Merge branch 'master' into vislib-brush-timestamp

.ci/es-snapshots/Jenkinsfile_verify_es

@@ -19,7 +19,7 @@ currentBuild.description = "ES: ${SNAPSHOT_VERSION}<br />Kibana: ${params.branch
 
 def SNAPSHOT_MANIFEST = "https://storage.googleapis.com/kibana-ci-es-snapshots-daily/${SNAPSHOT_VERSION}/archives/${SNAPSHOT_ID}/manifest.json"
 
-kibanaPipeline(timeoutMinutes: 150) {
+kibanaPipeline(timeoutMinutes: 210) {
   catchErrors {
     slackNotifications.onFailure(
       title: "*<${env.BUILD_URL}|[${SNAPSHOT_VERSION}] ES Snapshot Verification Failure>*",

.github/CODEOWNERS

@@ -74,7 +74,13 @@
 #CC# /src/plugins/apm_oss/ @elastic/apm-ui
 #CC# /x-pack/plugins/observability/ @elastic/apm-ui
 
-# Client Side Monitoring (lives in APM directories but owned by Uptime)
+# Uptime
+/x-pack/plugins/uptime @elastic/uptime
+/x-pack/test/functional_with_es_ssl/apps/uptime  @elastic/uptime
+/x-pack/test/functional/apps/uptime @elastic/uptime
+/x-pack/test/api_integration/apis/uptime @elastic/uptime
+
+# Client Side Monitoring / Uptime (lives in APM directories but owned by Uptime)
 /x-pack/plugins/apm/e2e/cypress/support/step_definitions/csm @elastic/uptime
 /x-pack/plugins/apm/e2e/cypress/integration/csm_dashboard.feature @elastic/uptime
 /x-pack/plugins/apm/public/application/csmApp.tsx @elastic/uptime
@@ -106,7 +112,6 @@
 /x-pack/plugins/fleet/ @elastic/fleet
 /x-pack/plugins/observability/ @elastic/observability-ui
 /x-pack/plugins/monitoring/ @elastic/stack-monitoring-ui
-/x-pack/plugins/uptime @elastic/uptime
 
 # Machine Learning
 /x-pack/plugins/ml/  @elastic/ml-ui

.github/workflows/backport.yml

@@ -18,34 +18,20 @@ jobs:
       )
     runs-on: ubuntu-latest
     steps:
-      - name: 'Get backport config'
-        run: |
-          curl 'https://raw.githubusercontent.com/elastic/kibana/master/.backportrc.json' > .backportrc.json
-
-      - name: Use Node.js 14.x
-        uses: actions/setup-node@v1
+      - name: Checkout Actions
+        uses: actions/checkout@v2
         with:
-          node-version: 14.x
-
-      - name: Install backport CLI
-        run: npm install -g backport@5.6.4
+          repository: 'elastic/kibana-github-actions'
+          ref: main
+          path: ./actions
 
-      - name: Backport PR
-        run: |
-          git config --global user.name "kibanamachine"
-          git config --global user.email "42973632+kibanamachine@users.noreply.github.com"
-          backport --fork true --username kibanamachine --accessToken "${{ secrets.KIBANAMACHINE_TOKEN }}" --ci --pr "$PR_NUMBER" --labels backport --assignee "$PR_OWNER" | tee 'output.log'
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
-          PR_OWNER: ${{ github.event.pull_request.user.login }}
+      - name: Install Actions
+        run: npm install --production --prefix ./actions
 
-      - name: Report backport status
-        run: |
-          COMMENT="Backport result
-          \`\`\`
-          $(cat output.log)
-          \`\`\`"
-
-          GITHUB_TOKEN="${{ secrets.KIBANAMACHINE_TOKEN }}" gh api -X POST repos/elastic/kibana/issues/$PR_NUMBER/comments -F body="$COMMENT"
-        env:
-          PR_NUMBER: ${{ github.event.pull_request.number }}
+      - name: Run Backport
+        uses: ./actions/backport
+        with:
+          branch: master
+          github_token: ${{secrets.KIBANAMACHINE_TOKEN}}
+          commit_user: kibanamachine
+          commit_email: 42973632+kibanamachine@users.noreply.github.com

Jenkinsfile

@@ -3,7 +3,7 @@
 library 'kibana-pipeline-library'
 kibanaLibrary.load()
 
-kibanaPipeline(timeoutMinutes: 155, checkPrChanges: true, setCommitStatus: true) {
+kibanaPipeline(timeoutMinutes: 210, checkPrChanges: true, setCommitStatus: true) {
   slackNotifications.onFailure(disabled: !params.NOTIFY_ON_FAILURE) {
     githubPr.withDefaultPrComments {
       ciStats.trackBuild {

docs/development/core/server/kibana-plugin-core-server.loggingservicesetup.configure.md

@@ -34,7 +34,7 @@ Customize the configuration for the plugins.data.search context.
 core.logging.configure(
   of({
     appenders: new Map(),
-    loggers: [{ context: 'search', appenders: ['default'] }]
+    loggers: [{ name: 'search', appenders: ['default'] }]
   })
 )
 

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchoptions.indexpattern.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) &gt; [ISearchOptions](./kibana-plugin-plugins-data-public.isearchoptions.md) &gt; [indexPattern](./kibana-plugin-plugins-data-public.isearchoptions.indexpattern.md)
+
+## ISearchOptions.indexPattern property
+
+Index pattern reference is used for better error messages
+
+<b>Signature:</b>
+
+```typescript
+indexPattern?: IndexPattern;
+```

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.isearchoptions.md

@@ -15,6 +15,7 @@ export interface ISearchOptions
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [abortSignal](./kibana-plugin-plugins-data-public.isearchoptions.abortsignal.md) | <code>AbortSignal</code> | An <code>AbortSignal</code> that allows the caller of <code>search</code> to abort a search request. |
+|  [indexPattern](./kibana-plugin-plugins-data-public.isearchoptions.indexpattern.md) | <code>IndexPattern</code> | Index pattern reference is used for better error messages |
 |  [isRestore](./kibana-plugin-plugins-data-public.isearchoptions.isrestore.md) | <code>boolean</code> | Whether the session is restored (i.e. search requests should re-use the stored search IDs, rather than starting from scratch) |
 |  [isStored](./kibana-plugin-plugins-data-public.isearchoptions.isstored.md) | <code>boolean</code> | Whether the session is already saved (i.e. sent to background) |
 |  [legacyHitsTotal](./kibana-plugin-plugins-data-public.isearchoptions.legacyhitstotal.md) | <code>boolean</code> | Request the legacy format for the total number of hits. If sending <code>rest_total_hits_as_int</code> to something other than <code>true</code>, this should be set to <code>false</code>. |

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.painlesserror._constructor_.md

@@ -9,12 +9,13 @@ Constructs a new instance of the `PainlessError` class
 <b>Signature:</b>
 
 ```typescript
-constructor(err: IEsError);
+constructor(err: IEsError, indexPattern?: IndexPattern);
 ```
 
 ## Parameters
 
 |  Parameter | Type | Description |
 |  --- | --- | --- |
 |  err | <code>IEsError</code> |  |
+|  indexPattern | <code>IndexPattern</code> |  |
 

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.painlesserror.indexpattern.md

@@ -0,0 +1,11 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-data-public](./kibana-plugin-plugins-data-public.md) &gt; [PainlessError](./kibana-plugin-plugins-data-public.painlesserror.md) &gt; [indexPattern](./kibana-plugin-plugins-data-public.painlesserror.indexpattern.md)
+
+## PainlessError.indexPattern property
+
+<b>Signature:</b>
+
+```typescript
+indexPattern?: IndexPattern;
+```

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.painlesserror.md

@@ -14,12 +14,13 @@ export declare class PainlessError extends EsError
 
 |  Constructor | Modifiers | Description |
 |  --- | --- | --- |
-|  [(constructor)(err)](./kibana-plugin-plugins-data-public.painlesserror._constructor_.md) |  | Constructs a new instance of the <code>PainlessError</code> class |
+|  [(constructor)(err, indexPattern)](./kibana-plugin-plugins-data-public.painlesserror._constructor_.md) |  | Constructs a new instance of the <code>PainlessError</code> class |
 
 ## Properties
 
 |  Property | Modifiers | Type | Description |
 |  --- | --- | --- | --- |
+|  [indexPattern](./kibana-plugin-plugins-data-public.painlesserror.indexpattern.md) |  | <code>IndexPattern</code> |  |
 |  [painlessStack](./kibana-plugin-plugins-data-public.painlesserror.painlessstack.md) |  | <code>string</code> |  |
 
 ## Methods

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.md

@@ -28,6 +28,6 @@ export declare class SearchInterceptor
 |  --- | --- | --- |
 |  [getTimeoutMode()](./kibana-plugin-plugins-data-public.searchinterceptor.gettimeoutmode.md) |  |  |
 |  [handleSearchError(e, timeoutSignal, options)](./kibana-plugin-plugins-data-public.searchinterceptor.handlesearcherror.md) |  |  |
-|  [search(request, options)](./kibana-plugin-plugins-data-public.searchinterceptor.search.md) |  | Searches using the given <code>search</code> method. Overrides the <code>AbortSignal</code> with one that will abort either when <code>cancelPending</code> is called, when the request times out, or when the original <code>AbortSignal</code> is aborted. Updates <code>pendingCount$</code> when the request is started/finalized. |
+|  [search(request, options)](./kibana-plugin-plugins-data-public.searchinterceptor.search.md) |  | Searches using the given <code>search</code> method. Overrides the <code>AbortSignal</code> with one that will abort either when the request times out, or when the original <code>AbortSignal</code> is aborted. Updates <code>pendingCount$</code> when the request is started/finalized. |
 |  [showError(e)](./kibana-plugin-plugins-data-public.searchinterceptor.showerror.md) |  |  |
 

docs/development/plugins/data/public/kibana-plugin-plugins-data-public.searchinterceptor.search.md

@@ -4,7 +4,7 @@
 
 ## SearchInterceptor.search() method
 
-Searches using the given `search` method. Overrides the `AbortSignal` with one that will abort either when `cancelPending` is called, when the request times out, or when the original `AbortSignal` is aborted. Updates `pendingCount$` when the request is started/finalized.
+Searches using the given `search` method. Overrides the `AbortSignal` with one that will abort either when the request times out, or when the original `AbortSignal` is aborted. Updates `pendingCount$` when the request is started/finalized.
 
 <b>Signature:</b>
 

docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchoptions.indexpattern.md

@@ -0,0 +1,13 @@
+<!-- Do not edit this file. It is automatically generated by API Documenter. -->
+
+[Home](./index.md) &gt; [kibana-plugin-plugins-data-server](./kibana-plugin-plugins-data-server.md) &gt; [ISearchOptions](./kibana-plugin-plugins-data-server.isearchoptions.md) &gt; [indexPattern](./kibana-plugin-plugins-data-server.isearchoptions.indexpattern.md)
+
+## ISearchOptions.indexPattern property
+
+Index pattern reference is used for better error messages
+
+<b>Signature:</b>
+
+```typescript
+indexPattern?: IndexPattern;
+```

docs/development/plugins/data/server/kibana-plugin-plugins-data-server.isearchoptions.md

@@ -15,6 +15,7 @@ export interface ISearchOptions
 |  Property | Type | Description |
 |  --- | --- | --- |
 |  [abortSignal](./kibana-plugin-plugins-data-server.isearchoptions.abortsignal.md) | <code>AbortSignal</code> | An <code>AbortSignal</code> that allows the caller of <code>search</code> to abort a search request. |
+|  [indexPattern](./kibana-plugin-plugins-data-server.isearchoptions.indexpattern.md) | <code>IndexPattern</code> | Index pattern reference is used for better error messages |
 |  [isRestore](./kibana-plugin-plugins-data-server.isearchoptions.isrestore.md) | <code>boolean</code> | Whether the session is restored (i.e. search requests should re-use the stored search IDs, rather than starting from scratch) |
 |  [isStored](./kibana-plugin-plugins-data-server.isearchoptions.isstored.md) | <code>boolean</code> | Whether the session is already saved (i.e. sent to background) |
 |  [legacyHitsTotal](./kibana-plugin-plugins-data-server.isearchoptions.legacyhitstotal.md) | <code>boolean</code> | Request the legacy format for the total number of hits. If sending <code>rest_total_hits_as_int</code> to something other than <code>true</code>, this should be set to <code>false</code>. |

docs/development/plugins/data/server/kibana-plugin-plugins-data-server.plugin.start.md

@@ -12,7 +12,7 @@ start(core: CoreStart): {
             fieldFormatServiceFactory: (uiSettings: import("../../../core/server").IUiSettingsClient) => Promise<import("../common").FieldFormatsRegistry>;
         };
         indexPatterns: {
-            indexPatternsServiceFactory: (savedObjectsClient: Pick<import("../../../core/server").SavedObjectsClient, "get" | "delete" | "create" | "update" | "bulkCreate" | "checkConflicts" | "find" | "bulkGet" | "resolve" | "addToNamespaces" | "deleteFromNamespaces" | "bulkUpdate" | "removeReferencesTo" | "errors">, elasticsearchClient: import("../../../core/server").ElasticsearchClient) => Promise<import("../public").IndexPatternsService>;
+            indexPatternsServiceFactory: (savedObjectsClient: Pick<import("../../../core/server").SavedObjectsClient, "get" | "delete" | "closePointInTime" | "create" | "update" | "bulkCreate" | "checkConflicts" | "find" | "bulkGet" | "resolve" | "addToNamespaces" | "deleteFromNamespaces" | "bulkUpdate" | "removeReferencesTo" | "openPointInTimeForType" | "errors">, elasticsearchClient: import("../../../core/server").ElasticsearchClient) => Promise<import("../public").IndexPatternsService>;
         };
         search: ISearchStart<import("./search").IEsSearchRequest, import("./search").IEsSearchResponse<any>>;
     };
@@ -31,7 +31,7 @@ start(core: CoreStart): {
             fieldFormatServiceFactory: (uiSettings: import("../../../core/server").IUiSettingsClient) => Promise<import("../common").FieldFormatsRegistry>;
         };
         indexPatterns: {
-            indexPatternsServiceFactory: (savedObjectsClient: Pick<import("../../../core/server").SavedObjectsClient, "get" | "delete" | "create" | "update" | "bulkCreate" | "checkConflicts" | "find" | "bulkGet" | "resolve" | "addToNamespaces" | "deleteFromNamespaces" | "bulkUpdate" | "removeReferencesTo" | "errors">, elasticsearchClient: import("../../../core/server").ElasticsearchClient) => Promise<import("../public").IndexPatternsService>;
+            indexPatternsServiceFactory: (savedObjectsClient: Pick<import("../../../core/server").SavedObjectsClient, "get" | "delete" | "closePointInTime" | "create" | "update" | "bulkCreate" | "checkConflicts" | "find" | "bulkGet" | "resolve" | "addToNamespaces" | "deleteFromNamespaces" | "bulkUpdate" | "removeReferencesTo" | "openPointInTimeForType" | "errors">, elasticsearchClient: import("../../../core/server").ElasticsearchClient) => Promise<import("../public").IndexPatternsService>;
         };
         search: ISearchStart<import("./search").IEsSearchRequest, import("./search").IEsSearchResponse<any>>;
     }`

docs/discover/kuery.asciidoc

@@ -1,55 +1,63 @@
 [[kuery-query]]
 === Kibana Query Language
 
-The Kibana Query Language (KQL) makes it easy to find
-the fields and syntax for your {es} query. If you have the
-https://www.elastic.co/subscriptions[Basic tier] or above,
-simply place your cursor in the *Search* field. As you type, you’ll get suggestions for fields,
-values, and operators.
+The Kibana Query Language (KQL) is a simple syntax for filtering {es} data using
+free text search or field-based search. KQL is only used for filtering data, and has
+no role in sorting or aggregating the data.
+
+KQL is able to suggest field names, values, and operators as you type.
+The performance of the suggestions is controlled by <<settings, {kib} settings>>:
 
 [role="screenshot"]
 image::images/kql-autocomplete.png[Autocomplete in Search bar]
 
-If you prefer to use Kibana’s legacy query language, based on the
-<<lucene-query, Lucene query syntax>>, click *KQL* next to the *Search* field, and then turn off KQL.
+KQL has a different set of features than the <<lucene-query>>. KQL is able to query
+nested fields and <<scripted-fields, scripted fields>>. KQL does not support regular expressions
+or searching with fuzzy terms. To use the legacy Lucene syntax, click *KQL* next to the *Search* field,
+and then turn off KQL.
 
 [discrete]
 === Terms query
 
-A terms query matches documents that contain one or more *exact* terms in a field.
+A terms query uses *exact search terms*. Spaces separate each search term, and only one term
+is required to match the document. Use quotation marks to indicate a *phrase match*.
 
-To match documents where the response field is `200`:
+To query using *exact search terms*, enter the field name followed by `:` and
+then the values separated by spaces:
 
 [source,yaml]
 -------------------
-response:200
+http.response.status_code:400 401 404
 -------------------
 
-To match documents with the phrase "quick brown fox" in the `message` field.
+For text fields, this will match any value regardless of order:
 
 [source,yaml]
 -------------------
-message:"quick brown fox"
+http.response.body.content.text:quick brown fox
 -------------------
 
-Without the quotes,
-the query matches documents regardless of the order in which
-they appear. Documents with "quick brown fox" match,
-and so does "quick fox brown".
+To query for an *exact phrase*, use quotation marks around the values:
+
+[source,yaml]
+-------------------
+http.response.body.content.text:"quick brown fox"
+-------------------
 
-NOTE: Terms without fields are matched against the default field in your index settings.
-If a default field is not
-set, terms are matched against all fields. For example, a query
-for `response:200` searches for the value 200
-in the response field, but a query for just `200` searches for 200
-across all fields in your index.
+Field names are not required by KQL. When a field name is not provided, terms
+will be matched by the default fields in your index settings. To search across fields:
 
+[source,yaml]
+-------------------
+"quick brown fox"
+-------------------
 
 [discrete]
 === Boolean queries
 
 KQL supports `or`, `and`, and `not`. By default, `and` has a higher precedence than `or`.
-To override the default precedence, group operators in parentheses.
+To override the default precedence, group operators in parentheses. These operators can
+be upper or lower case.
 
 To match documents where response is `200`, extension is `php`, or both:
 
@@ -143,18 +151,24 @@ but in some cases you might need to search on dates. Include the date range in q
 [discrete]
 === Exist queries
 
-An exist query matches documents that contain a value for a field, in this case,
+An exist query matches documents that contain any value for a field, in this case,
 response:
 
 [source,yaml]
 -------------------
 response:*
 -------------------
 
+Existence is defined by {es} and includes all values, including empty text.
+
 [discrete]
 === Wildcard queries
 
-To match documents where machine.os starts with `win`, such
+Wildcards queries can be used to *search by a term prefix* or to *search multiple fields*.
+The default settings of {kib} *prevent leading wildcards* for performance reasons,
+but this can be allowed with an <<query-allowleadingwildcards, advanced setting>>.
+
+To match documents where `machine.os` starts with `win`, such
 as "windows 7" and "windows 10":
 
 [source,yaml]