[Discover] Default ESQL datasource setting/extension point

flash1293 commented 3 weeks ago

Currently in the Discover application the user enters ES|QL mode from an existing data view. However, as it's planned to make ESQL mode the initial default, there needs to be an initial default query.

In all the other occurences of the editor (e.g. dashboards) there is no switch from a dataview to ESQL mode. In these cases the logic is:

Check if there are logs indices, if yes default to from logs-*
If not, default to the first index returned by ES

There are also cases where the editor starts in an empty state (e.g. data visualizer)

Solutions should be able to overwrite this for Discover default by a more fitting default:

Security: security-solution-default-*
Observability: Use central logs source setting: https://github.com/elastic/observability-dev/issues/3498

Technically, this could be realized via an extension point.

elasticmachine commented 3 weeks ago

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

elasticmachine commented 3 weeks ago

Pinging @elastic/obs-ux-logs-team (Team:obs-ux-logs)

elasticmachine commented 3 weeks ago

Pinging @elastic/kibana-esql (Team:ESQL)

elastic / kibana

[Discover] Default ESQL datasource setting/extension point #186000