Skip to content

[ML] Displays document count chart for ES|QL categorize queries#231459

Merged
jgowdyelastic merged 20 commits intoelastic:mainfrom
jgowdyelastic:use-document-chart-with-categorize-esql-command
Sep 23, 2025
Merged

[ML] Displays document count chart for ES|QL categorize queries#231459
jgowdyelastic merged 20 commits intoelastic:mainfrom
jgowdyelastic:use-document-chart-with-categorize-esql-command

Conversation

@jgowdyelastic
Copy link
Copy Markdown
Member

@jgowdyelastic jgowdyelastic commented Aug 12, 2025
edited
Loading

Overrides the chart query when a categorize query is detected so that it renders a simple doc count rather than the count of all patterns.

image
@jgowdyelastic jgowdyelastic self-assigned this Aug 26, 2025
@jgowdyelastic jgowdyelastic added release_note:enhancement Feature:Discover Discover Application :ml backport:skip This PR does not require backporting v9.2.0 labels Aug 26, 2025
@jgowdyelastic jgowdyelastic marked this pull request as ready for review August 26, 2025 18:21
@jgowdyelastic jgowdyelastic requested review from a team as code owners August 26, 2025 18:21
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Aug 26, 2025

Pinging @elastic/ml-ui (:ml)
rbrtj
rbrtj approved these changes Aug 27, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@rbrtj rbrtj left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just a heads up, if no timestamp is found, the histogram won't be shown. Previously, it was always displayed with the pattern count, but that's okay, I guess
@stratoula
Copy link
Copy Markdown
Contributor

stratoula commented Aug 28, 2025
edited
Loading

The fact that we are not suggesting anything now if there is no @timestamp in the source seems a bit concerning to me.

What we could do is on the recommendations to also suggest the time params (which enable the time picker for sources without the @timestamp field.

So this

FROM meow
  | WHERE datefield <= ?_tend AND datefield > ?_tstart
  | SAMPLE .001
  | STATS Count=COUNT(*)/.001 BY Pattern=CATEGORIZE(category)
  | SORT Count DESC

instead of

FROM meow
  | SAMPLE .001
  | STATS Count=COUNT(*)/.001 BY Pattern=CATEGORIZE(category)
  | SORT Count DESC

Of course the users now need to know that. Maybe the recommendation is a good training point but still. It is a business decision after all. But at least let's suggest it on the recommendations
Copilot AI review requested due to automatic review settings September 5, 2025 08:05
Copilot AI reviewed Sep 5, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR improves the chart rendering for ES|QL categorize queries by showing a simple document count histogram instead of the count of all patterns. The change ensures that categorize queries display more meaningful chart visualizations.

Key changes:

  • Modified the chart query detection to override categorize queries with a document count chart
  • Fixed array indexing for the categorize field extraction
  • Removed unused visualization attribute modifications and imports

Reviewed Changes

Copilot reviewed 2 out of 3 changed files in this pull request and generated no comments.

File Description
src/platform/plugins/shared/discover/public/context_awareness/profile_providers/common/patterns/profile.ts Fixes array indexing for categorize field and removes unused visualization modifications
src/platform/packages/shared/kbn-unified-histogram/services/lens_vis_service.ts Adds categorize query detection and document count chart override logic
@jgowdyelastic
Copy link
Copy Markdown
Member Author

jgowdyelastic commented Sep 18, 2025

What we could do is on the recommendations to also suggest the time params (which enable the time picker for sources without the @timestamp field.

I've added this change. It adds | WHERE ${timeField} <=?_tend and ${timeField} >?_tstart to the recommended query when there is a time field.
If there is no time field, the query is the same as before and no chart is displayed.
peteharverson
peteharverson approved these changes Sep 22, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@peteharverson peteharverson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, using the edits to the recommended query with the start / end params.

The document count chart provides a better UX than the current bar chart - consistency with the chart displayed for other queries, with ability to zoom in to time ranges on the chart. This will also pave the way for showing how the doc counts for a pattern compare to the baseline in future enhancements.
stratoula
stratoula approved these changes Sep 22, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@stratoula stratoula left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ES|QL changes LGTM, code review only
jughosta
jughosta reviewed Sep 23, 2025
View reviewed changes
Comment thread src/platform/packages/shared/kbn-unified-histogram/services/lens_vis_service.ts Outdated
Comment on lines +255 to +258
availableSuggestionsWithType.push({
suggestion: histogramSuggestionForESQL,
type: UnifiedHistogramSuggestionType.histogramForESQL,
});
Copy link
Copy Markdown
Contributor

@jughosta jughosta Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
availableSuggestionsWithType.push({
suggestion: histogramSuggestionForESQL,
type: UnifiedHistogramSuggestionType.histogramForESQL,
});
if (histogramSuggestionForESQL) {
availableSuggestionsWithType.push({
suggestion: histogramSuggestionForESQL,
type: UnifiedHistogramSuggestionType.histogramForESQL,
});
}

can we additionally check that it returned a valid suggestion?
Copy link
Copy Markdown
Member Author

@jgowdyelastic jgowdyelastic Sep 23, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated in cad683e
@elasticmachine
Copy link
Copy Markdown
Contributor

elasticmachine commented Sep 23, 2025

💚 Build Succeeded

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
discover 1.2MB 1.2MB +92.0B
unifiedSearch 354.3KB 354.5KB +137.0B
total +229.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
kbnUiSharedDeps-srcJs 3.9MB 3.9MB +137.0B

History

cc @jgowdyelastic
jughosta
jughosta approved these changes Sep 23, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@jughosta jughosta left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Data Discovery changes LGTM - code review only
@jgowdyelastic jgowdyelastic merged commit ef257e7 into elastic:main Sep 23, 2025
13 checks passed
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Sep 24, 2025
@jgowdyelastic @CAWilson94
[ML] Use document count chart for ES|QL categorize queries (elastic#2…
d48df0c 
…31459)

Overrides the chart query when a categorize query is detected so that it
renders a simple doc count rather than the count of all patterns.

<img width="1438" height="1101" alt="image"
src="https://github.com/user-attachments/assets/08874499-d358-4045-a65b-9004c5330fb1"
/>
@peteharverson peteharverson changed the title [ML] Use document count chart for ES|QL categorize queries Sep 24, 2025
@peteharverson peteharverson mentioned this pull request Sep 29, 2025
Closed
niros1 pushed a commit that referenced this pull request Sep 30, 2025
@jgowdyelastic @niros1
[ML] Use document count chart for ES|QL categorize queries (#231459)
9cf3df9 
Overrides the chart query when a categorize query is detected so that it
renders a simple doc count rather than the count of all patterns.

<img width="1438" height="1101" alt="image"
src="https://github.com/user-attachments/assets/08874499-d358-4045-a65b-9004c5330fb1"
/>
rylnd pushed a commit to rylnd/kibana that referenced this pull request Oct 17, 2025
@jgowdyelastic
[ML] Use document count chart for ES|QL categorize queries (elastic#2…
711d8f8 
…31459)

Overrides the chart query when a categorize query is detected so that it
renders a simple doc count rather than the count of all patterns.

<img width="1438" height="1101" alt="image"
src="https://github.com/user-attachments/assets/08874499-d358-4045-a65b-9004c5330fb1"
/>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

backport:skip This PR does not require backporting Feature:Discover Discover Application :ml release_note:enhancement v9.2.0

8 participants

@jgowdyelastic @elasticmachine @stratoula @drewdaemon @jughosta @peteharverson @rbrtj