/*! Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one or more contributor license agreements.
 * Licensed under the Elastic License 2.0; you may not use this file except in compliance with the Elastic License 2.0. */
(window.osquery_bundle_jsonpfunction=window.osquery_bundle_jsonpfunction||[]).push([[0],{102:function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(6),s=a(1),i=a.n(s),l=a(48),r=a(46),o=a(103),c=a(4),u=a(0);const d=({agentId:e})=>{var t;const a=Object(c.e)().services.application.getUrlForApp,{data:s}=Object(o.a)({agentId:e,skip:!e});return Object(u.jsx)(n.EuiToolTip,{position:"top",content:Object(u.jsx)("p",null,e)},Object(u.jsx)(n.EuiLink,{className:"eui-textTruncate",href:a(l.PLUGIN_ID,{path:r.pagePathGetters.agent_details({agentId:e})[1]}),target:"_blank"},null!==(t=null==s?void 0:s.local_metadata.host.name)&&void 0!==t?t:e))},b=i.a.memo(d)},103:function(e,t,a){"use strict";a.d(t,"a",(function(){return o}));var n=a(8),s=a(11),i=a(2),l=a(17),r=a(4);const o=({agentId:e,silent:t,skip:a})=>{const{http:o}=Object(r.e)().services,c=Object(l.a)();return Object(s.useQuery)(["agentDetails",e],(()=>o.get(`/internal/osquery/fleet_wrapper/agents/${e}`,{version:i.a.internal.v1})),{enabled:!a,retry:!1,select:e=>null==e?void 0:e.item,onSuccess:()=>c(),onError:e=>!t&&c(e,{title:n.i18n.translate("xpack.osquery.agentDetails.fetchError",{defaultMessage:"Error while fetching agent details"})})})}},104:function(e,t,a){"use strict";a.d(t,"b",(function(){return o})),a.d(t,"a",(function(){return c}));var n=a(1),s=a.n(n),i=a(75),l=a(71),r=a(0);const o=({actionId:e,agentIds:t,queryId:a})=>{const[s,o]=Object(n.useState)(!1),{data:u}=Object(l.a)({actionId:e,isLive:s,...a?{queryIds:[a]}:{}});return Object(n.useLayoutEffect)((()=>{o((()=>!("completed"===(null==u?void 0:u.status))))}),[null==u?void 0:u.status]),Object(r.jsx)(c.Provider,{value:!0},Object(r.jsx)(i.a,{actionId:e,queryId:a,data:null==u?void 0:u.queries,startDate:null==u?void 0:u["@timestamp"],expirationDate:null==u?void 0:u.expiration,agentIds:t}))},c=s.a.createContext(!1)},119:function(e,t,a){"use strict";a.d(t,"a",(function(){return M}));var n=a(6),s=a(1),i=a.n(s),l=a(20),r=a(8),o=a(14),c=a(46),u=a(82),d=a(11),b=a(45),p=a(23),j=a(4),m=a(19),g=a(17),O=a(22);const v=({actionId:e,activePage:t,agentIds:a,direction:n,limit:s,sortField:i,filterQuery:o,skip:c=!1,isLive:u=!1})=>{var v;const{data:x}=Object(j.e)().services,f=Object(g.a)();return Object(d.useQuery)(["actionResults",{actionId:e}],(async()=>{var r,c,u,d,j,g,v,f,y,h,I,k,E,T,w,q,S;const C=await Object(b.lastValueFrom)(x.search.search({actionId:e,factoryQueryType:m.b.actionResults,filterQuery:Object(p.a)(o),pagination:Object(p.b)(t,s),sort:{direction:n,field:i}},{strategy:"osquerySearchStrategy"})),_=null!==(r=null===(c=C.rawResponse)||void 0===c||null===(u=c.aggregations)||void 0===u||null===(d=u.aggs.responses_by_action_id)||void 0===d?void 0:d.doc_count)&&void 0!==r?r:0,D=null!==(j=null===(g=C.rawResponse)||void 0===g||null===(v=g.aggregations)||void 0===v||null===(f=v.aggs.responses_by_action_id)||void 0===f||null===(y=f.rows_count)||void 0===y?void 0:y.value)&&void 0!==j?j:0,A=null===(h=C.rawResponse)||void 0===h||null===(I=h.aggregations)||void 0===I||null===(k=I.aggs.responses_by_action_id)||void 0===k?void 0:k.responses.buckets,R=O.a.getQueryData(["actionResults",{actionId:e}]),F=null!=R&&R.edges.length?null==R?void 0:R.edges:null!==(E=null==a?void 0:a.map((e=>({fields:{agent_id:[e]}}))))&&void 0!==E?E:[];return{...C,edges:Object(l.reverse)(Object(l.uniqBy)("fields.agent_id[0]",Object(l.flatten)([C.edges,F]))),aggregations:{totalRowCount:D,totalResponded:_,successful:null!==(T=null==A||null===(w=A.find((e=>"success"===e.key)))||void 0===w?void 0:w.doc_count)&&void 0!==T?T:0,failed:null!==(q=null==A||null===(S=A.find((e=>"error"===e.key)))||void 0===S?void 0:S.doc_count)&&void 0!==q?q:0},inspect:Object(p.c)(C,{})}}),{initialData:{edges:[],aggregations:{totalResponded:0,successful:0,pending:null!==(v=null==a?void 0:a.length)&&void 0!==v?v:0,failed:0}},refetchInterval:!!u&&5e3,keepPreviousData:!0,enabled:!c&&!(null==a||!a.length),onSuccess:()=>f(),onError:e=>f(e,{title:r.i18n.translate("xpack.osquery.action_results.fetchError",{defaultMessage:"Error while fetching action results"})})})};r.i18n.translate("xpack.osquery.results.errorSearchDescription",{defaultMessage:"An error has occurred on all results search"}),r.i18n.translate("xpack.osquery.results.failSearchDescription",{defaultMessage:"Failed to fetch results"});var x=a(122),f=a(84),y=a(9),h=a(98),I=a(0);const k=Object(s.createContext)([]),E={":not(.euiDataGrid--fullScreen)":{".euiDataGrid__virtualized":{height:"100% !important",maxHeight:"500px"}}},T={marginTop:"-2px"},w={width:"100%",maxWidth:"1200px"},q=({actionId:e,agentIds:t,ecsMapping:a,startDate:O,endDate:q,liveQueryActionId:S,error:C})=>{var _;const[D,A]=Object(s.useState)(!0),{data:R}=Object(f.a)(),{data:{aggregations:F}}=v({actionId:e,activePage:0,agentIds:t,limit:0,direction:m.a.asc,sortField:"@timestamp",isLive:D,skip:!R}),M=Object(s.useMemo)((()=>!!q&&new Date(q)<new Date),[q]),{application:{getUrlForApp:z},appName:P,timelines:B}=Object(j.e)().services,L=Object(s.useCallback)((e=>z("fleet",{path:c.pagePathGetters.agent_details({agentId:e})[1]})),[z]),[Q,N]=Object(s.useState)({pageIndex:0,pageSize:50}),$=Object(s.useCallback)((e=>N((t=>({...t,pageSize:e,pageIndex:0})))),[N]),G=Object(s.useCallback)((e=>N((t=>({...t,pageIndex:e})))),[N]),[U,V]=Object(s.useState)([{id:"agent.name",direction:m.a.asc}]),[H,W]=Object(s.useState)([]),{data:J,isLoading:K}=(({actionId:e,activePage:t,limit:a,sort:n,filterQuery:s,skip:i=!1,isLive:l=!1})=>{const{data:o}=Object(j.e)().services,c=Object(g.a)();return Object(d.useQuery)(["allActionResults",{actionId:e,activePage:t,limit:a,sort:n}],(async()=>{var i,l;const r=await Object(b.lastValueFrom)(o.search.search({actionId:e,factoryQueryType:m.b.results,filterQuery:Object(p.a)(s),pagination:Object(p.b)(t,a),sort:n},{strategy:"osquerySearchStrategy"}));if((null==r||null===(i=r.edges)||void 0===i||!i.length)&&r.total)throw new Error("Empty edges while positive totalCount");return{...r,columns:Object.keys((null===(l=r.edges)||void 0===l?void 0:l.length)&&r.edges[0].fields||{}).sort(),inspect:Object(p.c)(r,{})}}),{keepPreviousData:!0,refetchInterval:!!l&&5e3,enabled:!i,onSuccess:()=>c(),onError:e=>c(e,{title:r.i18n.translate("xpack.osquery.results.fetchError",{defaultMessage:"Error while fetching results"})})})})({actionId:e,activePage:Q.pageIndex,limit:Q.pageSize,isLive:D,sort:U.map((e=>({field:e.id,direction:e.direction}))),skip:!R}),[Y,Z]=Object(s.useState)([]),X=Object(s.useMemo)((()=>({visibleColumns:Y,setVisibleColumns:Z})),[Y,Z]),ee=Object(s.useMemo)((()=>Object(l.keys)(a||{})),[a]),te=Object(s.useMemo)((()=>({rowIndex:e,columnId:t})=>{var a;const i=Object(s.useContext)(k),r=null===(a=i[e%Q.pageSize])||void 0===a?void 0:a.fields[t];if("agent.name"===t){var o;const t=null===(o=i[e%Q.pageSize])||void 0===o?void 0:o.fields["agent.id"];return Object(I.jsx)(n.EuiLink,{href:L(t)},r)}if(ee.includes(t)){var c;const a=Object(l.get)(t,null===(c=i[e%Q.pageSize])||void 0===c?void 0:c._source);if(Object(l.isArray)(a)||Object(l.isObject)(a))try{return JSON.stringify(a,null,2)}catch(e){}return null!=a?a:"-"}return Object(l.isEmpty)(r)?"-":r}),[ee,L,Q.pageSize]),ae=Object(s.useMemo)((()=>({columns:U,onSort:V})),[U]),ne=Object(s.useMemo)((()=>({...Q,pageSizeOptions:[10,50,100],onChangeItemsPerPage:$,onChangePage:G})),[$,G,Q]),se=Object(s.useMemo)((()=>{if(a)return Object(l.reduce)(((e,[t,a])=>{var n;return null!=a&&a.field&&(e[null==a?void 0:a.field]=[...null!==(n=e[null==a?void 0:a.field])&&void 0!==n?n:[],t]),e}),{},Object.entries(a))}),[a]),ie=Object(s.useCallback)((e=>{if(se&&se[e])return Object(I.jsx)(i.a.Fragment,null,e," ",Object(I.jsx)(n.EuiIconTip,{size:"s",content:Object(I.jsx)(i.a.Fragment,null,Object(I.jsx)(o.FormattedMessage,{id:"xpack.osquery.liveQueryResults.table.fieldMappedLabel",defaultMessage:"Field is mapped to"}),":",Object(I.jsx)("ul",null,se[e].map((e=>Object(I.jsx)("li",{key:e},e))))),type:"indexMapping"}))}),[se]);Object(s.useEffect)((()=>{if(null==J||!J.columns.length)return;const e=["agent.name",...ee.sort(),...(null==J?void 0:J.columns)||[]],t=e.reduce(((t,a)=>{const{data:n,seen:s}=t;if("agent.name"===a)return s.has(a)||(n.push({id:a,displayAsText:r.i18n.translate("xpack.osquery.liveQueryResults.table.agentColumnTitle",{defaultMessage:"agent"}),defaultSortDirection:m.a.asc}),s.add(a)),t;if(ee.includes(a))return s.has(a)||(n.push({id:a,displayAsText:a,defaultSortDirection:m.a.asc}),s.add(a)),t;if(a.startsWith("osquery.")){const i=a.split(".")[1],l=e.includes(`${a}.number`);if(!s.has(i)){const e=l?a+".number":a;n.push({id:e,displayAsText:i,display:ie(i),defaultSortDirection:m.a.asc,...l?{schema:"numeric"}:{}}),s.add(i)}return t}return t}),{data:[],seen:new Set}).data;W((e=>Object(l.isEqual)(Object(l.map)("id",e),Object(l.map)("id",t))?e:t)),Z(Object(l.map)("id",t))}),[null==J?void 0:J.columns.length,ee,ie]);const le=Object(s.useMemo)((()=>{const e=null==J?void 0:J.edges;return B&&e?[{id:"timeline",width:38,headerCellRender:()=>null,rowCellRender:t=>{var a;const{visibleRowIndex:n}=t,s=null===(a=e[n])||void 0===a?void 0:a._id;return Object(I.jsx)(u.a,{field:"_id",value:s,isIcon:!0})}}]:[]}),[null==J?void 0:J.edges,B]),re=Object(s.useMemo)((()=>({showDisplaySelector:!1,showFullScreenSelector:P===y.PLUGIN_NAME,additionalControls:Object(I.jsx)(i.a.Fragment,null,Object(I.jsx)(x.c,{actionId:e,buttonType:x.b.button,endDate:q,startDate:O}),Object(I.jsx)(x.d,{actionId:e,buttonType:x.b.button,endDate:q,startDate:O}),Object(I.jsx)(u.a,{field:"action_id",value:e}),S&&Object(I.jsx)(h.a,{actionId:S,queryId:e,agentIds:t}))})),[e,t,P,q,S,O]);return Object(s.useEffect)((()=>A((()=>!(null==t||!t.length||M||C||F.totalResponded===(null==t?void 0:t.length)&&(null==J?void 0:J.total)===(null==F?void 0:F.totalRowCount)&&(null==J||!J.total||null!=J&&J.edges.length))))),[null==t?void 0:t.length,F.totalResponded,null==F?void 0:F.totalRowCount,null==J?void 0:J.edges.length,null==J?void 0:J.total,C,M]),K?Object(I.jsx)(n.EuiSkeletonText,{lines:5}):R?Object(I.jsx)(i.a.Fragment,null,D&&Object(I.jsx)(n.EuiProgress,{color:"primary",size:"xs",css:T}),null!=J&&J.edges.length?Object(I.jsx)(k.Provider,{value:null==J?void 0:J.edges},Object(I.jsx)("div",{css:w},Object(I.jsx)(n.EuiDataGrid,{css:E,"data-test-subj":"osqueryResultsTable","aria-label":"Osquery results",columns:H,columnVisibility:X,rowCount:null!==(_=null==J?void 0:J.total)&&void 0!==_?_:0,renderCellValue:te,leadingControlColumns:le,sorting:ae,pagination:ne,toolbarVisibility:re}))):Object(I.jsx)(n.EuiPanel,{hasShadow:!1,"data-test-subj":"osqueryResultsPanel"},Object(I.jsx)(n.EuiCallOut,{title:(oe=F.totalResponded,r.i18n.translate("xpack.osquery.results.multipleAgentsResponded",{defaultMessage:"{agentsResponded, plural, one {# agent has} other {# agents have}} responded, no osquery data has been reported.",values:{agentsResponded:oe}}))}))):Object(I.jsx)(n.EuiCallOut,{title:Object(I.jsx)(o.FormattedMessage,{id:"xpack.osquery.liveQuery.permissionDeniedPromptTitle",defaultMessage:"Permission denied"}),color:"danger",iconType:"warning"},Object(I.jsx)("p",null,Object(I.jsx)(o.FormattedMessage,{id:"xpack.osquery.liveQuery.permissionDeniedPromptBody",defaultMessage:"To view query results, ask your administrator to update your user role to have index {read} privileges on the {logs} index.",values:{read:Object(I.jsx)(n.EuiCode,null,"read"),logs:Object(I.jsx)(n.EuiCode,null,"logs-",y.OSQUERY_INTEGRATION_NAME,".result*")}})));var oe},S=i.a.memo(q);var C=a(102);const _=e=>Object(I.jsx)(n.EuiCodeBlock,{language:"shell",fontSize:"s",paddingSize:"none",transparentBackground:!0},e),D=({actionId:e,expirationDate:t,agentIds:a,error:i})=>{const[l]=Object(s.useState)(0),[o]=Object(s.useState)(50),c=Object(s.useMemo)((()=>!!t&&new Date(t)<new Date),[t]),[u,d]=Object(s.useState)(!0),{data:b}=Object(f.a)(),{data:{aggregations:p,edges:j}}=v({actionId:e,activePage:l,agentIds:a,limit:o,direction:m.a.asc,sortField:"@timestamp",isLive:u,skip:!b});Object(s.useEffect)((()=>{i?j.forEach((e=>{e.fields&&(e.fields["error.skipped"]=e.fields.error=[i])})):c&&j.forEach((e=>{var t;null!==(t=e.fields)&&void 0!==t&&t.completed_at||!e.fields||(e.fields["error.keyword"]=e.fields.error=[r.i18n.translate("xpack.osquery.liveQueryActionResults.table.expiredErrorText",{defaultMessage:"The action request timed out."})])}))}),[j,i,c]);const g=Object(s.useCallback)((e=>Object(I.jsx)(C.a,{agentId:e})),[]),O=Object(s.useCallback)((e=>null!=e?e:"-"),[]),x=Object(s.useCallback)(((e,t)=>t.fields["error.skipped"]?r.i18n.translate("xpack.osquery.liveQueryActionResults.table.skippedStatusText",{defaultMessage:"skipped"}):t.fields.completed_at?t.fields["error.keyword"]?r.i18n.translate("xpack.osquery.liveQueryActionResults.table.errorStatusText",{defaultMessage:"error"}):r.i18n.translate("xpack.osquery.liveQueryActionResults.table.successStatusText",{defaultMessage:"success"}):c?r.i18n.translate("xpack.osquery.liveQueryActionResults.table.expiredStatusText",{defaultMessage:"expired"}):r.i18n.translate("xpack.osquery.liveQueryActionResults.table.pendingStatusText",{defaultMessage:"pending"})),[c]),y=Object(s.useMemo)((()=>[{field:"status",name:r.i18n.translate("xpack.osquery.liveQueryActionResults.table.statusColumnTitle",{defaultMessage:"Status"}),render:x},{field:"fields.agent_id[0]",name:r.i18n.translate("xpack.osquery.liveQueryActionResults.table.agentIdColumnTitle",{defaultMessage:"Agent Id"}),truncateText:!0,render:g},{field:"_source.action_response.osquery.count",name:r.i18n.translate("xpack.osquery.liveQueryActionResults.table.resultRowsNumberColumnTitle",{defaultMessage:"Number of result rows"}),render:O},{field:"fields.error[0]",name:r.i18n.translate("xpack.osquery.liveQueryActionResults.table.errorColumnTitle",{defaultMessage:"Error"}),render:_}]),[g,O,x]),h=Object(s.useMemo)((()=>({initialPageSize:20,pageSizeOptions:[10,20,50,100]})),[]);return Object(s.useEffect)((()=>{d((()=>!(null==a||!a.length||c||i||p.totalResponded===(null==a?void 0:a.length))))}),[null==a?void 0:a.length,p.totalResponded,i,c]),j.length?Object(I.jsx)(n.EuiInMemoryTable,{loading:u,items:j,columns:y,pagination:h}):null},A=i.a.memo(D),R={"div.euiTabs":{paddingLeft:"8px"}},F=({actionId:e,agentIds:t,ecsMapping:a,endDate:i,failedAgentsCount:l,startDate:r,liveQueryActionId:o,error:c})=>{const u=Object(s.useMemo)((()=>[{id:"results",name:"Results","data-test-subj":"osquery-results-tab",content:Object(I.jsx)(S,{actionId:e,agentIds:t,ecsMapping:a,startDate:r,endDate:i,liveQueryActionId:o,error:c})},{id:"status",name:"Status","data-test-subj":"osquery-status-tab",content:Object(I.jsx)(A,{actionId:e,agentIds:t,expirationDate:i,error:c}),append:l?Object(I.jsx)(n.EuiNotificationBadge,{className:"eui-alignCenter",size:"m"},l):null}]),[e,t,a,r,i,o,c,l]);return Object(I.jsx)(n.EuiTabbedContent,{css:R,tabs:u,initialSelectedTab:u[0],autoFocus:"selected",expand:!1})},M=i.a.memo(F)},122:function(e,t,a){"use strict";a.d(t,"b",(function(){return D})),a.d(t,"d",(function(){return F})),a.d(t,"c",(function(){return z})),a.d(t,"a",(function(){return J}));var n=a(1),s=a.n(n),i=a(6),l=a(8),r=a(14),o=a(47),c=a.n(o),u=a(52),d=a(50),b=a(68),p=a(4),j=a(57),m=a(146),g=a(102),O=a(11),v=a(45),x=a(53),f=a(70);const y=({actionId:e,interval:t,skip:a=!1})=>{const n=Object(p.e)().services.data,{data:s}=Object(f.a)({skip:a});return Object(O.useQuery)(["scheduledQueryErrors",{actionId:e,interval:t}],(async()=>{const a=await n.search.searchSource.create({fields:["*"],sort:[{"@timestamp":x.SortDirection.desc}],query:{bool:{filter:[{match_phrase:{message:"Error"}},{match_phrase:{"data_stream.dataset":"elastic_agent.osquerybeat"}},{match_phrase:{message:e}},{range:{"@timestamp":{gte:`now-${2*t}s`,lte:"now"}}}]}},size:1e3});return a.setField("index",s),Object(v.lastValueFrom)(a.fetch$())}),{keepPreviousData:!0,enabled:!(a||!e||!t||!s),select:e=>{var t;return null!==(t=e.rawResponse.hits)&&void 0!==t?t:[]},refetchOnReconnect:!1,refetchOnWindowFocus:!1})};var h=a(0);const I=l.i18n.translate("xpack.osquery.pack.queriesTable.viewLogsErrorsActionAriaLabel",{defaultMessage:"View in Logs"}),k=({actionId:e,agentId:t,timestamp:a})=>{const s=Object(p.e)().services.application.navigateToApp,l=Object(n.useCallback)((n=>{const i=!(!Object(p.d)(n)&&Object(p.c)(n));n.preventDefault();const l=Object(m.stringify)({logPosition:Object(j.encode)({end:a,streamLive:!1}),logFilter:Object(j.encode)({expression:`elastic_agent.id:${t} and (data_stream.dataset:elastic_agent or data_stream.dataset:elastic_agent.osquerybeat) and "${e}"`,kind:"kuery"})});s("logs",{path:`stream?${l}`,openInNewTab:i})}),[e,t,s,a]);return Object(h.jsx)(i.EuiToolTip,{content:I},Object(h.jsx)(i.EuiButtonIcon,{iconType:"search",onClick:l,"aria-label":I}))},E=s.a.memo(k),T=e=>Object(h.jsx)(i.EuiCodeBlock,{fontSize:"s",paddingSize:"none",transparentBackground:!0},e),w=({actionId:e,interval:t})=>{var a;const{data:s}=y({actionId:e,interval:t}),r=Object(n.useCallback)((e=>Object(h.jsx)(g.a,{agentId:e})),[]),o=Object(n.useCallback)((t=>Object(h.jsx)(E,{actionId:e,agentId:null==t?void 0:t.fields["elastic_agent.id"][0],timestamp:null==t?void 0:t.fields["event.ingested"][0]})),[e]),c=Object(n.useMemo)((()=>[{field:"fields.@timestamp",name:"@timestamp",width:"220px"},{field:'fields["elastic_agent.id"][0]',name:l.i18n.translate("xpack.osquery.scheduledQueryErrorsTable.agentIdColumnTitle",{defaultMessage:"Agent Id"}),truncateText:!0,render:r,width:"15%"},{field:"fields.message[0]",name:l.i18n.translate("xpack.osquery.scheduledQueryErrorsTable.errorColumnTitle",{defaultMessage:"Error"}),render:T},{width:"50px",actions:[{render:o}]}]),[r,o]);return Object(h.jsx)(i.EuiInMemoryTable,{items:null!==(a=null==s?void 0:s.hits)&&void 0!==a?a:[],columns:c,pagination:!0})},q=s.a.memo(w);var S=a(83);const C=l.i18n.translate("xpack.osquery.pack.queriesTable.viewDiscoverResultsActionAriaLabel",{defaultMessage:"View in Discover"}),_=l.i18n.translate("xpack.osquery.pack.queriesTable.viewLensResultsActionAriaLabel",{defaultMessage:"View in Lens"});let D;function A(e,t){const a={columnOrder:["8690befd-fd69-4246-af4a-dd485d2a3b38","ed999e9d-204c-465b-897f-fe1a125b39ed"],columns:{"8690befd-fd69-4246-af4a-dd485d2a3b38":{sourceField:"type",isBucketed:!0,dataType:"string",scale:"ordinal",operationType:"terms",label:"Top values of type",params:{otherBucket:!0,size:5,missingBucket:!1,orderBy:{columnId:"ed999e9d-204c-465b-897f-fe1a125b39ed",type:"column"},orderDirection:"desc"}},"ed999e9d-204c-465b-897f-fe1a125b39ed":{sourceField:u.DOCUMENT_FIELD_NAME,isBucketed:!1,dataType:"number",scale:"ratio",operationType:"count",label:"Count of records"}},incompleteColumns:{}};return{visualizationType:"lnsPie",title:`Action ${t} results`,references:[{id:e.id,name:"indexpattern-datasource-current-indexpattern",type:"index-pattern"},{id:e.id,name:"indexpattern-datasource-layer-layer1",type:"index-pattern"},{name:"filter-index-pattern-0",id:e.id,type:"index-pattern"}],state:{datasourceStates:{formBased:{layers:{layer1:a}}},filters:[{$state:{store:d.FilterStateStore.APP_STATE},meta:{index:"filter-index-pattern-0",negate:!1,alias:null,disabled:!1,params:{query:t},type:"phrase",key:"action_id"},query:{match_phrase:{action_id:t}}}],query:{language:"kuery",query:""},visualization:{shape:"pie",layers:[{layerType:"data",legendDisplay:"default",nestedLegend:!1,layerId:"layer1",metrics:["ed999e9d-204c-465b-897f-fe1a125b39ed"],numberDisplay:"percent",primaryGroups:["8690befd-fd69-4246-af4a-dd485d2a3b38"],categoryDisplay:"default"}]}}}}!function(e){e.icon="icon",e.button="button"}(D||(D={}));const R=({actionId:e,buttonType:t,endDate:a,startDate:s,mode:l})=>{const r=Object(p.e)().services.lens,o=null==r?void 0:r.canUseEditor(),{data:c}=Object(f.a)({skip:!e,checkOnly:!0}),u=Object(n.useCallback)((t=>{t.preventDefault(),null!=c&&c.id&&(null==r||r.navigateToPrefilledEditor({id:"",timeRange:{from:null!=s?s:"now-1d",to:null!=a?a:"now",mode:(null!=l?l:s||a)?"absolute":"relative"},attributes:A(c,e)},{openInNewTab:!0,skipAppLeave:!0}))}),[e,a,r,c,l,s]);return o?t===D.button?Object(h.jsx)(i.EuiButtonEmpty,{size:"xs",iconType:"lensApp",onClick:u,isDisabled:!c},_):Object(h.jsx)(i.EuiToolTip,{content:_},Object(h.jsx)(i.EuiButtonIcon,{iconType:"lensApp",isDisabled:!c,onClick:u,"aria-label":_})):null},F=s.a.memo(R),M=({actionId:e,buttonType:t,endDate:a,startDate:s})=>{const{discover:l,application:r}=Object(p.e)().services,o=null==l?void 0:l.locator,c=r.capabilities.discover,{data:u}=Object(f.a)({skip:!e,checkOnly:!0}),[b,j]=Object(n.useState)("");return Object(n.useEffect)((()=>{(async()=>{if(!o||!u)return;const t=await o.getUrl({indexPatternId:u.id,filters:[{meta:{index:u.id,alias:null,negate:!1,disabled:!1,type:"phrase",key:"action_id",params:{query:e}},query:{match_phrase:{action_id:e}},$state:{store:d.FilterStateStore.APP_STATE}}],refreshInterval:{pause:!0,value:0},timeRange:s&&a?{to:a,from:s,mode:"absolute"}:{to:"now",from:"now-1d",mode:"relative"}});j(t)})()}),[e,a,s,o,u]),c.show?t===D.button?Object(h.jsx)(i.EuiButtonEmpty,{size:"xs",iconType:"discoverApp",href:b,target:"_blank",isDisabled:!u},C):Object(h.jsx)(i.EuiToolTip,{content:C},Object(h.jsx)(i.EuiButtonIcon,{iconType:"discoverApp","aria-label":C,href:b,target:"_blank",isDisabled:!u})):null},z=s.a.memo(M),P=s.a.memo((({actionId:e,agentIds:t,interval:a})=>Object(h.jsx)(i.EuiFlexGroup,{direction:"column",gutterSize:"xl"},Object(h.jsx)(i.EuiFlexItem,null,Object(h.jsx)(i.EuiSpacer,{size:"m"}),Object(h.jsx)(i.EuiPanel,{paddingSize:"s",hasBorder:!0,hasShadow:!1},Object(h.jsx)(q,{actionId:e,agentIds:t,interval:a})),Object(h.jsx)(i.EuiSpacer,{size:"m"})))));P.displayName="ScheduledQueryExpandedContent";const B=({actionId:e,interval:t})=>{const{data:a,isLoading:n}=Object(S.a)({actionId:e,interval:t});return n?Object(h.jsx)(i.EuiLoadingSpinner,null):a?Object(h.jsx)(i.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},Object(h.jsx)(i.EuiFlexItem,{grow:4},null!=a&&a["@timestamp"]?Object(h.jsx)(i.EuiToolTip,{content:Object(h.jsx)(s.a.Fragment,null,Object(h.jsx)(r.FormattedDate,{value:a["@timestamp"],year:"numeric",month:"short",day:"2-digit"})," ",Object(h.jsx)(r.FormattedTime,{value:a["@timestamp"],timeZoneName:"short"}))},Object(h.jsx)(r.FormattedRelative,{value:a["@timestamp"]})):"-")):Object(h.jsx)(s.a.Fragment,null,"-")},L=({actionId:e,interval:t})=>{var a;const{data:n,isLoading:l}=Object(S.a)({actionId:e,interval:t});return l?Object(h.jsx)(i.EuiLoadingSpinner,null):n?Object(h.jsx)(i.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},Object(h.jsx)(i.EuiFlexItem,{grow:!1},Object(h.jsx)(i.EuiNotificationBadge,{color:"subdued"},null!==(a=null==n?void 0:n.docCount)&&void 0!==a?a:0))):Object(h.jsx)(s.a.Fragment,null,"-")},Q=({actionId:e,interval:t})=>{var a;const{data:n,isLoading:l}=Object(S.a)({actionId:e,interval:t});return l?Object(h.jsx)(i.EuiLoadingSpinner,{"data-test-subj":"docsLoading"}):n?Object(h.jsx)(i.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},Object(h.jsx)(i.EuiFlexItem,{grow:!1},Object(h.jsx)(i.EuiNotificationBadge,{color:"subdued"},null!==(a=null==n?void 0:n.uniqueAgentsCount)&&void 0!==a?a:0))):Object(h.jsx)(s.a.Fragment,null,"-")},N=({actionId:e,interval:t,queryId:a,toggleErrors:s,expanded:l})=>{var r;const o=Object(n.useCallback)((()=>s({queryId:a,interval:t})),[s,a,t]),{data:c,isLoading:u}=y({actionId:e,interval:t});return u?Object(h.jsx)(i.EuiLoadingSpinner,null):null!=c&&c.total?Object(h.jsx)(i.EuiFlexItem,{grow:!1},Object(h.jsx)(i.EuiFlexGroup,{gutterSize:"s",alignItems:"center",justifyContent:"flexEnd"},Object(h.jsx)(i.EuiFlexItem,{grow:!1},Object(h.jsx)(i.EuiNotificationBadge,{color:null!=c&&c.total?"accent":"subdued"},null!==(r=null==c?void 0:c.total)&&void 0!==r?r:0)),Object(h.jsx)(i.EuiFlexItem,{grow:!1},Object(h.jsx)(i.EuiButtonIcon,{isDisabled:!(null!=c&&c.total),onClick:o,iconType:l?"arrowUp":"arrowDown"})))):Object(h.jsx)("span",{"data-test-subj":"packResultsErrorsEmpty"},"-")},$=(e,t)=>`pack_${t}_${e}`,G=({item:e,packName:t})=>{const{id:a,interval:n}=e,s=$(a,t),{data:i}=Object(S.a)({actionId:s,interval:n}),l=null!=i&&i["@timestamp"]?c()(null==i?void 0:i["@timestamp"][0]).subtract(n,"seconds").toISOString():`now-${n}s`,r=null!=i&&i["@timestamp"]?c()(null==i?void 0:i["@timestamp"][0]).toISOString():"now";return Object(h.jsx)(z,{actionId:s,buttonType:D.icon,startDate:l,endDate:r,mode:null!=i&&i["@timestamp"][0]?"absolute":"relative"})},U=s.a.memo(G),V=({item:e,packName:t})=>{const{id:a,interval:n}=e,s=$(a,t),{data:i}=Object(S.a)({actionId:s,interval:n}),l=null!=i&&i["@timestamp"]?c()(null==i?void 0:i["@timestamp"][0]).subtract(n,"seconds").toISOString():`now-${n}s`,r=null!=i&&i["@timestamp"]?c()(null==i?void 0:i["@timestamp"][0]).toISOString():"now";return Object(h.jsx)(F,{actionId:s,buttonType:D.icon,startDate:l,endDate:r,mode:null!=i&&i["@timestamp"][0]?"absolute":"relative"})},H=s.a.memo(V),W=({agentIds:e,data:t,packName:a})=>{const[s,r]=Object(n.useState)({}),o=Object(n.useCallback)(((e,t)=>{const a=Object(b.a)(e),n=a.length>55?`${a.substring(0,55)}...`:a;return Object(h.jsx)(i.EuiToolTip,{title:t.id,content:Object(h.jsx)(i.EuiFlexItem,null,e)},Object(h.jsx)(i.EuiCodeBlock,{language:"sql",fontSize:"s",paddingSize:"none",transparentBackground:!0},n))}),[]),c=Object(n.useCallback)((({queryId:t,interval:n})=>{const i={...s};i[t]?delete i[t]:i[t]=Object(h.jsx)(P,{actionId:$(t,a),agentIds:e,interval:n}),r(i)}),[e,s,a]),u=Object(n.useCallback)((e=>Object(h.jsx)(B,{actionId:$(e.id,a),interval:e.interval})),[a]),d=Object(n.useCallback)((e=>Object(h.jsx)(L,{actionId:$(e.id,a),interval:e.interval})),[a]),p=Object(n.useCallback)((e=>Object(h.jsx)(Q,{actionId:$(e.id,a),interval:e.interval})),[a]),j=Object(n.useCallback)((e=>Object(h.jsx)(N,{queryId:e.id,interval:e.interval,actionId:$(e.id,a),toggleErrors:c,expanded:!!s[e.id]})),[s,a,c]),m=Object(n.useCallback)((e=>Object(h.jsx)(U,{item:e,packName:a})),[a]),g=Object(n.useCallback)((e=>Object(h.jsx)(H,{item:e,packName:a})),[a]),O=Object(n.useCallback)((e=>{var t;return null!==(t=e.id)&&void 0!==t?t:""}),[]),v=Object(n.useMemo)((()=>[{field:"id",name:l.i18n.translate("xpack.osquery.pack.queriesTable.idColumnTitle",{defaultMessage:"ID"}),width:"15%",truncateText:!0},{field:"interval",name:l.i18n.translate("xpack.osquery.pack.queriesTable.intervalColumnTitle",{defaultMessage:"Interval (s)"}),width:"80px"},{field:"query",name:l.i18n.translate("xpack.osquery.pack.queriesTable.queryColumnTitle",{defaultMessage:"Query"}),render:o,width:"40%"},{name:l.i18n.translate("xpack.osquery.pack.queriesTable.lastResultsColumnTitle",{defaultMessage:"Last results"}),render:u,width:"12%"},{name:l.i18n.translate("xpack.osquery.pack.queriesTable.docsResultsColumnTitle",{defaultMessage:"Docs"}),render:d},{name:l.i18n.translate("xpack.osquery.pack.queriesTable.agentsResultsColumnTitle",{defaultMessage:"Agents"}),render:p},{name:l.i18n.translate("xpack.osquery.pack.queriesTable.errorsResultsColumnTitle",{defaultMessage:"Errors"}),render:j},{name:l.i18n.translate("xpack.osquery.pack.queriesTable.viewResultsColumnTitle",{defaultMessage:"View results"}),width:"90px",actions:[{render:m},{render:g}]}]),[o,u,d,p,j,m,g]),x=Object(n.useMemo)((()=>({sort:{field:"id",direction:"asc"}})),[]);return Object(h.jsx)(i.EuiBasicTable,{items:null!=t?t:[],itemId:O,columns:v,sorting:x,itemIdToExpandedRowMap:s,isExpandable:!0})},J=s.a.memo(W)},146:function(e,t,a){"use strict";t.decode=t.parse=a(147),t.encode=t.stringify=a(148)},147:function(e,t,a){"use strict";function n(e,t){return Object.prototype.hasOwnProperty.call(e,t)}e.exports=function(e,t,a,i){t=t||"&",a=a||"=";var l={};if("string"!=typeof e||0===e.length)return l;var r=/\+/g;e=e.split(t);var o=1e3;i&&"number"==typeof i.maxKeys&&(o=i.maxKeys);var c=e.length;o>0&&c>o&&(c=o);for(var u=0;u<c;++u){var d,b,p,j,m=e[u].replace(r,"%20"),g=m.indexOf(a);g>=0?(d=m.substr(0,g),b=m.substr(g+1)):(d=m,b=""),p=decodeURIComponent(d),j=decodeURIComponent(b),n(l,p)?s(l[p])?l[p].push(j):l[p]=[l[p],j]:l[p]=j}return l};var s=Array.isArray||function(e){return"[object Array]"===Object.prototype.toString.call(e)}},148:function(e,t,a){"use strict";var n=function(e){switch(typeof e){case"string":return e;case"boolean":return e?"true":"false";case"number":return isFinite(e)?e:"";default:return""}};e.exports=function(e,t,a,r){return t=t||"&",a=a||"=",null===e&&(e=void 0),"object"==typeof e?i(l(e),(function(l){var r=encodeURIComponent(n(l))+a;return s(e[l])?i(e[l],(function(e){return r+encodeURIComponent(n(e))})).join(t):r+encodeURIComponent(n(e[l]))})).join(t):r?encodeURIComponent(n(r))+a+encodeURIComponent(n(e)):""};var s=Array.isArray||function(e){return"[object Array]"===Object.prototype.toString.call(e)};function i(e,t){if(e.map)return e.map(t);for(var a=[],n=0;n<e.length;n++)a.push(t(e[n],n));return a}var l=Object.keys||function(e){var t=[];for(var a in e)Object.prototype.hasOwnProperty.call(e,a)&&t.push(a);return t}},68:function(e,t,a){"use strict";a.d(t,"a",(function(){return n}));const n=e=>e.replaceAll("\r\n"," ").replaceAll("\n"," ").replaceAll(/  +/g," ")},70:function(e,t,a){"use strict";a.d(t,"a",(function(){return i}));var n=a(11),s=a(4);const i=e=>{const t=Object(s.e)().services.data.dataViews;return Object(n.useQuery)(["logsDataView"],(async()=>{let a;try{const e=await t.find("logs-osquery_manager.result*",1);if(!e.length)throw new Error("No data view found");a=e[0]}catch(e){}if(!a&&t.getCanSaveSync())try{a=await t.createAndSave({title:"logs-osquery_manager.result*",timeFieldName:"@timestamp"})}catch(e){}if(!(a||null!=e&&e.checkOnly))try{a=await t.create({title:"logs-osquery_manager.result*",timeFieldName:"@timestamp"})}catch(e){}return a}),{enabled:!(null!=e&&e.skip),retry:1})}},71:function(e,t,a){"use strict";a.d(t,"a",(function(){return c}));var n=a(11),s=a(8),i=a(15),l=a(2),r=a(4),o=a(17);const c=({actionId:e,filterQuery:t,isLive:a=!1,skip:c=!1,queryIds:u})=>{const{http:d}=Object(r.e)().services,b=Object(o.a)();return Object(n.useQuery)(["liveQueries",{actionId:e,filterQuery:t,queryIds:u}],(()=>d.get(`/api/osquery/live_queries/${e}`,{version:l.a.public.v1})),{enabled:!c&&!!e,refetchInterval:!!a&&5e3,onSuccess:()=>b(),onError:e=>b(e,{title:s.i18n.translate("xpack.osquery.action_details.fetchError",{defaultMessage:"Error while fetching action details"})}),select:e=>{if(u){const t=Object(i.filter)(e.data.queries,(e=>u.includes(e.action_id)));return{...e.data,queries:t}}return e.data},refetchOnWindowFocus:!1,retryDelay:5e3})}},75:function(e,t,a){"use strict";a.d(t,"b",(function(){return $})),a.d(t,"a",(function(){return H}));var n=a(15),s=a(1),i=a.n(s),l=a(6),r=a(8),o=a(14),c=a(0);const u={style:"z-index: 6000"},d=({action:e,onClose:t})=>Object(c.jsx)(l.EuiPortal,null,Object(c.jsx)(l.EuiFlyout,{size:"m",ownFocus:!0,onClose:t,"aria-labelledby":"flyoutTitle",maskProps:u},Object(c.jsx)(l.EuiFlyoutHeader,{hasBorder:!0},Object(c.jsx)(l.EuiTitle,{size:"s"},Object(c.jsx)("h2",{id:"flyoutTitle"},Object(c.jsx)(o.FormattedMessage,{id:"xpack.osquery.liveQueryActions.details.title",defaultMessage:"Query Details"})))),Object(c.jsx)(l.EuiFlyoutBody,null,Object(c.jsx)(l.EuiFlexItem,{grow:!1},Object(c.jsx)("strong",null,Object(c.jsx)(o.FormattedMessage,{id:"xpack.osquery.liveQueryActions.details.id",defaultMessage:"Id"})),Object(c.jsx)(l.EuiSpacer,{size:"xs"}),Object(c.jsx)(l.EuiCodeBlock,{fontSize:"m",paddingSize:"s",isCopyable:!0},e.id)),Object(c.jsx)(l.EuiSpacer,{size:"m"}),Object(c.jsx)(l.EuiFlexItem,{grow:!1},Object(c.jsx)("strong",null,Object(c.jsx)(o.FormattedMessage,{id:"xpack.osquery.liveQueryActions.details.query",defaultMessage:"Query"})),Object(c.jsx)(l.EuiSpacer,{size:"xs"}),Object(c.jsx)(l.EuiCodeBlock,{language:"sql",fontSize:"m",paddingSize:"s",isCopyable:!0},e.query)),Object(c.jsx)(l.EuiSpacer,{size:"m"})))),b=i.a.memo(d);var p=a(82),j=a(98);const m=({euiTheme:e})=>({paddingRight:"20px",borderRight:e.border.thick}),g={alignContent:"center",justifyContent:"center",paddingLeft:"10px"},O=i.a.memo((({actionId:e,agentIds:t,queryIds:a})=>{const n=Object(s.useMemo)((()=>({color:"text",size:"xs",iconSize:"l"})),[]);return Object(c.jsx)(i.a.Fragment,null,Object(c.jsx)(l.EuiSpacer,{size:"l"}),Object(c.jsx)(l.EuiFlexGroup,{direction:"row",gutterSize:"m"},Object(c.jsx)(l.EuiFlexItem,{css:m,grow:!1},Object(c.jsx)(l.EuiText,null,Object(c.jsx)("h2",null,Object(c.jsx)(o.FormattedMessage,{id:"xpack.osquery.liveQueryActionResults.results",defaultMessage:"Results"})))),Object(c.jsx)(l.EuiFlexItem,{css:g,grow:!1},Object(c.jsx)("span",null,e&&Object(c.jsx)(l.EuiFlexGroup,null,Object(c.jsx)(l.EuiFlexItem,null,Object(c.jsx)(j.a,{actionId:e,agentIds:t,isIcon:!0,iconProps:n})),Object(c.jsx)(l.EuiFlexItem,null,Object(c.jsx)(p.a,{field:"action_id",value:a,isIcon:!0,iconProps:n})))))),Object(c.jsx)(l.EuiSpacer,{size:"l"}))}));O.displayName="PackResultsHeader";var v=a(19),x=a(68),f=a(119),y=a(47),h=a.n(y),I=a(83),k=a(52),E=a(50),T=a(4),w=a(70);const q=({actionId:e,buttonType:t,endDate:a,startDate:n,mode:i})=>{const r=Object(T.e)().services.lens,o=null==r?void 0:r.canUseEditor(),{data:u}=Object(w.a)({skip:!e,checkOnly:!0}),d=Object(s.useCallback)((t=>{t.preventDefault(),u&&(null==r||r.navigateToPrefilledEditor({id:"",timeRange:{from:null!=n?n:"now-1d",to:null!=a?a:"now",mode:(null!=i?i:n||a)?"absolute":"relative"},attributes:S(u,e)},{openInNewTab:!0,skipAppLeave:!0}))}),[e,a,r,u,i,n]),b=Object(s.useMemo)((()=>!e||!u),[e,u]);return o?t===$.button?Object(c.jsx)(l.EuiButtonEmpty,{size:"xs",iconType:"lensApp",onClick:d,isDisabled:b},C):Object(c.jsx)(l.EuiToolTip,{content:C},Object(c.jsx)(l.EuiButtonIcon,{iconType:"lensApp",disabled:!1,onClick:d,"aria-label":C,isDisabled:b})):null};function S(e,t,a){const n={columnOrder:["8690befd-fd69-4246-af4a-dd485d2a3b38","ed999e9d-204c-465b-897f-fe1a125b39ed"],columns:{"8690befd-fd69-4246-af4a-dd485d2a3b38":{sourceField:"type",isBucketed:!0,dataType:"string",scale:"ordinal",operationType:"terms",label:"Top values of type",params:{otherBucket:!0,size:5,missingBucket:!1,orderBy:{columnId:"ed999e9d-204c-465b-897f-fe1a125b39ed",type:"column"},orderDirection:"desc"}},"ed999e9d-204c-465b-897f-fe1a125b39ed":{sourceField:k.DOCUMENT_FIELD_NAME,isBucketed:!1,dataType:"number",scale:"ratio",operationType:"count",label:"Count of records"}},incompleteColumns:{}},s=null!=a&&a.length?{bool:{minimum_should_match:1,should:null==a?void 0:a.map((e=>({match_phrase:{"agent.id":e}})))}}:void 0;return{visualizationType:"lnsPie",title:`Action ${t} results`,references:[{id:e.id,name:"indexpattern-datasource-current-indexpattern",type:"index-pattern"},{id:e.id,name:"indexpattern-datasource-layer-layer1",type:"index-pattern"},{name:"filter-index-pattern-0",id:e.id,type:"index-pattern"}],state:{datasourceStates:{formBased:{layers:{layer1:n}}},filters:[{$state:{store:E.FilterStateStore.APP_STATE},meta:{index:"filter-index-pattern-0",negate:!1,alias:null,disabled:!1,params:{query:t},type:"phrase",key:"action_id"},query:{match_phrase:{action_id:t}}},...s?[{$state:{store:E.FilterStateStore.APP_STATE},meta:{alias:"agent IDs",disabled:!1,index:"filter-index-pattern-0",key:"query",negate:!1,type:"custom",value:JSON.stringify(s)},query:s}]:[]],query:{language:"kuery",query:""},visualization:{shape:"pie",layers:[{layerType:"data",legendDisplay:"default",nestedLegend:!1,layerId:"layer1",metrics:["ed999e9d-204c-465b-897f-fe1a125b39ed"],numberDisplay:"percent",primaryGroups:["8690befd-fd69-4246-af4a-dd485d2a3b38"],categoryDisplay:"default"}]}}}}const C=r.i18n.translate("xpack.osquery.pack.queriesTable.viewLensResultsActionAriaLabel",{defaultMessage:"View in Lens"}),_=i.a.memo(q),D=({item:e})=>{const{action_id:t,interval:a}=e,{data:n}=Object(I.a)({actionId:t,interval:a}),s=null!=n&&n["@timestamp"]?h()(null==n?void 0:n["@timestamp"][0]).subtract(a,"seconds").toISOString():`now-${a}s`,i=null!=n&&n["@timestamp"]?h()(null==n?void 0:n["@timestamp"][0]).toISOString():"now";return Object(c.jsx)(_,{actionId:t,buttonType:$.icon,startDate:s,endDate:i,mode:null!=n&&n["@timestamp"][0]?"absolute":"relative"})},A=i.a.memo(D),R=({actionId:e,buttonType:t,endDate:a,startDate:n})=>{const{discover:i,application:r}=Object(T.e)().services,o=null==i?void 0:i.locator,u=r.capabilities.discover,{data:d}=Object(w.a)({skip:!e,checkOnly:!0}),[b,p]=Object(s.useState)("");return Object(s.useEffect)((()=>{(async()=>{if(!o||!d)return;const t=await o.getUrl({indexPatternId:d.id,filters:[{meta:{index:d.id,alias:null,negate:!1,disabled:!1,type:"phrase",key:"action_id",params:{query:e}},query:{match_phrase:{action_id:e}},$state:{store:E.FilterStateStore.APP_STATE}}],refreshInterval:{pause:!0,value:0},timeRange:n&&a?{to:a,from:n,mode:"absolute"}:{to:"now",from:"now-1d",mode:"relative"}});p(t)})()}),[e,a,n,o,d]),u.show?t===$.button?Object(c.jsx)(l.EuiButtonEmpty,{size:"xs",iconType:"discoverApp",href:b,target:"_blank"},F):Object(c.jsx)(l.EuiToolTip,{content:F},Object(c.jsx)(l.EuiButtonIcon,{iconType:"discoverApp","aria-label":F,href:b,target:"_blank",isDisabled:!e||!b.length})):null},F=r.i18n.translate("xpack.osquery.pack.queriesTable.viewDiscoverResultsActionAriaLabel",{defaultMessage:"View in Discover"}),M=i.a.memo(R),z=({item:e})=>{const{action_id:t,interval:a}=e,{data:n}=Object(I.a)({actionId:t,interval:a}),s=null!=n&&n["@timestamp"]?h()(null==n?void 0:n["@timestamp"][0]).subtract(a,"seconds").toISOString():`now-${a}s`,i=null!=n&&n["@timestamp"]?h()(null==n?void 0:n["@timestamp"][0]).toISOString():"now";return Object(c.jsx)(M,{actionId:t,buttonType:$.icon,startDate:s,endDate:i,mode:null!=n&&n["@timestamp"][0]?"absolute":"relative"})},P=i.a.memo(z),B={width:"100%","> span":{overflow:"hidden",textOverflow:"ellipsis",whiteSpace:"nowrap"}},L={cursor:"pointer"},Q={".euiTableRow.euiTableRow-isExpandedRow > td > div":{padding:"0",border:"1px solid #d3dae6"},"div.euiDataGrid__virtualized::-webkit-scrollbar":{display:"none"},".euiDataGrid > div":{".euiDataGrid__scrollOverlay":{boxShadow:"none"},borderLeft:"0px",borderRight:"0px"}},N=[];let $;!function(e){e.icon="icon",e.button="button"}($||($={}));const G=({count:e,isLive:t})=>Object(c.jsx)(l.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},Object(c.jsx)(l.EuiFlexItem,{grow:!1},e?Object(c.jsx)(l.EuiNotificationBadge,{color:"subdued"},e):"-"),t?null:Object(c.jsx)(l.EuiFlexItem,{grow:!1,"data-test-subj":"live-query-loading"},Object(c.jsx)(l.EuiLoadingSpinner,null))),U=({successful:e,pending:t,failed:a})=>Object(c.jsx)(l.EuiFlexGroup,{gutterSize:"s",alignItems:"center"},Object(c.jsx)(l.EuiFlexItem,{grow:!1},Object(c.jsx)(l.EuiText,{color:"subdued"},Object(c.jsx)(l.EuiBadge,{color:"success"},e)," / ",Object(c.jsx)(l.EuiBadge,{color:"default"},t)," / ",Object(c.jsx)(l.EuiBadge,{color:a?"danger":"default"},a)))),V=({actionId:e,queryId:t,agentIds:a,data:o,startDate:u,expirationDate:d,showResultsHeader:m})=>{const[g,y]=Object(s.useState)(null),h=Object(s.useCallback)((e=>()=>{y(e)}),[]),I=Object(s.useCallback)((()=>y(null)),[]),[k,E]=Object(s.useState)({}),T=Object(s.useCallback)((e=>Object(c.jsx)("div",{css:B},Object(c.jsx)(l.EuiToolTip,{content:e,display:"block"},Object(c.jsx)(i.a.Fragment,null,e)))),[]),w=Object(s.useCallback)(((e,t)=>{const a=Object(x.a)(e),n=a.length>55?`${a.substring(0,55)}...`:a;return Object(c.jsx)(l.EuiFlexItem,{css:L,onClick:h(t)},Object(c.jsx)(l.EuiCodeBlock,{language:"sql",fontSize:"s",paddingSize:"none",transparentBackground:!0},n))}),[h]),q=Object(s.useCallback)((e=>{var t;const a=!(null!=e&&e.status)||!!e.error||"running"!==(null==e?void 0:e.status)&&0===(null==e?void 0:e.pending);return Object(c.jsx)(G,{count:null!==(t=null==e?void 0:e.docs)&&void 0!==t?t:0,isLive:a})}),[]),S=Object(s.useCallback)((e=>{var t,a,n;if(e.action_id)return Object(c.jsx)(U,{successful:null!==(t=null==e?void 0:e.successful)&&void 0!==t?t:0,pending:null!==(a=null==e?void 0:e.pending)&&void 0!==a?a:0,failed:null!==(n=null==e?void 0:e.failed)&&void 0!==n?n:0})}),[]),C=Object(s.useCallback)((e=>Object(c.jsx)(P,{item:e})),[]),_=Object(s.useCallback)((e=>Object(c.jsx)(A,{item:e})),[]),D=Object(s.useCallback)((t=>()=>{E((n=>{const s={...n};var i;return s[t.id]?delete s[t.id]:s[t.id]=Object(c.jsx)(l.EuiFlexGroup,{gutterSize:"xl"},Object(c.jsx)(l.EuiFlexItem,null,Object(c.jsx)(f.a,{liveQueryActionId:e,actionId:t.action_id,startDate:u,ecsMapping:t.ecs_mapping,endDate:d,agentIds:a,failedAgentsCount:null!==(i=null==t?void 0:t.failed)&&void 0!==i?i:0,error:t.error}))),s}))}),[e,u,d,a]),R=Object(s.useCallback)((e=>null!=e&&e.action_id&&null!=o&&o.length&&o.length>1?Object(c.jsx)(l.EuiButtonIcon,{"data-test-subj":`toggleIcon-${e.id}`,onClick:D(e),iconType:k[e.id]?"arrowUp":"arrowDown"}):Object(c.jsx)(i.a.Fragment,null)),[o,D,k]),F=Object(s.useCallback)((e=>Object(n.get)(e,"id")),[]),M=Object(s.useCallback)((t=>[{render:C},{render:_},{render:e=>e.action_id&&Object(c.jsx)(p.a,{field:"action_id",value:e.action_id,isIcon:!0})},{render:t=>e&&Object(c.jsx)(j.a,{actionId:e,agentIds:a,queryId:t.action_id,isIcon:!0,isDisabled:!t.action_id})},{render:e=>Object(c.jsx)(l.EuiButtonIcon,{iconType:"expand",onClick:h(e)})}].map((e=>e.render(t)))),[e,a,h,C,_]),z=Object(s.useMemo)((()=>[{field:"id",name:r.i18n.translate("xpack.osquery.pack.queriesTable.idColumnTitle",{defaultMessage:"ID"}),width:"15%",render:T},{field:"query",name:r.i18n.translate("xpack.osquery.pack.queriesTable.queryColumnTitle",{defaultMessage:"Query"}),render:w,width:"40%"},{field:"",name:r.i18n.translate("xpack.osquery.pack.queriesTable.docsResultsColumnTitle",{defaultMessage:"Docs"}),width:"80px",render:q},{field:"",name:r.i18n.translate("xpack.osquery.pack.queriesTable.agentsResultsColumnTitle",{defaultMessage:"Agents"}),width:"160px",render:S},{field:"",name:r.i18n.translate("xpack.osquery.pack.queriesTable.viewResultsColumnTitle",{defaultMessage:"View results"}),width:"120px",render:M},{field:"",id:"actions",width:"45px",isVisuallyHiddenLabel:!0,alignment:l.RIGHT_ALIGNMENT,actions:[{render:R}]}]),[T,w,q,S,M,R]),$=Object(s.useMemo)((()=>({sort:{field:"id",direction:v.a.asc}})),[]);Object(s.useEffect)((()=>{E({})}),[t,e]),Object(s.useEffect)((()=>{1===(null==o?void 0:o.length)&&null!=a&&a.length&&null!=o&&o[0].id&&!k[null==o?void 0:o[0].id]&&D(null==o?void 0:o[0])()}),[null==a?void 0:a.length,o,D,k]);const V=Object(s.useMemo)((()=>Object(n.map)(o,(e=>e.action_id))),[o]);return Object(c.jsx)(i.a.Fragment,null,m&&Object(c.jsx)(O,{queryIds:V,actionId:e,agentIds:a}),Object(c.jsx)(l.EuiBasicTable,{css:Q,items:null!=o?o:N,itemId:F,columns:z,sorting:$,itemIdToExpandedRowMap:k,isExpandable:!0}),g?Object(c.jsx)(b,{onClose:I,action:g}):null)},H=i.a.memo(V)},82:function(e,t,a){"use strict";a.d(t,"a",(function(){return b}));var n=a(7),s=a.n(n),i=a(1),l=a.n(i),r=a(15),o=a(6),c=a(4),u=a(0);const d=l.a.memo((e=>Object(u.jsx)(o.EuiButtonEmpty,s()({},e,{size:"xs"}))));d.displayName="TimelineComponent";const b=e=>{const{timelines:t,appName:a}=Object(c.e)().services,{field:n,value:l,isIcon:b,iconProps:p}=e,j=Object(r.isArray)(l)?l:[l],m=Object(i.useCallback)((e=>Object(u.jsx)(o.EuiButtonIcon,s()({iconType:"timelines"},e,{size:"xs"},p))),[p]);if(!t||"Security"!==a||!j.length)return null;const{getAddToTimelineButton:g}=t.getHoverActions();return g({dataProvider:j.map((e=>({and:[],enabled:!0,excluded:!1,id:e,kqlQuery:"",name:e,queryMatch:{field:n,value:e,operator:":"}}))),field:j[0],ownFocus:!1,...b?{showTooltip:!0,Component:m}:{Component:d}})}},83:function(e,t,a){"use strict";a.d(t,"a",(function(){return u}));var n=a(11),s=a(47),i=a.n(s),l=a(45),r=a(53),o=a(4),c=a(70);const u=({actionId:e,interval:t,startDate:a,endDate:s,skip:u=!1})=>{const d=Object(o.e)().services.data,{data:b}=Object(c.a)({skip:u});return Object(n.useQuery)(["scheduledQueryLastResults",{actionId:e}],(async()=>{var n,o,c,u;const p=await d.search.searchSource.create({size:1,sort:[{"@timestamp":r.SortDirection.desc}],query:{bool:{filter:[{match_phrase:{action_id:e}}]}}});p.setField("index",b);const j=await Object(l.lastValueFrom)(p.fetch$()),m=null===(n=j.rawResponse)||void 0===n||null===(o=n.hits)||void 0===o||null===(c=o.hits[0])||void 0===c||null===(u=c.fields)||void 0===u?void 0:u["@timestamp"][0];if(m){var g,O,v,x,f,y,h,I;const n=await d.search.searchSource.create({size:1,query:{bool:{filter:[{range:{"@timestamp":{gte:a?i()(a).format():i()(m).subtract(t,"seconds").format(),lte:i()(s||m).format()}}},{match_phrase:{action_id:e}}]}}});n.setField("index",b),n.setField("aggs",{unique_agents:{cardinality:{field:"agent.id"}}});const r=await Object(l.lastValueFrom)(n.fetch$());return{"@timestamp":null===(g=j.rawResponse)||void 0===g||null===(O=g.hits)||void 0===O||null===(v=O.hits[0])||void 0===v||null===(x=v.fields)||void 0===x?void 0:x["@timestamp"],uniqueAgentsCount:null==r||null===(f=r.rawResponse.aggregations)||void 0===f||null===(y=f.unique_agents)||void 0===y?void 0:y.value,docCount:null==r||null===(h=r.rawResponse)||void 0===h||null===(I=h.hits)||void 0===I?void 0:I.total}}return null}),{keepPreviousData:!0,enabled:!(u||!e||!b),refetchOnReconnect:!1,refetchOnWindowFocus:!1})}},84:function(e,t,a){"use strict";a.d(t,"a",(function(){return l}));var n=a(11),s=a(2),i=a(4);const l=()=>{const{http:e}=Object(i.e)().services;return Object(n.useQuery)(["actionResultsPrivileges"],(()=>e.get("/internal/osquery/privileges_check",{version:s.a.internal.v1})),{keepPreviousData:!0})}},98:function(e,t,a){"use strict";a.d(t,"a",(function(){return O}));var n=a(1),s=a.n(n),i=a(104),l=a(4),r=a(7),o=a.n(r),c=a(58),u=a(6),d=a(8),b=a(21),p=a(0);const j=d.i18n.translate("xpack.osquery.pack.queriesTable.addToCaseResultsActionAriaLabel",{defaultMessage:"Add to Case"}),m=({actionId:e,agentIds:t=[],queryId:a="",isIcon:s=!1,isDisabled:i,iconProps:r})=>{const{cases:d}=Object(l.e)().services,m=Object(n.useContext)(b.a),g=Object(n.useMemo)((()=>{var e,t;return null!=m&&m._id?[{alertId:null!==(e=null==m?void 0:m._id)&&void 0!==e?e:"",index:null!==(t=null==m?void 0:m._index)&&void 0!==t?t:"",rule:d.helpers.getRuleIdFromEvent({ecs:m,data:[]}),type:c.AttachmentType.alert}]:[]}),[d.helpers,m]),O=d.helpers.canUseCases(),v=O.read&&O.update&&O.push,x=d.hooks.useCasesAddToExistingCaseModal(),f=Object(n.useCallback)((()=>{const n=[...g,{type:c.AttachmentType.externalReference,externalReferenceId:e,externalReferenceStorage:{type:c.ExternalReferenceStorageType.elasticSearchDoc},externalReferenceAttachmentTypeId:"osquery",externalReferenceMetadata:{actionId:e,agentIds:t,queryId:a}}];v&&x.open({getAttachments:()=>n})}),[e,t,g,v,a,x]);return s?Object(p.jsx)(u.EuiToolTip,{content:Object(p.jsx)(u.EuiFlexItem,null,j)},Object(p.jsx)(u.EuiButtonIcon,o()({iconType:"casesApp",onClick:f,isDisabled:i||!v,"aria-label":j},r))):Object(p.jsx)(u.EuiButtonEmpty,{size:"xs",iconType:"casesApp",onClick:f,isDisabled:i||!v,"aria-label":j},j)},g=[],O=s.a.memo((e=>{const{cases:t}=Object(l.e)().services;if(Object(n.useContext)(i.a)||!e.actionId)return Object(p.jsx)(s.a.Fragment,null);const a=t.helpers.canUseCases(),r=t.ui.getCasesContext();return Object(p.jsx)(r,{owner:g,permissions:a},Object(p.jsx)(m,e))}));O.displayName="AddToCaseWrapper"}}]);