Context (surrounding docs) based on non-timestamp fields #57812
Labels
Feature:Data Views
Data Views code and UI - index patterns before 8.0
Feature:Discover
Discover Application
Icebox
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
loe:medium
Medium Level of Effort
Team:DataDiscovery
Discover App Team (Document Explorer, Saved Search, Surrounding documents, Graph)
Comments
monfera
added
Feature:Data Views
|
Pinging @elastic/kibana-app (Team:KibanaApp) |
|
cc @nreese |
|
@aidofitz This sounds like a familiar use case. Have you looked at our observability functionality? Its advanced significantly since you created this issue. |
timroes
added
Team:DataDiscovery
kertal
added
impact:low
|
Closing this because it's not planned to be resolved in the foreseeable future. It will be tracked in our Icebox and will be re-opened if our priorities change. Feel free to re-open if you think it should be melted sooner. We're always interested in hearing our users opinions ❤️! |
|
understood, thanks, no problem!
…On Thu, 7 Sept 2023 at 04:50, Matthias Wilhelm ***@***.***> wrote:
Closing this because it's not planned to be resolved in the foreseeable
future. It will be tracked in our Icebox and will be re-opened if our
priorities change. Feel free to re-open if you think it should be melted
sooner. We're always interested in hearing our users opinions ❤️!
—
Reply to this email directly, view it on GitHub
<#57812 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AC2KCUGIED4S7I2BUV6WZB3XZE77RANCNFSM4KWT4TAA>
.
You are receiving this because you were mentioned.Message ID:
***@***.***>
|
|
Just to add a note: your suggestion would make definitely make sense, so I hope we can implement it somewhere in the future |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We're using ELK for log aggregation and analysis. We ingest multiple log files in real time from multiple servers. One of the main use cases for our users is to search for (say) a customer id, and then they want to focus in on the surrounding events in the specific log file that the matching event originates from.
So, to achieve the above use case currently, what our users do is (in Discover) run their search to find a document they are interested in, then expand that and add filters to match our server name field and our log file name field, to see only events from that particular file. (This is an overly simple example - they generally have to add a few more filters than that, and the types of filters vary for different user groups depending on the data they look at).
I'd like them to be able to achieve the above using the "View Surrounding Documents". The way i envisage this working is that in the definition of an index pattern, there'd be a way of defining the field(s) that provide context for a document. E.g. we'd specify "serverName" as a context field, and then on a click of "View Surrounding Documents", Kibana would switch to the context view as currently, but would also automatically apply a filter on field "serverName" to match the value of the field in the original document.
Thanks
Adrian
First logged here:
https://discuss.elastic.co/t/possible-feature-request-context-surrounding-docs-based-on-non-timestamp-fields/219355
The text was updated successfully, but these errors were encountered: