[Discover] Add logs source and document contexts

[weltenwort]

📝 Summary

This PR adds basic implementations for resolving "logs" data source and document contexts to their respective profiles. Due to the limited set of profile customization points the new profiles are empty.

• closes [Discover] Implement logs data source context resolution #184079
• closes [Discover] Implement log document context resolution #184080

🔍 Implementation details

• In order to organize these and future profiles this PR introduces the profile_providers folder in context_awareness.
• For a more structured organization, utilities for resolving logs sources have been moved/implemented in the @kbn/discover-utils and @kbn/data-view-utils packages.
• The code ownership for the two logs profiles is shared between the data discovery team and the obs ux logs team.

Document Level Logs Resolution

The document logs context resolution is performed with the following criteria, as far as one complies, the context will be evaluated as a match:

• The data_stream.type field exists on the document and it's equal to logs
• The document contains any field from the ECS Log field set (fields staring with log.)
• The _index field exists and tests positive against the allowed indices from the built-in definition/ settings.

Data Source Logs Resolution

The data source logs context resolution is performed with the following criteria, as far as one complies, the context will be evaluated as a match:

• Being the source of a data view type, the related index tests positive against the allowed indices from the built-in definition/ settings.
• Being the source of a ES|QL query type, the related index extracted from the query tests positive against the allowed indices from the built-in definition/ settings.

🕵️‍♀️ Review notes

Note

Notes in this format have been left through the PR to give additional context about some choices, any further feedback is welcome

[tonyghiani]

Note

Profiles are created using factory functions which receive the providerServices. This services can be passed anything required from core, pluginsStart or any dependencies, crafting the external services a profile might use to resolve its context

[elasticmachine]

Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services)

[smith]

APM changes look good.

[Kerry350]

This was a really nice "read", great work everyone involved 👏 And thank you for the additional notes.

[davismcphee]

Nice work! I'm sure we'll find ways to refine the heuristics over time, but this seems like a great initial implementation. I also like the way the code is organized and think it sets a good example of patterns to follow for future implementations. I left one minor comment, but otherwise this all LGTM 👍

There's an increase to the page load bundle that I'd like to avoid, but that will only be temporary until #185905 is merged where we'll start importing the profile providers async when they're needed.

[davismcphee]

We sometimes deal with records in Discover containing thousands of fields. We're deferring document context resolution until needed anyway, but a for...of loops would be more efficient here vs allocating a new array for each document with Object.keys.

[tonyghiani]

I think you meant using a for...in loop over the properties in record.flattened to check whether any of them starts with the passed prefix, for...of is only for iterables.

In the case of for...in, it is natively faster but requires an additional check on the object's own properties only, which makes the performance almost the same.

For readability I'd rather leave it like this, here you can also find a performance benchmark for the different approaches which highlights a relatively small difference.

[davismcphee]

Yes, definitely meant for...in 🙂 and I was thinking a bit more about allocations when we unfortunately encounter docs with something like 80,000 fields, but this optimization might be premature, so it makes sense to leave it as is and look into it further if it ever becomes an issue.

[davismcphee]

Nice 👌 about time these types were moved out of plugin.tsx.

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: 35a32ce
• Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-184601-35a32ce95052
• Observability Deployment

Failed CI Steps

• APM Cypress Tests #1

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
aiops	629	631	+2
apm	1877	1879	+2
canvas	1268	1273	+5
cloudSecurityPosture	678	681	+3
data	511	513	+2
dataVisualizer	732	734	+2
discover	924	932	+8
esqlDataGrid	396	399	+3
eventAnnotationListing	611	614	+3
infra	1612	1614	+2
lens	1476	1479	+3
lists	289	291	+2
logsExplorer	598	600	+2
maps	1208	1210	+2
ml	2017	2019	+2
observabilityAIAssistantApp	243	245	+2
savedSearch	57	62	+5
securitySolution	5507	5510	+3
slo	850	853	+3
stackAlerts	149	151	+2
unifiedDocViewer	244	249	+5
unifiedHistogram	139	141	+2
unifiedSearch	268	270	+2
total			+67

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
@kbn/data-view-utils	0	4	+4
@kbn/discover-utils	88	94	+6
total			+10

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
discover	809.3KB	808.7KB	-573.0B
logsExplorer	247.2KB	247.2KB	+1.0B
total			-572.0B

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
@kbn/discover-utils	0	1	+1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
discover	41.8KB	44.0KB	+2.2KB
logsExplorer	27.6KB	27.7KB	+15.0B
total			+2.2KB

Unknown metric groups

API count

id	before	after	diff
@kbn/data-view-utils	1	5	+4
@kbn/discover-utils	114	120	+6
total			+10

ESLint disabled line counts

id	before	after	diff
@kbn/discover-utils	0	1	+1
discover	25	26	+1
total			+2

Total ESLint disabled count

id	before	after	diff
@kbn/discover-utils	0	1	+1
discover	27	28	+1
total			+2

History

• 💔 Build #216028 failed d7c7f55
• 💔 Build #215989 failed f55015f
• 💛 Build #215739 was flaky f2f5462
• 💛 Build #215711 was flaky 9ecedd5

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @weltenwort @tonyghiani