[8.11] [Security Solution] Adds feature flag to enable/disable ESQL in timeline (#174029) #174112
Conversation
…ine (elastic#174029) ## Summary This PR introduces a feature flag `timelineEsqlTabDisabled` which is by default `false`. This gives customer ability to disable the esql tab by enabling this experimental feature flag as below in `kibana.yml` ```yaml xpack.securitySolution.enableExperimental: - timelineEsqlTabDisabled ``` The availability of ESQL Tab in timeline also affects `AI Assistant` as it facilities re-directing user to timeline with an esql query. That `redirect` button should not be available for `esql` query if ESQL Tab is disabled. ## Desk Testing 1. ESQL Tab Presence - timelineEsqlTabDisabled : true - If Tab is disabled, `ESQL` Tab should not show when timeline is open. Timeline should also not fire any `bsearch` requests with `esql` strategy. - ESQL tab is enabled i.e. `timelineEsqlTabDisabled : true` is present in kibana.dev.yml - User should be able to use ESQL queries without any issue. Below should be the default query in both `8.12` and `8.11.4` ```esql from .alerts-security.alerts-default,apm-*-transaction*,auditbeat-*,endgame-*,filebeat-*,logs-*,packetbeat-*,traces-apm*,winlogbeat-*,-*elastic-cloud-logs-* | limit 10 | keep @timestamp, message, event.category, event.action, host.name, source.ip, destination.ip, user.name ``` 2. Open ESQL Tab from URL 1. Enable ESQL tab and Activate it when in timeline 2. Now change `kibana.dev.yml` to add experimental flag `timelineEsqlTabDisabled` to disable ESQL Tab. 3. Restart kibana server 4. Refresh the page in step 1 where `ESQL` tab was active 5. User should automatically be redirected to `Query` tab. 3. AI Assistant Today AI Assistant can help user add an ESQL query to the timeline as shown in below video. We need to make sure that `Send to timeline` button is not available only for `esql` queries when above experimental flag is enabled. https://github.com/elastic/kibana/assets/7485038/e452a6c6-cf97-462e-a5dc-bd8c0fd38d58 --------- Co-authored-by: Gloria Hornero <[email protected]> Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit da0370e) # Conflicts: # x-pack/plugins/security_solution/common/experimental_features.ts # x-pack/plugins/security_solution/public/timelines/components/timeline/tabs_content/index.tsx
|
CI was triggered for this PR, but this PR targets 8.11 which should not receive a future release. CI is not supported for these branches. Please consult the release schedule, or contact The following branches are currently considered to be open:
|
| @@ -132,6 +134,7 @@ const ActiveTimelineTab = memo<ActiveTimelineTabProps>( | |||
| setConversationId, | |||
| showTimeline, | |||
| }) => { | |||
| const isEsqlSettingEnabled = useKibana().services.configSettings.ESQLEnabled; | |||
There was a problem hiding this comment.
Yeah, thank you!
Here is the updated conditional without isEsqlSettingEnabled:
| > | ||
| <EsqlTab timelineId={timelineId} /> | ||
| </HideShowContainer> | ||
| {showTimeline && isEsqlSettingEnabled && activeTimelineTab === TimelineTabs.esql && ( |
There was a problem hiding this comment.
I guess this conditional goes away entirely as well since not already in 8.11?
There was a problem hiding this comment.
This conditional is now the same as https://github.com/elastic/kibana/pull/173640/files#diff-c9eb10e636b9cedb21368945df018d08cb60b87ccf469be22cbab0abd7ae5ed3R182, which should merge first and be an empty change here.
x-pack/plugins/security_solution/public/timelines/components/timeline/tabs_content/index.tsx
Outdated
Show resolved
Hide resolved
Resolving conflicts as detailed from elastic#173640
|
CI was triggered for this PR, but this PR targets 8.11 which should not receive a future release. CI is not supported for these branches. Please consult the release schedule, or contact The following branches are currently considered to be open:
|
| {showTimeline && activeTimelineTab === TimelineTabs.esql && ( | ||
| <HideShowContainer | ||
| $isVisible={true} | ||
| data-test-subj={`timeline-tab-content-${TimelineTabs.esql}`} | ||
| > | ||
| <EsqlTab timelineId={timelineId} /> | ||
| </HideShowContainer> | ||
| )} |
There was a problem hiding this comment.
This delta is from: https://github.com/elastic/kibana/pull/173640/files#diff-c9eb10e636b9cedb21368945df018d08cb60b87ccf469be22cbab0abd7ae5ed3R182-R189, which should merge first
|
buildkite test this |
💔 Build FailedFailed CI Steps
Test Failures
Metrics [docs]Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
Backport
This will backport the following commits from
mainto8.11:Questions ?
Please refer to the Backport tool documentation