d920682e4e
* bump @elastic/elasticsearch to canary.7
* address errors in core
* address errors in data plugin
* address errors in Alerting team plugins
* remove outdated messages in Lens
* remove unnecessary comments in ML
* address errors in Observability plugin
* address errors in reporting plugin
* address errors in Rule registry plugin
* fix errors in Security plugins
* fix errors in ES-UI plugin
* remove unnecessary union.
* update core tests
* fix kbn-es-archiver
* update to canary 8
* bump to v9
* use new typings
* fix new errors in core
* fix errors in core typeings
* fix type errors in data plugin
* fix type errors in telemetray plugin
* fix data plugin tests
* fix search examples type error
* fix errors in discover plugin
* fix errors in index_pattern_management
* fix type errors in vis_type_*
* fix errors in typings/elasticsearch
* fix type errors in actions plugin
* fix type errors in alerting and apm plugins
* fix type errors in canvas and cases
* fix errors in event_log
* fix type errors in ILM and ingest_pipelines
* fix errors in lens plugin
* fix errors in lists plugin
* fix errors in logstash
* fix errors in metrics_entities
* fix errors in o11y
* fix errors in watcher
* fix errors in uptime
* fix errors in upgrade_assistant
* fix errors in task_manager
* fix errors in stack_alerts
* fix errors in security_solution
* fix errors in rule_registry
* fix errors in snapshot_restore
* fix remaining errors
* fix search intergration tests
* adjust assetion
* bump version to canary.10
* adapt code to new naming schema
* use mapping types provided by the client library
* Revert "adjust assetion"
This reverts commit
|
||
|---|---|---|
| .. | ||
| common | ||
| fixtures | ||
| public | ||
| server | ||
| jest.config.js | ||
| kibana.json | ||
| README.md | ||
| tsconfig.json | ||
Rollup
Summary
Welcome to the Kibana rollup plugin! This plugin provides Kibana support for Elasticsearch's rollup feature. Please refer to the Elasticsearch documentation to understand rollup indices and how to create rollup jobs.
This plugin allows Kibana to:
- Create and manage rollup jobs
- Create rollup index patterns
- Create visualizations from rollup index patterns
- Identify rollup indices in Index Management
The rest of this doc dives into the implementation details of each of the above functionality.
Quick steps for testing
The pattern for creating a rollup job and rollup index pattern is:
- Install sample data (web logs is a good one).
- Create a rollup job with an index pattern that captures this index (e.g.
k*). - Set frequency to "minute". Clear the latency buffer field.
- Select the time field which is the same time field selected in the installed index pattern (
timestampwithout an@in the case of web logs). - Specify a time bucket size (
10mwill do). - Select a few terms, histogram, and metrics fields.
- Create and start the rollup job. Wait a minute for the job to run. You should see the numbers for documents and pages processed change in the detail panel.
- Create a rollup index pattern in the Index Patterns app.
- Now you can create visualizations using this index pattern.
Create and manage rollup jobs
The most straight forward part of this plugin! A new app called Rollup Jobs is registered in the Management section and follows a typical CRUD UI pattern. This app allows users to create, start, stop, clone, and delete rollup jobs. There is no way to edit an existing rollup job; instead, the UI offers a cloning ability. The client-side portion of this app lives in public/crud_app and uses endpoints registered in server/routes/api/jobs.
Refer to the Elasticsearch documentation to understand rollup indices and how to create rollup jobs.
Create rollup index patterns
Kibana uses index patterns to consume and visualize rollup indices. Typically, Kibana can inspect the indices captured by an index pattern, identify its aggregations and fields, and determine how to consume the data. Rollup indices don't contain this type of information, so we predefine how to consume a rollup index pattern with the type and typeMeta fields on the index pattern saved object. All rollup index patterns have type defined as "rollup" and typeMeta defined as an object of the index pattern's capabilities.
In the Index Pattern app, the "Create index pattern" button includes a context menu when a rollup index is detected. This menu offers items for creating a standard index pattern and a rollup index pattern. A rollup config is registered to index pattern creation extension point. The context menu behavior in particular uses the getIndexPatternCreationOption() method. When the user chooses to create a rollup index pattern, this config changes the behavior of the index pattern creation wizard:
- Adds a
Rollupbadge to rollup indices usinggetIndexTags(). - Enforces index pattern rules using
checkIndicesForErrors(). Rollup index patterns must match one rollup index, and optionally, any number of regular indices. A rollup index pattern configured with one or more regular indices is known as a "hybrid" index pattern. This allows the user to visualize historical (rollup) data and live (regular) data in the same visualization. - Routes to this plugin's rollup
_fields_for_wildcardendpoint, instead of the standard one, usinggetFetchForWildcardOptions(), so that the internal rollup data field names are mapped to the original field names. - Writes additional information about aggregations, fields, histogram interval, and date histogram interval and timezone to the rollup index pattern saved object using
getIndexPatternMappings(). This collection of information is referred to as its "capabilities".
Once a rollup index pattern is created, it is tagged with Rollup in the list of index patterns, and its details page displays capabilities information. This is done by registering yet another config for the index pattern list extension points.
Create visualizations from rollup index patterns
This plugin enables the user to create visualizations from rollup data using the Visualize app, excluding TSVB, Vega, and Timelion. When Visualize sends search requests, this plugin routes the requests to the Elasticsearch rollup search endpoint, which searches the special document structure within rollup indices. The visualization options available to users are based on the capabilities of the rollup index pattern they're visualizing.
Routing to the Elasticsearch rollup search endpoint is done by creating an extension point in Courier, effectively allowing multiple "search strategies" to be registered. A rollup search strategy is registered by this plugin that queries this plugin's rollup search endpoint.
Limiting visualization editor options is done by registering configs to various vis extension points. These configs use information stored on the rollup index pattern to limit:
- Available aggregation types
- Available fields for a particular aggregation
- Default and base interval for histogram aggregation
- Default and base interval, and time zone, for date histogram aggregation
Identify rollup indices in Index Management
In Index Management, similar to system indices, rollup indices are hidden by default. A toggle is provided to show rollup indices and add a badge to the table rows. This is done by using Index Management's extension points.
The toggle and badge are registered on the client-side in public/extend_index_management.
Additional data needed to filter rollup indices in Index Management is provided with a data enricher.