Binding different visualizations on specific fields. Make it possible for multi index correlations.

[fyodorr]

Describe the feature:

Make it possible for Kibana to bind different visualizations.

For example the McAfee ESM implementation:

"Binding dashboard widgets links the data between those widgets. Then, when you change data in a parent widget, the data in the bound widget also changes, creating an interactive view. For example, if you bind a widget to a source IP address and then choose a specific IP address in the parent widget, the bound widget filters its data by that IP address. Changing the selection in the parent widget refreshes the child widget's data."

Describe a specific use case for the feature:

Make it possible for use of different indexes for example fw-logs, proxy and DHCP.
When you are building dashboards you can visualize computers in a separate visualization that bind to a different index. Now you have to enrich the current index for displaying that information.

Thus make it possible to search for events in example fw-logs and display the computer name from a different index containing DHCP logs (binding on src_ip) with a different search in the fw-logs.

[bhavyarm]

pinging @elastic/kibana-app

[fyodorr]

Add some information

Index-Firewall

src:10.0.0.1
dst:1.2.3.4
threatintel_d:"Bad domain"

Index-DHCP

src:10.0.0.1
src_name:Computer01
src_mac:00:00:00..

Search: Index-* for threatintel_d:*

Result:10.0.0.1

Visualization-1 Kibana
Index-Firewall
src: 10.0.0.1

Visualization-2 Kibana
Index-DHCP
src: 10.0.0.1 (from results of search, binding on Index-Firewall and field src)
src_name:Computer01

Now we have to enrich all the firewall logs with computer names to get that information. It would give a quick win if you could bind visualizations to field from a search.

[timroes]

This will in the future be possible due to Kibana Actions. I'll close this in favor of #32371 (which might have other issues around that linked).