[Fleet] Add integration_knowledge system index for Fleet
#132506
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
elasticsearchmachine
added
needs:triage
elasticsearchmachine
removed
the
needs:triage
Supplementing
added
:Core/Infra/Plugins
|
Pinging @elastic/es-core-infra (Team:Core/Infra) |
10 tasks
...va/org/elasticsearch/xpack/core/security/authz/store/KibanaOwnedReservedRoleDescriptors.java
Outdated
Show resolved
Hide resolved
SiddharthMantri
approved these changes
Aug 6, 2025
|
@SiddharthMantri Im facing a test failure here due to the In this case, should I just update the test, or is there a more preferred option here? Presumably, once this bwc step is deprecated, then the test will start failing, not sure if thats just a bridge we cross at the time or how to proceed. Thanks in advance! |
slobodanadamovic
added
:Security/Authorization
|
Pinging @elastic/es-security (Team:Security) |
…Supplementing/elasticsearch into knowledge-base-index-privileges
jen-huang
approved these changes
Aug 12, 2025
…Supplementing/elasticsearch into knowledge-base-index-privileges
SiddharthMantri
approved these changes
Aug 13, 2025
There was a problem hiding this comment.
LGTM. Thanks @Supplementing - please also update the audit document (in case you haven't already).
…xed tests to assert on the correct field
…Supplementing/elasticsearch into knowledge-base-index-privileges
…ded in content field
…Supplementing/elasticsearch into knowledge-base-index-privileges
spong
reviewed
Aug 18, 2025
x-pack/plugin/core/template-resources/src/main/resources/fleet-integration-knowledge.json
Show resolved
Hide resolved
This was referenced Aug 19, 2025
3 tasks
Supplementing
added a commit
to elastic/kibana
that referenced
this pull request
Sep 5, 2025
## Summary Closes elastic/ingest-dev#5678 - Adds support for writing the knowledge_base docs in a package to a system index `.integration_knowledge` with per-document indexing. - Also checks that the license is appropriate (`enterprise`), otherwise skips this step as usage of inference models is needed due to the `semantic_text` field. - Automatically removes knowledge base files from the index when the package is removed - Updates the docs when the package updates - Also adds an internal endpoint for getting indexed knowledge base docs for a specific package `GET /internal/fleet/epm/packages/{pkgName}/knowledge_base` - In order to improve UX, we also added a generic doc during fleet setup with some basic fleet knowledge that will be indexed asynchronously (if the user has the correct license of `enterprise`) so that later on when the docs need indexed, we dont need to wait for inference model deployment. See [this comment](#230107 (comment)) for more context. _**As part of these changes, I also realized there was an issue with the custom integrations upload feature where it would error due to a missing integration name as it relied on the pipeline, so I added a step to use the name from the `_meta` field (with fallback to the pipeline) in order to stop issues during manual testing. Can remove before finalized if needed cc: @elastic/security-scalability. If kept, will close #231712 . https://github.com/user-attachments/assets/0a7559af-b312-4356-bdb1-e05531721f89 **NOTE**: In the video, the indexing fails the first time. Turns out, it was due to a timeout as the index was being created by ES and the indexing would fail as creation took too long. It is now wrapped in a retry so this has been resolved. ## Testing instructions Cloud Deployment for testing without pulling everything down to local: https://supplementing-pr-230107-knowledge-base-integration-support.kbndev.co/ Manual Testing: 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. 2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. 3. Watch the Kibana logs for errors/debug messages etc 4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` 5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. 6. Remove the package and then verify (using the endpoint) that the docs are removed from the index ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... # Release Note Adds support for indexing package knowledge base docs into the .integration_knowledge system index, with per-document updates and automatic removal when a package is deleted. To be utilized by package developers allowing the AI assistants to have greater context relevant to particular packages. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
shahargl
pushed a commit
to shahargl/kibana
that referenced
this pull request
Sep 7, 2025
## Summary Closes elastic/ingest-dev#5678 - Adds support for writing the knowledge_base docs in a package to a system index `.integration_knowledge` with per-document indexing. - Also checks that the license is appropriate (`enterprise`), otherwise skips this step as usage of inference models is needed due to the `semantic_text` field. - Automatically removes knowledge base files from the index when the package is removed - Updates the docs when the package updates - Also adds an internal endpoint for getting indexed knowledge base docs for a specific package `GET /internal/fleet/epm/packages/{pkgName}/knowledge_base` - In order to improve UX, we also added a generic doc during fleet setup with some basic fleet knowledge that will be indexed asynchronously (if the user has the correct license of `enterprise`) so that later on when the docs need indexed, we dont need to wait for inference model deployment. See [this comment](elastic#230107 (comment)) for more context. _**As part of these changes, I also realized there was an issue with the custom integrations upload feature where it would error due to a missing integration name as it relied on the pipeline, so I added a step to use the name from the `_meta` field (with fallback to the pipeline) in order to stop issues during manual testing. Can remove before finalized if needed cc: @elastic/security-scalability. If kept, will close elastic#231712 . https://github.com/user-attachments/assets/0a7559af-b312-4356-bdb1-e05531721f89 **NOTE**: In the video, the indexing fails the first time. Turns out, it was due to a timeout as the index was being created by ES and the indexing would fail as creation took too long. It is now wrapped in a retry so this has been resolved. ## Testing instructions Cloud Deployment for testing without pulling everything down to local: https://supplementing-pr-230107-knowledge-base-integration-support.kbndev.co/ Manual Testing: 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. 2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. 3. Watch the Kibana logs for errors/debug messages etc 4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` 5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. 6. Remove the package and then verify (using the endpoint) that the docs are removed from the index ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... # Release Note Adds support for indexing package knowledge base docs into the .integration_knowledge system index, with per-document updates and automatic removal when a package is deleted. To be utilized by package developers allowing the AI assistants to have greater context relevant to particular packages. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
KodeRad
pushed a commit
to KodeRad/kibana
that referenced
this pull request
Sep 15, 2025
## Summary Closes elastic/ingest-dev#5678 - Adds support for writing the knowledge_base docs in a package to a system index `.integration_knowledge` with per-document indexing. - Also checks that the license is appropriate (`enterprise`), otherwise skips this step as usage of inference models is needed due to the `semantic_text` field. - Automatically removes knowledge base files from the index when the package is removed - Updates the docs when the package updates - Also adds an internal endpoint for getting indexed knowledge base docs for a specific package `GET /internal/fleet/epm/packages/{pkgName}/knowledge_base` - In order to improve UX, we also added a generic doc during fleet setup with some basic fleet knowledge that will be indexed asynchronously (if the user has the correct license of `enterprise`) so that later on when the docs need indexed, we dont need to wait for inference model deployment. See [this comment](elastic#230107 (comment)) for more context. _**As part of these changes, I also realized there was an issue with the custom integrations upload feature where it would error due to a missing integration name as it relied on the pipeline, so I added a step to use the name from the `_meta` field (with fallback to the pipeline) in order to stop issues during manual testing. Can remove before finalized if needed cc: @elastic/security-scalability. If kept, will close elastic#231712 . https://github.com/user-attachments/assets/0a7559af-b312-4356-bdb1-e05531721f89 **NOTE**: In the video, the indexing fails the first time. Turns out, it was due to a timeout as the index was being created by ES and the indexing would fail as creation took too long. It is now wrapped in a retry so this has been resolved. ## Testing instructions Cloud Deployment for testing without pulling everything down to local: https://supplementing-pr-230107-knowledge-base-integration-support.kbndev.co/ Manual Testing: 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. 2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. 3. Watch the Kibana logs for errors/debug messages etc 4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` 5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. 6. Remove the package and then verify (using the endpoint) that the docs are removed from the index ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... # Release Note Adds support for indexing package knowledge base docs into the .integration_knowledge system index, with per-document updates and automatic removal when a package is deleted. To be utilized by package developers allowing the AI assistants to have greater context relevant to particular packages. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
CAWilson94
pushed a commit
to CAWilson94/kibana
that referenced
this pull request
Sep 24, 2025
## Summary Closes elastic/ingest-dev#5678 - Adds support for writing the knowledge_base docs in a package to a system index `.integration_knowledge` with per-document indexing. - Also checks that the license is appropriate (`enterprise`), otherwise skips this step as usage of inference models is needed due to the `semantic_text` field. - Automatically removes knowledge base files from the index when the package is removed - Updates the docs when the package updates - Also adds an internal endpoint for getting indexed knowledge base docs for a specific package `GET /internal/fleet/epm/packages/{pkgName}/knowledge_base` - In order to improve UX, we also added a generic doc during fleet setup with some basic fleet knowledge that will be indexed asynchronously (if the user has the correct license of `enterprise`) so that later on when the docs need indexed, we dont need to wait for inference model deployment. See [this comment](elastic#230107 (comment)) for more context. _**As part of these changes, I also realized there was an issue with the custom integrations upload feature where it would error due to a missing integration name as it relied on the pipeline, so I added a step to use the name from the `_meta` field (with fallback to the pipeline) in order to stop issues during manual testing. Can remove before finalized if needed cc: @elastic/security-scalability. If kept, will close elastic#231712 . https://github.com/user-attachments/assets/0a7559af-b312-4356-bdb1-e05531721f89 **NOTE**: In the video, the indexing fails the first time. Turns out, it was due to a timeout as the index was being created by ES and the indexing would fail as creation took too long. It is now wrapped in a retry so this has been resolved. ## Testing instructions Cloud Deployment for testing without pulling everything down to local: https://supplementing-pr-230107-knowledge-base-integration-support.kbndev.co/ Manual Testing: 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. 2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. 3. Watch the Kibana logs for errors/debug messages etc 4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` 5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. 6. Remove the package and then verify (using the endpoint) that the docs are removed from the index ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... # Release Note Adds support for indexing package knowledge base docs into the .integration_knowledge system index, with per-document updates and automatic removal when a package is deleted. To be utilized by package developers allowing the AI assistants to have greater context relevant to particular packages. --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Elastic Machine <[email protected]>
10 tasks
arturoliduena
added a commit
to elastic/kibana
that referenced
this pull request
Oct 14, 2025
…237085) Closes elastic/obs-ai-assistant-team#357 ## Summary This PR adds the awareness of `.integration_knowledge*` index as another index for recalling. The Obs AI Assistant will retrieve integration knowledge from the index Value added to the Obs AI Assistant (elastic/obs-ai-assistant-team#357 (comment)): > The assistant will become aware of LLM-facing documentation for any installed integrations in the user's cluster. For example, the Logstash integration might ship documentation that explains how to understand the health reporting metrics collected by the integration and the assistant could answer prompts like "why was my logstash server down yesterday?" using the user's real data. Manual Testing: 1 -> Follow the instructions from #230107 (comment): > 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. >2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: > > - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. >3. Watch the Kibana logs for errors/debug messages etc >4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` >5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. >6. Remove the package and then verify (using the endpoint) that the docs are removed from the index 2 - Ask the AI Assistant about information contained in the integration documents 3- check that the documents are listed on the response of executed the function context inside learnings ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Sandra G <[email protected]>
arturoliduena
added a commit
to arturoliduena/kibana
that referenced
this pull request
Oct 16, 2025
…lastic#237085) Closes elastic/obs-ai-assistant-team#357 ## Summary This PR adds the awareness of `.integration_knowledge*` index as another index for recalling. The Obs AI Assistant will retrieve integration knowledge from the index Value added to the Obs AI Assistant (elastic/obs-ai-assistant-team#357 (comment)): > The assistant will become aware of LLM-facing documentation for any installed integrations in the user's cluster. For example, the Logstash integration might ship documentation that explains how to understand the health reporting metrics collected by the integration and the assistant could answer prompts like "why was my logstash server down yesterday?" using the user's real data. Manual Testing: 1 -> Follow the instructions from elastic#230107 (comment): > 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. >2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: > > - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. >3. Watch the Kibana logs for errors/debug messages etc >4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` >5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. >6. Remove the package and then verify (using the endpoint) that the docs are removed from the index 2 - Ask the AI Assistant about information contained in the integration documents 3- check that the documents are listed on the response of executed the function context inside learnings ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Sandra G <[email protected]> (cherry picked from commit 15878ad)
arturoliduena
added a commit
to elastic/kibana
that referenced
this pull request
Oct 16, 2025
…index (#237085) (#239263) Closes elastic/obs-ai-assistant-team#380 # Backport This will backport the following commits from `main` to `9.2`: - [[Obs AI Assistant] aware of new .integration_knowledge* system index (#237085)](#237085) <!--- Backport version: 10.0.2 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Arturo Lidueña","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-10-14T07:13:31Z","message":"[Obs AI Assistant] aware of new .integration_knowledge* system index (#237085)\n\nCloses https://github.com/elastic/obs-ai-assistant-team/issues/357\n## Summary\n\nThis PR adds the awareness of `.integration_knowledge*` index as another\nindex for recalling. The Obs AI Assistant will retrieve integration\nknowledge from the index\n\nValue added to the Obs AI Assistant\n(https://github.com/elastic/obs-ai-assistant-team/issues/357#issuecomment-3303692842):\n> The assistant will become aware of LLM-facing documentation for any\ninstalled integrations in the user's cluster. For example, the Logstash\nintegration might ship documentation that explains how to understand the\nhealth reporting metrics collected by the integration and the assistant\ncould answer prompts like \"why was my logstash server down yesterday?\"\nusing the user's real data.\n\nManual Testing: \n1 -> Follow the instructions from\nhttps://github.com//pull/230107#issue-3281157774:\n\n> 1. If elastic/elasticsearch#132506 has been\nmerged, run `yarn es snapshot` in Kibana, otherwise, checkout that\nbranch in your local ES and then in kibana run `yarn es source` in order\nto use that version of ES which contains the index management, mappings,\netc.\n>2. Install a package with any number of knowledge base docs in the\n`docs/knowledge_base` folder. You can use [this sample\npackage](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip),\nor create your own following the guide below:\n>\n> - Using `elastic-package`, create a new package using `elastic-package\ncreate integration`\n- Once created add `knowledge_base` as a folder inside of the generated\n`docs` folder of the integration\n- Add an arbitrary amount of `.md` files to the knowledge_base folder\n - Run `elastic-package build` to build the package\n- There are a lot of different options for installing the package in a\nlocal kibana instance. I prefer to just take the generated .zip folder\nfrom `/build` in `elastic-package` and upload it to kibana using the\ncustom integrations feature. You can also expose the package registry,\nor whatever you see fit.\n>3. Watch the Kibana logs for errors/debug messages etc\n>4. Use the new endpoint or just directly check the index using `GET\n/.integration_knowledge/_search` to verify that the documents are\ningested into the system index of `.integration_knowledge`\n>5. Update the package and verify that the KB documents are updated by\nchecking the response again, they should have the updated pkgVersion on\nthe associated docs.\n>6. Remove the package and then verify (using the endpoint) that the\ndocs are removed from the index\n\n2 - Ask the AI Assistant about information contained in the integration\ndocuments\n\n3- check that the documents are listed on the response of executed the\nfunction context inside learnings\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [ ] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>\nCo-authored-by: Sandra G <[email protected]>","sha":"15878ad8a124539d4698de2510fd5d6ad90b8d38","branchLabelMapping":{"^v9.3.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:enhancement","backport:skip","Team:Obs AI Assistant","ci:project-deploy-observability","v9.3.0"],"title":"[Obs AI Assistant] aware of new .integration_knowledge* system index","number":237085,"url":"https://github.com/elastic/kibana/pull/237085","mergeCommit":{"message":"[Obs AI Assistant] aware of new .integration_knowledge* system index (#237085)\n\nCloses https://github.com/elastic/obs-ai-assistant-team/issues/357\n## Summary\n\nThis PR adds the awareness of `.integration_knowledge*` index as another\nindex for recalling. The Obs AI Assistant will retrieve integration\nknowledge from the index\n\nValue added to the Obs AI Assistant\n(https://github.com/elastic/obs-ai-assistant-team/issues/357#issuecomment-3303692842):\n> The assistant will become aware of LLM-facing documentation for any\ninstalled integrations in the user's cluster. For example, the Logstash\nintegration might ship documentation that explains how to understand the\nhealth reporting metrics collected by the integration and the assistant\ncould answer prompts like \"why was my logstash server down yesterday?\"\nusing the user's real data.\n\nManual Testing: \n1 -> Follow the instructions from\nhttps://github.com//pull/230107#issue-3281157774:\n\n> 1. If elastic/elasticsearch#132506 has been\nmerged, run `yarn es snapshot` in Kibana, otherwise, checkout that\nbranch in your local ES and then in kibana run `yarn es source` in order\nto use that version of ES which contains the index management, mappings,\netc.\n>2. Install a package with any number of knowledge base docs in the\n`docs/knowledge_base` folder. You can use [this sample\npackage](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip),\nor create your own following the guide below:\n>\n> - Using `elastic-package`, create a new package using `elastic-package\ncreate integration`\n- Once created add `knowledge_base` as a folder inside of the generated\n`docs` folder of the integration\n- Add an arbitrary amount of `.md` files to the knowledge_base folder\n - Run `elastic-package build` to build the package\n- There are a lot of different options for installing the package in a\nlocal kibana instance. I prefer to just take the generated .zip folder\nfrom `/build` in `elastic-package` and upload it to kibana using the\ncustom integrations feature. You can also expose the package registry,\nor whatever you see fit.\n>3. Watch the Kibana logs for errors/debug messages etc\n>4. Use the new endpoint or just directly check the index using `GET\n/.integration_knowledge/_search` to verify that the documents are\ningested into the system index of `.integration_knowledge`\n>5. Update the package and verify that the KB documents are updated by\nchecking the response again, they should have the updated pkgVersion on\nthe associated docs.\n>6. Remove the package and then verify (using the endpoint) that the\ndocs are removed from the index\n\n2 - Ask the AI Assistant about information contained in the integration\ndocuments\n\n3- check that the documents are listed on the response of executed the\nfunction context inside learnings\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [ ] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>\nCo-authored-by: Sandra G <[email protected]>","sha":"15878ad8a124539d4698de2510fd5d6ad90b8d38"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.3.0","branchLabelMappingKey":"^v9.3.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/237085","number":237085,"mergeCommit":{"message":"[Obs AI Assistant] aware of new .integration_knowledge* system index (#237085)\n\nCloses https://github.com/elastic/obs-ai-assistant-team/issues/357\n## Summary\n\nThis PR adds the awareness of `.integration_knowledge*` index as another\nindex for recalling. The Obs AI Assistant will retrieve integration\nknowledge from the index\n\nValue added to the Obs AI Assistant\n(https://github.com/elastic/obs-ai-assistant-team/issues/357#issuecomment-3303692842):\n> The assistant will become aware of LLM-facing documentation for any\ninstalled integrations in the user's cluster. For example, the Logstash\nintegration might ship documentation that explains how to understand the\nhealth reporting metrics collected by the integration and the assistant\ncould answer prompts like \"why was my logstash server down yesterday?\"\nusing the user's real data.\n\nManual Testing: \n1 -> Follow the instructions from\nhttps://github.com//pull/230107#issue-3281157774:\n\n> 1. If elastic/elasticsearch#132506 has been\nmerged, run `yarn es snapshot` in Kibana, otherwise, checkout that\nbranch in your local ES and then in kibana run `yarn es source` in order\nto use that version of ES which contains the index management, mappings,\netc.\n>2. Install a package with any number of knowledge base docs in the\n`docs/knowledge_base` folder. You can use [this sample\npackage](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip),\nor create your own following the guide below:\n>\n> - Using `elastic-package`, create a new package using `elastic-package\ncreate integration`\n- Once created add `knowledge_base` as a folder inside of the generated\n`docs` folder of the integration\n- Add an arbitrary amount of `.md` files to the knowledge_base folder\n - Run `elastic-package build` to build the package\n- There are a lot of different options for installing the package in a\nlocal kibana instance. I prefer to just take the generated .zip folder\nfrom `/build` in `elastic-package` and upload it to kibana using the\ncustom integrations feature. You can also expose the package registry,\nor whatever you see fit.\n>3. Watch the Kibana logs for errors/debug messages etc\n>4. Use the new endpoint or just directly check the index using `GET\n/.integration_knowledge/_search` to verify that the documents are\ningested into the system index of `.integration_knowledge`\n>5. Update the package and verify that the KB documents are updated by\nchecking the response again, they should have the updated pkgVersion on\nthe associated docs.\n>6. Remove the package and then verify (using the endpoint) that the\ndocs are removed from the index\n\n2 - Ask the AI Assistant about information contained in the integration\ndocuments\n\n3- check that the documents are listed on the response of executed the\nfunction context inside learnings\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [ ] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [ ]\n[Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html)\nwas added for features that require explanation or tutorials\n- [ ] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [ ] If a plugin configuration key changed, check if it needs to be\nallowlisted in the cloud and added to the [docker\nlist](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker)\n- [ ] This was checked for breaking HTTP API changes, and any breaking\nchanges have been approved by the breaking-change committee. The\n`release_note:breaking` label should be applied in these situations.\n- [ ] [Flaky Test\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\nused on any tests changed\n- [ ] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n- [ ] Review the [backport\nguidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing)\nand apply applicable `backport:*` labels.\n\n### Identify risks\n\nDoes this PR introduce any risks? For example, consider risks like hard\nto test bugs, performance regression, potential of data loss.\n\nDescribe the risk, its severity, and mitigation for each identified\nrisk. Invite stakeholders and evaluate how to proceed before merging.\n\n- [ ] [See some risk\nexamples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx)\n- [ ] ...\n\n---------\n\nCo-authored-by: kibanamachine <[email protected]>\nCo-authored-by: Sandra G <[email protected]>","sha":"15878ad8a124539d4698de2510fd5d6ad90b8d38"}}]}] BACKPORT--> --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Sandra G <[email protected]> Co-authored-by: Viduni Wickramarachchi <[email protected]>
mgadewoll
pushed a commit
to tkajtoch/kibana
that referenced
this pull request
Oct 17, 2025
…lastic#237085) Closes elastic/obs-ai-assistant-team#357 ## Summary This PR adds the awareness of `.integration_knowledge*` index as another index for recalling. The Obs AI Assistant will retrieve integration knowledge from the index Value added to the Obs AI Assistant (elastic/obs-ai-assistant-team#357 (comment)): > The assistant will become aware of LLM-facing documentation for any installed integrations in the user's cluster. For example, the Logstash integration might ship documentation that explains how to understand the health reporting metrics collected by the integration and the assistant could answer prompts like "why was my logstash server down yesterday?" using the user's real data. Manual Testing: 1 -> Follow the instructions from elastic#230107 (comment): > 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. >2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: > > - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. >3. Watch the Kibana logs for errors/debug messages etc >4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` >5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. >6. Remove the package and then verify (using the endpoint) that the docs are removed from the index 2 - Ask the AI Assistant about information contained in the integration documents 3- check that the documents are listed on the response of executed the function context inside learnings ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Sandra G <[email protected]>
rylnd
pushed a commit
to rylnd/kibana
that referenced
this pull request
Oct 17, 2025
…lastic#237085) Closes elastic/obs-ai-assistant-team#357 ## Summary This PR adds the awareness of `.integration_knowledge*` index as another index for recalling. The Obs AI Assistant will retrieve integration knowledge from the index Value added to the Obs AI Assistant (elastic/obs-ai-assistant-team#357 (comment)): > The assistant will become aware of LLM-facing documentation for any installed integrations in the user's cluster. For example, the Logstash integration might ship documentation that explains how to understand the health reporting metrics collected by the integration and the assistant could answer prompts like "why was my logstash server down yesterday?" using the user's real data. Manual Testing: 1 -> Follow the instructions from elastic#230107 (comment): > 1. If elastic/elasticsearch#132506 has been merged, run `yarn es snapshot` in Kibana, otherwise, checkout that branch in your local ES and then in kibana run `yarn es source` in order to use that version of ES which contains the index management, mappings, etc. >2. Install a package with any number of knowledge base docs in the `docs/knowledge_base` folder. You can use [this sample package](https://github.com/user-attachments/files/21867395/masonstestpackage-0.0.1.zip), or create your own following the guide below: > > - Using `elastic-package`, create a new package using `elastic-package create integration` - Once created add `knowledge_base` as a folder inside of the generated `docs` folder of the integration - Add an arbitrary amount of `.md` files to the knowledge_base folder - Run `elastic-package build` to build the package - There are a lot of different options for installing the package in a local kibana instance. I prefer to just take the generated .zip folder from `/build` in `elastic-package` and upload it to kibana using the custom integrations feature. You can also expose the package registry, or whatever you see fit. >3. Watch the Kibana logs for errors/debug messages etc >4. Use the new endpoint or just directly check the index using `GET /.integration_knowledge/_search` to verify that the documents are ingested into the system index of `.integration_knowledge` >5. Update the package and verify that the KB documents are updated by checking the response again, they should have the updated pkgVersion on the associated docs. >6. Remove the package and then verify (using the endpoint) that the docs are removed from the index 2 - Ask the AI Assistant about information contained in the integration documents 3- check that the documents are listed on the response of executed the function context inside learnings ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --------- Co-authored-by: kibanamachine <[email protected]> Co-authored-by: Sandra G <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
7 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
gradle check? YESSummary
With the work in 230107, fleet is working with a new system index called
integration_knowledge,kibana_systemneeds the correct privileges in order for fleet to be able to create, write, and read this new index. We also need ES to manage the new index so that we can utilize the versioning, etc provided for other fleet system indices. The new index is used to store knowledge base documents from packages so that AI assistants (o11y and security) can consume these knowledge base documents and provide better tailored responses.