[ML] AIOps Log Rate Analysis: improves explanation of log rate spike/dip

[alvarezmelissa87]

Summary

Related issue: #182714

This PR adds a Log rate change column to Log rate analysis results table.

The log rate change is calculated by getting the number of buckets for baseline/deviation using the timerange and interval and then comparing the average rates per bucket for baseline vs deviation.

Checklist

Delete any items that are not applicable to this PR.

• Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n support
• Documentation was added for features that require explanation or tutorials
• Unit or functional tests were updated or added to match the most common scenarios
• Flaky Test Runner was used on any tests changed
• Any UI touched in this PR is usable by keyboard only (learn more about keyboard accessibility)
• Any UI touched in this PR does not create any new axe failures (run axe in browser: FF, Chrome)
• If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the docker list
• This renders correctly on smaller devices using a responsive layout. (You can test this in your browser)
• This was checked for cross-browser compatibility

[elasticmachine]

Pinging @elastic/ml-ui (:ml)

[walterra]

Guess we also need to add i18n to those strings.

[peteharverson]

Can you use https://github.com/elastic/kibana/blob/main/x-pack/plugins/ml/common/util/metric_change_description.ts for these, as used for the anomalies table? That will use 'More than 100x higher' if the factor is > 100, which is probably appropriate to use here too? Or if you can't call that same code, then use the same rules around precision so that e.g. x14.23 higher becomes x14 higher.

[alvarezmelissa87]

Updated to round and to add localization in ff861eb

[walterra]

Our style guide recommends not doing nested ternaries. I'd suggest just using if/else in this function and return early if something matches.

[alvarezmelissa87]

Updated in ff861eb

[walterra]

Since useColumns is a hook, you could move this inside the hook itself so doesn't need to get passed on as arguments to useColumns.

[walterra]

Since useColumns is a hook, you could move this inside the hook itself so doesn't need to get passed on as arguments to useColumns.

[alvarezmelissa87]

Good catch - moved in ff861eb

[peteharverson]

Can the Log rate change column be made sortable? I think the similar column in the anomalies table sorts by size of factor of increase / decrease.

[alvarezmelissa87]

Updated in ff861eb
Since we have the pValue - which is an indication of the impact - I used that to sort 👍

[peteharverson]

Dosen't look like pValue always correlates to the size of the change.

I think the sortable prop can be ((item: T) => Primitive) as well as a simple boolean and then you can use logic like https://github.com/elastic/kibana/blob/main/x-pack/plugins/ml/server/models/results_service/build_anomaly_table_items.js#L105 to return the factor difference (or maybe you already know the change up front?).

[peteharverson]

@alvarezmelissa87 @walterra what do you think about showing the Baseline and Deviation rate columns by default, and hiding the Doc count? I like to see these columns in combination with the 'Log rate change' column. Although in the grouped view, Doc count makes sense as the new columns don't have values.

[alvarezmelissa87]

🤔 I think that could work but we'd need all 3 showing up since the groups table and expanded row hare the same column controls. Might need to think about it a bit more if we want to make them independent.

[peteharverson]

I'm happy to leave it as it is, with baseline and deviation rate hidden by default. The more I think about it, the less I like the idea of adding two extra numeric columns into the table in the default view.

[peteharverson]

Not related to the changes in this PR, but I think it would be a nice enhancement to persist the user's choice of selected columns to e.g. local storage. I found myself adding in Baseline and Deviation rates for display every time I reran an analysis.

[peteharverson]

Added as an item to #181111.

[alvarezmelissa87]

@elasticmachine merge upstream

[alvarezmelissa87]

This has been updated and is ready for another look when you get a chance 🙏 cc @peteharverson, @walterra

[peteharverson]

Gave the latest changes a test. All looks good - only item to look at is the way sorting on the change column works.

[walterra]

Latest changes LGTM.

[alvarezmelissa87]

Gave the latest changes a test. All looks good - only item to look at is the way sorting on the change column works.

Thanks for taking a look, @peteharverson 🙏 Adding sorting for that computed Log rate change is a can of worms as it requires us to make some changes to the custom sorting we've got going on now and will likely require a bit of code churn.
For now, I've removed sorting for that column and added it as a follow up in #181111

[peteharverson]

Latest changes LGTM

[alvarezmelissa87]

@elasticmachine merge upstream

[kibana-ci]

💛 Build succeeded, but was flaky

• Buildkite Build
• Commit: d59e594

Failed CI Steps

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
aiops	630	631	+1

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
aiops	554.2KB	558.7KB	+4.5KB

History

• 💛 Build #217240 was flaky 51abcd4
• 💛 Build #217051 was flaky 31ac8ab
• 💔 Build #217038 failed 37471c4
• 💔 Build #217005 failed ff861eb
• 💔 Build #216958 failed 8f0a4ee

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @alvarezmelissa87