[ES|QL] Ignore drop commands for date histogram in discover

[dej611]

Summary

Fixes #169907

This PR cleans the ES|QL statement from DROP commands before sending it over for the date histogram chart in Lens.

Checklist

Delete any items that are not applicable to this PR.

• Unit or functional tests were updated or added to match the most common scenarios

[elasticmachine]

Pinging @elastic/kibana-visualizations (Team:Visualizations)

[elasticmachine]

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

[stratoula]

@dej611 looks great. How easy is to not display the @timestamp column in the datatable?

[dej611]

@dej611 looks great. How easy is to not display the @timestamp column in the datatable?

Fixed with c47ab3f .
I believe the fix will be temporary as there's a root problem with the dataView which does not get updated with the ES|QL query, together with the @timestamp detection in the unified search. I see how an "extended" dataView can be useful here but perhaps it is worth a discussion to define some boundaries.

[stratoula]

We lost the @timestamp column here and we dont want it. We want the @timestamp column to disappear when the user drops the @timestamp if possible not always.

[stratoula]

This hides the @timestamp column all the time. We don't want that. We just want to hide it when the user is dropping the field

[dej611]

Fixed with 78fae0a added also a full text coverage for the new utility function.

[stratoula]

Changes LGTM, this works exactly as I am expecting 👏

[weltenwort]

Please excuse my naive and uninvited question, but we're also consumers of the unified histogram. 😇

Is this string manipulation safe without parsing the ES|QL AST? What happens to a query like FROM es-audit-logs | WHERE query LIKE '*| DROP @timestamp*'? And are there other ES|QL operations that need to be guarded against?

[jughosta]

Iterating through all results can be a long operation. Can we avoid it?

[jughosta]

For example, we could search in the returned ESQL fields. UnifiedDataTable accesses them via columnTypes. So in your case it could be:

return Boolean(columnTypes[timeFieldName])

[dej611]

Fixed with 4db4e3a

[jughosta]

Would be great to describe the purpose of the clean up. Or at least change the function name to something like cleanupESQLQueryForLensSuggestions

[dej611]

Fixed with fc4c37f

[dej611]

Please excuse my naive and uninvited question, but we're also consumers of the unified histogram. 😇

Is this string manipulation safe without parsing the ES|QL AST? What happens to a query like FROM es-audit-logs | WHERE query LIKE '*| DROP @timestamp*'? And are there other ES|QL operations that need to be guarded against?

This is more a general issue and probably with #170071 will be possible to perform query manipulation like that. For now that ES|QL query will break as there's often the basic assumption that commands are separated by | (query.split('|') in lots of places...).

[jughosta]

LGTM 👍

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 4db4e3a

Metrics [docs]

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
@kbn/es-query	199	201	+2

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
cloudSecurityPosture	401.3KB	401.5KB	+147.0B
discover	589.3KB	589.4KB	+149.0B
unifiedHistogram	50.6KB	50.6KB	+47.0B
total			+343.0B

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
kbnUiSharedDeps-srcJs	2.2MB	2.2MB	+150.0B

Unknown metric groups

API count

id	before	after	diff
@kbn/es-query	259	261	+2

History

• 💚 Build #179027 succeeded 78fae0a
• 💚 Build #178983 succeeded 3e516da
• 💚 Build #178789 succeeded 982d33b
• 💛 Build #178348 was flaky 9711de8
• 💔 Build #178125 failed ab3b740

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream