[SIEM] No feedback when starting ML jobs

[tsg]

Kibana version: 7.3.0-SNAPHOST

Elasticsearch version: 7.3.0-SNAPSHOT

Browser version: Chrome

Describe the bug:

When testing the ML integration, I only loaded some Auditbeat data and tried to start the ML jobs. Two of them worked fine, but the Winlogbeat one didn't start, I assume because I don't have Winlogbeat indices. But there was no feedback:

Trying to start the same job from the ML app results in proper error messages. Perhaps we could at least show a toaster that the job was not successfully started and that they can try from the ML app?

@spong

[elasticmachine]

Pinging @elastic/secops

[spong]

Thanks for reporting this! There are three incoming fixes that should take care of situations like these:

1. Toaster support for ML API calls: This will wire up ML API calls w/ the SIEM App's Toaster so we can display when jobs have been successfully started/stopped, or if any error has been returned.
2. Hard check if index exists before allowing user to start/stop jobs: Currently we check if the index is configured in the SIEM Default index setting within Kibana Advanced Settings, but checking ES directly for the existence before creating will allow us to provide feedback to the user before they interact.
3. Parsing ML API Errors: Bundled with 1., this will allow us to display specific and granular errors when the ML API calls are unsuccessful. This is also important for corner cases where a single API results in multiple jobs being created and only some of them are successful.

[FrankHassanabad]

The error toasters are now checked in and you will get feed back through the error toaster if a job fails.

[spong]

As an additional note, as of https://github.com/elastic/kibana/pull/40710 we now check the user's configured indices via the same saved_objects API that the ML App uses, which ensures we won't install jobs that are missing required index patterns. So with that addition the 3 points mentioned above should be resolved in the next BC (BC5).