elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.63k stars 8.22k forks source link

Generic "Editing a managed policy can break Kibana" warning appears when editing managed ILM policies. #162536

Open jmoon-elastic opened 1 year ago

jmoon-elastic commented 1 year ago

Kibana version: 8.8.2

Elasticsearch version: 8.8.2

Server OS version: N/A

Browser version: N/A

Browser OS version: N/A

Original install method (e.g. download page, yum, from source, etc.): N/A

Describe the bug: Currently, opening a managed ILM policy returns Editing a managed policy can break Kibana warning as shown below in the Screenshots section. While this warning may be valid for some policies, it may not be applicable to policies such as logs. This warning deters users from modifying their ILM policy to extend the retention or move data to other node types although there is an official guide for it.

From my test environment, I can see that logs policy is currently used by the following indices, data stream and composable templates.

GET _ilm/policy/logs
{
  "logs": {
    "policy": {
      "phases": {
        "hot": {
          "actions": {
            "rollover": {
              "max_age": "30d",
              "max_primary_shard_size": "50gb"
            }
          },
          "min_age": "0ms"
        }
      },
      "_meta": {
        "managed": true,
        "description": "default policy for the logs index template installed by x-pack"
      }
    },
    "modified_date": "2023-06-06T04:47:21.048Z",
    "in_use_by": {
      "indices": [
        ".ds-logs-system.system-default-2023.07.12-000001",
        ".ds-logs-system.security-default-2023.07.12-000001",
        ".ds-logs-endpoint.alerts-default-2023.07.20-000001",
        ".ds-logs-system.application-default-2023.07.12-000001",
        ".ds-logs-endpoint.events.library-default-2023.07.20-000001",
        ".ds-logs-elastic_agent-default-2023.07.12-000001",
        ".ds-logs-endpoint.events.process-default-2023.07.20-000001",
        ".ds-logs-endpoint.events.security-default-2023.07.20-000001",
        ".ds-logs-windows.powershell-default-2023.07.12-000001",
        ".ds-logs-elastic_agent.endpoint_security-default-2023.07.20-000001",
        ".ds-logs-elastic_agent.filebeat-default-2023.07.12-000001",
        ".ds-logs-endpoint.events.registry-default-2023.07.20-000001",
        ".ds-logs-endpoint.events.network-default-2023.07.20-000001",
        ".ds-logs-endpoint.events.file-default-2023.07.20-000001",
        ".ds-logs-elastic_agent.metricbeat-default-2023.07.12-000001",
        ".ds-logs-endpoint.events.api-default-2023.07.20-000001",
        ".ds-logs-windows.powershell_operational-default-2023.07.12-000001"
      ],
      "data_streams": [
        "logs-endpoint.events.security-default",
        "logs-system.security-default",
        "logs-elastic_agent.metricbeat-default",
        "logs-endpoint.events.process-default",
        "logs-endpoint.events.file-default",
        "logs-endpoint.events.registry-default",
        "logs-elastic_agent.filebeat-default",
        "logs-windows.powershell-default",
        "logs-system.system-default",
        "logs-system.application-default",
        "logs-endpoint.events.network-default",
        "logs-elastic_agent.endpoint_security-default",
        "logs-elastic_agent-default",
        "logs-endpoint.events.api-default",
        "logs-endpoint.events.library-default",
        "logs-endpoint.alerts-default",
        "logs-windows.powershell_operational-default"
      ],
      "composable_templates": [
        "logs-windows.forwarded",
        "logs-elastic_agent.cloud_defend",
        ".logs-endpoint.actions",
        "logs-elastic_agent.metricbeat",
        "logs-elastic_agent.filebeat_input",
        "logs-windows.powershell_operational",
        "logs-elastic_agent.fleet_server",
        ".logs-endpoint.action.responses",
        "logs-system.system",
        "logs-windows.sysmon_operational",
        "logs-system.application",
        "logs-endpoint.events.security",
        "logs-elastic_agent.osquerybeat",
        "logs-endpoint.events.registry",
        "logs-elastic_agent.auditbeat",
        "logs",
        "logs-endpoint.events.network",
        "logs-endpoint.events.process",
        "logs-elastic_agent.cloudbeat",
        "logs-elastic_agent.apm_server",
        "logs-system.security",
        "logs-system.auth",
        "logs-elastic_agent.filebeat",
        "logs-elastic_agent.packetbeat",
        "logs-elastic_agent.endpoint_security",
        "logs-endpoint.events.library",
        "logs-endpoint.events.api",
        "logs-windows.powershell",
        "logs-elastic_agent.heartbeat",
        "logs-system.syslog",
        "logs-endpoint.alerts",
        "logs-elastic_agent",
        "logs-endpoint.events.file"
      ]
    },
    "version": 1
  }
}

Can you please review the warning in the banner, and update it to display one(if still required) specific to each ILM policy? It would also be useful if the page lists the indices that use the policy for users to check wherever the warning i displayed. Thank you!

Steps to reproduce:

  1. Browse to Stack Management -> Index Lifecycle Management.
  2. Enable Include managed system policies option
  3. Click on logs (Managed) policy and confirm the warning.

Expected behavior:

Screenshots (if relevant):

image

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context:

elasticmachine commented 1 year ago

Pinging @elastic/platform-deployment-management (Team:Deployment Management)

elasticmachine commented 1 month ago

Pinging @elastic/kibana-management (Team:Kibana Management)