elasticmachine
commented
1 week ago Pinging @elastic/kibana-visualizations (Team:Visualizations)
Open Erikg346 opened 2 weeks ago
elasticmachine
commented
1 week ago Pinging @elastic/kibana-visualizations (Team:Visualizations)
elasticmachine
commented
1 week ago Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)
elasticmachine
commented
1 week ago Pinging @elastic/kibana-esql (Team:ESQL)
stratoula
commented
1 week ago I definitely understand the use case but I wouldn't do it in the kibana side, taking under consideration that ES|QL will allow lookups in the future. (not sure how will lookup / join will work at this point but I would not prioritize it until we have a more clean picture)
kertal
commented
1 week ago I do agree this makes much more sense to be resolved by ES|QL in the future, don't think it makes sense to add this on UI /Kibana level.
Describe the feature: Add the ability to join two or more data tables or saved searches for visualization purposes. This feature won't affect the queries being run but will add another layer to handle the joins in Kibana.
Elasticsearch does not support JOINS like SQL. This is because the way data is distributed makes joins unrealistic. The workaround is to use enrich policies. This isn't ideal as it requires executing and creating a whole enrich index for visualization.
Describe a specific use case for the feature: I constantly been creating enrich polices and leveraging ESQL's ENRICH , this is not ideal as I have to execute enrich policies for every instance constantly.
An example of use case: I have 4 datasets within the same index
The related field is mapped to the same host name, but I want it all under one table for extracting to CSV. The current setup requires me to export four CSVs when they could be joined.