Merge branch 'alerting/alert-services-mock' into alerting/es-query

* alerting/alert-services-mock: (107 commits)
  removed unused import
  added alert services mock and use it in siem
  [Metrics UI] Refactor With* containers to hooks (elastic#59503)
  [NP] Migrate logstash server side code to NP (elastic#63135)
  Clicking cancel in saved query save modal doesn't close it (elastic#62774)
  [Lens] Migration from 7.7 (elastic#62879)
  [Lens] Fix bug where suggestions didn't use filters (elastic#63293)
  Task/linux events (elastic#63400)
  [Remote clusters] guard against usageCollection plugin if unav… (elastic#63284)
  [Uptime] Remove pings graphql (elastic#59392)
  Index Pattern Field class - factor out copy_field code for future typescripting (elastic#63083)
  [EPM] add/remove package in package settings page (elastic#63389)
  Adjust API authorization logging (elastic#63350)
  Revert FTR: add chromium-based Edge browser support (elastic#61684) (elastic#63448)
  [Event Log] Adds namespace into save objects (elastic#62974)
  document code splitting for client code (elastic#62593)
  Escape single quotes surrounded by double quotes (elastic#63229)
  [Endpoint] Update cli mapping to match endpoint package (elastic#63372)
  update in-app links to metricbeat configuration docs (elastic#63295)
  investigation notes field (documentation / metadata) (elastic#63386)
  ...

Author: gmmorris

.github/CODEOWNERS

@@ -180,7 +180,7 @@
 /src/plugins/console/  @elastic/es-ui
 /src/plugins/es_ui_shared/  @elastic/es-ui
 /x-pack/legacy/plugins/cross_cluster_replication/  @elastic/es-ui
-/x-pack/legacy/plugins/index_lifecycle_management/  @elastic/es-ui
+/x-pack/plugins/index_lifecycle_management/  @elastic/es-ui
 /x-pack/legacy/plugins/index_management/  @elastic/es-ui
 /x-pack/legacy/plugins/license_management/  @elastic/es-ui
 /x-pack/legacy/plugins/rollup/  @elastic/es-ui
@@ -202,7 +202,8 @@
 # Endpoint
 /x-pack/plugins/endpoint/ @elastic/endpoint-app-team
 /x-pack/test/api_integration/apis/endpoint/ @elastic/endpoint-app-team
-/x-pack/test/functional/apps/endpoint/ @elastic/endpoint-app-team
+/x-pack/test/functional_endpoint/ @elastic/endpoint-app-team
+/x-pack/test/functional_endpoint_ingest_failure/ @elastic/endpoint-app-team
 /x-pack/test/functional/es_archives/endpoint/ @elastic/endpoint-app-team
 
 # SIEM

.i18nrc.json

@@ -24,6 +24,7 @@
       "src/legacy/core_plugins/management",
       "src/plugins/management"
     ],
+    "maps_legacy": "src/plugins/maps_legacy",
     "indexPatternManagement": "src/plugins/index_pattern_management",
     "advancedSettings": "src/plugins/advanced_settings",
     "kibana_legacy": "src/plugins/kibana_legacy",

docs/api/saved-objects/bulk_create.asciidoc

@@ -104,7 +104,7 @@ The API returns the following:
       "type": "dashboard",
       "error": {
         "statusCode": 409,
-        "message": "version conflict, document already exists"
+        "message": "Saved object [dashboard/be3733a0-9efe-11e7-acb3-3dab96693fab] conflict"
       }
     }
   ]

docs/apm/apm-alerts.asciidoc

@@ -0,0 +1,97 @@
+[role="xpack"]
+[[apm-alerts]]
+=== Create an alert
+
+beta::[]
+
+The APM app is integrated with Kibana's {kibana-ref}/alerting-getting-started.html[alerting and actions] feature.
+It provides a set of built-in **actions** and APM specific threshold **alerts** for you to use,
+and allows all alerts to be centrally managed from <<management,Kibana Management>>.
+
+[role="screenshot"]
+image::apm/images/apm-alert.png[Create an alert in the APM app]
+
+There are two different types of threshold alerts: transaction duration, and error rate.
+Below, we'll create one of each.
+
+[float]
+[[apm-create-transaction-alert]]
+=== Create a transaction duration alert
+
+This guide creates an alert for the `opbeans-java` service based on the following criteria:
+
+* Transaction type: `transaction.type:request`
+* Average request is above `1500ms` for the last 5 minutes
+* Check every 10 minutes, and repeat the alert every 30 minutes
+* Send the alert via Slack
+
+From the APM app, navigate to the `opbeans-java` service and select
+**Alerts** > **Create threshold alert** > **Transaction duration**.
+
+The name of your alert will automatically be set as `Transaction duration | opbeans-java`,
+and the alert will be tagged with `apm` and `service.name:opbeans-java`.
+Feel free to edit either of these defaults.
+
+Based on the alert criteria, define the following alert details:
+
+* **Check every** - `10 minutes`
+* **Notify every** - `30 minutes`
+* **TYPE** - `request`
+* **WHEN** - `avg`
+* **IS ABOVE** - `1500ms`
+* **FOR THE LAST** - `5 minutes`
+
+Select an action type.
+Multiple action types can be selected, but in this example we want to post to a slack channel.
+Select **Slack** > **Create a connector**.
+Enter a name for the connector,
+and paste the webhook URL.
+See Slack's webhook documentation if you need to create one.
+
+Select **Save**. The alert has been created and is now active!
+
+[float]
+[[apm-create-error-alert]]
+=== Create an error rate alert
+
+This guide creates an alert for the `opbeans-python` service based on the following criteria:
+
+* Error rate is above 25 for the last minute
+* Check every 1 minute, and repeat the alert every 10 minutes
+* Send the alert via email to the `opbeans-python` team
+
+From the APM app, navigate to the `opbeans-python` service and select
+**Alerts** > **Create threshold alert** > **Error rate**.
+
+The name of your alert will automatically be set as `Error rate | opbeans-python`,
+and the alert will be tagged with `apm` and `service.name:opbeans-python`.
+Feel free to edit either of these defaults.
+
+Based on the alert criteria, define the following alert details:
+
+* **Check every** - `1 minute`
+* **Notify every** - `10 minutes`
+* **IS ABOVE** - `25 errors`
+* **FOR THE LAST** - `1 minute`
+
+Select the **Email** action type and click **Create a connector**.
+Fill out the required details: sender, host, port, etc., and click **save**.
+
+Select **Save**. The alert has been created and is now active!
+
+[float]
+[[apm-alert-manage]]
+=== Manage alerts and actions
+
+From the APM app, select **Alerts** > **View active alerts** to be taken to the Kibana alerts and actions management page.
+From this page, you can create, edit, disable, mute, and delete alerts, and create, edit, and disable connectors.
+
+[float]
+[[apm-alert-more-info]]
+=== More information
+
+See {kibana-ref}/alerting-getting-started.html[alerting and actions] for more information.
+
+NOTE: If you are using an **on-premise** Elastic Stack deployment with security,
+TLS must be configured for communication between Elasticsearch and Kibana.
+More information is in the alerting {kibana-ref}/alerting-getting-started.html#alerting-setup-prerequisites[prerequisites].

docs/apm/images/apm-alert.png

@@ -34,4 +34,4 @@ which indicates the next transaction in the trace.
 These transactions can be expanded and viewed in detail by clicking on them.
 
 After exploring these traces,
-you can return to the full trace by clicking *View full trace* in the upper right hand corner of the page.
+you can return to the full trace by clicking *View full trace*.

docs/apm/spans.asciidoc

@@ -105,6 +105,7 @@ image::apm/images/apm-transaction-duration-dist.png[Example view of transactions
 
 This graph shows a typical distribution, and indicates most of our requests were served quickly - awesome!
 It's the requests on the right, the ones taking longer than average, that we probably want to focus on.
+
 When you select one of these buckets,
 you're presented with up to ten trace samples.
 Each sample has a span timeline waterfall that shows what a typical request in that bucket was doing.

docs/apm/transactions.asciidoc

@@ -15,6 +15,7 @@ APM is available via the navigation sidebar in {Kib}.
 * <<spans>>
 * <<errors>>
 * <<metrics>>
+* <<apm-alerts>>
 * <<machine-learning-integration>>
 * <<agent-configuration>>
 * <<advanced-queries>>
@@ -37,6 +38,8 @@ include::errors.asciidoc[]
 
 include::metrics.asciidoc[]
 
+include::apm-alerts.asciidoc[]
+
 include::agent-configuration.asciidoc[]
 
 include::custom-links.asciidoc[]

docs/apm/using-the-apm-ui.asciidoc

@@ -76,7 +76,7 @@ After you've added the workpad to your website, you can change the autoplay and
 
 To change the autoplay settings:
 
-. In the lower right corner of the shareable workpad, click the settings icon.
+. Click the settings icon.
 
 . Click *Auto Play*, then change the settings.
 +
@@ -85,7 +85,7 @@ image::images/canvas_share_autoplay_480.gif[Autoplay settings]
 
 To change the toolbar settings:
 
-. In the lower right corner, click the settings icon.
+. Click the settings icon.
 
 . Click *Toolbar*, then change the settings.
 +

docs/canvas/canvas-share-workpad.asciidoc

@@ -18,7 +18,7 @@ Your first step to working with Canvas is to create a workpad.
 
 . Click *Create workpad*.
 
-. To add a *Name* for your workpad, use the editor on the right. For example, `My Canvas Workpad`.
+. To add a *Name* for your workpad, use the editor. For example, `My Canvas Workpad`.
 
 [float]
 === Customize your workpad with images
@@ -29,7 +29,7 @@ To customize your workpad to look the way you want, add your own images.
 +
 The default Elastic logo image appears on your page.
 
-. To replace the Elastic logo with your own image, select the image, then use the editor on the right.
+. To replace the Elastic logo with your own image, select the image, then use the editor.
 
 . To move the image, click and drag it to your preferred location.
 
@@ -73,7 +73,7 @@ You'll notice that the error is gone, but the number could use some formatting.
 
 . To format the number, use the Canvas expression language.
 
-.. In the lower right corner, click *Expression editor*.
+.. Click *Expression editor*.
 +
 You're now looking at the raw data syntax that Canvas uses to display the element.