forked from elastic/kibana
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[RCA] Events timeline !! (elastic#193265)
## Summary Events timeline !! <img width="1728" alt="image" src="https://github.com/user-attachments/assets/c00c2368-5f7e-4e5e-a6a1-cbcfacb859cd"> --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 89f2802)
- Loading branch information
Showing
15 changed files
with
351 additions
and
13 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
16 changes: 16 additions & 0 deletions
16
x-pack/packages/observability/observability_utils/chart/utils.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { BrushEvent } from '@elastic/charts'; | ||
import moment from 'moment'; | ||
|
||
export function getBrushData(e: BrushEvent) { | ||
const [from, to] = [Number(e.x?.[0]), Number(e.x?.[1])]; | ||
const [fromUtc, toUtc] = [moment(from).format(), moment(to).format()]; | ||
|
||
return { from: fromUtc, to: toUtc }; | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
70 changes: 70 additions & 0 deletions
70
x-pack/plugins/observability_solution/investigate_app/public/hooks/use_fetch_events.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,70 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { i18n } from '@kbn/i18n'; | ||
import { useQuery } from '@tanstack/react-query'; | ||
import { GetEventsResponse } from '@kbn/investigation-shared'; | ||
import { investigationKeys } from './query_key_factory'; | ||
import { useKibana } from './use_kibana'; | ||
|
||
export interface Response { | ||
isInitialLoading: boolean; | ||
isLoading: boolean; | ||
isRefetching: boolean; | ||
isSuccess: boolean; | ||
isError: boolean; | ||
data?: GetEventsResponse; | ||
} | ||
|
||
export function useFetchEvents({ | ||
rangeFrom, | ||
rangeTo, | ||
}: { | ||
rangeFrom?: string; | ||
rangeTo?: string; | ||
}): Response { | ||
const { | ||
core: { | ||
http, | ||
notifications: { toasts }, | ||
}, | ||
} = useKibana(); | ||
|
||
const { isInitialLoading, isLoading, isError, isSuccess, isRefetching, data } = useQuery({ | ||
queryKey: investigationKeys.events(rangeFrom, rangeTo), | ||
queryFn: async ({ signal }) => { | ||
return await http.get<GetEventsResponse>(`/api/observability/events`, { | ||
query: { | ||
rangeFrom, | ||
rangeTo, | ||
}, | ||
version: '2023-10-31', | ||
signal, | ||
}); | ||
}, | ||
cacheTime: 600 * 1000, // 10_minutes | ||
staleTime: 0, | ||
refetchOnWindowFocus: false, | ||
retry: false, | ||
onError: (error: Error) => { | ||
toasts.addError(error, { | ||
title: i18n.translate('xpack.investigateApp.events.fetch.error', { | ||
defaultMessage: 'Something went wrong while fetching the events', | ||
}), | ||
}); | ||
}, | ||
}); | ||
|
||
return { | ||
data, | ||
isInitialLoading, | ||
isLoading, | ||
isRefetching, | ||
isSuccess, | ||
isError, | ||
}; | ||
} |
34 changes: 34 additions & 0 deletions
34
..._solution/investigate_app/public/pages/details/components/events_timeline/alert_event.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,34 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { LineAnnotation, AnnotationDomainType } from '@elastic/charts'; | ||
import { EuiIcon } from '@elastic/eui'; | ||
import React from 'react'; | ||
import moment from 'moment'; | ||
import { EventSchema } from '@kbn/investigation-shared'; | ||
|
||
export const AlertEvent = ({ event }: { event: EventSchema }) => { | ||
return ( | ||
<LineAnnotation | ||
id={event.id} | ||
domainType={AnnotationDomainType.XDomain} | ||
marker={ | ||
<span> | ||
<EuiIcon style={{ marginTop: -16 }} type="dot" size="l" color="danger" /> | ||
</span> | ||
} | ||
markerPosition="bottom" | ||
dataValues={[ | ||
{ | ||
dataValue: moment(event.timestamp).valueOf(), | ||
header: moment(event.timestamp).format('lll'), | ||
details: event.description, | ||
}, | ||
]} | ||
/> | ||
); | ||
}; |
36 changes: 36 additions & 0 deletions
36
...tion/investigate_app/public/pages/details/components/events_timeline/annotation_event.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import React from 'react'; | ||
import moment from 'moment'; | ||
import { AnnotationDomainType, LineAnnotation } from '@elastic/charts'; | ||
import { EuiIcon } from '@elastic/eui'; | ||
import { EventSchema } from '@kbn/investigation-shared'; | ||
|
||
export function AnnotationEvent({ event }: { event: EventSchema }) { | ||
const timestamp = event.timestamp; | ||
|
||
return ( | ||
<LineAnnotation | ||
id={event.id} | ||
domainType={AnnotationDomainType.XDomain} | ||
dataValues={[ | ||
{ | ||
dataValue: moment(timestamp).valueOf(), | ||
details: event.description, | ||
header: moment(event.timestamp).format('lll'), | ||
}, | ||
]} | ||
marker={ | ||
<span> | ||
<EuiIcon style={{ marginTop: -16 }} type="dot" size="l" /> | ||
</span> | ||
} | ||
markerPosition="bottom" | ||
/> | ||
); | ||
} |
114 changes: 114 additions & 0 deletions
114
...ution/investigate_app/public/pages/details/components/events_timeline/events_timeline.tsx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
import React, { useMemo, useRef } from 'react'; | ||
import moment from 'moment'; | ||
|
||
import { Chart, Axis, AreaSeries, Position, ScaleType, Settings } from '@elastic/charts'; | ||
import { useActiveCursor } from '@kbn/charts-plugin/public'; | ||
import { EuiSkeletonText } from '@elastic/eui'; | ||
import { getBrushData } from '@kbn/observability-utils/chart/utils'; | ||
import { AnnotationEvent } from './annotation_event'; | ||
import { TIME_LINE_THEME } from './timeline_theme'; | ||
import { useFetchEvents } from '../../../../hooks/use_fetch_events'; | ||
import { useInvestigation } from '../../contexts/investigation_context'; | ||
import { useKibana } from '../../../../hooks/use_kibana'; | ||
import { AlertEvent } from './alert_event'; | ||
|
||
export const EventsTimeLine = () => { | ||
const { dependencies } = useKibana(); | ||
|
||
const baseTheme = dependencies.start.charts.theme.useChartsBaseTheme(); | ||
|
||
const { globalParams, updateInvestigationParams } = useInvestigation(); | ||
|
||
const { data: events, isLoading } = useFetchEvents({ | ||
rangeFrom: globalParams.timeRange.from, | ||
rangeTo: globalParams.timeRange.to, | ||
}); | ||
|
||
const chartRef = useRef(null); | ||
const handleCursorUpdate = useActiveCursor(dependencies.start.charts.activeCursor, chartRef, { | ||
isDateHistogram: true, | ||
}); | ||
|
||
const data = useMemo(() => { | ||
const points = [ | ||
{ x: moment(globalParams.timeRange.from).valueOf(), y: 0 }, | ||
{ x: moment(globalParams.timeRange.to).valueOf(), y: 0 }, | ||
]; | ||
|
||
// adding 100 fake points to the chart so the chart shows cursor on hover | ||
for (let i = 0; i < 100; i++) { | ||
const diff = | ||
moment(globalParams.timeRange.to).valueOf() - moment(globalParams.timeRange.from).valueOf(); | ||
points.push({ x: moment(globalParams.timeRange.from).valueOf() + (diff / 100) * i, y: 0 }); | ||
} | ||
return points; | ||
}, [globalParams.timeRange.from, globalParams.timeRange.to]); | ||
|
||
if (isLoading) { | ||
return <EuiSkeletonText />; | ||
} | ||
|
||
const alertEvents = events?.filter((evt) => evt.eventType === 'alert'); | ||
const annotations = events?.filter((evt) => evt.eventType === 'annotation'); | ||
|
||
return ( | ||
<> | ||
<Chart size={['100%', 100]} ref={chartRef}> | ||
<Settings | ||
xDomain={{ | ||
min: moment(globalParams.timeRange.from).valueOf(), | ||
max: moment(globalParams.timeRange.to).valueOf(), | ||
}} | ||
theme={TIME_LINE_THEME} | ||
baseTheme={baseTheme} | ||
onPointerUpdate={handleCursorUpdate} | ||
externalPointerEvents={{ | ||
tooltip: { visible: true }, | ||
}} | ||
onBrushEnd={(brush) => { | ||
const { from, to } = getBrushData(brush); | ||
updateInvestigationParams({ | ||
timeRange: { from, to }, | ||
}); | ||
}} | ||
/> | ||
<Axis id="y" position={Position.Left} hide /> | ||
<Axis | ||
id="x" | ||
position={Position.Bottom} | ||
tickFormat={(d) => moment(d).format('LTS')} | ||
style={{ | ||
tickLine: { | ||
visible: true, | ||
strokeWidth: 1, | ||
stroke: '#98A2B3', | ||
}, | ||
}} | ||
/> | ||
|
||
{alertEvents?.map((event) => ( | ||
<AlertEvent key={event.id} event={event} /> | ||
))} | ||
|
||
{annotations?.map((annotation) => ( | ||
<AnnotationEvent key={annotation.id} event={annotation} /> | ||
))} | ||
|
||
<AreaSeries | ||
id="Time" | ||
xScaleType={ScaleType.Time} | ||
xAccessor="x" | ||
yAccessors={['y']} | ||
data={data} | ||
filterSeriesInTooltip={() => false} | ||
/> | ||
</Chart> | ||
</> | ||
); | ||
}; |
47 changes: 47 additions & 0 deletions
47
...olution/investigate_app/public/pages/details/components/events_timeline/timeline_theme.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { PartialTheme } from '@elastic/charts'; | ||
|
||
export const TIME_LINE_THEME: PartialTheme = { | ||
highlighter: { | ||
point: { | ||
opacity: 0, | ||
}, | ||
}, | ||
axes: { | ||
gridLine: { | ||
horizontal: { | ||
visible: false, | ||
}, | ||
vertical: { | ||
visible: false, | ||
}, | ||
}, | ||
axisLine: { | ||
strokeWidth: 1, | ||
stroke: '#98A2B3', | ||
}, | ||
}, | ||
chartMargins: { | ||
bottom: 10, | ||
top: 10, | ||
}, | ||
areaSeriesStyle: { | ||
area: { | ||
visible: false, | ||
}, | ||
line: { | ||
visible: false, | ||
}, | ||
}, | ||
lineAnnotation: { | ||
line: { | ||
opacity: 0, | ||
}, | ||
}, | ||
}; |
Oops, something went wrong.