Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Discover] Skip docs with event.kind: alert or signal in the log document profile heuristics #196784

Closed
davismcphee opened this issue Oct 17, 2024 · 3 comments
Closed

[Discover] Skip docs with event.kind: alert or signal in the log document profile heuristics #196784

davismcphee opened this issue Oct 17, 2024 · 3 comments
Labels
bug Fixes for quality problems that affect the customer experience Feature:Discover Discover Application impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. loe:small Small Level of Effort Project:OneDiscover Enrich Discover with contextual awareness Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. Team:obs-ux-logs Observability Logs User Experience Team

Comments

@davismcphee
Copy link
Contributor

In the Discover log document profile provider, the heuristics we use categorize all docs with data_stream.type: log as log entries. This enables contextual features for these docs such as the log overview tab in the doc viewer flyout. The issue is that for some alerts (event.kind: alert or signal), all of the source event fields are added to the resulting doc, which may include fields with data_stream.type: log. This causes Discover to treat the doc as a log when it should instead be treated as an alert. In order to avoid this issue, we should update the log document profile provider heuristics to ignore docs with event.kind: alert or signal.
@davismcphee davismcphee added bug Fixes for quality problems that affect the customer experience Feature:Discover Discover Application impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. loe:small Small Level of Effort Project:OneDiscover Enrich Discover with contextual awareness Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. labels Oct 17, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

@davismcphee davismcphee added the Team:obs-ux-logs Observability Logs User Experience Team label Oct 21, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/obs-ux-logs-team (Team:obs-ux-logs)

@kertal
Copy link
Member

kertal commented Jan 9, 2025

we agreed to close this for now, it's not planned but might bubble up in future work, if needed

@kertal kertal closed this as not planned Won't fix, can't repro, duplicate, stale Jan 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience Feature:Discover Discover Application impact:high Addressing this issue will have a high level of impact on the quality/strength of our product. loe:small Small Level of Effort Project:OneDiscover Enrich Discover with contextual awareness Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. Team:obs-ux-logs Observability Logs User Experience Team
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kertal @elasticmachine @davismcphee