-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge branch '7.12' into backport/7.12/pr-91171
- Loading branch information
Showing
13 changed files
with
327 additions
and
16 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,60 @@ | ||
[[discover-document-context]] | ||
== View surrounding documents | ||
|
||
Once you've narrowed your search to a specific event in *Discover*, | ||
you can inspect the documents that occurred | ||
immediately before and after the event. | ||
To view the surrounding documents, your index pattern must contain time-based events. | ||
|
||
. In the document table, click the expand icon (>). | ||
. Click *View surrounding documents.* | ||
+ | ||
In the context view, documents are sorted by the time field specified in the index pattern | ||
and displayed using the same set of columns as the *Discover* view from which | ||
the context was opened. The anchor document is highlighted in blue. | ||
+ | ||
[role="screenshot"] | ||
image::images/discover-context.png[Image showing context view feature, with anchor documents highlighted in blue] | ||
+ | ||
The filters you applied in *Discover* are carried over to the context view. Pinned | ||
filters remain active, while normal filters are copied in a disabled state. | ||
|
||
+ | ||
[role="screenshot"] | ||
image::images/discover-context-filters-inactive.png[Filter in context view] | ||
|
||
. To find the documents of interest, add filters. | ||
|
||
. To increase the number of documents that surround the anchor document, click *Load*. | ||
By default, five documents are added with each click. | ||
+ | ||
[role="screenshot"] | ||
image::images/discover-context-load-newer-documents.png[Load button and the number of documents to load] | ||
|
||
|
||
[float] | ||
[[configure-context-ContextView]] | ||
=== Configure the context view | ||
|
||
Configure the appearance and behavior in *Advanced Settings*. | ||
|
||
. Open the main menu, then click *Stack Management > Advanced Settings*. | ||
. Search for `context`, then edit the settings. | ||
+ | ||
[horizontal] | ||
`context:defaultSize`:: The number of documents to display by default. | ||
`context:step`:: The default number of documents to load with each button click. The default is 5. | ||
`context:tieBreakerFields`:: The field to use for tiebreaking in case of equal time field values. | ||
The default is the `_doc` field. | ||
+ | ||
You can enter a comma-separated list of field | ||
names, which is checked in sequence for suitability when a context is | ||
displayed. The first suitable field is used as the tiebreaking | ||
field. A field is suitable if the field exists and is sortable in the index | ||
pattern the context is based on. | ||
+ | ||
Although not required, it is recommended to only | ||
use fields that have {ref}/doc-values.html[doc values] enabled to achieve | ||
good performance and avoid unnecessary {ref}/modules-fielddata.html[field | ||
data] usage. Common examples for suitable fields include log line numbers, | ||
monotonically increasing counters and high-precision timestamps. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file not shown.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,41 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
// Sometimes we use `as const` to have a more specific type, | ||
// because TypeScript by default will widen the value type of an | ||
// array literal. Consider the following example: | ||
// | ||
// const filter = [ | ||
// { term: { 'agent.name': 'nodejs' } }, | ||
// { range: { '@timestamp': { gte: 'now-15m ' }} | ||
// ]; | ||
|
||
// The result value type will be: | ||
|
||
// const filter: ({ | ||
// term: { | ||
// 'agent.name'?: string | ||
// }; | ||
// range?: undefined | ||
// } | { | ||
// term?: undefined; | ||
// range: { | ||
// '@timestamp': { | ||
// gte: string | ||
// } | ||
// } | ||
// })[]; | ||
|
||
// This can sometimes leads to issues. In those cases, we can | ||
// use `as const`. However, the Readonly<any> type is not compatible | ||
// with Array<any>. This function returns a mutable version of a type. | ||
|
||
export function asMutableArray<T extends Readonly<any>>( | ||
arr: T | ||
): T extends Readonly<[...infer U]> ? U : unknown[] { | ||
return arr as any; | ||
} |
56 changes: 55 additions & 1 deletion
56
x-pack/plugins/apm/server/lib/services/__snapshots__/queries.test.ts.snap
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
84 changes: 84 additions & 0 deletions
84
x-pack/plugins/apm/server/lib/services/get_services/get_services_from_metric_documents.ts
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,84 @@ | ||
/* | ||
* Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one | ||
* or more contributor license agreements. Licensed under the Elastic License | ||
* 2.0; you may not use this file except in compliance with the Elastic License | ||
* 2.0. | ||
*/ | ||
|
||
import { AgentName } from '../../../../typings/es_schemas/ui/fields/agent'; | ||
import { | ||
AGENT_NAME, | ||
SERVICE_ENVIRONMENT, | ||
SERVICE_NAME, | ||
} from '../../../../common/elasticsearch_fieldnames'; | ||
import { environmentQuery, rangeQuery } from '../../../../common/utils/queries'; | ||
import { ProcessorEvent } from '../../../../common/processor_event'; | ||
import { Setup, SetupTimeRange } from '../../helpers/setup_request'; | ||
import { withApmSpan } from '../../../utils/with_apm_span'; | ||
|
||
export function getServicesFromMetricDocuments({ | ||
environment, | ||
setup, | ||
maxNumServices, | ||
kuery, | ||
}: { | ||
setup: Setup & SetupTimeRange; | ||
environment?: string; | ||
maxNumServices: number; | ||
kuery?: string; | ||
}) { | ||
return withApmSpan('get_services_from_metric_documents', async () => { | ||
const { apmEventClient, start, end, esFilter } = setup; | ||
|
||
const response = await apmEventClient.search({ | ||
apm: { | ||
events: [ProcessorEvent.metric], | ||
}, | ||
body: { | ||
size: 0, | ||
query: { | ||
bool: { | ||
filter: [ | ||
...rangeQuery(start, end), | ||
...environmentQuery(environment), | ||
...esFilter, | ||
], | ||
}, | ||
}, | ||
aggs: { | ||
services: { | ||
terms: { | ||
field: SERVICE_NAME, | ||
size: maxNumServices, | ||
}, | ||
aggs: { | ||
environments: { | ||
terms: { | ||
field: SERVICE_ENVIRONMENT, | ||
}, | ||
}, | ||
latest: { | ||
top_metrics: { | ||
metrics: { field: AGENT_NAME } as const, | ||
sort: { '@timestamp': 'desc' }, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}, | ||
}); | ||
|
||
return ( | ||
response.aggregations?.services.buckets.map((bucket) => { | ||
return { | ||
serviceName: bucket.key as string, | ||
environments: bucket.environments.buckets.map( | ||
(envBucket) => envBucket.key as string | ||
), | ||
agentName: bucket.latest.top[0].metrics[AGENT_NAME] as AgentName, | ||
}; | ||
}) ?? [] | ||
); | ||
}); | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.