[Response Ops] [Dashboard] Create a rule from a dashboard ES|QL visualization#217719
Merged
Zacqary merged 114 commits intoelastic:mainfrom May 9, 2025
Merged
[Response Ops] [Dashboard] Create a rule from a dashboard ES|QL visualization#217719Zacqary merged 114 commits intoelastic:mainfrom
Zacqary merged 114 commits intoelastic:mainfrom
Conversation
…sh-vis # Conflicts: # src/platform/plugins/shared/chart_expressions/expression_xy/public/components/xy_chart.tsx
…sh-vis # Conflicts: # x-pack/platform/plugins/shared/lens/public/plugin.ts
Zacqary
added
Feature:Dashboard
Zacqary
commented
Apr 9, 2025
src/platform/packages/shared/kbn-alerts-ui-shared/src/alert_rule_from_vis_ui_action/index.ts
Outdated
Show resolved
Hide resolved
…y/kibana into 208854-rule-from-dash-vis
joana-cps
reviewed
May 8, 2025
| export const alertRuleTrigger: Trigger = { | ||
| id: ALERT_RULE_TRIGGER, | ||
| title: i18n.translate('uiActions.triggers.dashboard.alertRule.title', { | ||
| defaultMessage: 'Add alert rule', |
There was a problem hiding this comment.
Could you please change text to Create alert rule
joana-cps
reviewed
May 8, 2025
joana-cps
left a comment
joana-cps
left a comment
There was a problem hiding this comment.
Design changes LGTM, thanks for implementing them
Left just 2 small nit comments.
FYI We agreed that some of the proposed changes in #217719 (comment) will be addressed separately as part of #196235 since they affect all the Rule types:
- Experiment using compressed fields in all Rule form flyouts
- Avoid using a panel inside flyout
- Improve query selection in ES query rule (#209002)
- Improve responsive (flyout) version of the rule form
- Rule type name consistency
cnasikas
approved these changes
May 8, 2025
Member
There was a problem hiding this comment.
ResponseOps code LGTM! I found it hard to follow the code inside AlertRuleFromVisAction. Could you please split the code execute into smaller functions with clear boundaries and responsibilities? It will help a lot with bugs and enhancement requests in he future and make it easier to reason about what the code does.
dej611
approved these changes
May 9, 2025
…sh-vis # Conflicts: # x-pack/platform/plugins/shared/lens/kibana.jsonc
Contributor
|
Starting backport for target branches: 8.19 |
Contributor
💛 Build succeeded, but was flakyFailed CI StepsTest FailuresMetrics [docs]Module Count
Public APIs missing comments
Async chunks
Public APIs missing exports
Page load bundle
Unknown metric groupsAPI count
async chunk count
miscellaneous assets size
History
|
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
Contributor
Author
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
Zacqary
added a commit
to Zacqary/kibana
that referenced
this pull request
May 9, 2025
…lization (elastic#217719) ## Summary Closes elastic#208854 This adds a tooltip action and a context menu action to the **ES|QL** panel type allowing the user to create an Elasticsearch Query rule from the visualization on the panel. Lens panels are currently not supported. ### Tooltip action <img width="1081" alt="Screenshot 2025-04-09 at 11 06 25 AM" src="https://github.com/user-attachments/assets/3315cd9f-6dda-44b0-8e7c-eb295c08b89f" /> Prefill the time field from the chart, and the alert window from the dashboard's current displayed time range: <img width="588" alt="Screenshot 2025-04-09 at 11 06 46 AM" src="https://github.com/user-attachments/assets/c06a99ab-ce67-4c88-b4ff-dd6edd9e864a" /> Add an extra clause to the end of the visualization's ES|QL query to set an alert threshold based on the data point that the user clicked on: <img width="562" alt="Screenshot 2025-04-09 at 11 06 55 AM" src="https://github.com/user-attachments/assets/27a6552b-b5be-4cb7-80aa-74c683b93ae4" /> ### Context menu action <img width="1107" alt="Screenshot 2025-04-09 at 11 07 41 AM" src="https://github.com/user-attachments/assets/fe6d7f76-68e6-4345-b2a8-e47d1363d7d8" /> Creating a rule from the context menu instead of from a tooltip doesn't give us a pre-filled threshold value, so we ask the user to specify it: <img width="563" alt="Screenshot 2025-04-09 at 11 07 48 AM" src="https://github.com/user-attachments/assets/83a7f51b-bb87-4637-b602-b169b3f0a375" /> ### Supported cases #### Breakdowns and split values: <img width="1077" alt="Screenshot 2025-04-09 at 11 14 47 AM" src="https://github.com/user-attachments/assets/d691d247-27af-45d1-82ac-b50aaa20e9f9" /> <img width="556" alt="Screenshot 2025-04-09 at 11 14 56 AM" src="https://github.com/user-attachments/assets/3b97f08d-00b5-464d-8700-59d6d4a4d473" /> #### Escaping column names <img width="668" alt="Screenshot 2025-04-09 at 11 18 08 AM" src="https://github.com/user-attachments/assets/ad98cb2a-d167-4175-acd5-bc81822a2d1c" /> <img width="574" alt="Screenshot 2025-04-09 at 11 18 42 AM" src="https://github.com/user-attachments/assets/d6805e93-2592-4a66-b59e-7ceffca579c7" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ## Release note Adds the Create alert rule action to ES|QL dashboard panels, usable from the panel context menu or by right-clicking a data point on the visualization. This allows you to generate an alert when the data on the chart crosses a certain threshold. --------- Co-authored-by: mbondyra <marta.bondyra@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co> Co-authored-by: Marco Vettorello <vettorello.marco@gmail.com> Co-authored-by: Marco Liberati <dej611@users.noreply.github.com> Co-authored-by: dej611 <dej611@gmail.com> (cherry picked from commit 7e5c774) # Conflicts: # src/platform/plugins/shared/chart_expressions/expression_xy/public/expression_renderers/xy_chart_renderer.tsx # src/platform/plugins/shared/chart_expressions/expression_xy/tsconfig.json # x-pack/platform/plugins/shared/lens/kibana.jsonc # x-pack/platform/plugins/shared/lens/public/react_embeddable/initializers/initialize_edit.tsx
Zacqary
added a commit
that referenced
this pull request
May 11, 2025
…L visualization (#217719) (#220719) # Backport This will backport the following commits from `main` to `8.19`: - [[Response Ops] [Dashboard] Create a rule from a dashboard ES|QL visualization (#217719)](#217719) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Zacqary Adam Xeper","email":"Zacqary@users.noreply.github.com"},"sourceCommit":{"committedDate":"2025-05-09T19:04:00Z","message":"[Response Ops] [Dashboard] Create a rule from a dashboard ES|QL visualization (#217719)\n\n## Summary\n\nCloses #208854 \n\nThis adds a tooltip action and a context menu action to the **ES|QL**\npanel type allowing the user to create an Elasticsearch Query rule from\nthe visualization on the panel. Lens panels are currently not supported.\n\n### Tooltip action\n<img width=\"1081\" alt=\"Screenshot 2025-04-09 at 11 06 25 AM\"\nsrc=\"https://github.com/user-attachments/assets/3315cd9f-6dda-44b0-8e7c-eb295c08b89f\"\n/>\n\nPrefill the time field from the chart, and the alert window from the\ndashboard's current displayed time range:\n<img width=\"588\" alt=\"Screenshot 2025-04-09 at 11 06 46 AM\"\nsrc=\"https://github.com/user-attachments/assets/c06a99ab-ce67-4c88-b4ff-dd6edd9e864a\"\n/>\n\nAdd an extra clause to the end of the visualization's ES|QL query to set\nan alert threshold based on the data point that the user clicked on:\n<img width=\"562\" alt=\"Screenshot 2025-04-09 at 11 06 55 AM\"\nsrc=\"https://github.com/user-attachments/assets/27a6552b-b5be-4cb7-80aa-74c683b93ae4\"\n/>\n\n\n\n### Context menu action\n<img width=\"1107\" alt=\"Screenshot 2025-04-09 at 11 07 41 AM\"\nsrc=\"https://github.com/user-attachments/assets/fe6d7f76-68e6-4345-b2a8-e47d1363d7d8\"\n/>\n\nCreating a rule from the context menu instead of from a tooltip doesn't\ngive us a pre-filled threshold value, so we ask the user to specify it:\n<img width=\"563\" alt=\"Screenshot 2025-04-09 at 11 07 48 AM\"\nsrc=\"https://github.com/user-attachments/assets/83a7f51b-bb87-4637-b602-b169b3f0a375\"\n/>\n\n### Supported cases\n#### Breakdowns and split values:\n<img width=\"1077\" alt=\"Screenshot 2025-04-09 at 11 14 47 AM\"\nsrc=\"https://github.com/user-attachments/assets/d691d247-27af-45d1-82ac-b50aaa20e9f9\"\n/>\n<img width=\"556\" alt=\"Screenshot 2025-04-09 at 11 14 56 AM\"\nsrc=\"https://github.com/user-attachments/assets/3b97f08d-00b5-464d-8700-59d6d4a4d473\"\n/>\n\n#### Escaping column names\n<img width=\"668\" alt=\"Screenshot 2025-04-09 at 11 18 08 AM\"\nsrc=\"https://github.com/user-attachments/assets/ad98cb2a-d167-4175-acd5-bc81822a2d1c\"\n/>\n<img width=\"574\" alt=\"Screenshot 2025-04-09 at 11 18 42 AM\"\nsrc=\"https://github.com/user-attachments/assets/d6805e93-2592-4a66-b59e-7ceffca579c7\"\n/>\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n## Release note\nAdds the Create alert rule action to ES|QL dashboard panels, usable from\nthe panel context menu or by right-clicking a data point on the\nvisualization. This allows you to generate an alert when the data on the\nchart crosses a certain threshold.\n\n---------\n\nCo-authored-by: mbondyra <marta.bondyra@elastic.co>\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>\nCo-authored-by: Marco Vettorello <vettorello.marco@gmail.com>\nCo-authored-by: Marco Liberati <dej611@users.noreply.github.com>\nCo-authored-by: dej611 <dej611@gmail.com>","sha":"7e5c77474ab5f036ac93fcde90bd58ced2d94a51","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:Dashboard","Team:Presentation","Feature:ExpressionLanguage","loe:large","Team:Visualizations","impact:high","Team:ResponseOps","release_note:feature","Feature:Alerting/RulesManagement","ci:build-webpack-bundle-analyzer","Feature:ES|QL","backport:version","v9.1.0","v8.19.0"],"title":"[Response Ops] [Dashboard] Create a rule from a dashboard ES|QL visualization","number":217719,"url":"https://github.com/elastic/kibana/pull/217719","mergeCommit":{"message":"[Response Ops] [Dashboard] Create a rule from a dashboard ES|QL visualization (#217719)\n\n## Summary\n\nCloses #208854 \n\nThis adds a tooltip action and a context menu action to the **ES|QL**\npanel type allowing the user to create an Elasticsearch Query rule from\nthe visualization on the panel. Lens panels are currently not supported.\n\n### Tooltip action\n<img width=\"1081\" alt=\"Screenshot 2025-04-09 at 11 06 25 AM\"\nsrc=\"https://github.com/user-attachments/assets/3315cd9f-6dda-44b0-8e7c-eb295c08b89f\"\n/>\n\nPrefill the time field from the chart, and the alert window from the\ndashboard's current displayed time range:\n<img width=\"588\" alt=\"Screenshot 2025-04-09 at 11 06 46 AM\"\nsrc=\"https://github.com/user-attachments/assets/c06a99ab-ce67-4c88-b4ff-dd6edd9e864a\"\n/>\n\nAdd an extra clause to the end of the visualization's ES|QL query to set\nan alert threshold based on the data point that the user clicked on:\n<img width=\"562\" alt=\"Screenshot 2025-04-09 at 11 06 55 AM\"\nsrc=\"https://github.com/user-attachments/assets/27a6552b-b5be-4cb7-80aa-74c683b93ae4\"\n/>\n\n\n\n### Context menu action\n<img width=\"1107\" alt=\"Screenshot 2025-04-09 at 11 07 41 AM\"\nsrc=\"https://github.com/user-attachments/assets/fe6d7f76-68e6-4345-b2a8-e47d1363d7d8\"\n/>\n\nCreating a rule from the context menu instead of from a tooltip doesn't\ngive us a pre-filled threshold value, so we ask the user to specify it:\n<img width=\"563\" alt=\"Screenshot 2025-04-09 at 11 07 48 AM\"\nsrc=\"https://github.com/user-attachments/assets/83a7f51b-bb87-4637-b602-b169b3f0a375\"\n/>\n\n### Supported cases\n#### Breakdowns and split values:\n<img width=\"1077\" alt=\"Screenshot 2025-04-09 at 11 14 47 AM\"\nsrc=\"https://github.com/user-attachments/assets/d691d247-27af-45d1-82ac-b50aaa20e9f9\"\n/>\n<img width=\"556\" alt=\"Screenshot 2025-04-09 at 11 14 56 AM\"\nsrc=\"https://github.com/user-attachments/assets/3b97f08d-00b5-464d-8700-59d6d4a4d473\"\n/>\n\n#### Escaping column names\n<img width=\"668\" alt=\"Screenshot 2025-04-09 at 11 18 08 AM\"\nsrc=\"https://github.com/user-attachments/assets/ad98cb2a-d167-4175-acd5-bc81822a2d1c\"\n/>\n<img width=\"574\" alt=\"Screenshot 2025-04-09 at 11 18 42 AM\"\nsrc=\"https://github.com/user-attachments/assets/d6805e93-2592-4a66-b59e-7ceffca579c7\"\n/>\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n## Release note\nAdds the Create alert rule action to ES|QL dashboard panels, usable from\nthe panel context menu or by right-clicking a data point on the\nvisualization. This allows you to generate an alert when the data on the\nchart crosses a certain threshold.\n\n---------\n\nCo-authored-by: mbondyra <marta.bondyra@elastic.co>\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>\nCo-authored-by: Marco Vettorello <vettorello.marco@gmail.com>\nCo-authored-by: Marco Liberati <dej611@users.noreply.github.com>\nCo-authored-by: dej611 <dej611@gmail.com>","sha":"7e5c77474ab5f036ac93fcde90bd58ced2d94a51"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/217719","number":217719,"mergeCommit":{"message":"[Response Ops] [Dashboard] Create a rule from a dashboard ES|QL visualization (#217719)\n\n## Summary\n\nCloses #208854 \n\nThis adds a tooltip action and a context menu action to the **ES|QL**\npanel type allowing the user to create an Elasticsearch Query rule from\nthe visualization on the panel. Lens panels are currently not supported.\n\n### Tooltip action\n<img width=\"1081\" alt=\"Screenshot 2025-04-09 at 11 06 25 AM\"\nsrc=\"https://github.com/user-attachments/assets/3315cd9f-6dda-44b0-8e7c-eb295c08b89f\"\n/>\n\nPrefill the time field from the chart, and the alert window from the\ndashboard's current displayed time range:\n<img width=\"588\" alt=\"Screenshot 2025-04-09 at 11 06 46 AM\"\nsrc=\"https://github.com/user-attachments/assets/c06a99ab-ce67-4c88-b4ff-dd6edd9e864a\"\n/>\n\nAdd an extra clause to the end of the visualization's ES|QL query to set\nan alert threshold based on the data point that the user clicked on:\n<img width=\"562\" alt=\"Screenshot 2025-04-09 at 11 06 55 AM\"\nsrc=\"https://github.com/user-attachments/assets/27a6552b-b5be-4cb7-80aa-74c683b93ae4\"\n/>\n\n\n\n### Context menu action\n<img width=\"1107\" alt=\"Screenshot 2025-04-09 at 11 07 41 AM\"\nsrc=\"https://github.com/user-attachments/assets/fe6d7f76-68e6-4345-b2a8-e47d1363d7d8\"\n/>\n\nCreating a rule from the context menu instead of from a tooltip doesn't\ngive us a pre-filled threshold value, so we ask the user to specify it:\n<img width=\"563\" alt=\"Screenshot 2025-04-09 at 11 07 48 AM\"\nsrc=\"https://github.com/user-attachments/assets/83a7f51b-bb87-4637-b602-b169b3f0a375\"\n/>\n\n### Supported cases\n#### Breakdowns and split values:\n<img width=\"1077\" alt=\"Screenshot 2025-04-09 at 11 14 47 AM\"\nsrc=\"https://github.com/user-attachments/assets/d691d247-27af-45d1-82ac-b50aaa20e9f9\"\n/>\n<img width=\"556\" alt=\"Screenshot 2025-04-09 at 11 14 56 AM\"\nsrc=\"https://github.com/user-attachments/assets/3b97f08d-00b5-464d-8700-59d6d4a4d473\"\n/>\n\n#### Escaping column names\n<img width=\"668\" alt=\"Screenshot 2025-04-09 at 11 18 08 AM\"\nsrc=\"https://github.com/user-attachments/assets/ad98cb2a-d167-4175-acd5-bc81822a2d1c\"\n/>\n<img width=\"574\" alt=\"Screenshot 2025-04-09 at 11 18 42 AM\"\nsrc=\"https://github.com/user-attachments/assets/d6805e93-2592-4a66-b59e-7ceffca579c7\"\n/>\n\n\n### Checklist\n\nCheck the PR satisfies following conditions. \n\nReviewers should verify this PR satisfies this list as well.\n\n- [x] Any text added follows [EUI's writing\nguidelines](https://elastic.github.io/eui/#/guidelines/writing), uses\nsentence case text and includes [i18n\nsupport](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md)\n- [x] [Unit or functional\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\nwere updated or added to match the most common scenarios\n- [x] The PR description includes the appropriate Release Notes section,\nand the correct `release_note:*` label is applied per the\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\n\n## Release note\nAdds the Create alert rule action to ES|QL dashboard panels, usable from\nthe panel context menu or by right-clicking a data point on the\nvisualization. This allows you to generate an alert when the data on the\nchart crosses a certain threshold.\n\n---------\n\nCo-authored-by: mbondyra <marta.bondyra@elastic.co>\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co>\nCo-authored-by: Marco Vettorello <vettorello.marco@gmail.com>\nCo-authored-by: Marco Liberati <dej611@users.noreply.github.com>\nCo-authored-by: dej611 <dej611@gmail.com>","sha":"7e5c77474ab5f036ac93fcde90bd58ced2d94a51"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT-->
markov00
added a commit
that referenced
this pull request
May 26, 2025
## Summary fix #221241 ## Bug and fix descriptions The logic that applies a time filter by updating the time picker vs adding it as a filter pill in the filter bar is described here: https://github.com/elastic/kibana/blob/e877bafa3e4725d3e7cfd3b2ca0be4bc6d88a0b9/src/platform/plugins/shared/unified_search/public/actions/apply_filter_action/apply_filter_action.tsx#L107-L114 The `extractTimeFilter` function extracts the `timeRangeFilter` only if the `timeFieldName === keys(filter.query.range)[0]` . The problem was that the first key of `query.range` was different than the `timeFieldName`. That `timeFieldName` in the ESQL world was wrongly applied via the ` table.columns[xAxisColumnIndex].name` that doesn't reflect the actual column name for ES|QL, in fact that name reflect the visualization label name for the time dimension. In particular, before the fix, that timeFieldName was set as the axis name (e.g.`@timestamp every 5 minute` ) and cause the time range filter to fail to be extracted from the filters list. A combination of two PRs caused this to be now anymore the correct behaviour: - this PR #196049 introduced the use of the `souceField` as field name for the creation of filter from a range - this PR #217719 instead introduced the use of `sourceField` also for ESQL datasources. This field points to the actual column name described in the ESQL query. Both PR causes the `extractTimeFilter` to fail to extract the timeFilter, pushing the filter up to the filter pills. ### Side notes This could be probably fixed in other ways, like by avoiding using the `sourceField` in ESQL, or by using only the column.name in the filter creation, or by avoiding checking the `timeFieldName` against the `query.range` key (not really sure why this is required). In general the problem here is that there is a low confidence on what these fields/params are supposed to be and which is supposted to be the identifiers to use everywhere. For example the column ids reflects only a link between the rows and the column descriptions, the name is the associated label, but can we rely on that label for filtering? i believe we need a stronger connection with the data and the actual original source field or column identifier is a better choice. I believe a valid subsequent task is #189044
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this pull request
May 26, 2025
## Summary fix elastic#221241 ## Bug and fix descriptions The logic that applies a time filter by updating the time picker vs adding it as a filter pill in the filter bar is described here: https://github.com/elastic/kibana/blob/e877bafa3e4725d3e7cfd3b2ca0be4bc6d88a0b9/src/platform/plugins/shared/unified_search/public/actions/apply_filter_action/apply_filter_action.tsx#L107-L114 The `extractTimeFilter` function extracts the `timeRangeFilter` only if the `timeFieldName === keys(filter.query.range)[0]` . The problem was that the first key of `query.range` was different than the `timeFieldName`. That `timeFieldName` in the ESQL world was wrongly applied via the ` table.columns[xAxisColumnIndex].name` that doesn't reflect the actual column name for ES|QL, in fact that name reflect the visualization label name for the time dimension. In particular, before the fix, that timeFieldName was set as the axis name (e.g.`@timestamp every 5 minute` ) and cause the time range filter to fail to be extracted from the filters list. A combination of two PRs caused this to be now anymore the correct behaviour: - this PR elastic#196049 introduced the use of the `souceField` as field name for the creation of filter from a range - this PR elastic#217719 instead introduced the use of `sourceField` also for ESQL datasources. This field points to the actual column name described in the ESQL query. Both PR causes the `extractTimeFilter` to fail to extract the timeFilter, pushing the filter up to the filter pills. ### Side notes This could be probably fixed in other ways, like by avoiding using the `sourceField` in ESQL, or by using only the column.name in the filter creation, or by avoiding checking the `timeFieldName` against the `query.range` key (not really sure why this is required). In general the problem here is that there is a low confidence on what these fields/params are supposed to be and which is supposted to be the identifiers to use everywhere. For example the column ids reflects only a link between the rows and the column descriptions, the name is the associated label, but can we rely on that label for filtering? i believe we need a stronger connection with the data and the actual original source field or column identifier is a better choice. I believe a valid subsequent task is elastic#189044 (cherry picked from commit eb4ba96)
kibanamachine
added a commit
that referenced
this pull request
May 26, 2025
…) (#221524) # Backport This will backport the following commits from `main` to `8.19`: - [[ES|QL] Use correct timeFieldName for time brush filter (#221322)](#221322) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Marco Vettorello","email":"marco.vettorello@elastic.co"},"sourceCommit":{"committedDate":"2025-05-26T14:41:06Z","message":"[ES|QL] Use correct timeFieldName for time brush filter (#221322)\n\n## Summary\n\nfix #221241\n\n## Bug and fix descriptions\n\nThe logic that applies a time filter by updating the time picker vs\nadding it as a filter pill in the filter bar is described here:\n\nhttps://github.com/elastic/kibana/blob/e877bafa3e4725d3e7cfd3b2ca0be4bc6d88a0b9/src/platform/plugins/shared/unified_search/public/actions/apply_filter_action/apply_filter_action.tsx#L107-L114\n\nThe `extractTimeFilter` function extracts the `timeRangeFilter` only if\nthe `timeFieldName === keys(filter.query.range)[0]` . The problem was\nthat the first key of `query.range` was different than the\n`timeFieldName`. That `timeFieldName` in the ESQL world was wrongly\napplied via the ` table.columns[xAxisColumnIndex].name` that doesn't\nreflect the actual column name for ES|QL, in fact that name reflect the\nvisualization label name for the time dimension. In particular, before\nthe fix, that timeFieldName was set as the axis name (e.g.`@timestamp\nevery 5 minute` ) and cause the time range filter to fail to be\nextracted from the filters list.\n\nA combination of two PRs caused this to be now anymore the correct\nbehaviour:\n- this PR #196049 introduced the\nuse of the `souceField` as field name for the creation of filter from a\nrange\n- this PR #217719 instead\nintroduced the use of `sourceField` also for ESQL datasources. This\nfield points to the actual column name described in the ESQL query.\n\nBoth PR causes the `extractTimeFilter` to fail to extract the\ntimeFilter, pushing the filter up to the filter pills.\n\n### Side notes\n\nThis could be probably fixed in other ways, like by avoiding using the\n`sourceField` in ESQL, or by using only the column.name in the filter\ncreation, or by avoiding checking the `timeFieldName` against the\n`query.range` key (not really sure why this is required). In general the\nproblem here is that there is a low confidence on what these\nfields/params are supposed to be and which is supposted to be the\nidentifiers to use everywhere. For example the column ids reflects only\na link between the rows and the column descriptions, the name is the\nassociated label, but can we rely on that label for filtering? i believe\nwe need a stronger connection with the data and the actual original\nsource field or column identifier is a better choice.\nI believe a valid subsequent task is\nhttps://github.com//issues/189044","sha":"eb4ba962ec29256f086ade49d04150c3aec1789b","branchLabelMapping":{"^v9.1.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","Team:Visualizations","release_note:skip","Feature:ES|QL","backport:version","v9.1.0","v8.19.0"],"title":"[ES|QL] Use correct timeFieldName for time brush filter","number":221322,"url":"https://github.com/elastic/kibana/pull/221322","mergeCommit":{"message":"[ES|QL] Use correct timeFieldName for time brush filter (#221322)\n\n## Summary\n\nfix #221241\n\n## Bug and fix descriptions\n\nThe logic that applies a time filter by updating the time picker vs\nadding it as a filter pill in the filter bar is described here:\n\nhttps://github.com/elastic/kibana/blob/e877bafa3e4725d3e7cfd3b2ca0be4bc6d88a0b9/src/platform/plugins/shared/unified_search/public/actions/apply_filter_action/apply_filter_action.tsx#L107-L114\n\nThe `extractTimeFilter` function extracts the `timeRangeFilter` only if\nthe `timeFieldName === keys(filter.query.range)[0]` . The problem was\nthat the first key of `query.range` was different than the\n`timeFieldName`. That `timeFieldName` in the ESQL world was wrongly\napplied via the ` table.columns[xAxisColumnIndex].name` that doesn't\nreflect the actual column name for ES|QL, in fact that name reflect the\nvisualization label name for the time dimension. In particular, before\nthe fix, that timeFieldName was set as the axis name (e.g.`@timestamp\nevery 5 minute` ) and cause the time range filter to fail to be\nextracted from the filters list.\n\nA combination of two PRs caused this to be now anymore the correct\nbehaviour:\n- this PR #196049 introduced the\nuse of the `souceField` as field name for the creation of filter from a\nrange\n- this PR #217719 instead\nintroduced the use of `sourceField` also for ESQL datasources. This\nfield points to the actual column name described in the ESQL query.\n\nBoth PR causes the `extractTimeFilter` to fail to extract the\ntimeFilter, pushing the filter up to the filter pills.\n\n### Side notes\n\nThis could be probably fixed in other ways, like by avoiding using the\n`sourceField` in ESQL, or by using only the column.name in the filter\ncreation, or by avoiding checking the `timeFieldName` against the\n`query.range` key (not really sure why this is required). In general the\nproblem here is that there is a low confidence on what these\nfields/params are supposed to be and which is supposted to be the\nidentifiers to use everywhere. For example the column ids reflects only\na link between the rows and the column descriptions, the name is the\nassociated label, but can we rely on that label for filtering? i believe\nwe need a stronger connection with the data and the actual original\nsource field or column identifier is a better choice.\nI believe a valid subsequent task is\nhttps://github.com//issues/189044","sha":"eb4ba962ec29256f086ade49d04150c3aec1789b"}},"sourceBranch":"main","suggestedTargetBranches":["8.19"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/221322","number":221322,"mergeCommit":{"message":"[ES|QL] Use correct timeFieldName for time brush filter (#221322)\n\n## Summary\n\nfix #221241\n\n## Bug and fix descriptions\n\nThe logic that applies a time filter by updating the time picker vs\nadding it as a filter pill in the filter bar is described here:\n\nhttps://github.com/elastic/kibana/blob/e877bafa3e4725d3e7cfd3b2ca0be4bc6d88a0b9/src/platform/plugins/shared/unified_search/public/actions/apply_filter_action/apply_filter_action.tsx#L107-L114\n\nThe `extractTimeFilter` function extracts the `timeRangeFilter` only if\nthe `timeFieldName === keys(filter.query.range)[0]` . The problem was\nthat the first key of `query.range` was different than the\n`timeFieldName`. That `timeFieldName` in the ESQL world was wrongly\napplied via the ` table.columns[xAxisColumnIndex].name` that doesn't\nreflect the actual column name for ES|QL, in fact that name reflect the\nvisualization label name for the time dimension. In particular, before\nthe fix, that timeFieldName was set as the axis name (e.g.`@timestamp\nevery 5 minute` ) and cause the time range filter to fail to be\nextracted from the filters list.\n\nA combination of two PRs caused this to be now anymore the correct\nbehaviour:\n- this PR #196049 introduced the\nuse of the `souceField` as field name for the creation of filter from a\nrange\n- this PR #217719 instead\nintroduced the use of `sourceField` also for ESQL datasources. This\nfield points to the actual column name described in the ESQL query.\n\nBoth PR causes the `extractTimeFilter` to fail to extract the\ntimeFilter, pushing the filter up to the filter pills.\n\n### Side notes\n\nThis could be probably fixed in other ways, like by avoiding using the\n`sourceField` in ESQL, or by using only the column.name in the filter\ncreation, or by avoiding checking the `timeFieldName` against the\n`query.range` key (not really sure why this is required). In general the\nproblem here is that there is a low confidence on what these\nfields/params are supposed to be and which is supposted to be the\nidentifiers to use everywhere. For example the column ids reflects only\na link between the rows and the column descriptions, the name is the\nassociated label, but can we rely on that label for filtering? i believe\nwe need a stronger connection with the data and the actual original\nsource field or column identifier is a better choice.\nI believe a valid subsequent task is\nhttps://github.com//issues/189044","sha":"eb4ba962ec29256f086ade49d04150c3aec1789b"}},{"branch":"8.19","label":"v8.19.0","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Marco Vettorello <marco.vettorello@elastic.co>
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
…lization (elastic#217719) ## Summary Closes elastic#208854 This adds a tooltip action and a context menu action to the **ES|QL** panel type allowing the user to create an Elasticsearch Query rule from the visualization on the panel. Lens panels are currently not supported. ### Tooltip action <img width="1081" alt="Screenshot 2025-04-09 at 11 06 25 AM" src="https://github.com/user-attachments/assets/3315cd9f-6dda-44b0-8e7c-eb295c08b89f" /> Prefill the time field from the chart, and the alert window from the dashboard's current displayed time range: <img width="588" alt="Screenshot 2025-04-09 at 11 06 46 AM" src="https://github.com/user-attachments/assets/c06a99ab-ce67-4c88-b4ff-dd6edd9e864a" /> Add an extra clause to the end of the visualization's ES|QL query to set an alert threshold based on the data point that the user clicked on: <img width="562" alt="Screenshot 2025-04-09 at 11 06 55 AM" src="https://github.com/user-attachments/assets/27a6552b-b5be-4cb7-80aa-74c683b93ae4" /> ### Context menu action <img width="1107" alt="Screenshot 2025-04-09 at 11 07 41 AM" src="https://github.com/user-attachments/assets/fe6d7f76-68e6-4345-b2a8-e47d1363d7d8" /> Creating a rule from the context menu instead of from a tooltip doesn't give us a pre-filled threshold value, so we ask the user to specify it: <img width="563" alt="Screenshot 2025-04-09 at 11 07 48 AM" src="https://github.com/user-attachments/assets/83a7f51b-bb87-4637-b602-b169b3f0a375" /> ### Supported cases #### Breakdowns and split values: <img width="1077" alt="Screenshot 2025-04-09 at 11 14 47 AM" src="https://github.com/user-attachments/assets/d691d247-27af-45d1-82ac-b50aaa20e9f9" /> <img width="556" alt="Screenshot 2025-04-09 at 11 14 56 AM" src="https://github.com/user-attachments/assets/3b97f08d-00b5-464d-8700-59d6d4a4d473" /> #### Escaping column names <img width="668" alt="Screenshot 2025-04-09 at 11 18 08 AM" src="https://github.com/user-attachments/assets/ad98cb2a-d167-4175-acd5-bc81822a2d1c" /> <img width="574" alt="Screenshot 2025-04-09 at 11 18 42 AM" src="https://github.com/user-attachments/assets/d6805e93-2592-4a66-b59e-7ceffca579c7" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ## Release note Adds the Create alert rule action to ES|QL dashboard panels, usable from the panel context menu or by right-clicking a data point on the visualization. This allows you to generate an alert when the data on the chart crosses a certain threshold. --------- Co-authored-by: mbondyra <marta.bondyra@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co> Co-authored-by: Marco Vettorello <vettorello.marco@gmail.com> Co-authored-by: Marco Liberati <dej611@users.noreply.github.com> Co-authored-by: dej611 <dej611@gmail.com>
akowalska622
pushed a commit
to akowalska622/kibana
that referenced
this pull request
May 29, 2025
## Summary fix elastic#221241 ## Bug and fix descriptions The logic that applies a time filter by updating the time picker vs adding it as a filter pill in the filter bar is described here: https://github.com/elastic/kibana/blob/e877bafa3e4725d3e7cfd3b2ca0be4bc6d88a0b9/src/platform/plugins/shared/unified_search/public/actions/apply_filter_action/apply_filter_action.tsx#L107-L114 The `extractTimeFilter` function extracts the `timeRangeFilter` only if the `timeFieldName === keys(filter.query.range)[0]` . The problem was that the first key of `query.range` was different than the `timeFieldName`. That `timeFieldName` in the ESQL world was wrongly applied via the ` table.columns[xAxisColumnIndex].name` that doesn't reflect the actual column name for ES|QL, in fact that name reflect the visualization label name for the time dimension. In particular, before the fix, that timeFieldName was set as the axis name (e.g.`@timestamp every 5 minute` ) and cause the time range filter to fail to be extracted from the filters list. A combination of two PRs caused this to be now anymore the correct behaviour: - this PR elastic#196049 introduced the use of the `souceField` as field name for the creation of filter from a range - this PR elastic#217719 instead introduced the use of `sourceField` also for ESQL datasources. This field points to the actual column name described in the ESQL query. Both PR causes the `extractTimeFilter` to fail to extract the timeFilter, pushing the filter up to the filter pills. ### Side notes This could be probably fixed in other ways, like by avoiding using the `sourceField` in ESQL, or by using only the column.name in the filter creation, or by avoiding checking the `timeFieldName` against the `query.range` key (not really sure why this is required). In general the problem here is that there is a low confidence on what these fields/params are supposed to be and which is supposted to be the identifiers to use everywhere. For example the column ids reflects only a link between the rows and the column descriptions, the name is the associated label, but can we rely on that label for filtering? i believe we need a stronger connection with the data and the actual original source field or column identifier is a better choice. I believe a valid subsequent task is elastic#189044
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Jun 3, 2025
…lization (elastic#217719) ## Summary Closes elastic#208854 This adds a tooltip action and a context menu action to the **ES|QL** panel type allowing the user to create an Elasticsearch Query rule from the visualization on the panel. Lens panels are currently not supported. ### Tooltip action <img width="1081" alt="Screenshot 2025-04-09 at 11 06 25 AM" src="https://github.com/user-attachments/assets/3315cd9f-6dda-44b0-8e7c-eb295c08b89f" /> Prefill the time field from the chart, and the alert window from the dashboard's current displayed time range: <img width="588" alt="Screenshot 2025-04-09 at 11 06 46 AM" src="https://github.com/user-attachments/assets/c06a99ab-ce67-4c88-b4ff-dd6edd9e864a" /> Add an extra clause to the end of the visualization's ES|QL query to set an alert threshold based on the data point that the user clicked on: <img width="562" alt="Screenshot 2025-04-09 at 11 06 55 AM" src="https://github.com/user-attachments/assets/27a6552b-b5be-4cb7-80aa-74c683b93ae4" /> ### Context menu action <img width="1107" alt="Screenshot 2025-04-09 at 11 07 41 AM" src="https://github.com/user-attachments/assets/fe6d7f76-68e6-4345-b2a8-e47d1363d7d8" /> Creating a rule from the context menu instead of from a tooltip doesn't give us a pre-filled threshold value, so we ask the user to specify it: <img width="563" alt="Screenshot 2025-04-09 at 11 07 48 AM" src="https://github.com/user-attachments/assets/83a7f51b-bb87-4637-b602-b169b3f0a375" /> ### Supported cases #### Breakdowns and split values: <img width="1077" alt="Screenshot 2025-04-09 at 11 14 47 AM" src="https://github.com/user-attachments/assets/d691d247-27af-45d1-82ac-b50aaa20e9f9" /> <img width="556" alt="Screenshot 2025-04-09 at 11 14 56 AM" src="https://github.com/user-attachments/assets/3b97f08d-00b5-464d-8700-59d6d4a4d473" /> #### Escaping column names <img width="668" alt="Screenshot 2025-04-09 at 11 18 08 AM" src="https://github.com/user-attachments/assets/ad98cb2a-d167-4175-acd5-bc81822a2d1c" /> <img width="574" alt="Screenshot 2025-04-09 at 11 18 42 AM" src="https://github.com/user-attachments/assets/d6805e93-2592-4a66-b59e-7ceffca579c7" /> ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [x] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [x] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) ## Release note Adds the Create alert rule action to ES|QL dashboard panels, usable from the panel context menu or by right-clicking a data point on the visualization. This allows you to generate an alert when the data on the chart crosses a certain threshold. --------- Co-authored-by: mbondyra <marta.bondyra@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Stratoula Kalafateli <efstratia.kalafateli@elastic.co> Co-authored-by: Marco Vettorello <vettorello.marco@gmail.com> Co-authored-by: Marco Liberati <dej611@users.noreply.github.com> Co-authored-by: dej611 <dej611@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
16 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #208854
This adds a tooltip action and a context menu action to the ES|QL panel type allowing the user to create an Elasticsearch Query rule from the visualization on the panel. Lens panels are currently not supported.
Tooltip action
Prefill the time field from the chart, and the alert window from the dashboard's current displayed time range:
Add an extra clause to the end of the visualization's ES|QL query to set an alert threshold based on the data point that the user clicked on:
Context menu action
Creating a rule from the context menu instead of from a tooltip doesn't give us a pre-filled threshold value, so we ask the user to specify it:
Supported cases
Breakdowns and split values:
Escaping column names
Checklist
Check the PR satisfies following conditions.
Reviewers should verify this PR satisfies this list as well.
release_note:*label is applied per the guidelinesRelease note
Adds the Create alert rule action to ES|QL dashboard panels, usable from the panel context menu or by right-clicking a data point on the visualization. This allows you to generate an alert when the data on the chart crosses a certain threshold.