Security Solution has been using the breakdown field selector in many places, but the behaviour of each drop down is not exactly the same. Could unified histogram please consider exporting an unified breakdown field selector so we could share the same behaviour for each visualisation.
Inconsistent breakdown field selectors Security Solution currently has:
The name of the dropdown is not the same
Some of the options are hard coded, and some of the options are coming from data view api.
Here are the criteria for an expected breakdown fields selector
Dropdown fields decided by the data view it's currently using should coming from data view api.
The accepted fields are the same as what Lens accepted.
Our current logic of a valid in the selector:
!!field.aggregatable && isLensSupportedType(field.type) && !isDataViewFieldSubtypeNested(field)
export function isDataViewFieldSubtypeNested(field: Partial<BrowserField>) {
const subTypeNested = field?.subType as IFieldSubTypeNested;
return !!subTypeNested?.nested?.path;
}
export function isLensSupportedType(fieldType: string | undefined) {
const supportedTypes = new Set(['string', 'boolean', 'number', 'ip']);
return fieldType ? supportedTypes.has(fieldType) : false;
}
Example field:
{
aggregatable: true,
category: 'base',
description:
'Date/time when the event originated. For log events this is the date/time when the event was generated, and not when it was read. Required field for all events.',
example: '2016-05-23T08:05:34.853Z',
format: '',
indexes: ['auditbeat', 'filebeat', 'packetbeat'],
name: '@timestamp',
searchable: true,
type: 'date',
esTypes: ['date'],
readFromDocValues: true,
}
We could assign default selected option for each selector, but if users have selected it before, the value should be stored (in local storage) and set automatically next time
Should support multiple aggregations
Should be compatible with Lens Embeddables and Elastic charts.
Security Solution has been using the breakdown field selector in many places, but the behaviour of each drop down is not exactly the same. Could unified histogram please consider exporting an unified breakdown field selector so we could share the same behaviour for each visualisation.
Inconsistent breakdown field selectors Security Solution currently has:
Here are the criteria for an expected breakdown fields selector
https://user-images.githubusercontent.com/6295984/222113070-afd0c7f6-a042-4a66-bc8f-710efad53e85.mov