Pass the parent element to `isElementVisibleInContainer` so the scroll
hint correctly detects when a newly created widget is not fully visible
in the viewport. Previously the empty marker div was considered visible
even when the actual widget content was off-screen.
Fixes#25237
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* fixed imports
* improving structure, adding comments
* adding changelog
* fix changelog
* remove documentation that is not sensible from method comments
* adding a not equals query, adding a special "null" case
* reverting change on Test class
* remove whitespace
* revert change
* moving asset querying to enterprise
* adding risk score
* move risk score slicing into enterprise
* fix field name
* adding changelog
* using ".." temporarily to separate field/decorator
* using pipe symbol th separate field/decorator
* settling on # to separate field/decorator
* adjusting test
* Update pr-25155.toml
* Update pr-25155.toml
* adjusting test
* adjusting test
* Use minute average metric for input throughput
* Add changelog
* Properly type getValueFromMetric()
---------
Co-authored-by: Florian Petersen <188503754+fpetersen-gl@users.noreply.github.com>
* Warn user before saving search in case of unconfirmed changes.
* Adding tests.
* Adding changelog snippet.
* Extract mockFormDirtyState helper in SavedSearchForm tests
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Fix SearchActionsMenu tests by mocking useFormikContext
SavedSearchForm now uses useFormikContext to detect dirty form state,
which requires the Formik context to be available. Add the same mock
pattern used in SavedSearchForm tests.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Improve wording.
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Use GiB on traffic charts. Mention UTC as time for calculation
* Add changelog
* Adding further tests for unit conversion.
* Rename `ram_size` to `binary_size` because it also used for network traffic.
---------
Co-authored-by: Dennis Oelkers <dennis@graylog.com>
Co-authored-by: Linus Pahl <linus.pahl@graylog.com>
* adding slicing capability for the open source Events/Alerts table
* adding slicing capability
* fix mapping
* Do not provide sort info from slicing section to backend.
* Cleanup parameters provided to backend when fetching slices.
* Move slices renderers outside of component.
* Make usage of `parseFilters` easier to read.
* Cleanup
* Consider slices when fetching data for entity table.
* Show empty slices for event priority and type column.
* Update tests
* result cleanup, add mapping function
* remove obsolete class
* Fixing error when fetching security events.
* Enable slice by action for columns in paginated entity table only when a slices fetch function has been provided.
* fix default parameters
* Cleanup naming
* Use background color to highlight active slice, since font weight does not always apply to custom slices renderer.
* Disable filters which are conflicting with active slice.
* Update `EntityDataTable` test.
* adding tests
* Add full-backend integration tests for events slices endpoint
Adds EventsResourceSlicesIT with ES fixtures covering all slice columns
(priority, alert, event_definition_id, event_definition_type, key) and
filter combinations for the POST /events/slices endpoint.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* fixing test, adding waiting method for index
* adding changelog
* Disable linter hint
* adding convenience method for MongoDB sanity checks after fixture imports
* reverting include_all to false as this is the use case we're going for now
* Use stati width for slices section.
* Do not use text overflow ellipses for count badge.
* Improve naming
* Add close button for slice section.
* Add max-height for slices list
* Make sure to not remove filter when slicing by column.
* Cleanup query param handling
* Enable batching for updating query params, to fix edge cases.
* Display slices badges in readable format.
* Fix type casting
* improved changelog
* Fixing tests by adding `DefaultQueryParamProvider` where require. In a follow-up PR we will render `DefaultQueryParamProvider` for tests by default.
* Fixing linter hint
* Format code
* Simplify slicing test
---------
Co-authored-by: Linus Pahl <linus.pahl@graylog.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Keeping track of retained buffers, always releasing them after processing
* Removed logging, added cl
* Removed system.out.println from test
* Try to keep track of as few ByteBufs as possible by removing the reference to already freed ones while reading from an open channel.
* alternate approach to buffer release
* unit tests for edge cases
* CL
---------
Co-authored-by: Florian Petersen <188503754+fpetersen-gl@users.noreply.github.com>
* Change default time range for Events and Alerts to 34 days
The default time range has been reduced from 180 days to 34 days to align
with typical index rotation cycles (up to 33 days). This ensures queries
stay within indexed data while providing complete coverage.
Additionally, the Events table now uses the same default time range as the
histogram. Previously, the table would search back to 1970 when no timestamp
filter was specified in the URL.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Add changelog
* Fix issue number
* Change from 34 to 30 days.
* Add tests for fetchEvents
* Remove unneeded mocking of qualifyURL
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* Add proxy support in AWS client utils
* Fix CloudTrail input to use proxy settings for STS as well
* Add change log
* Naming nit
* Expand tests, cleanup
* Fix missing Assume Role field on setup wizard flow
* Add Assume Role field on review page.
* feat: add numeric range aggregation support to Scripting API
Add support for numeric range aggregations in the Scripting API,
allowing users to group search results into custom numeric buckets
(e.g., response times 0-100ms, 100-500ms, 500ms+).
New classes:
- NumberRange: value class holding optional from/to Double bounds
- RangeBucket: BucketSpec implementation for numeric range buckets
- ESRangeHandler, OSRangeHandler (OS2/OS3): storage backend handlers
Modified:
- Grouping: new "ranges" field, mutually exclusive with limit/timeunit/scaling
- GroupingToBucketSpecMapper: produces RangeBucket when ranges are present
- AggregationSpecToPivotMapper: respects ranges in auto-interval logic
- All three ViewsBackendModule classes: register RangeBucket handlers
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* Add integration tests for range aggregation in ScriptingApiResourceIT
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
* adding changelog
* using more idiomatic code regarding the Optionals
* improving conditional
* records instead of Autovalue
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
* Cut connection from listener to consumer for previously running service once is finished.
* Fix some compiler-warnings
* CL
* Add license-header
* Add some warnings again, as without them, enterprise-plugin must be updated too
* Use explicit imports
* Move metrics to LocalKafkaJournal and register them once globally and based on the metricPrefix for every use.
* Add CL
* Also export metrics "size-limit" and "utilization-ratio" for data-lake via prometheus exporter.
---------
Co-authored-by: Anton Ebel <anton.ebel@graylog.com>
* Remove perspectives switch from navigation.
* Remove no longer needed filtering of navigation items, based on active perspective.
* Route to default welcome page instead of perspective specific page on start page.
* Remove action to switch perspective from quick jump modal.
* Remove perspective info from telemetry events.
* Remove not needed imports
* Remove perspectives context.
* Remove mocking of perspectives in tests.
* Cleanup
* Fixing tests
* Adding changelog.
* Extend `UPGRADING.md`.
* Update tests
* Cleanup
* Improve changelog
* Add size parameter to /api/search/aggregate endpoint
Enables control over the number of items returned per grouping. The simplified
aggregation API previously always used the default limit of 15 items, requiring
users to switch to the more complex /api/views/search endpoint for different
result sizes.
* Add changelog
* Add size parameter support to POST /api/search/aggregate
Extends the size parameter functionality to the POST endpoint by adding
an optional "size" field to AggregationRequestSpec. When provided at the
top level, it overrides the limit for all groupings in the request body,
maintaining consistency with the GET parameter behavior.
This allows POST requests to control result size at the request level
without having to specify limits on individual groupings.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Refactor aggregation size parameter naming and logic
Address PR feedback on the aggregation size parameter:
1. Naming convention:
- Public API parameter remains "size" (@QueryParam, @JsonProperty)
- Internal variables renamed to "allGroupingsSize" for clarity
- Makes it explicit that this value applies to ALL groupings/buckets
2. Fixed null parameter issue:
- Previously passed null to AggregationRequestSpec even when size was provided
- Now properly passes allGroupingsSize through the chain
- Mapper no longer duplicates grouping rewrite logic
3. Single source of truth:
- Removed duplicated size application logic from mapper
- AggregationRequestSpec canonical constructor is sole owner of this logic
- Cleaner separation of concerns
Changes:
- ScriptingApiResource: @QueryParam("size") maps to allGroupingsSize variable
- AggregationRequestSpec: @JsonProperty("size") maps to allGroupingsSize field
- QueryParamsToFullRequestSpecificationMapper: removed duplicate logic, passes allGroupingsSize
- Tests: renamed and updated to use explicit variable names
All tests passing, no breaking changes to public API.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Refactor per teammate feedback: apply size in mapper, not AggregationRequestSpec
Teammate prefers original approach where:
- Mapper constructs Groupings with proper sizes
- AggregationRequestSpec holds no separate size field
- Groupings arrive at AggregationRequestSpec fully configured
This is cleaner because the size parameter is only relevant for the
simplified GET endpoint, not the full POST endpoint that already
accepts groupings with configured limits.
Changes:
- Restored size application logic to QueryParamsToFullRequestSpecificationMapper
- Removed size field from AggregationRequestSpec record
- Updated AggregateMessagesTool to remove null parameter
- Removed AggregationRequestSpecTest (tested removed functionality)
- Updated all test assertions to match new constructor signature
Public API unchanged: still uses "size" parameter name.
Internal variables still use "allGroupingsSize" for clarity.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Fix magical number to named variable
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* Record query history when using Add/Exclude from query actions
Queries modified via "Add to query" or "Exclude from query" widget actions
were not being saved to the query history. This fix ensures that when users
click these actions, the modified query is recorded via the query strings API,
making it available in the query history dropdown for future use.
The history recording is performed asynchronously (fire-and-forget) to avoid
adding network latency to the UI update.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Add changelog entry for query history fix
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* recordQueryString extracted to a separate file to remove repetition
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
* Make link to Processing Failures conditional
* CL
* permission check
* Update graylog2-web-interface/src/views/logic/fieldactions/ChangeFieldType/ChangeFieldTypeModal.tsx
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Initialize state with the initial value
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* Add support for sorting saved searches by favorite status
This change enables users to sort their saved searches by whether they
are marked as favorites. The sorting works by leveraging the existing
MongoDB aggregation pipeline that computes the favorite field at query
time via a lookup join with the favorites collection.
Changes:
- Add FIELD_FAVORITE to ViewDTO.SORT_FIELDS to allow sorting by this field
- Enable favorite sorting in SavedSearchesResource by removing sortable(false)
- Update OpenAPI schema to include "favorite" in allowable sort values
- Add integration test to verify favorite sorting works correctly in both
ascending and descending order
The implementation maintains the current architecture where favorites
are stored in a separate collection, avoiding data duplication. The
favorite field is computed dynamically during the query via MongoDB
aggregation, then sorting is applied to the computed result.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Update saved searches test to include sortable favorite attribute
Update the mock attributes in SavedSearchesModal.test.tsx to include
the favorite attribute with sortable: true, reflecting the backend
change that now allows sorting by favorite status.
This ensures the test data matches the actual API response structure
and validates that the favorite column is properly displayed and
sortable in the saved searches list.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Use FavoritesService instead of direct MongoDB insert in test
Updated searchPaginatedSortedByFavorite test to use FavoritesService.save()
instead of directly inserting into the MongoDB favorites collection. This
addresses review feedback to prevent potential drift in the storage format.
Changes:
- Added GRNExtension to provide GRNRegistry for test setup
- Created FavoritesService using reflection to access protected constructor
- Created proper test user with specific ID using TestUser.builder()
- Use favoritesService.save() with FavoritesForUserDTO to create favorites
- Create GRNs using grnRegistry.newGRN() for proper GRN format
This ensures the test uses the same code path as production for creating
favorites, maintaining consistency with the actual storage format.
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Add changelog entry for favorite sorting feature
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Fix forbidden API violation by using MongoCollection directly
Replace reflection-based FavoritesService instantiation with direct
MongoCollection access to avoid forbidden API violation (setAccessible).
The test now uses mongoCollections.collection("favorites", FavoritesForUserDTO.class)
to insert favorites, which ensures proper serialization using the same
FavoritesForUserDTO structure as FavoritesService, preventing storage
format drift without violating forbidden API rules.
Changes:
- Removed reflection imports and reflection-based constructor access
- Use MongoCollection<FavoritesForUserDTO> from mongoCollections
- Create and insert FavoritesForUserDTO directly using insertOne()
- Added comment explaining this uses the same structure as FavoritesService
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
* Enabling sort by favorite for dashboards as well.
* Updating changelog snippet.
---------
Co-authored-by: Claude Sonnet 4.5 <noreply@anthropic.com>
Co-authored-by: Dennis Oelkers <dennis@graylog.com>
* Enable os3 client by default, via feature flag
* Added changelog
* more explicit UnsupportedSearchException logging
* add os3 modules to assembly, plugin providers and dependencies
* Add more dependencies to assembly
* switch os3 storage module packaging from assembly to shade
* Fix aliases impl in OS3 storage module
* fix manifest
* remove not used assembly.xml
* remove duplicate feature flag
* disable storage module 2 for testing
* fix errors found in full backend tests
* fix index block setting
* fix closed keyword (not used in graylog source)
* use old mechanism for resolving if index exists
* safer index deletion in ClientOS
* remove datanode testing instance from os2 storage module
* fix counts adapter and its test
* remove forgotten service provider
* add index closed exception mapping
* fix status parsing on timeout
* resilient CountsIT#totalThrowsElasticsearchExceptionIfIndexDoesNotExist test
* Index status enum(open/closed), naming conversion left to the storage module
* adapted comment
* code cleanup
---------
Co-authored-by: Matthias Oesterheld <matthias.oesterheld@graylog.com>
* Add IndexRangeService#calculateRangeAndSave method
* Switch four index maintenance jobs to the system job scheduler
- OptimizeIndexJob
- SetIndexReadOnlyAndCalculateRangeJob
- CreateNewSingleIndexRangeJob
- RebuildIndexRangesJob
Replaces #24377
* Add maxRetries parameter to SystemJobRestult#withRetry
The scheduler doesn't track retries yet, so anything else than
"unlimited" retries is currently not supported.
* Add system job scheduler service
* Refactor the existing job scheduler to make it composable.
* Allow custom job factories for each job scheduler
* Rename SystemJob interface to LegacySystemJob
* Deprecate legacy system job classes
* Add JobDefinitionConfig#jobFactoryType method
* Introduce SystemJob interface and related classes
* Return new system jobs in /system/jobs API
* Delete completed system job triggers on a regular basis
* Add and use job_scheduler_system_worker_threads config setting
Allows separate worker pool sizing for user and system schedulers.
* Avoid possible NPE in JobExecutionEngine
* Add test for SystemJobManager
* Add new Full Message JSON field to the Cloud Trail input
The existing full_message field only contains a stringified Java array, which is not parsable. With the new `full_message_json` field, it should be possible to use pipeline functions to parse the message content and extract specific fields.
* Add change log
* Roll back unintended change to log4j2.xml
* Refactor event summary template logic to EventModifier
* cl
* add event definition fields to model data
---------
Co-authored-by: Ryan Carroll <ryan.carroll@graylog.com>
* fix(mcp): protocol version negotiation
- Implements spec-compliant version negotiation: silent fallback (i.e. 200 OK with server-supported protocol version) during initialization and strict MCP-Protocol-Version header validation for subsequent requests (i.e. 400 Bad Request for invalid protocol versions).
- Removes custom McpException in favor of McpError in SDK.
