Sessions tab improvements #131583
Sessions tab improvements #131583
Conversation
…solves a few problems wrt to query ability. default columns modified and display names provided for each
mitodrummer
added
v8.2.1
Team: AWP: Visualization
mitodrummer
added
auto-backport
|
One question I do have is wrt cache busting localstorage to erase the default columns stored for the sessions table. I noticed I had to call localStorage.clear() anytime i made changes to these defaults. Is there a mechanism to force all users to wipe these defaults from local storage? cc @kqualters-elastic @YulNaumenko @michaelolo24 |
Would changing the timeline id do just that, or would that cause problems elsewhere? |
I also didn't see another local storage clearing mechanism, so it seems to be the only way to do so unless local storage gets erased when the kibana version is upgraded. But it's safe to change the timeline id value since it has nothing to do with search strategy, however, you will need to change the across all files that reference |
| }, | ||
| { | ||
| columnHeaderType: defaultColumnHeaderType, | ||
| id: MAPPED_PROCESS_END_COLUMN, | ||
| display: 'process.end', |
|
@mitodrummer changing the timeline id will work as a cache busting mechanism, alternatively, if you just want to filter out any no longer existing columns or something along those lines, code to "migrate" local storage settings exists here x-pack/plugins/security_solution/public/timelines/containers/local_storage/index.tsx |
mitodrummer
added
backport:skip
💚 Build SucceededMetrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: |
…hromium-to-print-pdf-part-1 * 'main' of github.com:elastic/kibana: (59 commits) [Cloud Posture] Enabled findings group by feature (elastic#131780) [EBT] Fix `userId` generation (elastic#131701) [RAM] Add shareable rule tag filter (elastic#130710) Optimize package installation performance, phase 2 (elastic#131627) [Screenshotting] instrument for benchmark tests using new EventLogger class (elastic#130356) [Connector] Adding internal route for requesting ad-hoc ServiceNow access token (elastic#131171) [ci] bump kibana-buildkite-library (elastic#131754) [Synthetics] UI clean up (elastic#131598) [RsponseOps] Fix flaky rules list test (elastic#131567) [Cases] Add severity field to create case (elastic#131626) [Discover] Monospace font in Document Explorer (elastic#131513) Sessions tab improvements (elastic#131583) Add cloud icon "ess-icon" at the end of the config keys in "alerting" documentation (elastic#131735) [DOCS] Updates deprecation text for legacy APIs (elastic#131741) [ci] break out skip patterns so they can change without triggering CI (elastic#131726) Adjust search session management page font size (elastic#131291) [Unified search] Fix uptime css problem (elastic#131730) [Actionable Observability] Link to filtered rules page (elastic#131629) Add openAPI specifications for cases endpoint (elastic#131275) Display rule API key owner to users who can manage API keys (elastic#131662) ... # Conflicts: # x-pack/plugins/screenshotting/server/formats/pdf/index.ts # x-pack/plugins/screenshotting/server/screenshots/observable.ts
* session tab query modified query all events, not just entry leaders. solves a few problems wrt to query ability. default columns modified and display names provided for each * snapshot updated * readded test * Default sort set to process.entry_leader.start desc * sessions tab timeline id changed to cache bust localstorage for table column configs * missed a couple spots for session tab timeline id update Co-authored-by: mitodrummer <[email protected]>
|
Hi @mitodrummer, We have validated above issue on 8.3.0 BC3 and it's working fine ✅. Build info:
Screenshots:
Hence, marking this as QA Validated. Thanks! |
ghost
added
the
Summary
The PR makes changes to the sessions tab query strategy, and updates the default table columns (including the addition of display names for each to improve readability).
The main change to the query involves removing the process.entry_leader.same_as_process contraint, which caused the table to only load entry session leader events. Infering a list of sessions from only session leaders leads to a couple problems.
a) if a session did not record or had filtered out a session leader, we would not see a row for it (even if there were process events for the session). Many non interactive service sessions would not show because of this.
b) when doing a top level search for events which may have happened within a session (e.g searching for all sessions where an 'ls' command was typed), we always return 0 results (because we were only searching entry session leader events). This opens up a much more compelling use case for the sessions tab, and makes finding relevant sessions possible.
Also, in revamping the session table default columns, process.pid (not important) and process.end (difficult to infer) were dropped. Which should hopefully address the concerns in this ticket #130360
Preview of the default columns:
Checklist
Delete any items that are not applicable to this PR.