Merge branch 'master' into alerting-ui-rule-list-ux-changes

.github/CODEOWNERS

@@ -315,7 +315,6 @@
 /src/plugins/es_ui_shared/  @elastic/kibana-stack-management
 /x-pack/plugins/cross_cluster_replication/  @elastic/kibana-stack-management
 /x-pack/plugins/index_lifecycle_management/  @elastic/kibana-stack-management
-/x-pack/plugins/console_extensions/  @elastic/kibana-stack-management
 /x-pack/plugins/grokdebugger/  @elastic/kibana-stack-management
 /x-pack/plugins/index_management/  @elastic/kibana-stack-management
 /x-pack/plugins/license_api_guard/  @elastic/kibana-stack-management
@@ -330,7 +329,6 @@
 /x-pack/plugins/ingest_pipelines/  @elastic/kibana-stack-management
 /packages/kbn-ace/ @elastic/kibana-stack-management
 /packages/kbn-monaco/ @elastic/kibana-stack-management
-#CC# /x-pack/plugins/console_extensions/ @elastic/kibana-stack-management
 #CC# /x-pack/plugins/cross_cluster_replication/ @elastic/kibana-stack-management
 
 # Security Solution
@@ -351,6 +349,21 @@
 /x-pack/test/case_api_integration @elastic/security-threat-hunting
 /x-pack/plugins/lists @elastic/security-detections-response
 
+## Security Solution sub teams - security-onboarding-and-lifecycle-mgt 
+/x-pack/plugins/security_solution/public/management/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/public/common/lib/endpoint*/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/public/common/components/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/common/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/actions/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/routes/metadata/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/endpoint/lib/policy/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/lib/license/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/server/fleet_integration/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/scripts/endpoint/event_filters/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/plugins/security_solution/scripts/endpoint/trusted_apps/ @elastic/security-onboarding-and-lifecycle-mgt
+/x-pack/test/security_solution_endpoint/apps/endpoint/ @elastic/security-onboarding-and-lifecycle-mgt
+
 # Security Intelligence And Analytics
 /x-pack/plugins/security_solution/server/lib/detection_engine/rules/prepackaged_rules @elastic/security-intelligence-analytics
 

.github/workflows/project-assigner.yml

@@ -8,8 +8,17 @@ jobs:
     name: Assign issue or PR to project based on label
     steps:
       - name: Assign to project
-        uses: elastic/github-actions/project-assigner@v2.0.0
+        uses: elastic/github-actions/project-assigner@v2.1.0
         id: project_assigner
         with:
-          issue-mappings: '[{"label": "Feature:Lens", "projectNumber": 32, "columnName": "Long-term goals"}, {"label": "Feature:Canvas", "projectNumber": 38, "columnName": "Inbox"}, {"label": "Feature:Dashboard", "projectNumber": 68, "columnName": "Inbox"}, {"label": "Feature:Drilldowns", "projectNumber": 68, "columnName": "Inbox"}, {"label": "Feature:Input Controls", "projectNumber": 72, "columnName": "Inbox"}]'
+          issue-mappings: |
+            [
+              {"label": "Feature:Lens", "projectNumber": 32, "columnName": "Long-term goals"},
+              {"label": "Feature:Discover", "projectNumber": 44, "columnName": "Inbox"},
+              {"label": "Feature:Canvas", "projectNumber": 38, "columnName": "Inbox"},
+              {"label": "Feature:Dashboard", "projectNumber": 68, "columnName": "Inbox"},
+              {"label": "Feature:Drilldowns", "projectNumber": 68, "columnName": "Inbox"},
+              {"label": "Feature:Input Controls", "projectNumber": 72, "columnName": "Inbox"},
+              {"label": "Team:Security", "projectNumber": 320, "columnName": "Awaiting triage", "projectScope": "org"}
+            ]
           ghToken: ${{ secrets.PROJECT_ASSIGNER_TOKEN }}

.i18nrc.json

@@ -16,6 +16,7 @@
     "esUi": "src/plugins/es_ui_shared",
     "devTools": "src/plugins/dev_tools",
     "expressions": "src/plugins/expressions",
+    "expressionError": "src/plugins/expression_error",
     "expressionRevealImage": "src/plugins/expression_reveal_image",
     "inputControl": "src/plugins/input_control_vis",
     "inspector": "src/plugins/inspector",

WORKSPACE.bazel

@@ -10,15 +10,15 @@ load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
 # Fetch Node.js rules
 http_archive(
   name = "build_bazel_rules_nodejs",
-  sha256 = "0fa2d443571c9e02fcb7363a74ae591bdcce2dd76af8677a95965edf329d778a",
-  urls = ["https://github.com/bazelbuild/rules_nodejs/releases/download/3.6.0/rules_nodejs-3.6.0.tar.gz"],
+  sha256 = "8f5f192ba02319254aaf2cdcca00ec12eaafeb979a80a1e946773c520ae0a2c9",
+  urls = ["https://github.com/bazelbuild/rules_nodejs/releases/download/3.7.0/rules_nodejs-3.7.0.tar.gz"],
 )
 
 # Now that we have the rules let's import from them to complete the work
 load("@build_bazel_rules_nodejs//:index.bzl", "check_rules_nodejs_version", "node_repositories", "yarn_install")
 
 # Assure we have at least a given rules_nodejs version
-check_rules_nodejs_version(minimum_version_string = "3.6.0")
+check_rules_nodejs_version(minimum_version_string = "3.7.0")
 
 # Setup the Node.js toolchain for the architectures we want to support
 #

config/kibana.yml

@@ -42,6 +42,10 @@
 #elasticsearch.username: "kibana_system"
 #elasticsearch.password: "pass"
 
+# Kibana can also authenticate to Elasticsearch via "service account tokens".
+# If may use this token instead of a username/password.
+# elasticsearch.serviceAccountToken: "my_token"
+
 # Enables SSL and paths to the PEM-format SSL certificate and SSL key files, respectively.
 # These settings enable SSL for outgoing requests from the Kibana server to the browser.
 #server.ssl.enabled: false

dev_docs/tutorials/debugging.mdx

@@ -0,0 +1,61 @@
+---
+id: kibDevTutorialDebugging
+slug: /kibana-dev-docs/tutorial/debugging
+title: Debugging in development
+summary: Learn how to debug Kibana while running from source
+date: 2021-04-26
+tags: ['kibana', 'onboarding', 'dev', 'tutorials', 'debugging']
+---
+
+There are multiple ways to go about debugging Kibana when running from source.
+
+## Debugging using Chrome DevTools
+
+You will need to run Node using `--inspect` or `--inspect-brk` in order to enable the inspector. Additional information can be found in the [Node.js docs](https://nodejs.org/en/docs/guides/debugging-getting-started/).
+
+Once Node is running with the inspector enabled, you can open `chrome://inspect` in your Chrome browser. You should see a remote target for the inspector running. Click "inspect". You can now begin using the debugger.
+
+Next we will go over how to exactly enable the inspector for different aspects of the codebase.
+
+### Jest Unit Tests
+
+You will need to run Jest directly from the Node script:
+
+`node --inspect-brk scripts/jest [TestPathPattern]`
+
+### Functional Test Runner
+
+`node --inspect-brk scripts/functional_test_runner`
+
+### Development Server 
+
+`node --inspect-brk scripts/kibana`
+
+## Debugging using logging
+
+When running Kibana, it's sometimes helpful to enable verbose logging.
+
+`yarn start --verbose`
+
+Using verbose logging usually results in much more information than you're interested in. The [logging documentation](https://www.elastic.co/guide/en/kibana/current/logging-settings.html) covers ways to change the log level of certain types.
+
+In the following example of a configuration stored in `config/kibana.dev.yml` we are logging all Elasticsearch queries and any logs created by the Management plugin.
+
+```
+logging:
+  appenders:
+    console:
+      type: console
+      layout:
+        type: pattern
+        highlight: true
+  root:
+    appenders: [default, console]
+    level: info
+
+  loggers:
+    - name: plugins.management
+      level: debug
+    - name: elasticsearch.query
+      level: debug
+```

docs/apm/agent-configuration.asciidoc

@@ -43,6 +43,7 @@ Supported configurations are also tagged with the image:./images/dynamic-config.
 
 [horizontal]
 Go Agent:: {apm-go-ref}/configuration.html[Configuration reference]
+iOS agent:: _Not yet supported_
 Java Agent:: {apm-java-ref}/configuration.html[Configuration reference]
 .NET Agent:: {apm-dotnet-ref}/configuration.html[Configuration reference]
 Node.js Agent:: {apm-node-ref}/configuration.html[Configuration reference]

docs/apm/apm-alerts.asciidoc

@@ -1,69 +1,57 @@
 [role="xpack"]
 [[apm-alerts]]
-=== Alerts
+=== Alerts and rules
 
 ++++
 <titleabbrev>Create an alert</titleabbrev>
 ++++
 
+The APM app allows you to define **rules** to detect complex conditions within your APM data
+and trigger built-in **actions** when those conditions are met.
 
-The APM app integrates with Kibana's {kibana-ref}/alerting-getting-started.html[alerting and actions] feature.
-It provides a set of built-in **actions** and APM specific threshold **alerts** for you to use
-and enables central management of all alerts from <<management,Kibana Management>>.
+The following **rules** are supported:
+
+* Latency anomaly rule:
+Alert when latency of a service is abnormal
+* Transaction error rate threshold rule:
+Alert when the service's transaction error rate is above the defined threshold
+* Error count threshold rule:
+Alert when the number of errors in a service exceeds a defined threshold
 
 [role="screenshot"]
 image::apm/images/apm-alert.png[Create an alert in the APM app]
 
-For a walkthrough of the alert flyout panel, including detailed information on each configurable property,
-see Kibana's <<create-edit-rules,defining alerts>>.
-
-The APM app supports four different types of alerts:
-
-* Transaction duration anomaly:
-alerts when the service's transaction duration reaches a certain anomaly score
-* Transaction duration threshold:
-alerts when the service's transaction duration exceeds a given time limit over a given time frame
-* Transaction error rate threshold:
-alerts when the service's transaction error rate is above the selected rate over a given time frame
-* Error count threshold:
-alerts when service exceeds a selected number of errors over a given time frame
+For a complete walkthrough of the **Create rule** flyout panel, including detailed information on each configurable property,
+see Kibana's <<create-edit-rules,create and edit rules>>.
 
-Below, we'll walk through the creation of two of these alerts.
+Below, we'll walk through the creation of two APM rules.
 
 [float]
 [[apm-create-transaction-alert]]
-=== Example: create a transaction duration alert
+=== Example: create a latency anomaly rule
 
-Transaction duration alerts trigger when the duration of a specific transaction type in a service exceeds a defined threshold.
-This guide will create an alert for the `opbeans-java` service based on the following criteria:
+Latency anomaly rules trigger when the latency of a service is abnormal.
+This guide will create an alert for all services based on the following criteria:
 
-* Environment: Production
-* Transaction type: `transaction.type:request`
-* Average request is above `1500ms` for the last 5 minutes
-* Check every 10 minutes, and repeat the alert every 30 minutes
-* Send the alert via Slack
+* Environment: production
+* Severity level: critical
+* Run every five minutes
+* Send an alert to a Slack channel only when the rule status changes
 
-From the APM app, navigate to the `opbeans-java` service and select
-**Alerts** > **Create threshold alert** > **Transaction duration**.
+From any page in the APM app, select **Alerts and rules** > **Latency** > **Create anomaly rule**.
+Change the name of the alert, but do not edit the tags.
 
-`Transaction duration | opbeans-java` is automatically set as the name of the alert,
-and `apm` and `service.name:opbeans-java` are added as tags.
-It's fine to change the name of the alert, but do not edit the tags.
+Based on the criteria above, define the following rule details:
 
-Based on the alert criteria, define the following alert details:
+* **Check every** - `5 minutes`
+* **Notify** - "Only on status change"
+* **Environment** - `all`
+* **Has anomaly with severity** - `critical`
 
-* **Check every** - `10 minutes`
-* **Notify every** - `30 minutes`
-* **TYPE** - `request`
-* **WHEN** - `avg`
-* **IS ABOVE** - `1500ms`
-* **FOR THE LAST** - `5 minutes`
-
-Select an action type.
-Multiple action types can be selected, but in this example, we want to post to a Slack channel.
+Next, add a connector. Multiple connectors can be selected, but in this example we're interested in Slack.
 Select **Slack** > **Create a connector**.
 Enter a name for the connector,
-and paste the webhook URL.
+and paste your Slack webhook URL.
 See Slack's webhook documentation if you need to create one.
 
 A default message is provided as a starting point for your alert.
@@ -72,35 +60,32 @@ to pass additional alert values at the time a condition is detected to an action
 A list of available variables can be accessed by selecting the
 **add variable** button image:apm/images/add-variable.png[add variable button].
 
-Select **Save**. The alert has been created and is now active!
+Click **Save**. The rule has been created and is now active!
 
 [float]
 [[apm-create-error-alert]]
-=== Example: create an error rate alert
+=== Example: create an error count threshold alert
 
-Error rate alerts trigger when the number of errors in a service exceeds a defined threshold.
-This guide creates an alert for the `opbeans-python` service based on the following criteria:
+The error count threshold alert triggers when the number of errors in a service exceeds a defined threshold.
+This guide will create an alert for all services based on the following criteria:
 
-* Environment: Production
+* All environments
 * Error rate is above 25 for the last minute
-* Check every 1 minute, and repeat the alert every 10 minutes
-* Send the alert via email to the `opbeans-python` team
-
-From the APM app, navigate to the `opbeans-python` service and select
-**Alerts** > **Create threshold alert** > **Error rate**.
+* Check every 1 minute, and alert every time the rule is active
+* Send the alert via email to the site reliability team
 
-`Error rate | opbeans-python` is automatically set as the name of the alert,
-and `apm` and `service.name:opbeans-python` are added as tags.
-It's fine to change the name of the alert, but do not edit the tags.
+From any page in the APM app, select **Alerts and rules** > **Error count** > **Create threshold rule**.
+Change the name of the alert, but do not edit the tags.
 
-Based on the alert criteria, define the following alert details:
+Based on the criteria above, define the following rule details:
 
 * **Check every** - `1 minute`
-* **Notify every** - `10 minutes`
-* **IS ABOVE** - `25 errors`
-* **FOR THE LAST** - `1 minute`
+* **Notify** - "Every time alert is active"
+* **Environment** - `all`
+* **Is above** - `25 errors`
+* **For the last** - `1 minute`
 
-Select the **Email** action type and click **Create a connector**.
+Select the **Email** connector and click **Create a connector**.
 Fill out the required details: sender, host, port, etc., and click **save**.
 
 A default message is provided as a starting point for your alert.
@@ -109,14 +94,14 @@ to pass additional alert values at the time a condition is detected to an action
 A list of available variables can be accessed by selecting the
 **add variable** button image:apm/images/add-variable.png[add variable button].
 
-Select **Save**. The alert has been created and is now active!
+Click **Save**. The alert has been created and is now active!
 
 [float]
 [[apm-alert-manage]]
-=== Manage alerts and actions
+=== Manage alerts and rules
 
-From the APM app, select **Alerts** > **View active alerts** to be taken to the Kibana alerts and actions management page.
-From this page, you can create, edit, disable, mute, and delete alerts, and create, edit, and disable connectors.
+From the APM app, select **Alerts and rules** > **Manage rules** to be taken to the Kibana **Rules and Connectors** page.
+From this page, you can disable, mute, and delete APM alerts.
 
 [float]
 [[apm-alert-more-info]]
@@ -126,4 +111,4 @@ See {kibana-ref}/alerting-getting-started.html[alerting and actions] for more in
 
 NOTE: If you are using an **on-premise** Elastic Stack deployment with security,
 communication between Elasticsearch and Kibana must have TLS configured.
-More information is in the alerting {kibana-ref}/alerting-setup.html#alerting-prerequisites[prerequisites].
+More information is in the alerting {kibana-ref}/alerting-setup.html#alerting-prerequisites[prerequisites].

docs/apm/filters.asciidoc

@@ -36,6 +36,7 @@ It's vital to be consistent when naming environments in your agents.
 To learn how to configure service environments, see the specific agent documentation:
 
 * *Go:* {apm-go-ref}/configuration.html#config-environment[`ELASTIC_APM_ENVIRONMENT`]
+* *iOS agent:* _Not yet supported_
 * *Java:* {apm-java-ref}/config-core.html#config-environment[`environment`]
 * *.NET:* {apm-dotnet-ref}/config-core.html#config-environment[`Environment`]
 * *Node.js:* {apm-node-ref}/configuration.html#environment[`environment`]

docs/apm/service-maps.asciidoc

@@ -108,6 +108,7 @@ Service maps are supported for the following Agent versions:
 
 [horizontal]
 Go agent:: ≥ v1.7.0
+iOS agent:: _Not yet supported_
 Java agent:: ≥ v1.13.0
 .NET agent:: ≥ v1.3.0
 Node.js agent:: ≥ v3.6.0

docs/apm/transactions.asciidoc

@@ -100,22 +100,22 @@ the selected transaction group.
 image::apm/images/apm-transaction-response-dist.png[Example view of response time distribution]
 
 [[transaction-duration-distribution]]
-==== Transactions duration distribution
+==== Latency distribution
 
-This chart plots all transaction durations for the given time period.
+A plot of all transaction durations for the given time period.
 The screenshot below shows a typical distribution,
 and indicates most of our requests were served quickly -- awesome!
-It's the requests on the right, the ones taking longer than average, that we probably want to focus on.
+It's the requests on the right, the ones taking longer than average, that we probably need to focus on.
 
 [role="screenshot"]
-image::apm/images/apm-transaction-duration-dist.png[Example view of transactions duration distribution graph]
+image::apm/images/apm-transaction-duration-dist.png[Example view of latency distribution graph]
 
-Select a transaction duration _bucket_ to display up to ten trace samples.
+Select a latency duration _bucket_ to display up to ten trace samples.
 
 [[transaction-trace-sample]]
 ==== Trace sample
 
-Trace samples are based on the _bucket_ selection in the *Transactions duration distribution* chart;
+Trace samples are based on the _bucket_ selection in the *Latency distribution* chart;
 update the samples by selecting a new _bucket_.
 The number of requests per bucket is displayed when hovering over the graph,
 and the selected bucket is highlighted to stand out.

docs/apm/troubleshooting.asciidoc

@@ -15,6 +15,7 @@ don't forget to check our other troubleshooting guides or discussion forum:
 * {apm-server-ref}/troubleshooting.html[APM Server troubleshooting]
 * {apm-dotnet-ref}/troubleshooting.html[.NET agent troubleshooting]
 * {apm-go-ref}/troubleshooting.html[Go agent troubleshooting]
+* {apm-ios-ref}/troubleshooting.html[iOS agent troubleshooting]
 * {apm-java-ref}/trouble-shooting.html[Java agent troubleshooting]
 * {apm-node-ref}/troubleshooting.html[Node.js agent troubleshooting]
 * {apm-php-ref}/troubleshooting.html[PHP agent troubleshooting]