Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[KQL] Allow comparing the values for different fields #110699

Closed
Tracked by #166068
lukasolson opened this issue Aug 31, 2021 · 8 comments
Closed
Tracked by #166068

[KQL] Allow comparing the values for different fields #110699

lukasolson opened this issue Aug 31, 2021 · 8 comments
Labels
enhancement New value added to drive a business result Feature:KQL KQL Feature:Search Querying infrastructure in Kibana Icebox impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:large Large Level of Effort Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL.

Comments

@lukasolson
Copy link
Member

Describe the feature:

It would be great if you could compare the values for different fields inside KQL, such as the following:

geo.src = geo.dest or memory <= phpmemory

This sort of thing should be possible using runtime fields.
@lukasolson lukasolson added enhancement New value added to drive a business result Feature:KQL KQL Team:AppServices labels Aug 31, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-app-services (Team:AppServices)

@exalate-issue-sync exalate-issue-sync bot added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:small Small Level of Effort labels Sep 20, 2021
@katdti
Copy link

katdti commented Dec 7, 2021

Yes - please add this feature.
I am missing more advanced search options when doing ad-hoc investigating of logs.
Inspiration:
https://docs.datalust.co/docs/sql-queries
allows easy search and convert of result into graphs
(No- I do not work at datalust)

@exalate-issue-sync exalate-issue-sync bot added loe:medium Medium Level of Effort and removed loe:small Small Level of Effort labels Apr 7, 2022
@petrklapka petrklapka added Feature:Search Querying infrastructure in Kibana Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. and removed Team:AppServicesSv labels Nov 23, 2022
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

@lukasolson lukasolson added impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. loe:large Large Level of Effort and removed impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:medium Medium Level of Effort labels Feb 21, 2023
@lukasolson
Copy link
Member Author

Just wanted to add that this is currently possible (although not the most user friendly) by creating a runtime and filtering on it. For example, to filter documents where geo.src = geo.dest, you can create a field, srcdest with the following script:

emit(doc['geo.src'].value == doc['geo.dest'].value)

Then, in the KQL bar, you can query for srcdest: true.

@lukasolson
Copy link
Member Author

Related: elastic/elasticsearch#34400

@lukasolson lukasolson added impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. and removed impact:medium Addressing this issue will have a medium level of impact on the quality/strength of our product. labels Mar 7, 2023
@kertal
Copy link
Member

kertal commented May 23, 2023

@lukasolson I'd consider this as blocked since it should be preferable implemented on ES side? WDYT?

@kertal
Copy link
Member

kertal commented May 23, 2023

I like the functionality neithertheless :)

@nettnikl nettnikl mentioned this issue Jun 7, 2023
Closed
@kertal kertal mentioned this issue Sep 8, 2023
Open
@kertal kertal added the Icebox label Oct 1, 2024
@kertal
Copy link
Member

kertal commented Oct 1, 2024

Closing this because it's not planned to be resolved in the foreseeable future. It will be tracked in our Icebox and will be re-opened if our priorities change. Feel free to re-open if you think it should be melted sooner.

This works when using ES|QL https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html

@kertal kertal closed this as not planned Won't fix, can't repro, duplicate, stale Oct 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Feature:KQL KQL Feature:Search Querying infrastructure in Kibana Icebox impact:low Addressing this issue will have a low level of impact on the quality/strength of our product. loe:large Large Level of Effort Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@kertal @lukasolson @elasticmachine @katdti @petrklapka