[cloudflare_logpush] fix conflicts in feature branch#19186
Open
brijesh-elastic wants to merge 106 commits into
Open
[cloudflare_logpush] fix conflicts in feature branch#19186brijesh-elastic wants to merge 106 commits into
brijesh-elastic wants to merge 106 commits into
Conversation
…ic#18874) * [microsoft_sqlserver] add new field buffer_cache_hit_ratio_pct * add new panel * update screenshot and pr link
* chore: [updatecli] [weekly] Update latest snapshot to 8.19.16-SNAPSHOT Made with ❤️️ by updatecli * chore: [updatecli] [daily] Update latest snapshot to 8.19.16-SNAPSHOT Made with ❤️️ by updatecli --------- Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
* [azure_billing] enable agentless deployment * add pr link
* [azure_ai_foundry] add agentless deployment * add pr link
* [azure_openai] add agentless deployment * add pr link
* [Elasticsearch] Add querylog log data stream and Kibana assets Adds the new querylog dataset with ingest pipeline, fields, tests, docs, and packaged Kibana dashboard/search/dataview assets so Elasticsearch query logs can be collected and explored from the integration. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Clarify querylog docs description Updates the querylog docs blurb to reference Elasticsearch query logs documentation and the minimum supported version explicitly. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Update query analytics dashboard migration metadata Keeps the exported query analytics dashboard aligned with the latest saved object metadata from Kibana for this PR branch. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Update querylog saved search migration metadata Refreshes the exported querylog saved search metadata to match the latest object state used by the dashboard assets. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Revert manual saved object migration versions Restores the exported dashboard and search typeMigrationVersion values to avoid invalid manual downgrades. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Remove unsupported saved object attributes Drops dashboard pinned panels and saved search hideTable fields to keep querylog Kibana assets installable on older Kibana schemas used in CI. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Lower querylog asset migration versions for CI compatibility Adjusts dashboard and saved search typeMigrationVersion values to match the Kibana schema level used by package CI install tests. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Remove unsupported dashboard sections and search tabs Drops section-based dashboard layout fields and tabbed saved search fields not recognized by the Kibana schema used in package install tests. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Align querylog pipeline fixture with event constants Updates querylog expected pipeline output to stop asserting event.kind and event.category, which are provided by the target data stream mappings. Co-authored-by: Cursor <cursoragent@cursor.com> * [Elasticsearch] Fix querylog pipeline test fixtures for CI Updates querylog pipeline test fixtures to treat task IDs as numeric keywords and removes the synthetic transport error case that was being interpreted as an unexpected pipeline failure. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(elasticsearch): make querylog system test ingest synthetic query logs Elasticsearch 8.5 test stack does not emit query activity log files by default. Append ECS JSON lines from generate-logs.sh so the logfile system test can find documents. Add numeric_keyword_fields for task IDs in the system test config to match keyword mappings. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
) * fix(elasticsearch): escape ES|QL in querylog field docs for Markdown tables Pipe characters in descriptions broke the exported-fields Markdown table. Use HTML entity &elastic#124; for the separator so cells stay aligned while still rendering as ES|QL. Co-authored-by: Cursor <cursoragent@cursor.com> * fix(elasticsearch): repair query analytics dashboard layout and search panel - Replace discover_session embeddable with saved search panel (fixes missing Discover session tab after package install). - Move remote-cluster section panels and controls to bottom grid rows after section metadata was removed for older Kibana compatibility. Co-authored-by: Cursor <cursoragent@cursor.com> --------- Co-authored-by: Cursor <cursoragent@cursor.com>
…ard fixes (elastic#18926) bump packages/elasticsearch package version from 1.21.0 to 1.21.1
beyondtrust_pra: release package as GA
* Renaming crash event name * Updating OTel android content package's metadata * Using PR number
Add a troubleshooting section to the README explaining the "exceeding maximum number of CEL executions" error and how to resolve it by increasing the Maximum Pages Per Interval setting. The max_executions option was added in v1.5.0 but not documented. Updates elastic#18496
The Handlebars template stores the user's event filter config as state.event_filter, but the CEL program read state.events_filter (note the extra 's'). The optional field access returned none, so the "events" query parameter was never included in the API request, so event filtering was silently ignored. Additionally, format_query() on a list produces repeated keys (events=a&events=b). The Snyk API documents the parameter as a comma-separated list, so the fix joins the list into a single value (events=a,b). Snyk's OpenAPI spec names the parameter "event" (singular), but live testing confirms the API only honours "events" (plural) — "event" is silently ignored. The migration guide also documents the plural form: https://docs.snyk.io/snyk-api/api-end-of-life-eol-process-and-migration-guides/guides-to-migration/search-audit-logs-group-and-org-v1-api-to-ga-rest-audit-logs-api-migration-guide Tested against a live Snyk org endpoint with mito, confirming the filter now correctly narrows results.
* Add apm monitoring dashboard to package * Add changelog * Fix apm version placeholder * Update apm dashboard and ship data view * Update apm dashboard so that it works on >=9.1.0 * Update apm dashboard from review * Remove some unnecessary y-axis titles * Fix dashboard name * Fix data view pattern * Add note to TBS section * Fix title * Remove duplicate events active viz
…ic#18831) Change certificate.identity.allowed_resource_ids from keyword to flattened. Teleport's proto defines this as repeated ResourceID, an array of objects with cluster, kind, name, and sub_resource fields. The keyword mapping rejected these with document_parsing_exception. Add a field definition for teleport.audit.addr, which carries the target address in port forwarding events (event code T3003I). The pipeline already handled the dotted-key addr.local/addr.remote form from ConnectionMetadata but had no mapping for the plain string form from PortForward. Fix a copy-paste error in the setup documentation that referenced Symantec Endpoint Security instead of Teleport. Test events were constructed from the Teleport events proto definition (api/proto/teleport/legacy/types/events/events.proto), not captured from a live system.
…pport, and system tests (elastic#16732)
* [azure_functions] enable agentless deployment * add pr link
* Add description and artifacts to alerting rule
…lastic#18901) The services variable listed only 7 of the 18 service values the Directory Insights API accepts. Update the manifest description and add a supported-services table to the README so users can discover values like access_management, software, and password_manager without consulting JumpCloud's API docs. Relates elastic#18542
Replace settings.unattended: true with settings.num_failure_retries: -1 in all ti_* managed transforms. Unlike unattended mode which retries all failures indefinitely (masking irrecoverable errors), num_failure_retries: -1 retries only recoverable failures while still surfacing genuinely irrecoverable ones to users. Three packages (ti_anyrun, ti_flashpoint, ti_strider) that were added after the original unattended PR (elastic#16535) had no failure resilience at all and now get num_failure_retries: -1 added. [git-generate] for transform in $(find packages/ti_*/ -type f -name transform.yml \ -path '*/elasticsearch/transform/*'); do yq -i 'del(.settings.unattended)' "$transform" yq -i '.settings.num_failure_retries = -1' "$transform" done for transform in $(git diff --name-only packages/ | \ grep 'transform\.yml$'); do current=$(yq '._meta.fleet_transform_version' "$transform") next=$(echo "$current" | awk -F. '{printf "%d.%d.%d",$1,$2+1,0}') yq -i "._meta.fleet_transform_version = \"$next\"" "$transform" done for pkg in $(git diff --name-only packages/ | cut -d/ -f1,2 | \ sort -u); do cd "$pkg" elastic-package changelog add \ --description "Use num_failure_retries instead of unattended mode for transform failure recovery." \ --type enhancement --next minor \ --link "elastic#18404" cd ../../ done
Add Elastic APM Intake OpenTelemetry Input Package
…18942) Introduces a reusable pipeline step (`check-ci-python-scripts`) that runs unit tests for Python scripts used in CI, starting with `find_oldest_supported_version.py`. The step runs in an isolated venv and in parallel with the Go source check. The `test-integrations` step is gated on it passing. --------- Co-authored-by: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
* [nginx_otel] move links from markdown to link panel * update pr link * bump version
…8949) Bumps [golang.org/x/tools](https://github.com/golang/tools) from 0.44.0 to 0.45.0. - [Release notes](https://github.com/golang/tools/releases) - [Commits](golang/tools@v0.44.0...v0.45.0) --- updated-dependencies: - dependency-name: golang.org/x/tools dependency-version: 0.45.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ts (elastic#18956) Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.33.0. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.33.0) --- updated-dependencies: - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…root paths (elastic#18641) The extract_file_name_from_path grok processor in the thor_forwarding ingest pipeline failed on two classes of path: - Windows paths with a lowercase drive letter (e.g. c:\...) because the pattern used [A-Z] instead of [A-Za-z]. - POSIX root-level paths (e.g. /file.txt) because the pattern required at least one character before the first slash (.+/). Widen the character class and adjust the POSIX pattern so both cases match. Add pipeline tests covering a lowercase-drive Windows path and a root-level POSIX path.
…lastic#18976) Expose max_executions as a configurable variable for the application data stream so operators can raise the execution budget for large estates where the two-level worklist traversal (inventory pages x endpoint pages) exceeds the default of 1000. Move the worklist, pagination tokens, and fetch_more flag into the cursor instead of the state root. The CEL input persists the cursor after each successful event publish, so an interrupted traversal resumes where it left off on the next interval rather than starting over from scratch. Closes elastic#18974
Lower the default batch_size for endpoint_activity and network_activity from 1000 to 200. The CEL input holds the entire API response in memory during processing, and at 1000 the peak allocation can push memory-constrained agents past their cgroup limit. The description now warns that values above 200 risk out-of-memory failures on such agents. Closes elastic#18975
…ic#18979) Made with ❤️️ by updatecli Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
💔 Build Failed
Failed CI Steps
History |
Contributor
TL;DR
Remediation
Investigation detailsRoot CauseThe root cause is currently inconclusive from available data. The pre-fetched log file only includes stack teardown and artifact upload, then exits with status 1, but does not include the underlying failing test output. Evidence
Verification
Follow-upIf you share the failing assertion block (or the Note 🔒 Integrity filter blocked 178 itemsThe following items were blocked because they don't meet the GitHub integrity level.
To allow these resources, lower tools:
github:
min-integrity: approved # merged | approved | unapproved | noneWhat is this? | From workflow: PR Buildkite Detective Give us feedback! React with 🚀 if perfect, 👍 if helpful, 👎 if not. |
andrewkroh
added
New Integration
|
Pinging @elastic/integration-experience (Team:Integration-Experience) |
|
Pinging @elastic/security-service-integrations (Team:Security-Service Integrations) |
|
Pinging @elastic/ecosystem (Team:Ecosystem) |
3 tasks
🚀 Benchmarks reportTo see the full report comment with |
This was referenced May 26, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Proposed commit message