Merge remote-tracking branch 'upstream/master' into fix/std_deviation…

…_band

# Conflicts:
#	src/plugins/vis_type_timeseries/server/lib/vis_data/helpers/index.js

.backportrc.json

@@ -1,5 +1,30 @@
 {
   "upstream": "elastic/kibana",
-  "branches": [{ "name": "7.x", "checked": true }, "7.7", "7.6", "7.5", "7.4", "7.3", "7.2", "7.1", "7.0", "6.8", "6.7", "6.6", "6.5", "6.4", "6.3", "6.2", "6.1", "6.0", "5.6"],
-  "labels": ["backport"]
+  "targetBranchChoices": [
+    { "name": "master", "checked": true },
+    { "name": "7.x", "checked": true },
+    "7.7",
+    "7.6",
+    "7.5",
+    "7.4",
+    "7.3",
+    "7.2",
+    "7.1",
+    "7.0",
+    "6.8",
+    "6.7",
+    "6.6",
+    "6.5",
+    "6.4",
+    "6.3",
+    "6.2",
+    "6.1",
+    "6.0",
+    "5.6"
+  ],
+  "targetPRLabels": ["backport"],
+  "branchLabelMapping": {
+    "^v7.8.0$": "7.x",
+    "^v(\\d+).(\\d+).\\d+$": "$1.$2"
+  }
 }

docs/logs/index.asciidoc

@@ -17,6 +17,7 @@ In this case, you will only see the logs for the selected component.
 * <<xpack-logs-using>>
 * <<xpack-logs-configuring>>
 * <<xpack-logs-analysis>>
+* <<xpack-logs-alerting>>
 
 [role="screenshot"]
 image::logs/images/logs-console.png[Log Console in Kibana]
@@ -30,3 +31,5 @@ include::using.asciidoc[]
 include::configuring.asciidoc[]
 
 include::log-rate.asciidoc[]
+
+include::logs-alerting.asciidoc[]

docs/logs/logs-alerting.asciidoc

@@ -0,0 +1,27 @@
+[role="xpack"]
+[[xpack-logs-alerting]]
+== Logs alerting
+
+[float]
+=== Overview
+
+To use the alerting functionality you need to {kibana-ref}/alerting-getting-started.html#alerting-setup-prerequisites[set up alerting].
+
+You can then select the *Create alert* option, from the *Alerts* actions dropdown.
+
+[role="screenshot"]
+image::logs/images/alert-actions-menu.png[Screenshot showing alerts menu]
+
+Within the alert flyout you can configure your logs alert:
+
+[role="screenshot"]
+image::logs/images/alert-flyout.png[Screenshot showing alerts flyout]
+
+[float]
+=== Fields and comparators
+
+The comparators available for conditions depend on the chosen field. The combinations available are:
+
+- Numeric fields: *more than*, *more than or equals*, *less than*, *less than or equals*, *equals*, and *does not equal*.
+- Aggregatable fields: *is* and *is not*.
+- Non-aggregatable fields: *matches*, *does not match*, *matches phrase*, *does not match phrase*. 

package.json

@@ -400,7 +400,7 @@
     "babel-eslint": "^10.0.3",
     "babel-jest": "^24.9.0",
     "babel-plugin-istanbul": "^6.0.0",
-    "backport": "5.1.3",
+    "backport": "5.4.1",
     "chai": "3.5.0",
     "chance": "1.0.18",
     "cheerio": "0.22.0",

src/plugins/vis_type_timeseries/server/lib/vis_data/helpers/index.js

@@ -28,3 +28,4 @@ export { getSplits } from './get_splits';
 export { getTimerange } from './get_timerange';
 export { mapBucket } from './map_bucket';
 export { parseSettings } from './parse_settings';
+export { overwrite } from './overwrite';

src/plugins/vis_type_timeseries/server/lib/vis_data/helpers/overwrite.js

@@ -0,0 +1,31 @@
+/*
+ * Licensed to Elasticsearch B.V. under one or more contributor
+ * license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright
+ * ownership. Elasticsearch B.V. licenses this file to you under
+ * the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+import set from 'set-value';
+
+/**
+ * Set path in obj. Behaves like lodash `set`
+ * @param obj The object to mutate
+ * @param path The path of the sub-property to set
+ * @param val The value to set the sub-property to
+ */
+export function overwrite(obj, path, val) {
+  set(obj, path, undefined);
+  set(obj, path, val);
+}

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/annotations/date_histogram.js

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import _ from 'lodash';
+import { overwrite } from '../../helpers';
 import { getBucketSize } from '../../helpers/get_bucket_size';
 import { getTimerange } from '../../helpers/get_timerange';
 import { search } from '../../../../../../../plugins/data/server';
@@ -37,7 +37,7 @@ export function dateHistogram(
     const { from, to } = getTimerange(req);
     const timezone = capabilities.searchTimezone;
 
-    _.set(doc, `aggs.${annotation.id}.date_histogram`, {
+    overwrite(doc, `aggs.${annotation.id}.date_histogram`, {
       field: timeField,
       min_doc_count: 0,
       time_zone: timezone,

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/annotations/top_hits.js

@@ -17,13 +17,13 @@
  * under the License.
  */
 
-import _ from 'lodash';
+import { overwrite } from '../../helpers';
 
 export function topHits(req, panel, annotation) {
   return next => doc => {
     const fields = (annotation.fields && annotation.fields.split(/[,\s]+/)) || [];
     const timeField = annotation.time_field;
-    _.set(doc, `aggs.${annotation.id}.aggs.hits.top_hits`, {
+    overwrite(doc, `aggs.${annotation.id}.aggs.hits.top_hits`, {
       sort: [
         {
           [timeField]: { order: 'desc' },

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/date_histogram.js

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import { set } from 'lodash';
+import { overwrite } from '../../helpers';
 import { getBucketSize } from '../../helpers/get_bucket_size';
 import { offsetTime } from '../../offset_time';
 import { getIntervalAndTimefield } from '../../get_interval_and_timefield';
@@ -34,7 +34,7 @@ export function dateHistogram(req, panel, series, esQueryConfig, indexPatternObj
       const { from, to } = offsetTime(req, series.offset_time);
       const timezone = capabilities.searchTimezone;
 
-      set(doc, `aggs.${series.id}.aggs.timeseries.date_histogram`, {
+      overwrite(doc, `aggs.${series.id}.aggs.timeseries.date_histogram`, {
         field: timeField,
         min_doc_count: 0,
         time_zone: timezone,
@@ -47,7 +47,7 @@ export function dateHistogram(req, panel, series, esQueryConfig, indexPatternObj
     };
 
     const getDateHistogramForEntireTimerangeMode = () =>
-      set(doc, `aggs.${series.id}.aggs.timeseries.auto_date_histogram`, {
+      overwrite(doc, `aggs.${series.id}.aggs.timeseries.auto_date_histogram`, {
         field: timeField,
         buckets: 1,
       });
@@ -58,7 +58,7 @@ export function dateHistogram(req, panel, series, esQueryConfig, indexPatternObj
 
     // master
 
-    set(doc, `aggs.${series.id}.meta`, {
+    overwrite(doc, `aggs.${series.id}.meta`, {
       timeField,
       intervalString,
       bucketSize,

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/filter_ratios.js

@@ -19,16 +19,16 @@
 
 const filter = metric => metric.type === 'filter_ratio';
 import { bucketTransform } from '../../helpers/bucket_transform';
-import _ from 'lodash';
+import { overwrite } from '../../helpers';
 
 export function ratios(req, panel, series) {
   return next => doc => {
     if (series.metrics.some(filter)) {
       series.metrics.filter(filter).forEach(metric => {
-        _.set(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}-numerator.filter`, {
+        overwrite(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}-numerator.filter`, {
           query_string: { query: metric.numerator || '*', analyze_wildcard: true },
         });
-        _.set(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}-denominator.filter`, {
+        overwrite(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}-denominator.filter`, {
           query_string: { query: metric.denominator || '*', analyze_wildcard: true },
         });
 
@@ -46,8 +46,12 @@ export function ratios(req, panel, series) {
             metricAgg = {};
           }
           const aggBody = { metric: metricAgg };
-          _.set(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}-numerator.aggs`, aggBody);
-          _.set(
+          overwrite(
+            doc,
+            `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}-numerator.aggs`,
+            aggBody
+          );
+          overwrite(
             doc,
             `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}-denominator.aggs`,
             aggBody
@@ -56,7 +60,7 @@ export function ratios(req, panel, series) {
           denominatorPath = `${metric.id}-denominator>metric`;
         }
 
-        _.set(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}`, {
+        overwrite(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}`, {
           bucket_script: {
             buckets_path: {
               numerator: numeratorPath,

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/metric_buckets.js

@@ -16,8 +16,7 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-
-import _ from 'lodash';
+import { overwrite } from '../../helpers';
 import { getBucketSize } from '../../helpers/get_bucket_size';
 import { bucketTransform } from '../../helpers/bucket_transform';
 import { getIntervalAndTimefield } from '../../get_interval_and_timefield';
@@ -33,7 +32,7 @@ export function metricBuckets(req, panel, series, esQueryConfig, indexPatternObj
         if (fn) {
           try {
             const bucket = fn(metric, series.metrics, intervalString);
-            _.set(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}`, bucket);
+            overwrite(doc, `aggs.${series.id}.aggs.timeseries.aggs.${metric.id}`, bucket);
           } catch (e) {
             // meh
           }

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/normalize_query.js

@@ -16,9 +16,10 @@
  * specific language governing permissions and limitations
  * under the License.
  */
-const { set, get, isEmpty } = require('lodash');
+import { overwrite } from '../../helpers';
+import _ from 'lodash';
 
-const isEmptyFilter = (filter = {}) => Boolean(filter.match_all) && isEmpty(filter.match_all);
+const isEmptyFilter = (filter = {}) => Boolean(filter.match_all) && _.isEmpty(filter.match_all);
 const hasSiblingPipelineAggregation = (aggs = {}) => Object.keys(aggs).length > 1;
 
 /* For grouping by the 'Everything', the splitByEverything request processor
@@ -30,12 +31,12 @@ const hasSiblingPipelineAggregation = (aggs = {}) => Object.keys(aggs).length >
  *
  */
 function removeEmptyTopLevelAggregation(doc, series) {
-  const filter = get(doc, `aggs.${series.id}.filter`);
+  const filter = _.get(doc, `aggs.${series.id}.filter`);
 
   if (isEmptyFilter(filter) && !hasSiblingPipelineAggregation(doc.aggs[series.id].aggs)) {
-    const meta = get(doc, `aggs.${series.id}.meta`);
-    set(doc, `aggs`, doc.aggs[series.id].aggs);
-    set(doc, `aggs.timeseries.meta`, meta);
+    const meta = _.get(doc, `aggs.${series.id}.meta`);
+    overwrite(doc, `aggs`, doc.aggs[series.id].aggs);
+    overwrite(doc, `aggs.timeseries.meta`, meta);
   }
 
   return doc;

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/positive_rate.js

@@ -20,7 +20,7 @@
 import { getBucketSize } from '../../helpers/get_bucket_size';
 import { getIntervalAndTimefield } from '../../get_interval_and_timefield';
 import { bucketTransform } from '../../helpers/bucket_transform';
-import { set } from 'lodash';
+import { overwrite } from '../../helpers';
 
 export const filter = metric => metric.type === 'positive_rate';
 
@@ -48,9 +48,13 @@ export const createPositiveRate = (doc, intervalString, aggRoot) => metric => {
   const derivativeBucket = derivativeFn(derivativeMetric, fakeSeriesMetrics, intervalString);
   const positiveOnlyBucket = positiveOnlyFn(positiveOnlyMetric, fakeSeriesMetrics, intervalString);
 
-  set(doc, `${aggRoot}.timeseries.aggs.${metric.id}-positive-rate-max`, maxBucket);
-  set(doc, `${aggRoot}.timeseries.aggs.${metric.id}-positive-rate-derivative`, derivativeBucket);
-  set(doc, `${aggRoot}.timeseries.aggs.${metric.id}`, positiveOnlyBucket);
+  overwrite(doc, `${aggRoot}.timeseries.aggs.${metric.id}-positive-rate-max`, maxBucket);
+  overwrite(
+    doc,
+    `${aggRoot}.timeseries.aggs.${metric.id}-positive-rate-derivative`,
+    derivativeBucket
+  );
+  overwrite(doc, `${aggRoot}.timeseries.aggs.${metric.id}`, positiveOnlyBucket);
 };
 
 export function positiveRate(req, panel, series, esQueryConfig, indexPatternObject, capabilities) {

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/sibling_buckets.js

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import _ from 'lodash';
+import { overwrite } from '../../helpers';
 import { getBucketSize } from '../../helpers/get_bucket_size';
 import { bucketTransform } from '../../helpers/bucket_transform';
 import { getIntervalAndTimefield } from '../../get_interval_and_timefield';
@@ -40,7 +40,7 @@ export function siblingBuckets(
         if (fn) {
           try {
             const bucket = fn(metric, series.metrics, bucketSize);
-            _.set(doc, `aggs.${series.id}.aggs.${metric.id}`, bucket);
+            overwrite(doc, `aggs.${series.id}.aggs.${metric.id}`, bucket);
           } catch (e) {
             // meh
           }

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/split_by_everything.js

@@ -17,15 +17,15 @@
  * under the License.
  */
 
-import _ from 'lodash';
+import { overwrite } from '../../helpers';
 
 export function splitByEverything(req, panel, series) {
   return next => doc => {
     if (
       series.split_mode === 'everything' ||
       (series.split_mode === 'terms' && !series.terms_field)
     ) {
-      _.set(doc, `aggs.${series.id}.filter.match_all`, {});
+      overwrite(doc, `aggs.${series.id}.filter.match_all`, {});
     }
     return next(doc);
   };

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/split_by_filter.js

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import { set } from 'lodash';
+import { overwrite } from '../../helpers';
 import { esQuery } from '../../../../../../data/server';
 
 export function splitByFilter(req, panel, series, esQueryConfig, indexPattern) {
@@ -26,7 +26,7 @@ export function splitByFilter(req, panel, series, esQueryConfig, indexPattern) {
       return next(doc);
     }
 
-    set(
+    overwrite(
       doc,
       `aggs.${series.id}.filter`,
       esQuery.buildEsQuery(indexPattern, [series.filter], [], esQueryConfig)

src/plugins/vis_type_timeseries/server/lib/vis_data/request_processors/series/split_by_filters.js

@@ -17,7 +17,7 @@
  * under the License.
  */
 
-import { set } from 'lodash';
+import { overwrite } from '../../helpers';
 import { esQuery } from '../../../../../../data/server';
 
 export function splitByFilters(req, panel, series, esQueryConfig, indexPattern) {
@@ -26,7 +26,7 @@ export function splitByFilters(req, panel, series, esQueryConfig, indexPattern)
       series.split_filters.forEach(filter => {
         const builtEsQuery = esQuery.buildEsQuery(indexPattern, [filter.filter], [], esQueryConfig);
 
-        set(doc, `aggs.${series.id}.filters.filters.${filter.id}`, builtEsQuery);
+        overwrite(doc, `aggs.${series.id}.filters.filters.${filter.id}`, builtEsQuery);
       });
     }
     return next(doc);