nastasha-solomon
commented
4 months ago Thanks for filing this, @logeekal! I've left some additional comments and questions below.
UI changes
Table Cells are no long draggable. But I could not find any docs where it was mentioned so I guess no changes are needed in docs. But please double check.
The first sentence in the second paragraph here mentions draggable fields. Are those the draggable cells that you're referring to? If so, I'll also need to remove (or possibly update?) these docs that explain how to interact with draggable Timeline elements.
On a related note, have the changes to Timeline removed or updated any of the accessibility features listed here? If they have, we'll need to update the docs and screenshots in the section I linked.
Users are able to see the statistics pertaining to any field by clicking on any field
Can you give an example of this? For instance, what does the following image tell users about the agent.type field and what can/should they do with that information? A general walk-through of the modal would be helpful too. At first glance, I'm not really sure what's all included and why.
Records are not fetched page by page but we fetch 500 records in one go and then user has the option to load more 500 by going to the last page and clicking on load more. See below video where I changes Sample size to 20 to demonstrate the functionality. but by default it is 500.
What's the reason behind this change? I'm just trying to figure out if we need to document this functionality and, if we do, how to explain the added value.
Serverless release
My notes from earlier this week show that you aim to remove the feature flag in Serverless when 8.15 BC1 is created (Thursday, July 4). Just wanted to confirm that's still the case. If it is, the Serverless release we're targeting is actually Monday, July 8.
logeekal
Description
Recently, security team undertook a project to revamp timeline UI with a goal to give users a unified experience across Security.
With this project, we extended timeline experience to be very similar to Discover data viewing experience.
This does NOT changes the timeline functionality in anyway but only UI and how a user interacts with timeline.
Background & resources
Which documentation set does this change impact?
ESS and serverless
ESS release
8.15
Serverless release
21 June 2024
Feature differences
These changes only affect
QueryandCorrelationtab hence there will screenshot updates needed in both places.Table
✅ Screenshot update needed in docs
Below you can see tables side by side.
Sample sizeto 20 to demonstrate the functionality. but by default it is 500.https://github.com/elastic/security-docs/assets/7485038/a3e614d6-4b84-477f-aee6-be1529fb1f31
Last updatedmoved from bottom of the table to top of the table.Field Browser
✅Screenshot update needed.
See below for comparison in using Field Browser in
Pre 8.15v/sPost 8.15versions.Doc Pages affected
ESS (8.15)
The following areas in the Investigate in Timeline topic:
timeline-ui-updated.pngtimeline-ui-renderer.pngcorrelation-tab-eql-query.pngThe following areas in the About Timeline templates topic:
create-a-timeline-filter.pngImages in the Launch Timeline from investigation guides topic will need to be refreshed as well.
ig-timeline.pngig-timeline-query.pngig-timeline-template-fields.pngMain image in the Timeline schema topic:
timeline-object-ui.png(just need to refresh parts 9 and 10 of the image)Serverless
Update all the same topics and images.
API docs impact
No Impact
Prerequisites, privileges, feature flags
No response