New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Timeline Template README.md #95814
Conversation
Update to xpack.securitySolution.signalsIndex
Pinging @elastic/kibana-docs (Team:Docs) |
Added some clarification to create the `.siem-signals-elastic-default` index or the `hard_reset` will error.
Is there anything I need to do for this? |
@peasead apologies for the delayed response. Would you mind sharing where you're seeing this issue in our Security docs? I searched our docs for "xpack.security_solution.signalsIndex", "kibana.dev.yml", and variations of both but was unable to find mentions of either. |
This is where I saw that. Is that improper? I noticed when I was trying to make a Timeline Template PR.
|
@peasead ah ok. The readme that you shared looks like internal documentation for devs--I thought you were referring to these public-facing docs (which is what @jmikell821 and I maintain): |
@nastasha-solomon do you know what group I need to ping to get the right visibility on this? |
@@ -35,7 +35,7 @@ source ~/.zshrc | |||
Open your `kibana.dev.yml` file and add these lines: | |||
|
|||
```sh | |||
xpack.security_solution.signalsIndex: .siem-signals-${your user id} | |||
xpack.securitySolution.signalsIndex: .siem-signals-${your user id} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for catching and updating this @peasead! 👍
@@ -46,6 +46,8 @@ server log [22:05:22.277] [info][status][plugin:alerting@8.0.0] Status changed f | |||
server log [22:05:22.270] [info][status][plugin:actions@8.0.0] Status changed from uninitialized to green - Ready | |||
``` | |||
|
|||
Go into Kibana and load the default detection rules or manually create the `.siem-signals-elastic-default` index. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this necessary? The following step of running the hard_reset.sh
script will manage creating the signals index.
kibana/x-pack/plugins/security_solution/server/lib/detection_engine/scripts/hard_reset.sh
Lines 22 to 24 in 4584a8b
# re-create the signal index | |
./delete_signal_index.sh | |
./post_signal_index.sh |
Is this documentation update waiting on anything from me? |
I think just the feedback around the extra step. I went ahead and updated, so this should be g2g. Approving and setting to auto-merge then. Thanks again for catching and updating this @peasead! 🙂 |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
Friendly reminder: Looks like this PR hasn’t been backported yet. |
1 similar comment
Friendly reminder: Looks like this PR hasn’t been backported yet. |
## Summary `xpack.security_solution.signalsIndex` is listed to be added to `kibana.dev.yml`, however that generates: ``` FATAL Error: Unknown configuration key(s): "xpack.security_solution.signalsIndex". \ Check for spelling errors and ensure that expected plugins are installed. ``` I think this should be `xpack.securitySolution.signalsIndex` This is for the steps to create a timeline template. ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
## Summary `xpack.security_solution.signalsIndex` is listed to be added to `kibana.dev.yml`, however that generates: ``` FATAL Error: Unknown configuration key(s): "xpack.security_solution.signalsIndex". \ Check for spelling errors and ensure that expected plugins are installed. ``` I think this should be `xpack.securitySolution.signalsIndex` This is for the steps to create a timeline template. ### Checklist Delete any items that are not applicable to this PR. - [x] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com>
Summary
xpack.security_solution.signalsIndex
is listed to be added tokibana.dev.yml
, however that generates:I think this should be
xpack.securitySolution.signalsIndex
This is for the steps to create a timeline template.
Checklist
Delete any items that are not applicable to this PR.
For maintainers