Event attribute include / exclude filters

[jkppr]

This PR ports over the include & exclude feature for event attributes from the old UI. It also updates the formatting and handling of search queries when filter chips are applied.

I think this should close the issue below: closes #2573

[berggren]

Functionality looks good. Some UX ideas:

The + and - signs in the filter chips are a bit confusing. It feels like you shpuld click them. I opt to change this. Remove the icon for "include filters" and add a red text "Not" for exxlude filters. See how this is done in Opensearch dashboards:

Something like this in TS:

For the icons in the event detail view I opt to change them to magnify-minus-outline and magnify-plus-outline

WDYT?

[jkppr]

Functionality looks good. Some UX ideas:

The + and - signs in the filter chips are a bit confusing. It feels like you shpuld click them. I opt to change this. Remove the icon for "include filters" and add a red text "Not" for exxlude filters. See how this is done in Opensearch dashboards:

For the icons in the event detail view I opt to change them to magnify-minus-outline and magnify-plus-outline

WDYT?

Thanks for the input. I like the idea with the red NOT and will include it.

About the magnify-minus-outline icons I'm a bit torn. They make sense from the "search" perspective. But the plus and minus are suuuper small and hard to distinguish if you have a good resolution screen (and don't zoom 200%), which is difficult from an accessibility point of view. I personally like the clean +/- icons. Looks modern and easy to distinguish to me. I could also imagine mdi-filter-plus-outline working, since the + and - are a bit larger. What do you think?

[berggren]

SG, as discussed offline - let's use the filter icons instead.