search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.81k stars 8.2k forks source link

Request to export breakdown field selector #152372

Open angorayc opened 1 year ago

angorayc commented 1 year ago

Security Solution has been using the breakdown field selector in many places, but the behaviour of each drop down is not exactly the same. Could unified histogram please consider exporting an unified breakdown field selector so we could share the same behaviour for each visualisation.

Inconsistent breakdown field selectors Security Solution currently has:

  1. The name of the dropdown is not the same
  2. Some of the options are hard coded, and some of the options are coming from data view api. Screenshot 2023-02-28 at 17 01 10 Screenshot 2023-02-28 at 17 02 58 Screenshot 2023-02-28 at 17 02 48 Screenshot 2023-02-28 at 17 01 45

Here are the criteria for an expected breakdown fields selector

  1. Dropdown fields decided by the data view it's currently using should coming from data view api.
  2. The accepted fields are the same as what Lens accepted. Our current logic of a valid in the selector: 
!!field.aggregatable && isLensSupportedType(field.type) && !isDataViewFieldSubtypeNested(field)

export function isDataViewFieldSubtypeNested(field: Partial<BrowserField>) {
  const subTypeNested = field?.subType as IFieldSubTypeNested;
  return !!subTypeNested?.nested?.path;
}

export function isLensSupportedType(fieldType: string | undefined) {
  const supportedTypes = new Set(['string', 'boolean', 'number', 'ip']);
  return fieldType ? supportedTypes.has(fieldType) : false;
}

Example field:
{
        aggregatable: true,
        category: 'base',
        description:
          'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
        example: '2016-05-23T08:05:34.853Z',
        format: '',
        indexes: ['auditbeat', 'filebeat', 'packetbeat'],
        name: '@timestamp',
        searchable: true,
        type: 'date',
        esTypes: ['date'],
        readFromDocValues: true,
}
  1. We could assign default selected option for each selector, but if users have selected it before, the value should be stored (in local storage) and set automatically next time
  2. Should support multiple aggregations
Screenshot 2023-02-28 at 17 16 35-2 Screenshot 2023-02-28 at 17 17 11
  1. Should be compatible with Lens Embeddables and Elastic charts.
  2. Should provide an api to reset the selector.

https://user-images.githubusercontent.com/6295984/222113070-afd0c7f6-a042-4a66-bc8f-710efad53e85.mov

elasticmachine commented 1 year ago

Pinging @elastic/security-threat-hunting (Team:Threat Hunting)

elasticmachine commented 1 year ago

Pinging @elastic/security-solution (Team: SecuritySolution)

elasticmachine commented 1 year ago

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)