elasticmachine
commented
2 months ago Pinging @elastic/kibana-esql (Team:ESQL)
Open stratoula opened 2 months ago
elasticmachine
commented
2 months ago Pinging @elastic/kibana-esql (Team:ESQL)
elasticmachine
commented
2 months ago Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)
kertal
commented
2 months ago @stratoula @ninoslavmiskovic I've got a question about the breakdown by log levels using ES|QL. In Lens / data view mode using Breakdown / Filters we can group terms like error,Error,Err, into error by using one filter, with colors by terms mapping we can assign the right color for the severity. Is there a way to do this in ES|QL?
stratoula
commented
2 months ago @kertal sorry what do you mean with by using one filter?
with colors by terms mapping we can assign the right color for the severity. --> yes of course
Update: I see now what you mean. Yes we will be able to do so (with inlinestats and the case function). This is why I added this task to our team, it is better if we take the query construction part. From the moment we have the breakdown field then the color mapping works the same as in the dataview mode.
kertal
commented
2 months ago @stratoula great thx! Out of curiosity, how will and ES|QL query for something like this look like?
stratoula
commented
2 months ago It will be quite complex, I need inlinestats first to be sure how it will look like. Patience!
stratoula
commented
1 month ago First step is this PR https://github.com/elastic/kibana/pull/189630 (it just replaces stats with inlinestats) on the histogram query enabling the rest of the fields to be present in the inline editing breakdown. I am not releasing this yet because inhlinestats is still only present on snapshots releases (this is why the tests are failing)
stratoula
commented
1 month ago Second step is this PR https://github.com/elastic/kibana/pull/190213 where it initializes the histogram with the log.level column if it exists.
This is blocked by the fact that we would like to order the bars and legend by severity but this doesnt seem possible now at Lens. cc @MichaelMarcialis
@nickofthyme we had discussed it, not sure if you discussed it with the team and can give us an update here. cc @elastic/kibana-visualizations
Describe the feature:
Inline stats will hopefully arrive in 8.16. We should use them to create the date histogram in Discover. This is very important as it means that the users will be able to use the inline editing breakdown to add a breakdown dimension to the histogram and it will unlock the ability to create breakdowns programmatically.
The latter is very important for the OneDiscover project. If we have the context, we want programmatically to breakdown the histogram with a specific field defined by the Discover app. We can't do it without inline stats support