elasticmachine
commented
6 days ago Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)
Open Bluefinger opened 6 days ago
elasticmachine
commented
6 days ago Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)
Bluefinger
commented
2 days ago Adding some of the ideas for this by @cauemarcondes here
GET /internal/inventory/entities/group_by/{field}
export const groupEntitiesRoute = createInventoryServerRoute({
endpoint: 'GET /internal/inventory/entities/group_by/{field}',
params: t.type({
path: t.type({
field: t.string,
}),
query: t.partial({
where: jsonRt.pipe(t.array(t.string)),
}),
}),
options: {
tags: ['access:inventory'],
},
handler: async ({ params, context, logger }) => {
const coreContext = await context.core;
const inventoryEsClient = createObservabilityEsClient({
client: coreContext.elasticsearch.client.asCurrentUser,
logger,
plugin: `@kbn/${INVENTORY_APP_ID}-plugin`,
});
const { field } = params.path;
const { where } = params.query;
const whereClauses = where?.map((filter) => `WHERE ${filter}`).join('\n |');
const groups = await inventoryEsClient.esql('get_entities_groups', {
query: `
FROM entities*latest
${whereClauses ? `| ${whereClauses}` : ''}
| STATS count = COUNT(*) by ${field}
`,
});
return esqlResultToPlainObjects(groups);
},
});We'd call it like: groupBy = ['entity.type', 'agent.name']
http://localhost:5699/foo/internal/inventory/entities/group_by/entity.type?where=[]http://localhost:5699/foo/internal/inventory/entities/group_by/agent.name?where=["entity.type==\"container\""]
With the need for grouping entities for Inventory, it became clear there's going to be a number of potential ways to approach this. For the sakes of making a good decision on the way forward on the API side, we should do a couple of POCs to explore the following:
The purpose of this is to discover the following:
We should not assume we'd only group by
entity.type, but any relevant field could be selected for the first-level (and later, more than one field for grouping).