From 9d3fadd78db1c06dc6435aa7578ec492718889f4 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Mon, 9 Dec 2024 17:38:03 +0100 Subject: [PATCH 01/12] add profile provider for deprecation logs --- .../core/deprecation_logs/index.ts | 10 ++++ .../core/deprecation_logs/profile.ts | 57 +++++++++++++++++++ .../register_profile_providers.ts | 2 + 3 files changed, 69 insertions(+) create mode 100644 src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/index.ts create mode 100644 src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts diff --git a/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/index.ts b/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/index.ts new file mode 100644 index 0000000000000..b465c32c7b200 --- /dev/null +++ b/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/index.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +export { createDeprecationLogsDocumentProfileProvider } from './profile'; diff --git a/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts new file mode 100644 index 0000000000000..e7d1dbb876ad9 --- /dev/null +++ b/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts @@ -0,0 +1,57 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { DataSourceCategory } from '../../../profiles'; +import { isOfAggregateQueryType } from '@kbn/es-query'; +import { getIndexPatternFromESQLQuery } from '@kbn/esql-utils'; +import { DataSourceType, isDataSourceType } from '../../../../../common/data_sources'; +import { type DataSourceProfileProvider } from '../../../profiles'; + +export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfileProvider<{ + formatRecord: (flattenedRecord: Record) => string; +}> => ({ + profileId: 'deprecation-logs', + profile: { + getDefaultAppState: () => () => ({ + columns: [ + { + name: 'log.level', + }, + { + name: 'message', + } + ], + }), + }, + resolve: (params) => { + let indexPattern: string | undefined; + + if (isDataSourceType(params.dataSource, DataSourceType.Esql)) { + if (!isOfAggregateQueryType(params.query)) { + return { isMatch: false }; + } + + indexPattern = getIndexPatternFromESQLQuery(params.query.esql); + } else if (isDataSourceType(params.dataSource, DataSourceType.DataView) && params.dataView) { + indexPattern = params.dataView.getIndexPattern(); + } + + if (indexPattern !== '..logs-deprecation.elasticsearch-default') { + return { isMatch: false }; + } + + return { + isMatch: true, + context: { + category: DataSourceCategory.Logs, + formatRecord: (record) => JSON.stringify(record, null, 2), + }, + }; + }, +}); diff --git a/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts b/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts index b0ee4318dde2e..bc6c6abc9585f 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts @@ -28,6 +28,7 @@ import { } from './profile_provider_services'; import type { DiscoverServices } from '../../build_services'; import { createObservabilityRootProfileProvider } from './observability/observability_root_profile'; +import { createDeprecationLogsDocumentProfileProvider } from './core/deprecation_logs'; /** * Register profile providers for root, data source, and document contexts to the profile profile services @@ -133,6 +134,7 @@ const createRootProfileProviders = (providerServices: ProfileProviderServices) = */ const createDataSourceProfileProviders = (providerServices: ProfileProviderServices) => [ createExampleDataSourceProfileProvider(), + createDeprecationLogsDocumentProfileProvider(), ...createObservabilityLogsDataSourceProfileProviders(providerServices), ]; From d53fb5d8d5db2026f50babfd374a2f83278db664 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Mon, 9 Dec 2024 17:57:03 +0100 Subject: [PATCH 02/12] fix indexPattern condition --- .../core/deprecation_logs/profile.ts | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts index e7d1dbb876ad9..fce837f58bdde 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts @@ -20,12 +20,11 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil profile: { getDefaultAppState: () => () => ({ columns: [ - { - name: 'log.level', - }, - { - name: 'message', - } + { name: 'log.level' }, + { name: 'message' }, + { name: 'x-opaque-id' }, + { name: 'elasticsearch.cluster.name' }, + { name: 'elasticsearch.event.category' } ], }), }, @@ -42,7 +41,7 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil indexPattern = params.dataView.getIndexPattern(); } - if (indexPattern !== '..logs-deprecation.elasticsearch-default') { + if (!indexPattern || !indexPattern.startsWith('.logs-deprecation')) { return { isMatch: false }; } From 3176ad25e61cb057466fb5e44cef1c800d329950 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Mon, 9 Dec 2024 19:00:06 +0100 Subject: [PATCH 03/12] code ready, missing tests --- .github/CODEOWNERS | 1 + .../{core => common}/deprecation_logs/index.ts | 0 .../{core => common}/deprecation_logs/profile.ts | 0 .../profile_providers/register_profile_providers.ts | 2 +- 4 files changed, 2 insertions(+), 1 deletion(-) rename src/plugins/discover/public/context_awareness/profile_providers/{core => common}/deprecation_logs/index.ts (100%) rename src/plugins/discover/public/context_awareness/profile_providers/{core => common}/deprecation_logs/profile.ts (100%) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 320b4eb868eb7..1a6f113fee13b 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1142,6 +1142,7 @@ x-pack/test_serverless/api_integration/test_suites/common/platform_security @ela /x-pack/test_serverless/functional/test_suites/common/examples/unified_field_list_examples @elastic/kibana-data-discovery /x-pack/test_serverless/functional/test_suites/common/management/data_views @elastic/kibana-data-discovery src/plugins/discover/public/context_awareness/profile_providers/security @elastic/kibana-data-discovery @elastic/security-threat-hunting-investigations +src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs @elastic/kibana-data-discovery @elastic/kibana-core src/plugins/discover/public/context_awareness/profile_providers/observability @elastic/kibana-data-discovery @elastic/obs-ux-logs-team # Platform Docs diff --git a/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/index.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/index.ts similarity index 100% rename from src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/index.ts rename to src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/index.ts diff --git a/src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts similarity index 100% rename from src/plugins/discover/public/context_awareness/profile_providers/core/deprecation_logs/profile.ts rename to src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts diff --git a/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts b/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts index bc6c6abc9585f..33a856e903dd3 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts @@ -28,7 +28,7 @@ import { } from './profile_provider_services'; import type { DiscoverServices } from '../../build_services'; import { createObservabilityRootProfileProvider } from './observability/observability_root_profile'; -import { createDeprecationLogsDocumentProfileProvider } from './core/deprecation_logs'; +import { createDeprecationLogsDocumentProfileProvider } from './common/deprecation_logs'; /** * Register profile providers for root, data source, and document contexts to the profile profile services From da5ae21ecbc32083472163c9ad70b30f4609c5f0 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Mon, 9 Dec 2024 19:57:26 +0100 Subject: [PATCH 04/12] added tests --- .../common/deprecation_logs/consts.ts | 10 +++ .../common/deprecation_logs/profile.test.ts | 64 +++++++++++++++++++ .../common/deprecation_logs/profile.ts | 6 +- 3 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts create mode 100644 src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts new file mode 100644 index 0000000000000..4e5710853ef0d --- /dev/null +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts @@ -0,0 +1,10 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +export const DEPRECATION_LOGS_PROFILE_ID = 'deprecation-logs-profile'; diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts new file mode 100644 index 0000000000000..9bc91111f26af --- /dev/null +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts @@ -0,0 +1,64 @@ +/* + * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one + * or more contributor license agreements. Licensed under the "Elastic License + * 2.0", the "GNU Affero General Public License v3.0 only", and the "Server Side + * Public License v 1"; you may not use this file except in compliance with, at + * your election, the "Elastic License 2.0", the "GNU Affero General Public + * License v3.0 only", or the "Server Side Public License, v 1". + */ + +import { createStubIndexPattern } from '@kbn/data-views-plugin/common/data_view.stub'; +import { createDataViewDataSource } from '../../../../../common/data_sources'; +import { + DataSourceCategory, + RootContext, + SolutionType, +} from '../../../profiles'; +import { createDeprecationLogsDocumentProfileProvider } from './profile'; +import type { ContextWithProfileId } from '../../../profile_service'; +import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; + +describe('deprecationLogsProfileProvider', () => { + const deprecationLogsProfileProvider = createDeprecationLogsDocumentProfileProvider(); + const VALID_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default'; + const MIXED_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default,metrics-*'; + const INVALID_INDEX_PATTERN = 'my_source-access-*'; + const ROOT_CONTEXT: ContextWithProfileId = { + profileId: DEPRECATION_LOGS_PROFILE_ID, + solutionType: SolutionType.Default, + }; + const RESOLUTION_MATCH = { + isMatch: true, + context: { + category: DataSourceCategory.Logs, + formatRecord: expect.any(Function), + }, + }; + const RESOLUTION_MISMATCH = { + isMatch: false, + }; + + it('should match data view sources with an allowed index pattern', () => { + const result = deprecationLogsProfileProvider.resolve({ + rootContext: ROOT_CONTEXT, + dataSource: createDataViewDataSource({ dataViewId: VALID_INDEX_PATTERN }), + dataView: createStubIndexPattern({ spec: { title: VALID_INDEX_PATTERN } }), + }); + expect(result).toEqual(RESOLUTION_MATCH); + }); + + it('should NOT match data view sources with a mixed or not allowed index pattern', () => { + const resultWithInvalid = deprecationLogsProfileProvider.resolve({ + rootContext: ROOT_CONTEXT, + dataSource: createDataViewDataSource({ dataViewId: INVALID_INDEX_PATTERN }), + dataView: createStubIndexPattern({ spec: { title: INVALID_INDEX_PATTERN } }), + }); + expect(resultWithInvalid).toEqual(RESOLUTION_MISMATCH); + const resultWithMixed = deprecationLogsProfileProvider.resolve({ + rootContext: ROOT_CONTEXT, + dataSource: createDataViewDataSource({ dataViewId: MIXED_INDEX_PATTERN }), + dataView: createStubIndexPattern({ spec: { title: MIXED_INDEX_PATTERN } }), + }); + expect(resultWithMixed).toEqual(RESOLUTION_MISMATCH); + }); +}); diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts index fce837f58bdde..de8c9b1ee79ac 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts @@ -12,11 +12,13 @@ import { isOfAggregateQueryType } from '@kbn/es-query'; import { getIndexPatternFromESQLQuery } from '@kbn/esql-utils'; import { DataSourceType, isDataSourceType } from '../../../../../common/data_sources'; import { type DataSourceProfileProvider } from '../../../profiles'; +import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; +import { index } from 'd3-array'; export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfileProvider<{ formatRecord: (flattenedRecord: Record) => string; }> => ({ - profileId: 'deprecation-logs', + profileId: DEPRECATION_LOGS_PROFILE_ID, profile: { getDefaultAppState: () => () => ({ columns: [ @@ -41,7 +43,7 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil indexPattern = params.dataView.getIndexPattern(); } - if (!indexPattern || !indexPattern.startsWith('.logs-deprecation')) { + if (!indexPattern || !indexPattern.startsWith('.logs-deprecation') || indexPattern.includes(",")) { return { isMatch: false }; } From 452e81df046acd830f3f1f0beda2cf361de9870d Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Mon, 9 Dec 2024 20:20:42 +0100 Subject: [PATCH 05/12] change code so it allows multiple indices --- .../common/deprecation_logs/profile.test.ts | 29 ++++++++++++++----- .../common/deprecation_logs/profile.ts | 15 ++++++++-- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts index 9bc91111f26af..aa9fab2798c60 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts @@ -21,7 +21,8 @@ import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; describe('deprecationLogsProfileProvider', () => { const deprecationLogsProfileProvider = createDeprecationLogsDocumentProfileProvider(); const VALID_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default'; - const MIXED_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default,metrics-*'; + const VALID_MIXED_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default,.logs-deprecation.abc,.logs-deprecation.def'; + const INVALID_MIXED_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default,metrics-*'; const INVALID_INDEX_PATTERN = 'my_source-access-*'; const ROOT_CONTEXT: ContextWithProfileId = { profileId: DEPRECATION_LOGS_PROFILE_ID, @@ -47,18 +48,30 @@ describe('deprecationLogsProfileProvider', () => { expect(result).toEqual(RESOLUTION_MATCH); }); - it('should NOT match data view sources with a mixed or not allowed index pattern', () => { - const resultWithInvalid = deprecationLogsProfileProvider.resolve({ + it('should match data view sources with a mixed pattern containing allowed index patterns', () => { + const result = deprecationLogsProfileProvider.resolve({ + rootContext: ROOT_CONTEXT, + dataSource: createDataViewDataSource({ dataViewId: VALID_MIXED_INDEX_PATTERN }), + dataView: createStubIndexPattern({ spec: { title: VALID_MIXED_INDEX_PATTERN } }), + }); + expect(result).toEqual(RESOLUTION_MATCH); + }); + + it('should NOT match data view sources with not allowed index pattern', () => { + const result = deprecationLogsProfileProvider.resolve({ rootContext: ROOT_CONTEXT, dataSource: createDataViewDataSource({ dataViewId: INVALID_INDEX_PATTERN }), dataView: createStubIndexPattern({ spec: { title: INVALID_INDEX_PATTERN } }), }); - expect(resultWithInvalid).toEqual(RESOLUTION_MISMATCH); - const resultWithMixed = deprecationLogsProfileProvider.resolve({ + expect(result).toEqual(RESOLUTION_MISMATCH); + }); + + it('should NOT match data view sources with a mixed pattern containing not allowed index patterns', () => { + const result = deprecationLogsProfileProvider.resolve({ rootContext: ROOT_CONTEXT, - dataSource: createDataViewDataSource({ dataViewId: MIXED_INDEX_PATTERN }), - dataView: createStubIndexPattern({ spec: { title: MIXED_INDEX_PATTERN } }), + dataSource: createDataViewDataSource({ dataViewId: INVALID_MIXED_INDEX_PATTERN }), + dataView: createStubIndexPattern({ spec: { title: INVALID_MIXED_INDEX_PATTERN } }), }); - expect(resultWithMixed).toEqual(RESOLUTION_MISMATCH); + expect(result).toEqual(RESOLUTION_MISMATCH); }); }); diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts index de8c9b1ee79ac..20831976a99c7 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts @@ -13,7 +13,6 @@ import { getIndexPatternFromESQLQuery } from '@kbn/esql-utils'; import { DataSourceType, isDataSourceType } from '../../../../../common/data_sources'; import { type DataSourceProfileProvider } from '../../../profiles'; import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; -import { index } from 'd3-array'; export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfileProvider<{ formatRecord: (flattenedRecord: Record) => string; @@ -43,7 +42,7 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil indexPattern = params.dataView.getIndexPattern(); } - if (!indexPattern || !indexPattern.startsWith('.logs-deprecation') || indexPattern.includes(",")) { + if (!checkAllIndicesInPatternAreDeprecationLogs(indexPattern)) { return { isMatch: false }; } @@ -56,3 +55,15 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil }; }, }); + +const checkAllIndicesInPatternAreDeprecationLogs = (indexPattern: string | undefined): boolean => { + if (!indexPattern) { + return false; + } + const indexPatternArray = indexPattern.split(','); + const result = indexPatternArray.reduce( + (acc, val) => acc && val.startsWith('.logs-deprecation'), + true + ); + return result; +} \ No newline at end of file From fa24ee39d789a723466723571984b05994f2e2c2 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Mon, 9 Dec 2024 19:56:49 +0000 Subject: [PATCH 06/12] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../common/deprecation_logs/profile.test.ts | 11 ++++------- .../common/deprecation_logs/profile.ts | 6 +++--- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts index aa9fab2798c60..70bcb10eb830d 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts @@ -9,11 +9,7 @@ import { createStubIndexPattern } from '@kbn/data-views-plugin/common/data_view.stub'; import { createDataViewDataSource } from '../../../../../common/data_sources'; -import { - DataSourceCategory, - RootContext, - SolutionType, -} from '../../../profiles'; +import { DataSourceCategory, RootContext, SolutionType } from '../../../profiles'; import { createDeprecationLogsDocumentProfileProvider } from './profile'; import type { ContextWithProfileId } from '../../../profile_service'; import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; @@ -21,7 +17,8 @@ import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; describe('deprecationLogsProfileProvider', () => { const deprecationLogsProfileProvider = createDeprecationLogsDocumentProfileProvider(); const VALID_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default'; - const VALID_MIXED_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default,.logs-deprecation.abc,.logs-deprecation.def'; + const VALID_MIXED_INDEX_PATTERN = + '.logs-deprecation.elasticsearch-default,.logs-deprecation.abc,.logs-deprecation.def'; const INVALID_MIXED_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default,metrics-*'; const INVALID_INDEX_PATTERN = 'my_source-access-*'; const ROOT_CONTEXT: ContextWithProfileId = { @@ -65,7 +62,7 @@ describe('deprecationLogsProfileProvider', () => { }); expect(result).toEqual(RESOLUTION_MISMATCH); }); - + it('should NOT match data view sources with a mixed pattern containing not allowed index patterns', () => { const result = deprecationLogsProfileProvider.resolve({ rootContext: ROOT_CONTEXT, diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts index 20831976a99c7..5ec07be488ede 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts @@ -7,9 +7,9 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import { DataSourceCategory } from '../../../profiles'; import { isOfAggregateQueryType } from '@kbn/es-query'; import { getIndexPatternFromESQLQuery } from '@kbn/esql-utils'; +import { DataSourceCategory } from '../../../profiles'; import { DataSourceType, isDataSourceType } from '../../../../../common/data_sources'; import { type DataSourceProfileProvider } from '../../../profiles'; import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; @@ -25,7 +25,7 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil { name: 'message' }, { name: 'x-opaque-id' }, { name: 'elasticsearch.cluster.name' }, - { name: 'elasticsearch.event.category' } + { name: 'elasticsearch.event.category' }, ], }), }, @@ -66,4 +66,4 @@ const checkAllIndicesInPatternAreDeprecationLogs = (indexPattern: string | undef true ); return result; -} \ No newline at end of file +}; From a856ab075cb41854128213f9d5e5a0be03ac9205 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Tue, 10 Dec 2024 10:12:28 +0100 Subject: [PATCH 07/12] add const and add comment to func --- .../profile_providers/common/deprecation_logs/consts.ts | 1 + .../profile_providers/common/deprecation_logs/profile.ts | 8 ++++++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts index 4e5710853ef0d..ccbb027d79a9a 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts @@ -8,3 +8,4 @@ */ export const DEPRECATION_LOGS_PROFILE_ID = 'deprecation-logs-profile'; +export const DEPRECATION_LOGS_PATTERN_PREFIX = '.logs-deprecation'; \ No newline at end of file diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts index 5ec07be488ede..587e460d4cf24 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts @@ -12,7 +12,7 @@ import { getIndexPatternFromESQLQuery } from '@kbn/esql-utils'; import { DataSourceCategory } from '../../../profiles'; import { DataSourceType, isDataSourceType } from '../../../../../common/data_sources'; import { type DataSourceProfileProvider } from '../../../profiles'; -import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; +import { DEPRECATION_LOGS_PATTERN_PREFIX, DEPRECATION_LOGS_PROFILE_ID } from './consts'; export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfileProvider<{ formatRecord: (flattenedRecord: Record) => string; @@ -56,13 +56,17 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil }, }); +/* + This function returns true if the index pattern belongs to deprecation logs. + It also considers multiple patterns separated by commas. +*/ const checkAllIndicesInPatternAreDeprecationLogs = (indexPattern: string | undefined): boolean => { if (!indexPattern) { return false; } const indexPatternArray = indexPattern.split(','); const result = indexPatternArray.reduce( - (acc, val) => acc && val.startsWith('.logs-deprecation'), + (acc, val) => acc && val.startsWith(DEPRECATION_LOGS_PATTERN_PREFIX), true ); return result; From 13d00f623be97dde1dd6ecff0f30a284da6449c2 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Tue, 10 Dec 2024 09:33:52 +0000 Subject: [PATCH 08/12] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../profile_providers/common/deprecation_logs/consts.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts index ccbb027d79a9a..1e6e0b1b2e9db 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/consts.ts @@ -8,4 +8,4 @@ */ export const DEPRECATION_LOGS_PROFILE_ID = 'deprecation-logs-profile'; -export const DEPRECATION_LOGS_PATTERN_PREFIX = '.logs-deprecation'; \ No newline at end of file +export const DEPRECATION_LOGS_PATTERN_PREFIX = '.logs-deprecation'; From 82d153fdeef18873e113794885f0d8b53a2e6610 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Tue, 10 Dec 2024 15:09:01 +0100 Subject: [PATCH 09/12] fix column name --- .../profile_providers/common/deprecation_logs/profile.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts index 587e460d4cf24..1ef2aacbdb8b3 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts @@ -23,7 +23,7 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil columns: [ { name: 'log.level' }, { name: 'message' }, - { name: 'x-opaque-id' }, + { name: 'elasticsearch.http.request.x_opaque_id' }, { name: 'elasticsearch.cluster.name' }, { name: 'elasticsearch.event.category' }, ], From 5af9e88779cb39f50da7e24e1b95a53b1671a5d1 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Tue, 10 Dec 2024 16:19:20 +0100 Subject: [PATCH 10/12] add todo comment to codeowners --- .github/CODEOWNERS | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index 1a6f113fee13b..32546716ffc2f 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -1142,6 +1142,7 @@ x-pack/test_serverless/api_integration/test_suites/common/platform_security @ela /x-pack/test_serverless/functional/test_suites/common/examples/unified_field_list_examples @elastic/kibana-data-discovery /x-pack/test_serverless/functional/test_suites/common/management/data_views @elastic/kibana-data-discovery src/plugins/discover/public/context_awareness/profile_providers/security @elastic/kibana-data-discovery @elastic/security-threat-hunting-investigations +# TODO: this deprecation_logs folder should be owned by kibana management team after 9.0 src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs @elastic/kibana-data-discovery @elastic/kibana-core src/plugins/discover/public/context_awareness/profile_providers/observability @elastic/kibana-data-discovery @elastic/obs-ux-logs-team From d0e754e7397aafa8d60bccf7db8022100adbba48 Mon Sep 17 00:00:00 2001 From: Jesus Wahrman Date: Wed, 11 Dec 2024 11:17:28 +0100 Subject: [PATCH 11/12] add changes suggested --- .../common/deprecation_logs/index.ts | 2 +- .../common/deprecation_logs/profile.test.ts | 5 ++-- .../common/deprecation_logs/profile.ts | 30 +++++-------------- .../register_profile_providers.ts | 4 +-- 4 files changed, 13 insertions(+), 28 deletions(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/index.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/index.ts index b465c32c7b200..8110f3371ce81 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/index.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/index.ts @@ -7,4 +7,4 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -export { createDeprecationLogsDocumentProfileProvider } from './profile'; +export { createDeprecationLogsDataSourceProfileProvider } from './profile'; diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts index 70bcb10eb830d..c961f310f6e5a 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.test.ts @@ -10,12 +10,12 @@ import { createStubIndexPattern } from '@kbn/data-views-plugin/common/data_view.stub'; import { createDataViewDataSource } from '../../../../../common/data_sources'; import { DataSourceCategory, RootContext, SolutionType } from '../../../profiles'; -import { createDeprecationLogsDocumentProfileProvider } from './profile'; +import { createDeprecationLogsDataSourceProfileProvider } from './profile'; import type { ContextWithProfileId } from '../../../profile_service'; import { DEPRECATION_LOGS_PROFILE_ID } from './consts'; describe('deprecationLogsProfileProvider', () => { - const deprecationLogsProfileProvider = createDeprecationLogsDocumentProfileProvider(); + const deprecationLogsProfileProvider = createDeprecationLogsDataSourceProfileProvider(); const VALID_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default'; const VALID_MIXED_INDEX_PATTERN = '.logs-deprecation.elasticsearch-default,.logs-deprecation.abc,.logs-deprecation.def'; @@ -29,7 +29,6 @@ describe('deprecationLogsProfileProvider', () => { isMatch: true, context: { category: DataSourceCategory.Logs, - formatRecord: expect.any(Function), }, }; const RESOLUTION_MISMATCH = { diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts index 1ef2aacbdb8b3..da713d704b8d2 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts @@ -7,40 +7,27 @@ * License v3.0 only", or the "Server Side Public License, v 1". */ -import { isOfAggregateQueryType } from '@kbn/es-query'; -import { getIndexPatternFromESQLQuery } from '@kbn/esql-utils'; import { DataSourceCategory } from '../../../profiles'; -import { DataSourceType, isDataSourceType } from '../../../../../common/data_sources'; import { type DataSourceProfileProvider } from '../../../profiles'; import { DEPRECATION_LOGS_PATTERN_PREFIX, DEPRECATION_LOGS_PROFILE_ID } from './consts'; +import { extractIndexPatternFrom } from '../../extract_index_pattern_from'; -export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfileProvider<{ - formatRecord: (flattenedRecord: Record) => string; +export const createDeprecationLogsDataSourceProfileProvider = (): DataSourceProfileProvider<{ }> => ({ profileId: DEPRECATION_LOGS_PROFILE_ID, profile: { getDefaultAppState: () => () => ({ columns: [ - { name: 'log.level' }, + { name: 'log.level', width: 150 }, { name: 'message' }, - { name: 'elasticsearch.http.request.x_opaque_id' }, - { name: 'elasticsearch.cluster.name' }, - { name: 'elasticsearch.event.category' }, + { name: 'elasticsearch.http.request.x_opaque_id', width: 250 }, + { name: 'elasticsearch.cluster.name', width: 250 }, + { name: 'elasticsearch.event.category', width: 250 }, ], }), }, resolve: (params) => { - let indexPattern: string | undefined; - - if (isDataSourceType(params.dataSource, DataSourceType.Esql)) { - if (!isOfAggregateQueryType(params.query)) { - return { isMatch: false }; - } - - indexPattern = getIndexPatternFromESQLQuery(params.query.esql); - } else if (isDataSourceType(params.dataSource, DataSourceType.DataView) && params.dataView) { - indexPattern = params.dataView.getIndexPattern(); - } + const indexPattern = extractIndexPatternFrom(params); if (!checkAllIndicesInPatternAreDeprecationLogs(indexPattern)) { return { isMatch: false }; @@ -50,7 +37,6 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil isMatch: true, context: { category: DataSourceCategory.Logs, - formatRecord: (record) => JSON.stringify(record, null, 2), }, }; }, @@ -60,7 +46,7 @@ export const createDeprecationLogsDocumentProfileProvider = (): DataSourceProfil This function returns true if the index pattern belongs to deprecation logs. It also considers multiple patterns separated by commas. */ -const checkAllIndicesInPatternAreDeprecationLogs = (indexPattern: string | undefined): boolean => { +const checkAllIndicesInPatternAreDeprecationLogs = (indexPattern: string | null): boolean => { if (!indexPattern) { return false; } diff --git a/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts b/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts index 33a856e903dd3..88c7628e9273a 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/register_profile_providers.ts @@ -28,7 +28,7 @@ import { } from './profile_provider_services'; import type { DiscoverServices } from '../../build_services'; import { createObservabilityRootProfileProvider } from './observability/observability_root_profile'; -import { createDeprecationLogsDocumentProfileProvider } from './common/deprecation_logs'; +import { createDeprecationLogsDataSourceProfileProvider } from './common/deprecation_logs'; /** * Register profile providers for root, data source, and document contexts to the profile profile services @@ -134,7 +134,7 @@ const createRootProfileProviders = (providerServices: ProfileProviderServices) = */ const createDataSourceProfileProviders = (providerServices: ProfileProviderServices) => [ createExampleDataSourceProfileProvider(), - createDeprecationLogsDocumentProfileProvider(), + createDeprecationLogsDataSourceProfileProvider(), ...createObservabilityLogsDataSourceProfileProviders(providerServices), ]; From 29c7a272004503eee1052b25043fb0b9bb932ac7 Mon Sep 17 00:00:00 2001 From: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Date: Wed, 11 Dec 2024 10:40:49 +0000 Subject: [PATCH 12/12] [CI] Auto-commit changed files from 'node scripts/eslint --no-cache --fix' --- .../common/deprecation_logs/profile.ts | 54 +++++++++---------- 1 file changed, 27 insertions(+), 27 deletions(-) diff --git a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts index da713d704b8d2..4d220892aea29 100644 --- a/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts +++ b/src/plugins/discover/public/context_awareness/profile_providers/common/deprecation_logs/profile.ts @@ -12,35 +12,35 @@ import { type DataSourceProfileProvider } from '../../../profiles'; import { DEPRECATION_LOGS_PATTERN_PREFIX, DEPRECATION_LOGS_PROFILE_ID } from './consts'; import { extractIndexPatternFrom } from '../../extract_index_pattern_from'; -export const createDeprecationLogsDataSourceProfileProvider = (): DataSourceProfileProvider<{ -}> => ({ - profileId: DEPRECATION_LOGS_PROFILE_ID, - profile: { - getDefaultAppState: () => () => ({ - columns: [ - { name: 'log.level', width: 150 }, - { name: 'message' }, - { name: 'elasticsearch.http.request.x_opaque_id', width: 250 }, - { name: 'elasticsearch.cluster.name', width: 250 }, - { name: 'elasticsearch.event.category', width: 250 }, - ], - }), - }, - resolve: (params) => { - const indexPattern = extractIndexPatternFrom(params); +export const createDeprecationLogsDataSourceProfileProvider = + (): DataSourceProfileProvider<{}> => ({ + profileId: DEPRECATION_LOGS_PROFILE_ID, + profile: { + getDefaultAppState: () => () => ({ + columns: [ + { name: 'log.level', width: 150 }, + { name: 'message' }, + { name: 'elasticsearch.http.request.x_opaque_id', width: 250 }, + { name: 'elasticsearch.cluster.name', width: 250 }, + { name: 'elasticsearch.event.category', width: 250 }, + ], + }), + }, + resolve: (params) => { + const indexPattern = extractIndexPatternFrom(params); - if (!checkAllIndicesInPatternAreDeprecationLogs(indexPattern)) { - return { isMatch: false }; - } + if (!checkAllIndicesInPatternAreDeprecationLogs(indexPattern)) { + return { isMatch: false }; + } - return { - isMatch: true, - context: { - category: DataSourceCategory.Logs, - }, - }; - }, -}); + return { + isMatch: true, + context: { + category: DataSourceCategory.Logs, + }, + }; + }, + }); /* This function returns true if the index pattern belongs to deprecation logs.