[RAC][RBAC] - Alerts as data RBAC MVP

[yctercero]

++ in collaboration with @dhurley14 && @angorayc

An MVP of the RBAC work required for the "alerts as data" effort. An example of the existing implementation for alerts would be that of the security solution. The security solution stores its alerts generated from rules in a single data index - .siem-signals. In order to gain or restrict access to alerts, users do so by following the Elasticsearch privilege architecture. A user would need to go into the Kibana role access UI and give explicit read/write/manage permissions for the index itself.

Kibana as a whole is moving away from this model and instead having all user interactions run through the Kibana privilege model. When solutions use saved objects, this authentication layer is abstracted away for them. Because we have chosen to use data indices for alerts, we cannot rely on this abstracted out layer that saved objects provide - we need to provide our own RBAC! Instead of giving users explicit permission to an alerts index, users are instead given access to features. They don't need to know anything about indices, that work we do under the covers now.

An example of what a user will see in the UI:

The alerting plugin, from which rules and alerts are generated (kinda - there's also a rule registry plugin, different convo) already had an RBAC infrastructure based on a rule producer, consumer, and rule type id. In an effort to keep things consistent (and given that alerts flow from corresponding rules), we are reusing the alerting plugin authorization client. The authorization client provides methods that interact with the security plugin API to provide the necessary authentication checks.

The MVP deals with the following use cases.

As a user, I would like to:

• search my alerts
• get an alert
• update an alert status

As an admin, I would like to:

• allow some users to read rules and alerts
• allow some users to read/write rules and read/update alerts
• allow some users to read rules and read/update alerts

The MVP also includes the work necessary to create alerts with the proper fields, however, alerts are created using the internal Kibana user.

Resources

• What is RBAC?
• Why not just query ES directly?
• Changes made to alerting
  • [Alerting] Refactor alerts authorization client #99078 (comment)
• Changes made to security and features plugin
  • [Alerting] Split alerting feature privilege between rules and alerts and handle subfeature privilege specification #100127 (As of 5/24/21 this PR includes the work of [Alerting] Split alerting feature privilege between rules and alerts and handle subfeature privilege specification #100127)
• Initial implementation of RBAC for alerts that did not use the existing alerting plugin authorization client - [RAC][Alerts] - Addition of RBAC to unified alerts index #96014
• Initial issue that kicked off this MVP work - [RAC] [Alerts] [RBAC] #95721
• More recent issue discussing alerts RBAC - [RAC] RBAC around rules/alerts in Observability/Security Solutions #97124
• Issue for sub-feature privilege schema changes needed - [Alerting] Update alerting feature privilege to allow subfeature privilege separation #99940
• How will plugins register alerting now?
  • Note: README linked is updated in PR [Alerting] Split alerting feature privilege between rules and alerts and handle subfeature privilege specification #100127 so until that is merged, will see old README

Open discussions

• License requirements for subfeature privileges https://github.com/elastic/dev/issues/1371

Checklist

• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This was checked for breaking API changes and was labeled appropriately

[kibanamachine]

💔 Build Failed

• continuous-integration/kibana-ci/pull-request
• Commit: 5718037
• Storybooks Preview
• Pipeline Steps (look for red circles / failed steps)
• Interpreting CI Failures

Failed CI Steps

• Jest Unit Tests
• Execute xpack-kibana-ciGroup5
• Execute xpack-kibana-ciGroup3
• Execute xpack-kibana-ciGroup3
• Execute xpack-accessibility
• Check File Casing
• Execute xpack-kibana-ciGroup11
• Check Types
• Execute xpack-kibana-ciGroup10
• Execute xpack-kibana-ciGroup1
• Execute xpack-kibana-ciGroup6
• Lint: eslint
• Execute xpack-kibana-ciGroup13
• Execute xpack-securitySolutionCypressChrome

---

Test Failures

Kibana Pipeline / jest / Jest Tests.x-pack/plugins/features/server/feature_privilege_iterator.featurePrivilegeIterator ignores sub features when `augmentWithSubFeaturePrivileges` is false

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

Stack Trace

Error: expect(received).toEqual(expected) // deep equality

- Expected  - 3
+ Received  + 1

@@ -28,13 +28,11 @@
        },
        "savedObject": Object {
          "all": Array [
            "all-type",
          ],
-         "read": Array [
-           "read-type",
-         ],
+         "read": Array [],
        },
        "ui": Array [
          "ui-action",
        ],
      },
    at Object.<anonymous> (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/x-pack/plugins/features/server/feature_privilege_iterator/feature_privilege_iterator.test.ts:301:30)
    at Promise.then.completed (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/utils.js:276:28)
    at new Promise (<anonymous>)
    at callAsyncCircusFn (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/utils.js:216:10)
    at _callCircusTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:212:40)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at _runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:149:3)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:63:9)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:57:9)
    at run (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:25:3)
    at runAndTransformResultsToJestFormat (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapterInit.js:176:21)
    at jestAdapter (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapter.js:109:19)
    at runTestInternal (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:380:16)
    at runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:472:34)
    at Object.worker (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/testWorker.js:133:12)

---

Kibana Pipeline / jest / Jest Tests.x-pack/plugins/features/server/feature_privilege_iterator.featurePrivilegeIterator ignores sub features when `includeIn` is none, even if `augmentWithSubFeaturePrivileges` is true

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

Stack Trace

Error: expect(received).toEqual(expected) // deep equality

- Expected  - 0
+ Received  + 4

@@ -1,15 +1,17 @@
  Array [
    Object {
      "privilege": Object {
        "alerting": Object {
+         "rule": Object {
            "all": Array [
              "alerting-all-type",
            ],
            "read": Array [
              "alerting-read-type",
            ],
+         },
        },
        "api": Array [
          "all-api",
          "read-api",
        ],
@@ -39,13 +41,15 @@
      "privilegeId": "all",
    },
    Object {
      "privilege": Object {
        "alerting": Object {
+         "rule": Object {
            "read": Array [
              "alerting-read-type",
            ],
+         },
        },
        "api": Array [
          "read-api",
        ],
        "app": Array [
    at Object.<anonymous> (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/x-pack/plugins/features/server/feature_privilege_iterator/feature_privilege_iterator.test.ts:436:30)
    at Promise.then.completed (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/utils.js:276:28)
    at new Promise (<anonymous>)
    at callAsyncCircusFn (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/utils.js:216:10)
    at _callCircusTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:212:40)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at _runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:149:3)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:63:9)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:57:9)
    at run (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:25:3)
    at runAndTransformResultsToJestFormat (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapterInit.js:176:21)
    at jestAdapter (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapter.js:109:19)
    at runTestInternal (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:380:16)
    at runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:472:34)
    at Object.worker (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/testWorker.js:133:12)

---

Kibana Pipeline / jest / Jest Tests.x-pack/plugins/features/server/feature_privilege_iterator.featurePrivilegeIterator includes sub feature privileges into both all and read when`augmentWithSubFeaturePrivileges` is true and `includeIn: read`

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has not failed recently on tracked branches

Stack Trace

Error: expect(received).toEqual(expected) // deep equality

- Expected  -  0
+ Received  + 12

@@ -1,17 +1,23 @@
  Array [
    Object {
      "privilege": Object {
        "alerting": Object {
+         "alert": Object {
+           "all": Array [],
+           "read": Array [],
+         },
+         "rule": Object {
            "all": Array [
              "alerting-all-type",
              "alerting-all-sub-type",
            ],
            "read": Array [
              "alerting-read-type",
              "alerting-read-sub-type",
            ],
+         },
        },
        "api": Array [
          "all-api",
          "read-api",
          "sub-feature-api",
@@ -51,17 +57,23 @@
      "privilegeId": "all",
    },
    Object {
      "privilege": Object {
        "alerting": Object {
+         "alert": Object {
+           "all": Array [],
+           "read": Array [],
+         },
+         "rule": Object {
            "all": Array [
              "alerting-all-sub-type",
            ],
            "read": Array [
              "alerting-read-type",
              "alerting-read-sub-type",
            ],
+         },
        },
        "api": Array [
          "read-api",
          "sub-feature-api",
        ],
    at Object.<anonymous> (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/x-pack/plugins/features/server/feature_privilege_iterator/feature_privilege_iterator.test.ts:568:30)
    at Promise.then.completed (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/utils.js:276:28)
    at new Promise (<anonymous>)
    at callAsyncCircusFn (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/utils.js:216:10)
    at _callCircusTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:212:40)
    at processTicksAndRejections (internal/process/task_queues.js:95:5)
    at _runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:149:3)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:63:9)
    at _runTestsForDescribeBlock (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:57:9)
    at run (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/run.js:25:3)
    at runAndTransformResultsToJestFormat (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapterInit.js:176:21)
    at jestAdapter (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-circus/build/legacy-code-todo-rewrite/jestAdapter.js:109:19)
    at runTestInternal (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:380:16)
    at runTest (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/runTest.js:472:34)
    at Object.worker (/var/lib/jenkins/workspace/elastic+kibana+pipeline-pull-request/kibana/node_modules/jest-runner/build/testWorker.js:133:12)

---

and 41 more failures, only showing the first 3.

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
dashboard	190	218	+28
discover	357	359	+2
enterpriseSearch	1388	1397	+9
infra	1133	967	-166
ingestPipelines	492	493	+1
lens	508	558	+50
lists	227	215	-12
observability	416	280	-136
osquery	287	151	-136
presentationUtil	98	102	+4
screenshotMode	-	8	+8
securitySolution	2046	2212	+166
spaces	259	249	-10
timelion	91	71	-20
uptime	741	612	-129
visTypeXy	91	99	+8
total			-333

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
actions	115	116	+1
advancedSettings	17	22	+5
alerting	201	213	+12
apm	36	38	+2
bfetch	47	58	+11
cases	342	374	+32
charts	132	137	+5
core	996	1076	+80
dashboard	126	132	+6
data	2957	3263	+306
discover	48	51	+3
embeddable	362	381	+19
encryptedSavedObjects	18	28	+10
esUiShared	82	86	+4
expressions	1362	1456	+94
features	90	94	+4
fileUpload	122	128	+6
fleet	950	972	+22
globalSearch	13	14	+1
home	67	64	-3
indexPatternFieldEditor	27	29	+2
infra	12	20	+8
inspector	77	78	+1
kibanaLegacy	84	85	+1
kibanaReact	209	219	+10
kibanaUtils	301	385	+84
lens	150	154	+4
licensing	40	44	+4
lists	241	142	-99
management	35	38	+3
maps	190	191	+1
metricsEntities	5	6	+1
ml	282	283	+1
monitoring	9	10	+1
navigation	29	31	+2
observability	188	192	+4
presentationUtil	96	123	+27
reporting	130	132	+2
ruleRegistry	39	42	+3
runtimeFields	17	19	+2
savedObjects	159	197	+38
savedObjectsManagement	82	85	+3
savedObjectsTaggingOss	42	50	+8
screenshotMode	-	11	+11
security	31	36	+5
securityOss	8	9	+1
securitySolution	50	32	-18
share	60	61	+1
spacesOss	0	5	+5
telemetryCollectionManager	24	29	+5
telemetryManagementSection	12	13	+1
triggersActionsUi	212	236	+24
uiActionsEnhanced	135	147	+12
uptime	5	6	+1
urlForwarding	14	15	+1
usageCollection	1	16	+15
visTypeTimeseries	7	10	+3
visualizations	219	228	+9
total			+807

Any counts in public APIs

Total count of every any typed public API. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats any for more detailed information.

id	before	after	diff
core	146	148	+2
data	80	107	+27
embeddable	2	4	+2
expressions	44	57	+13
indexPatternFieldEditor	0	1	+1
kibanaReact	0	1	+1
kibanaUtils	3	5	+2
presentationUtil	0	1	+1
savedObjectsTaggingOss	0	3	+3
uiActionsEnhanced	0	2	+2
visTypeTimeseries	0	1	+1
total			+55

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
advancedSettings	913.5KB	912.7KB	-830.0B
apm	4.3MB	4.3MB	+269.0B
canvas	1.3MB	1.3MB	-4.8KB
cases	494.0KB	494.3KB	+302.0B
crossClusterReplication	293.4KB	293.3KB	-109.0B
dashboard	138.7KB	139.8KB	+1.1KB
discover	410.6KB	411.0KB	+396.0B
enterpriseSearch	2.1MB	2.1MB	+20.7KB
fleet	729.9KB	731.3KB	+1.4KB
infra	1.9MB	1.8MB	-135.6KB
ingestPipelines	680.7KB	682.3KB	+1.6KB
lens	999.5KB	1.1MB	+81.4KB
lists	0.0B	267.3KB	⚠️ +267.3KB
maps	2.7MB	2.7MB	+2.6KB
ml	5.9MB	5.9MB	+372.0B
observability	578.2KB	458.4KB	-119.8KB
osquery	941.3KB	810.5KB	-130.8KB
reporting	33.5KB	33.7KB	+172.0B
security	764.9KB	765.0KB	+32.0B
securitySolution	6.7MB	6.9MB	⚠️ +241.1KB
spaces	287.2KB	272.8KB	-14.4KB
timelion	339.2KB	197.4KB	-141.8KB
triggersActionsUi	1.5MB	1.5MB	+91.0B
uptime	1.2MB	1.1MB	-123.8KB
visTypeTimelion	69.2KB	69.2KB	-1.0B
visTypeVislib	568.9KB	569.1KB	+257.0B
visTypeXy	111.6KB	111.6KB	+20.0B
total			-52.9KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
actions	6	7	+1
alerting	9	15	+6
apm	8	30	+22
canvas	2	3	+1
cases	7	16	+9
charts	2	1	-1
core	29	26	-3
encryptedSavedObjects	4	3	-1
esUiShared	4	1	-3
expressions	7	5	-2
features	1	2	+1
fileUpload	0	1	+1
fleet	10	8	-2
globalSearch	6	5	-1
home	8	4	-4
indexManagement	4	3	-1
infra	2	4	+2
lens	12	17	+5
licensing	10	8	-2
lists	60	37	-23
maps	13	11	-2
ml	30	34	+4
monitoring	0	2	+2
navigation	3	2	-1
observability	10	7	-3
presentationUtil	4	3	-1
reporting	18	19	+1
ruleRegistry	4	6	+2
savedObjectsManagement	1	0	-1
security	12	15	+3
taskManager	3	7	+4
triggersActionsUi	28	29	+1
uiActions	9	11	+2
uiActionsEnhanced	11	10	-1
usageCollection	0	2	+2
visualizations	6	12	+6
total			+23

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
apm	32.2KB	32.5KB	+300.0B
canvas	534.1KB	534.1KB	+25.0B
dashboard	313.1KB	327.8KB	+14.7KB
globalSearchBar	34.6KB	34.6KB	-7.0B
indexPatternFieldEditor	82.0KB	82.0KB	-9.0B
kbnUiSharedDeps-elastic	3.3MB	3.3MB	+26.0B
kbnUiSharedDeps-js	6.7MB	6.7MB	+3.9KB
lens	35.1KB	34.8KB	-304.0B
lists	254.4KB	7.9KB	-246.5KB
observability	33.7KB	33.7KB	-40.0B
osquery	13.4KB	13.4KB	-4.0B
presentationUtil	41.6KB	43.9KB	+2.3KB
screenshotMode	-	3.0KB	+3.0KB
securitySolution	161.3KB	61.1KB	-100.2KB
spaces	41.9KB	41.6KB	-230.0B
visTypeTimelion	24.2KB	24.3KB	+110.0B
visTypeXy	43.4KB	62.7KB	+19.4KB
total			-303.6KB

Saved Objects .kibana field count

Every field in each saved object type adds overhead to Elasticsearch. Kibana needs to keep the total field count below Elasticsearch's default limit of 1000 fields. Only specify field mappings for the fields you wish to search on or query. See https://www.elastic.co/guide/en/kibana/master/development-plugin-saved-objects.html#_mappings

id	before	after	diff
legacy-url-alias	-	4	+4

Unknown metric groups

API count

id	before	after	diff
actions	115	116	+1
advancedSettings	18	23	+5
alerting	201	213	+12
apm	36	38	+2
bfetch	58	69	+11
cases	354	387	+33
charts	157	165	+8
core	2182	2288	+106
dashboard	138	144	+6
data	3452	3763	+311
devTools	9	10	+1
discover	61	64	+3
embeddable	430	449	+19
encryptedSavedObjects	20	30	+10
esUiShared	84	88	+4
expressions	1756	1871	+115
features	200	206	+6
fileUpload	122	128	+6
fleet	1040	1062	+22
globalSearch	67	68	+1
home	91	88	-3
indexPatternFieldEditor	29	31	+2
infra	15	23	+8
inspector	97	101	+4
kibanaLegacy	92	93	+1
kibanaReact	235	245	+10
kibanaUtils	465	551	+86
lens	161	165	+4
licensing	116	120	+4
lists	263	156	-107
management	35	38	+3
maps	191	192	+1
metricsEntities	8	9	+1
ml	286	287	+1
monitoring	9	10	+1
navigation	29	31	+2
observability	188	192	+4
presentationUtil	98	125	+27
reporting	131	133	+2
ruleRegistry	39	42	+3
runtimeFields	22	24	+2
savedObjects	173	211	+38
savedObjectsManagement	93	96	+3
savedObjectsTaggingOss	81	89	+8
screenshotMode	-	15	+15
security	72	77	+5
securityOss	11	12	+1
securitySolution	59	32	-27
share	66	67	+1
spaces	95	96	+1
spacesOss	64	71	+7
telemetry	40	41	+1
telemetryCollectionManager	24	29	+5
telemetryManagementSection	13	14	+1
triggersActionsUi	221	245	+24
uiActionsEnhanced	193	205	+12
uptime	5	6	+1
urlForwarding	14	15	+1
usageCollection	42	57	+15
visTypeTimeseries	7	10	+3
visualizations	237	246	+9
total			+862

async chunk count

id	before	after	diff
lists	0	1	+1

References to deprecated APIs

id	before	after	diff
apm	0	4	+4
canvas	29	25	-4
crossClusterReplication	8	6	-2
discover	8	31	+23
fleet	4	20	+16
globalSearch	4	2	-2
indexManagement	12	7	-5
indexPatternManagement	0	68	+68
infra	5	149	+144
lens	0	45	+45
licensing	18	15	-3
lists	3	236	+233
maps	0	208	+208
ml	0	115	+115
monitoring	109	56	-53
observability	0	16	+16
savedObjects	0	6	+6
savedObjectsManagement	14	18	+4
securitySolution	14	342	+328
stackAlerts	0	95	+95
transform	0	8	+8
uptime	0	8	+8
visTypeTimeseries	0	4	+4
visualizations	13	23	+10
total			+1266

History

• 💔 Build #127154 failed 8b6e441
• 💔 Build #127147 failed dc0b04b
• 💔 Build #127038 failed c26f42c834f8a4dbbcd1be83659fe51f8280acc4

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @dhurley14 @angorayc