Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Data view field conflicts resolving by filtering data #187860

Closed
Tracked by #166175
philippkahr opened this issue Jul 9, 2024 · 2 comments
Closed
Tracked by #166175

Data view field conflicts resolving by filtering data #187860

philippkahr opened this issue Jul 9, 2024 · 2 comments
Labels
enhancement New value added to drive a business result Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL.

Comments

@philippkahr
Copy link
Contributor

**Kibana version: 8.14.0 **

Describe the bug:
I know that field conflicts are an issue and the data view is telling me about it. I like to use the generic data views such as logs-* which enable this problem.

What I would expect is if I have to data streams:

demo-kibana.log
demo-kibana.audit

where one maps the source.ip as ip and one maps it as keyword. That the data view: demo-kibana.* shows a conflict. That is working as expected.
Now when I add a KQL and filter down using constant keyword: demo-kibana.log I would expect the conflict to go away and for Kibana to let me use the field. Because within the same dataset the field is mapped the same. There is no conflict within demo-kibana.log there is a conflict between kibana.log and kibana.audit
The issue is that this also forbids me to use in controls since the data view “errors”.
I would expect Kibana to reevaluate the fields once I add a KQL that filters me away entire shards that create this issue, such as using constant keyword for data_stream.dataset.

Steps to reproduce:

PUT _index_template/demo-kibana.audit
{
  "template": {
    "mappings": {
      "properties": {
        "data_stream": {
          "type": "object",
          "properties": {
            "dataset": {
              "type": "constant_keyword"
            }
          }
        },
        "source": {
          "type": "object",
          "properties": {
            "ip": {
              "type": "keyword"
            }
          }
        }
      }
    }
  },
  "index_patterns": [
    "demo-kibana.audit-*"
  ],
  "data_stream": {}
}

PUT _index_template/demo-kibana.log
{
  "template": {
    "mappings": {
      "properties": {
        "data_stream": {
          "type": "object",
          "properties": {
            "dataset": {
              "type": "constant_keyword"
            }
          }
        },
        "source": {
          "type": "object",
          "properties": {
            "ip": {
              "type": "ip"
            }
          }
        }
      }
    }
  },
  "index_patterns": [
    "demo-kibana.log-*"
  ],
  "data_stream": {}
}

PUT _data_stream/demo-kibana.log-default
PUT _data_stream/demo-kibana.audit-default

POST demo-kibana.log-default/_doc
{
  "@timestamp": "2024-07-09T12:00:00.000Z",
  "data_stream": {
    "dataset": "kibana.log"
  },
  "source": {
    "ip": "192.168.0.1"
  }
}

POST demo-kibana.audit-default/_doc
{
  "@timestamp": "2024-07-09T12:00:00.000Z",
  "data_stream": {
    "dataset": "kibana.audit"
  },
  "source": {
    "ip": "192.168.0.1"
  }
}

Expected behavior:

When filtering down to a subset the fields shold be re-evaluated. Making sure that there are only conflicts within the actual queried indices.

Screenshots (if relevant):
Screenshot 2024-07-09 at 14 28 09
Screenshot 2024-07-09 at 14 28 29
@philippkahr philippkahr added the bug Fixes for quality problems that affect the customer experience label Jul 9, 2024
@botelastic botelastic bot added the needs-team Issues missing a team label label Jul 9, 2024
@mattkime mattkime added enhancement New value added to drive a business result Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL. and removed bug Fixes for quality problems that affect the customer experience labels Jul 9, 2024
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-data-discovery (Team:DataDiscovery)

@botelastic botelastic bot removed the needs-team Issues missing a team label label Jul 9, 2024
@mattkime mattkime removed their assignment Sep 28, 2024
@kertal kertal mentioned this issue Oct 22, 2024
Open
@kertal
Copy link
Member

kertal commented Oct 22, 2024

Closing this because it's not planned to be resolved in the foreseeable future. It will be tracked in our Icebox and will be re-opened if our priorities change. Feel free to re-open if you think it should be melted sooner.

@kertal kertal closed this as not planned Won't fix, can't repro, duplicate, stale Oct 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New value added to drive a business result Team:DataDiscovery Discover, search (e.g. data plugin and KQL), data views, saved searches. For ES|QL, use Team:ES|QL.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mattkime @kertal @philippkahr @elasticmachine