elastic
diff --git a/‎.eslintrc.js‎
Lines changed: 9 additions & 1 deletion b/‎.eslintrc.js‎
Lines changed: 9 additions & 1 deletion
diff --git a/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions b/‎.github/CODEOWNERS‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎dev_docs/building_blocks.mdx‎
Lines changed: 138 additions & 0 deletions b/‎dev_docs/building_blocks.mdx‎
Lines changed: 138 additions & 0 deletions
diff --git a/‎docs/developer/plugin-list.asciidoc‎
Lines changed: 1 addition & 1 deletion b/‎docs/developer/plugin-list.asciidoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/settings/alert-action-settings.asciidoc‎
Lines changed: 20 additions & 0 deletions b/‎docs/settings/alert-action-settings.asciidoc‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎docs/user/alerting/action-types/pre-configured-connectors.asciidoc‎
Lines changed: 1 addition & 1 deletion b/‎docs/user/alerting/action-types/pre-configured-connectors.asciidoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/user/alerting/alert-types.asciidoc‎
Lines changed: 1 addition & 1 deletion b/‎docs/user/alerting/alert-types.asciidoc‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎docs/user/alerting/alerting-getting-started.asciidoc‎
Lines changed: 2 additions & 2 deletions b/‎docs/user/alerting/alerting-getting-started.asciidoc‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/user/alerting/alerting-production-considerations.asciidoc‎
Lines changed: 4 additions & 4 deletions b/‎docs/user/alerting/alerting-production-considerations.asciidoc‎
Lines changed: 4 additions & 4 deletions
@@ -1316,7 +1316,7 @@ module.exports = {
 
     {
       files: [
-        // platform-team owned code
+        // core-team owned code
         'src/core/**',
         'x-pack/plugins/features/**',
         'x-pack/plugins/licensing/**',
@@ -1325,6 +1325,14 @@ module.exports = {
         'packages/kbn-config-schema',
         'src/plugins/status_page/**',
         'src/plugins/saved_objects_management/**',
+        'packages/kbn-analytics/**',
+        'packages/kbn-telemetry-tools/**',
+        'src/plugins/kibana_usage_collection/**',
+        'src/plugins/usage_collection/**',
+        'src/plugins/telemetry/**',
+        'src/plugins/telemetry_collection_manager/**',
+        'src/plugins/telemetry_management_section/**',
+        'x-pack/plugins/telemetry_collection_xpack/**',
       ],
       rules: {
         '@typescript-eslint/prefer-ts-expect-error': 'error',
 
@@ -240,6 +240,7 @@ x-pack/plugins/telemetry_collection_xpack/schema/ @elastic/kibana-core @elastic/
 # Security
 /src/core/server/csp/  @elastic/kibana-security @elastic/kibana-core
 /src/plugins/security_oss/ @elastic/kibana-security
+/src/plugins/spaces_oss/ @elastic/kibana-security
 /test/security_functional/ @elastic/kibana-security
 /x-pack/plugins/spaces/  @elastic/kibana-security
 /x-pack/plugins/encrypted_saved_objects/  @elastic/kibana-security
 
@@ -0,0 +1,138 @@
+---
+id: kibBuildingBlocks
+slug: /kibana-dev-docs/building-blocks
+title: Building blocks
+summary: Consider these building blocks when developing your plugin.
+date: 2021-02-24
+tags: ['kibana','onboarding', 'dev', 'architecture']
+---
+
+When building a plugin in Kibana, there are a handful of architectural "building blocks" you can use. Some of these building blocks are "higher-level", 
+and some are "lower-level". High-level building blocks come 
+with many built-in capabilities, require less maintenance, and evolve new feature sets over time with little to no
+ impact on consumers. When developers use high-level building blocks, new features are exposed consistently, across all of Kibana, at the same time.
+  On the downside, they are not as flexible as our low-level building blocks. 
+ 
+ Low-level building blocks
+ provide greater flexibility, but require more code to stitch them together into a meaningful UX. This results in higher maintenance cost for consumers and greater UI/UX variability
+ across Kibana.
+
+ For example, if an application is using <DocLink id="kibBuildingBlocks" section="index-patterns" text="Index Patterns"/> and 
+ <DocLink id="kibBuildingBlocks" section="search-source" text="Search Source"/>, 
+ their application would automatically support runtime fields. If the app is instead using the
+ lower-level <DocLink id="kibBuildingBlocks" section="search-strategy" text="Search Strategy"/>, additional work would be required.
+
+Armed with this knowledge, you can choose what works best for your use case!
+
+# Application building blocks
+
+## UI components
+
+The following high-level building blocks can be rendered directly into your application UI.
+
+### Query Bar
+
+The <DocLink id="kibDataPlugin" text="Data plugin"/> provides a high-level Query Bar component that comes with support for Lucene, KQL, Saved Queries, 
+and <DocLink id="kibBuildingBlocks" section="index-patterns" text="Index Patterns"/>.
+
+If you would like to expose the ability to search and filter on Elasticsearch data, the Query Bar provided by the
+<DocLink id="kibDataPlugin" text="Data plugin"/> 
+ is your go-to building block.
+
+**Github labels**: `Team:AppServices`, `Feature:QueryBar`
+
+### Dashboard Embeddable
+
+Add a Dashboard Embeddable directly inside your application to provide users with a set of visualizations and graphs that work seamlessly
+with the <DocLink id="kibBuildingBlocks" section="query-bar" text="Query Bar"/>. Every feature that is added to a registered 
+<DocLink id="kibBuildingBlocks" section="embeddables" text="Embeddable"/> 
+(Lens, Maps, Saved Searches and more) will be available automatically, as well as any
+ <DocLink id="kibBuildingBlocks" section="ui-actions--triggers" text="UI Actions"/> that are
+ added to the Embeddable context menu panel (for example, drilldowns, custom panel time ranges, and "share to" features).
+
+The Dashboard Embeddable is one of the highest-level UI components you can add to your application.
+
+**Github labels**: `Team:Presentation`, `Feature:Dashboard`
+
+### Lens Embeddable
+
+Check out the Lens Embeddable if you wish to show users visualizations based on Elasticsearch data without worrying about query building and chart rendering. It's built on top of the
+ <DocLink id="kibBuildingBlocks" section="expressions" text="Expression language"/>, and integrates with
+  <DocLink id="kibBuildingBlocks" section="index-patterns" text="Index Patterns"/>
+ and <DocLink id="kibBuildingBlocks" section="ui-actions--triggers" text="UI Actions"/>. Using the same configuration, it's also possible to link to
+ a prefilled Lens editor, allowing the user to drill deeper and explore their data.
+
+**Github labels**: `Team:KibanaApp`, `Feature:Lens`
+
+### Map Embeddable
+
+Check out the Map Embeddable if you wish to embed a map in your application.
+
+**Github labels**: `Team:Geo`
+
+## Searching
+
+### Index Patterns
+
+<DocLink id="kibDataPlugin" section="index-patterns-api" text="Index Patterns"/> are a high-level, space-aware abstraction layer that sits 
+above Data Streams and Elasticsearch indices. Index Patterns provide users the 
+ability to define and customize the data they wish to search and filter on, on a per-space basis. For example, users can specify a set of indices, 
+and they can customize the field list with runtime fields, formatting options and custom labels.
+
+Index Patterns are used in many other high-level building blocks so we highly recommend you consider this building block for your search needs.
+
+**Github labels**: `Team:AppServices`, `Feature:Index Patterns`
+
+### Search Source
+
+<DocLink id="kibDataPlugin" section="searchsource" text="Search Source"/> is a high-level search service offered by the
+<DocLink id="kibDataPlugin" section="searchsource" text="Data plugin"/>. It requires an
+<DocLink id="kibBuildingBlocks" section="index-patterns" text="Index Pattern"/>, and abstracts away the raw ES DSL and search endpoint. Internally
+it uses the ES <DocLink id="kibBuildingBlocks" section="search-strategies" text="Search Strategy"/>. Use Search Source if you need to query data 
+from Elasticsearch, and you aren't already using one of the high-level UI Components that handles this internally.
+
+**Github labels**: `Team:AppServices`, `Feature:Search`
+
+### Search Strategies
+
+Search Strategies are a low-level building block that abstracts away search details, like what REST endpoint is being called. The ES Search Strategy 
+is a very lightweight abstraction layer that sits just above querying ES with the elasticsearch-js client. Other search stragies are offered for other 
+languages, like EQL and SQL. These are very low-level building blocks so expect a lot of glue work to make these work with the higher-level abstractions.
+
+**Github labels**: `Team:AppServices`, `Feature:Search`
+
+### Expressions
+
+Expressions are a low-level building block that can be used if you have advanced search needs that requiring piping results into additional functionality, like
+joining and manipulating data. Lens and Canvas are built on top of Expressions. Most developers should be able to use
+ <DocLink id="kibBuildingBlocks" section="lens-embeddable" text="Lens"/> or
+  <DocLink id="kibBuildingBlocks" section="search-source" text="Search Source"/>, rather than need to access the Expression language directly.  
+
+**Github labels**: `Team:AppServices`, `Feature:ExpressionLanguage`
+
+## Saved Objects
+
+<DocLink id="kibDevDocsSavedObjectsIntro" text="Saved Objects" /> should be used if you need to persist application-level information. If you were building a TODO
+application, each TODO item would be a `Saved Object`. Saved objects come pre-wired with support for bulk export/import, security features like space sharing and
+space isolation, and tags.
+
+**Github labels**: `Team:Core`, `Feature:Saved Objects`
+
+# Integration building blocks
+
+Use the following building blocks to create an inter-connected, cross-application, holistic Kibana experience. These building blocks allow you to expose functionality
+ that promotes your own application into other applications, as well as help developers of other applications integrate into your app.
+
+## UI Actions & Triggers
+
+Integrate custom actions into other applications by registering UI Actions attached to existing triggers. For example, the Maps
+application could register a UI Action called "View in Maps" to appear any time the user clicked a geo field to filter on.
+
+**Github labels**: `Team:AppServices`, `Feature:UIActions`
+
+## Embeddables
+
+Embeddables help you integrate your application with the Dashboard application. Register your custom UI Widget as an Embeddable and users will
+be able to add it as a panel on a Dashboard. With a little extra work, it can also be exposed in Canvas workpads. 
+
+**Github labels**: `Team:AppServices`, `Feature:Embeddables`
@@ -224,7 +224,7 @@ which also contains the timelion APIs and backend, look at the vis_type_timelion
 |This plugins contains helpers to redirect legacy URLs. It can be used to forward old URLs to their new counterparts.
 
 
-|{kib-repo}blob/{branch}/src/plugins/usage_collection/README.md[usageCollection]
+|{kib-repo}blob/{branch}/src/plugins/usage_collection/README.mdx[usageCollection]
 |The Usage Collection Service defines a set of APIs for other plugins to report the usage of their features. At the same time, it provides necessary the APIs for other services (i.e.: telemetry, monitoring, ...) to consume that usage data.
 
 
 
@@ -40,6 +40,8 @@ You can configure the following settings in the `kibana.yml` file.
 
 [cols="2*<"]
 |===
+| `xpack.actions.enabled`
+  | Feature toggle that enables Actions in {kib}. Defaults to `true`.
 
 | `xpack.actions.allowedHosts` {ess-icon}
   | A list of hostnames that {kib} is allowed to connect to when built-in actions are triggered. It defaults to `[*]`, allowing any host, but keep in mind the potential for SSRF attacks when hosts are not explicitly added to the allowed hosts. An empty list `[]` can be used to block built-in actions from making any external connections. +
@@ -51,6 +53,24 @@ You can configure the following settings in the `kibana.yml` file.
   +
   Disabled action types will not appear as an option when creating new connectors, but existing connectors and actions of that type will remain in {kib} and will not function.
 
+| `xpack.actions.preconfigured`
+  | Specifies preconfigured action IDs and configs. Defaults to {}.
+
+| `xpack.actions.proxyUrl` {ess-icon}
+  | Specifies the proxy URL to use, if using a proxy for actions. By default, no proxy is used.
+
+| `xpack.actions.proxyHeaders` {ess-icon}
+  | Specifies HTTP headers for the proxy, if using a proxy for actions. Defaults to {}.
+
+a|`xpack.actions.`
+`proxyRejectUnauthorizedCertificates` {ess-icon}
+  | Set to `false` to bypass certificate validation for the proxy, if using a proxy for actions. Defaults to `true`.
+
+| `xpack.actions.rejectUnauthorized` {ess-icon}
+  | Set to `false` to bypass certificate validation for actions. Defaults to `true`. +
+  +
+  As an alternative to setting both `xpack.actions.proxyRejectUnauthorizedCertificates` and `xpack.actions.rejectUnauthorized`, you can point the OS level environment variable `NODE_EXTRA_CA_CERTS` to a file that contains the root CAs needed to trust certificates.
+
 |===
 
 [float]
 
@@ -95,7 +95,7 @@ This example shows a preconfigured action type with one out-of-the box connector
       name: 'Server log #xyz'
 ```
 
-<1> `enabledActionTypes` excludes the preconfigured action type to prevent creating and deleting connectors.
+<1> `enabledActionTypes` prevents the preconfigured action type from creating and deleting connectors. For more details, check <<action-settings, Action settings>>.
 <2> `preconfigured` is the setting for defining the list of available connectors for the preconfigured action type.
 
 [[managing-pre-configured-action-types]]
 
@@ -28,7 +28,7 @@ For domain-specific alerts, refer to the documentation for that app.
 * {observability-guide}/create-alerts.html[Observability alerts]
 * {security-guide}/prebuilt-rules.html[Security alerts]
 * <<geo-alerting, Maps alerts>>
-* <<xpack-ml, ML alerts>>
+* {ml-docs}/ml-configuring-alerts.html[{ml-cap} alerts]
 
 [NOTE]
 ==============================================
 
@@ -5,7 +5,7 @@
 
 --
 
-Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with {observability-guide}/create-alerts.html[*Observability*], {security-guide}/prebuilt-rules.html[*Security*], <<geo-alerting,*Maps*>> and <<xpack-ml,*ML*>>, can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> (known as stack alerts) for you to use.
+Alerting allows you to detect complex conditions within different {kib} apps and trigger actions when those conditions are met. Alerting is integrated with {observability-guide}/create-alerts.html[*Observability*], {security-guide}/prebuilt-rules.html[*Security*], <<geo-alerting,*Maps*>> and {ml-docs}/ml-configuring-alerts.html[*{ml-app}*], can be centrally managed from the <<management,*Management*>> UI, and provides a set of built-in <<action-types, actions>> and <<alert-types, alerts>> (known as stack alerts) for you to use.
 
 image::images/alerting-overview.png[Alerts and actions UI]
 
@@ -157,7 +157,7 @@ Pre-packaged *alert types* simplify setup, hide the details complex domain-speci
 
 If you are using an *on-premises* Elastic Stack deployment:
 
-* In the kibana.yml configuration file, add the <<alert-action-settings-kb,`xpack.encryptedSavedObjects.encryptionKey`>> setting.
+* In the kibana.yml configuration file, add the <<general-alert-action-settings,`xpack.encryptedSavedObjects.encryptionKey`>> setting.
 * For emails to have a footer with a link back to {kib}, set the <<server-publicBaseUrl, `server.publicBaseUrl`>> configuration setting.
 
 If you are using an *on-premises* Elastic Stack deployment with <<using-kibana-with-security, *security*>>:
 
@@ -2,17 +2,17 @@
 [[alerting-production-considerations]]
 == Production considerations
 
-{kib} alerting run both alert checks and actions as persistent background tasks managed by the Kibana Task Manager. This has two major benefits:
+{kib} alerting runs both alert checks and actions as persistent background tasks managed by the Kibana Task Manager. This has two major benefits:
 
-* *Persistence*: all task state and scheduling is stored in {es}, so if {kib} is restarted, alerts and actions will pick up where they left off.  Task definitions for alerts and actions are stored in the index specified by `xpack.task_manager.index` (defaults to `.kibana_task_manager`).  It is important to have at least 1 replica of this index for production deployments, since if you lose this index all scheduled alerts and actions are also lost.
+* *Persistence*: all task state and scheduling is stored in {es}, so if you restart {kib}, alerts and actions will pick up where they left off.  Task definitions for alerts and actions are stored in the index specified by <<task-manager-settings, `xpack.task_manager.index`>>.  The default is `.kibana_task_manager`.  You must have at least one replica of this index for production deployments.  If you lose this index, all scheduled alerts and actions are lost.
 * *Scaling*: multiple {kib} instances can read from and update the same task queue in {es}, allowing the alerting and action load to be distributed across instances. In cases where a {kib} instance no longer has capacity to run alert checks or actions, capacity can be increased by adding additional {kib} instances.
 
 [float]
 === Running background alert checks and actions
 
 {kib} background tasks are managed by:
 
-* Polling an {es} task index for overdue tasks at 3 second intervals.  This interval can be changed using the `xpack.task_manager.poll_interval` setting.
+* Polling an {es} task index for overdue tasks at 3 second intervals.  You can change this interval using the <<task-manager-settings, `xpack.task_manager.poll_interval`>> setting.
 * Tasks are then claiming them by updating them in the {es} index, using optimistic concurrency control to prevent conflicts. Each {kib} instance can run a maximum of 10 concurrent tasks, so a maximum of 10 tasks are claimed each interval. 
 * Tasks are run on the {kib} server. 
 * In the case of alerts which are recurring background checks, upon completion the task is scheduled again according to the <<defining-alerts-general-details, check interval>>.
@@ -32,4 +32,4 @@ For details on the settings that can influence the performance and throughput of
 [float]
 === Deployment considerations
 
-{es} and {kib} instances use the system clock to determine the current time. To ensure schedules are triggered when expected, you should synchronize the clocks of all nodes in the cluster using a time service such as http://www.ntp.org/[Network Time Protocol].
+{es} and {kib} instances use the system clock to determine the current time. To ensure schedules are triggered when expected, you should synchronize the clocks of all nodes in the cluster using a time service such as http://www.ntp.org/[Network Time Protocol].