search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.49k stars 8.05k forks source link

[ML] AIOps Log Pattern Analysis should allow to pick more fields #152178

Open philippkahr opened 1 year ago

philippkahr commented 1 year ago

Kibana version: 8.6.2

Describe the bug: It appears that you can only select text style fields. I would love to be able to select a field like event.original since that contains the raw untreated source message. Also I should be able to select keywords.

Steps to reproduce:

  1. Go to Log Pattern Analysis
  2. Choose an index pattern that has no text fields.
  3. Empty list

Expected behavior: Empty list, should be returned with a message explaining why only xyz fields are usable.

Screenshots (if relevant):

Screenshot 2023-02-26 at 22 46 54
elasticmachine commented 1 year ago

Pinging @elastic/ml-ui (:ml)

jgowdyelastic commented 1 year ago

In this data set what type is event.original?

philippkahr commented 1 year ago

Sticking to ECS: https://www.elastic.co/guide/en/ecs/current/ecs-event.html#field-event-original so not indexed and no doc_values. We can retrieve it from source though.

jgowdyelastic commented 1 year ago

See as the description of the field is Raw text message of entire event, I'm confused as to why it is a keyword field and not text

philippkahr commented 1 year ago

I am not sure why the ECS docs, list it like this. Nonetheless, it is not indexed and not searchable, therefore the type should not matter at all.