Merge branch 'main' into dashboard/no-data

.buildkite/ftr_configs.yml

@@ -68,6 +68,7 @@ enabled:
   - test/functional/apps/dashboard/group3/config.ts
   - test/functional/apps/dashboard/group4/config.ts
   - test/functional/apps/dashboard/group5/config.ts
+  - test/functional/apps/dashboard/group6/config.ts
   - test/functional/apps/discover/config.ts
   - test/functional/apps/getting_started/config.ts
   - test/functional/apps/home/config.ts

.eslintrc.js

@@ -956,6 +956,13 @@ module.exports = {
             // to help deprecation and prevent accidental re-use/continued use of code we plan on removing. If you are
             // finding yourself turning this off a lot for "new code" consider renaming the file and functions if it is has valid uses.
             patterns: ['*legacy*'],
+            paths: [
+              {
+                name: 'react-router-dom',
+                importNames: ['Route'],
+                message: "import { Route } from '@kbn/kibana-react-plugin/public'",
+              },
+            ],
           },
         ],
       },

docs/management/managing-licenses.asciidoc

@@ -1,191 +1,43 @@
 [[managing-licenses]]
 == License Management
 
-When you install the default distribution of {kib}, you receive free features
-with no expiration date. For the full list of features, refer to
-{subscriptions}.
+By default, new installations have a Basic license that never expires. 
+For the full list of features available at the Free and Open Basic subscription level, 
+refer to {subscriptions}.
 
-If you want to try out the full set of features, you can activate a free 30-day
-trial. To view the status of your license, start a trial, or install a new
-license, open the main menu, then click *Stack Management > License Management*.
-
-NOTE: You can start a trial only if your cluster has not already activated a
-trial license for the current major product version. For example, if you have
-already activated a trial for 6.0, you cannot start a new trial until
-7.0. You can, however, request an extended trial at {extendtrial}.
-
-When you activate a new license level, new features appear in *Stack Management*.
-
-[role="screenshot"]
-image::images/management-license.png[]
+To explore all of the available solutions and features, start a 30-day free trial.
+You can activate a trial subscription once per major product version. 
+If you need more than 30 days to complete your evaluation, 
+request an extended trial at {extendtrial}.
 
-At the end of the trial period, some features operate in a
-<<license-expiration,degraded mode>>. You can revert to Basic, extend the trial,
-or purchase a subscription.
-
-TIP: If {security-features} are enabled, unless you have a trial license,
-you must configure Transport Layer Security (TLS) in {es}.
-See {ref}/encrypting-communications.html[Encrypting communications].
-{kib} and the {ref}/start-basic.html[start basic API] provide a list of all of
-the features that will no longer be supported if you revert to a basic license.
+To view the status of your license, start a trial, or install a new
+license, open the main menu, then click *Stack Management > License Management*.
 
-[float]
+[discrete]
 === Required permissions
 
 The `manage` cluster privilege is required to access *License Management*.
 
 To add the privilege, open the main menu, then click *Stack Management > Roles*.
 
-[discrete]
-[[update-license]]
-=== Update your license
-
-You can update your license at runtime without shutting down your {es} nodes.
-License updates take effect immediately. The license is provided as a _JSON_
-file that you install in {kib} or by using the
-{ref}/update-license.html[update license API].
-
-TIP: If you are using a basic or trial license, {security-features} are disabled
-by default. In all other licenses, {security-features} are enabled by default;
-you must secure the {stack} or disable the {security-features}.
-
 [discrete]
 [[license-expiration]]
 === License expiration
 
-Your license is time based and expires at a future date. If you're using
-{monitor-features} and your license will expire within 30 days, a license
-expiration warning is displayed prominently. Warnings are also displayed on
-startup and written to the {es} log starting 30 days from the expiration date.
-These error messages tell you when the license expires and what features will be
-disabled if you do not update the license.
-
-IMPORTANT: You should update your license as soon as possible. You are
-essentially flying blind when running with an expired license. Access to the
-cluster health and stats APIs is critical for monitoring and managing an {es}
-cluster.
-
-[discrete]
-[[expiration-beats]]
-==== Beats
-
-*  Beats will continue to poll centrally-managed configuration.
-
-[discrete]
-[[expiration-elasticsearch]]
-==== {es}
-
-// Upgrade API is disabled
-* The deprecation API is disabled.
-* SQL support is disabled.
-* Aggregations provided by the analytics plugin are no longer usable.
-* All searchable snapshots indices are unassigned and cannot be searched.
-
-[discrete]
-[[expiration-watcher]]
-==== {stack} {alert-features}
-
-* The PUT and GET watch APIs are disabled. The DELETE watch API continues to work.
-* Watches execute and write to the history.
-* The actions of the watches do not execute.
-
-[discrete]
-[[expiration-graph]]
-==== {stack} {graph-features}
-
-* Graph explore APIs are disabled.
-
-[discrete]
-[[expiration-ml]]
-==== {stack} {ml-features}
+Licenses are valid for a specific time period. 
+30 days before the license expiration date, {es} starts logging expiration warnings.
+If monitoring is enabled, expiration warnings are displayed prominently in {kib}.
 
-* APIs to create {anomaly-jobs}, open jobs, send data to jobs, create {dfeeds},
-and start {dfeeds} are disabled.
-* All started {dfeeds} are stopped.
-* All open {anomaly-jobs} are closed.
-* APIs to create and start {dfanalytics-jobs} are disabled.
-* Existing {anomaly-job} and {dfanalytics-job} results continue to be available
-by using {kib} or APIs.
+If your license expires, your subscription level reverts to Basic and
+you will no longer be able to use https://www.elastic.co/subscriptions[Platinum or Enterprise features].
 
 [discrete]
-[[expiration-monitoring]]
-==== {stack} {monitor-features}
-
-* The agent stops collecting cluster and indices metrics.
-* The agent stops automatically cleaning indices older than
-`xpack.monitoring.history.duration`.
-
-[discrete]
-[[expiration-security]]
-==== {stack} {security-features}
-
-* Cluster health, cluster stats, and indices stats operations are blocked.
-* All data operations (read and write) continue to work.
-
-Once the license expires, calls to the cluster health, cluster stats, and index
-stats APIs fail with a `security_exception` and return a 403 HTTP status code.
-
-[source,sh]
------------------------------------------------------
-{
-  "error": {
-    "root_cause": [
-      {
-        "type": "security_exception",
-        "reason": "current license is non-compliant for [security]",
-        "license.expired.feature": "security"
-      }
-    ],
-    "type": "security_exception",
-    "reason": "current license is non-compliant for [security]",
-    "license.expired.feature": "security"
-  },
-  "status": 403
-}
------------------------------------------------------
-
-This message enables automatic monitoring systems to easily detect the license
-failure without immediately impacting other users.
-
-[discrete]
-[[expiration-logstash]]
-==== {ls} pipeline management
-
-* Cannot create new pipelines or edit or delete existing pipelines from the UI.
-* Cannot list or view existing pipelines from the UI.
-* Cannot run Logstash instances which are registered to listen to existing pipelines.
-//TBD: * Logstash will continue to poll centrally-managed pipelines
-
-[discrete]
-[[expiration-kibana]]
-==== {kib}
-
-* Users can still log into {kib}.
-* {kib} works for data exploration and visualization, but some features
-are disabled.
-* The license management UI is available to easily upgrade your license. See
-<<update-license>> and <<managing-licenses>>.
-
-[discrete]
-[[expiration-reporting]]
-==== {kib} {report-features}
-
-* Reporting is no longer available in {kib}.
-* Report generation URLs stop working.
-* Existing reports are no longer accessible.
-
-[discrete]
-[[expiration-rollups]]
-==== {rollups-cap}
-
-* {rollup-jobs-cap} cannot be created or started.
-* Existing {rollup-jobs} can be stopped and deleted.
-* The get rollup caps and rollup search APIs continue to function.
+[[update-license]]
+=== Update your license
 
-[discrete]
-[[expiration-transforms]]
-==== {transforms-cap}
+Licenses are provided as a _JSON_ file and have an effective date and an expiration date.  
+You cannot install a new license before its effective date.
+License updates take effect immediately and do not require restarting {es}.
 
-* {transforms-cap} cannot be created, previewed, started, or updated.
-* Existing {transforms} can be stopped and deleted.
-* Existing {transform} results continue to be available.
+You can update your license from *Stack Management > License Management* or through the
+{ref}/update-license.html[update license API]. 

docs/user/alerting/alerting-setup.asciidoc

@@ -5,35 +5,47 @@
 <titleabbrev>Set up</titleabbrev>
 ++++
 
-Alerting is automatically enabled in {kib}, but might require some additional configuration.
+Alerting is automatically enabled in {kib}, but might require some additional 
+configuration.
 
 [float]
 [[alerting-prerequisites]]
 === Prerequisites
 If you are using an *on-premises* Elastic Stack deployment:
 
-* In the kibana.yml configuration file, add the <<general-alert-action-settings,`xpack.encryptedSavedObjects.encryptionKey`>> setting.
-* For emails to have a footer with a link back to {kib}, set the <<server-publicBaseUrl, `server.publicBaseUrl`>> configuration setting.
+* In the kibana.yml configuration file, add the 
+<<general-alert-action-settings,`xpack.encryptedSavedObjects.encryptionKey`>> 
+setting.
+* For emails to have a footer with a link back to {kib}, set the 
+<<server-publicBaseUrl, `server.publicBaseUrl`>> configuration setting.
 
-If you are using an *on-premises* Elastic Stack deployment with <<using-kibana-with-security, *security*>>:
+If you are using an *on-premises* Elastic Stack deployment with 
+<<using-kibana-with-security, *security*>>:
 
-* If you are unable to access {kib} Alerting, ensure that you have not {ref}/security-settings.html#api-key-service-settings[explicitly disabled API keys].
+* If you are unable to access {kib} Alerting, ensure that you have not 
+{ref}/security-settings.html#api-key-service-settings[explicitly disabled API keys].
 
-The alerting framework uses queries that require the `search.allow_expensive_queries` setting to be `true`. See the scripts {ref}/query-dsl-script-query.html#_allow_expensive_queries_4[documentation]. 
+The alerting framework uses queries that require the 
+`search.allow_expensive_queries` setting to be `true`. See the scripts 
+{ref}/query-dsl-script-query.html#_allow_expensive_queries_4[documentation]. 
 
 [float]
 [[alerting-setup-production]]
 === Production considerations and scaling guidance
 
-When relying on alerting and actions as mission critical services, make sure you follow the <<alerting-production-considerations,Alerting production considerations>>.
+When relying on alerting and actions as mission critical services, make sure you 
+follow the 
+<<alerting-production-considerations,Alerting production considerations>>.
 
-See <<alerting-scaling-guidance>> for more information on the scalability of Alerting.
+See <<alerting-scaling-guidance>> for more information on the scalability of 
+Alerting.
 
 [float]
 [[alerting-security]]
 === Security
 
-To access alerting in a space, a user must have access to one of the following features:
+To access alerting in a space, a user must have access to one of the following 
+features:
 
 * Alerting
 * <<xpack-apm,*APM*>>
@@ -43,31 +55,53 @@ To access alerting in a space, a user must have access to one of the following f
 * <<xpack-siem,*Security*>>
 * <<uptime-app,*Uptime*>>
 
-See <<kibana-feature-privileges, feature privileges>> for more information on configuring roles that provide access to these features.
-Also note that a user will need +read+ privileges for the *Actions and Connectors* feature to attach actions to a rule or to edit a rule that has an action attached to it.
+See <<kibana-feature-privileges, feature privileges>> for more information on 
+configuring roles that provide access to these features.
+Also note that a user will need +read+ privileges for the 
+*Actions and Connectors* feature to attach actions to a rule or to edit a rule 
+that has an action attached to it.
 
 [float]
 [[alerting-restricting-actions]]
 ==== Restrict actions
 
-For security reasons you may wish to limit the extent to which {kib} can connect to external services. <<action-settings>> allows you to disable certain <<action-types>> and allowlist the hostnames that {kib} can connect with.
+For security reasons you may wish to limit the extent to which {kib} can connect 
+to external services. <<action-settings>> allows you to disable certain 
+<<action-types>> and allowlist the hostnames that {kib} can connect with.
 
 [float]
 [[alerting-spaces]]
 === Space isolation
 
-Rules and connectors are isolated to the {kib} space in which they were created. A rule or connector created in one space will not be visible in another. 
+Rules and connectors are isolated to the {kib} space in which they were created. 
+A rule or connector created in one space will not be visible in another. 
 
 [float]
 [[alerting-authorization]]
 === Authorization
 
-Rules are authorized using an <<api-keys,API key>> associated with the last user to edit the rule. This API key captures a snapshot of the user's privileges at the time of edit and is subsequently used to run all background tasks associated with the rule, including condition checks like {es} queries and triggered actions. The following rule actions will re-generate the API key:
+Rules are authorized using an <<api-keys,API key>> associated with the last user 
+to edit the rule. This API key captures a snapshot of the user's privileges at 
+the time of the edit. They are subsequently used to run all background tasks 
+associated with the rule, including condition checks like {es} queries and 
+triggered actions. The following rule actions will re-generate the API key:
 
 * Creating a rule
 * Updating a rule
 
+When you disable a rule, it retains the associated API key which is re-used when 
+the rule is enabled. If the API key is missing when you enable the rule (for 
+example, in the case of imported rules), it generates a new key that has your 
+security privileges.
+
+You can update an API key manually in 
+**{stack-manage-app} > {rules-ui}** or in the rule details page by selecting 
+**Update API key** in the actions menu.
+
 [IMPORTANT]
 ==============================================
-If a rule requires certain privileges, such as index privileges, to run, and a user without those privileges updates the rule, the rule will no longer function. Conversely, if a user with greater or administrator privileges modifies the rule, it will begin running with increased privileges.
+If a rule requires certain privileges, such as index privileges, to run, and a 
+user without those privileges updates the rule, the rule will no longer 
+function. Conversely, if a user with greater or administrator privileges 
+modifies the rule, it will begin running with increased privileges.
 ==============================================

docs/user/security/audit-logging.asciidoc

@@ -15,8 +15,10 @@ by cluster-wide privileges. For more information on enabling audit logging in
 [NOTE]
 ============================================================================
 Audit logs are **disabled** by default. To enable this functionality, you must
-set `xpack.security.audit.enabled` to `true` in `kibana.yml`, and optionally configure
-an <<audit-logging-settings, appender>> to write the audit log to a location of your choosing.
+set `xpack.security.audit.enabled` to `true` in `kibana.yml`.
+
+You can optionally configure audit logs location, file/rolling file appenders and 
+ignore filters using <<audit-logging-settings>>.
 ============================================================================
 
 [[xpack-security-ecs-audit-logging]]

package.json

@@ -47,6 +47,7 @@
     "cover:report": "nyc report --temp-dir target/kibana-coverage/functional --report-dir target/coverage/report --reporter=lcov && open ./target/coverage/report/lcov-report/index.html",
     "debug": "node --nolazy --inspect scripts/kibana --dev",
     "debug-break": "node --nolazy --inspect-brk scripts/kibana --dev",
+    "dev-docs": "scripts/dev_docs.sh",
     "docs:acceptApiChanges": "node --max-old-space-size=6144 scripts/check_published_api_changes.js --accept",
     "es": "node scripts/es",
     "preinstall": "node ./preinstall_check",
@@ -109,7 +110,7 @@
     "@elastic/datemath": "5.0.3",
     "@elastic/elasticsearch": "npm:@elastic/elasticsearch-canary@8.2.0-canary.2",
     "@elastic/ems-client": "8.3.2",
-    "@elastic/eui": "55.1.2",
+    "@elastic/eui": "55.1.3",
     "@elastic/filesaver": "1.1.2",
     "@elastic/node-crypto": "1.2.1",
     "@elastic/numeral": "^2.5.1",
@@ -366,6 +367,7 @@
     "react-dropzone": "^4.2.9",
     "react-fast-compare": "^2.0.4",
     "react-grid-layout": "^0.16.2",
+    "react-hook-form": "^7.30.0",
     "react-intl": "^2.8.0",
     "react-is": "^16.13.1",
     "react-markdown": "^4.3.1",

packages/elastic-apm-synthtrace/src/index.ts

@@ -9,6 +9,7 @@
 export { timerange } from './lib/timerange';
 export { apm } from './lib/apm';
 export { stackMonitoring } from './lib/stack_monitoring';
+export { observer } from './lib/agent_config';
 export { cleanWriteTargets } from './lib/utils/clean_write_targets';
 export { createLogger, LogLevel } from './lib/utils/create_logger';