeddable that can be used in other applications. | | [data](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data/README.mdx) | The data plugin provides common data access services, such as search and query, for solutions and application developers. | | [dataViewEditor](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data_view_editor/README.md) | Create data views from within Kibana apps. | | [dataViewFieldEditor](https://github.com/elastic/kibana/blob/main/src/platform/plugins/shared/data_view_field_editor/README.md) | The reusable field editor across Kibana! | From 96637688b02918af81d868950516c5a59322b187 Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Thu, 24 Apr 2025 13:12:16 -0500 Subject: [PATCH 6/7] revert changes outside docs/ --- .../detection_response/prebuilt_rules/prebuilt_rule_import.md | 4 +--- .../prebuilt_rules/prebuilt_rule_upgrade_without_preview.md | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md index 9db7c823334bd..a945e0578be0d 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md +++ b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_import.md @@ -523,9 +523,7 @@ Examples: ### Handling missing base versions -:::{note} -These are not edge cases but rather normal cases. In many package upgrade scenarios, hundreds of prebuilt rules (out of ~1300 of them at the time of writing) won't have a base version. -::: +NOTE: These are not edge cases but rather normal cases. In many package upgrade scenarios, hundreds of prebuilt rules (out of ~1300 of them at the time of writing) won't have a base version. **When the base version** of a prebuilt rule that is being imported **is missing** among the `security-rule` asset saved objects, and the user imports this rule, the following scenarios apply. diff --git a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md index 47d68a9c90afa..23897e574776f 100644 --- a/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md +++ b/x-pack/solutions/security/plugins/security_solution/docs/testing/test_plans/detection_response/prebuilt_rules/prebuilt_rule_upgrade_without_preview.md @@ -736,9 +736,7 @@ TODO: Check why for the legacy API Dmitrii has added 2 integration tests for `ru - `should update outdated prebuilt rules when previous historical versions available` - `should update outdated prebuilt rules when previous historical versions unavailable` -:::{note} -The second scenario tests that, if a new version of a rule is released, it can upgrade the current instance of that rule even if the historical versions of that rule are no longer in the package) -::: +(NOTE: the second scenario tests that, if a new version of a rule is released, it can upgrade the current instance of that rule even if the historical versions of that rule are no longer in the package) Notes: From e19eb9deb162b802688f665cbc8d94e3717d811b Mon Sep 17 00:00:00 2001 From: Colleen McGinnis Date: Tue, 6 May 2025 08:42:56 -0500 Subject: [PATCH 7/7] apply suggestions from code review Co-authored-by: wajihaparvez --- docs/extend/saved-objects-service.md | 2 +- docs/reference/configuration-reference/reporting-settings.md | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docs/extend/saved-objects-service.md b/docs/extend/saved-objects-service.md index 5ced69203bcef..6d1c1597a2149 100644 --- a/docs/extend/saved-objects-service.md +++ b/docs/extend/saved-objects-service.md @@ -360,7 +360,7 @@ let change: SavedObjectsModelUnsafeTransformChange = { ``` :::{note} -Using such transformations is potentially unsafe, given the migration system will have no knowledge of which kind of operations will effectively be executed against the documents. Those should only be used when there’s no other way to cover one’s migration needs.* **Please reach out to the development team if you think you need to use this, as you theoretically shouldn’t.** +Using such transformations is potentially unsafe, given the migration system will have no knowledge of which kind of operations will effectively be executed against the documents. Those should only be used when there’s no other way to cover one’s migration needs. **Please reach out to the development team if you think you need to use this, as you theoretically shouldn’t.** ::: diff --git a/docs/reference/configuration-reference/reporting-settings.md b/docs/reference/configuration-reference/reporting-settings.md index 479ad6bf39666..ef9d43a502899 100644 --- a/docs/reference/configuration-reference/reporting-settings.md +++ b/docs/reference/configuration-reference/reporting-settings.md @@ -69,7 +69,10 @@ Reporting generates reports on the {{kib}} server as background tasks, and jobs This setting was deprecated in 8.15.0. ::: - How often Reporting creates a new index to store report jobs and file contents. Valid values are `year`, `month`, `week`, `day`, and `hour`. Defaults to `week`. **NOTE**: This setting exists for backwards compatibility, but is unused. Use the built-in ILM policy provided for the reporting plugin to customize the rollover of Reporting data. + How often Reporting creates a new index to store report jobs and file contents. Valid values are `year`, `month`, `week`, `day`, and `hour`. Defaults to `week`. + :::{note} + This setting exists for backwards compatibility, but is unused. Use the built-in ILM policy provided for the reporting plugin to customize the rollover of Reporting data. + ::: $$$xpack-reportingQueue-pollEnabled$$$ `xpack.reporting.queue.pollEnabled` : When `true`, enables the {{kib}} instance to poll {{es}} for pending jobs and claim them for execution. When `false`, allows the {{kib}} instance to only add new jobs to the reporting queue, list jobs, and provide the downloads to completed reports through the UI. This requires a deployment where at least one other {{kib}} instance in the Elastic cluster has this setting to `true`. The default is `true`.