Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[eem] _search endpoint / initial entity manager UI #199609

Merged
merged 47 commits into from
Nov 22, 2024
Merged

[eem] _search endpoint / initial entity manager UI #199609

merged 47 commits into from
Nov 22, 2024

Conversation

klacabane
Copy link
Contributor

@klacabane klacabane commented Nov 11, 2024
edited by kibanamachine
Loading

Summary

  • create _search endpoint to discover entities with esql queries. It currently reads sources of the provided type from kibana_entity_definitions index. Run this query to insert a definition:
POST kibana_entity_definitions/_doc
{
    "entity_type": "service",
    "index_patterns": ["remote_cluster:logs-*"],
    "metadata_fields": [],
    "identity_fields": ["service.name"],
    "filters": [],
    "timestamp_field": "@timestamp"
}

By default _search will look at data in the last 5m. The lookup period can be overriden by providing start/end parameters in ISO format. It also accepts a limit to specify the number of entities returned which defaults to 10

POST kbn:/internal/entities/v2/_search
{
    "type": "service",
    "start": "2024-11-19T20:40:00.000Z",
    "end": "2024-11-19T20:50:00.000Z",
    "limit": 20
}

  • create _search/preview endpoint to preview output of entity sources without persisting them

  • create UI to preview results of an entity definition at /app/entity_manager. The application is living in its own plugin at observability_solution/entity_manager_app
    Screenshot 2024-11-11 at 11 37 18

@klacabane klacabane changed the base branch from eem-entity-definition-v2 to main November 18, 2024 12:07
klacabane and others added 16 commits November 18, 2024 13:08
@klacabane
Merge branch 'main' into 188-entity-definition-v2-type-source
2df44ce
@klacabane
Merge branch 'main' into 188-entity-definition-v2-type-source
69b4900
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/yarn_deduplicate'
4f9aca5
@klacabane
Merge branch 'main' into 188-entity-definition-v2-type-source
31640ed
@klacabane
fix imports and add @timestamp as required field
8926c24
@klacabane
configurable timestamp
fcfc507
@klacabane
mandatory timestamp field
1678d83
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/yarn_deduplicate'
6d80b81
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/eslint --no-cache -…
5449825 
…-fix'
@klacabane
fetch sources from kibana_entity_definitions
7451b89
@kibanamachine
[CI] Auto-commit changed files from 'node scripts/yarn_deduplicate'
83db43a
@klacabane
Merge branch 'main' into 188-entity-definition-v2-type-source
40b4dc7
@klacabane
move ui to entity_manager_app
6f07b1c
@klacabane
add start/end to _search
2872334
@klacabane
non optional start/end
a64dccf
@klacabane
Merge branch 'main' into 188-entity-definition-v2-type-source
00c0ec8
@klacabane klacabane marked this pull request as ready for review November 19, 2024 21:04
@klacabane klacabane requested review from a team as code owners November 19, 2024 21:04
@klacabane klacabane added release_note:skip Skip the PR/issue when compiling release notes backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) Team:obs-entities Observability Entities Team labels Nov 19, 2024
@klacabane klacabane self-assigned this Nov 19, 2024
tommyers-elastic
tommyers-elastic approved these changes Nov 22, 2024
View reviewed changes
x-pack/plugins/entity_manager/server/lib/queries/index.ts Outdated Show resolved Hide resolved
x-pack/plugins/entity_manager/server/lib/queries/index.ts Show resolved Hide resolved
x-pack/plugins/entity_manager/server/lib/queries/index.ts
sourceCommand(source),
...filterCommands(source),
statsCommand(source),
`SORT entity.last_seen_timestamp DESC`,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

if a source doesn't have a timestamp field, this will error out (i think). we should handle that case.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The timestamp field set on a source is mandatory in this PR so the query will not run if it's not defined

x-pack/plugins/entity_manager/server/lib/queries/utils.ts
function mergeEntities(entity1: Entity, entity2: Entity): Entity {
const merged: Entity = {
...entity1,
'entity.last_seen_timestamp': new Date(
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

again, i think we have to handle the case of missing last_seen_timestamp

x-pack/packages/kbn-entities-schema/src/schema/entity.ts Outdated Show resolved Hide resolved
x-pack/plugins/entity_manager/server/lib/entity_client.ts Show resolved Hide resolved
@elasticmachine
Copy link
Contributor

elasticmachine commented Nov 22, 2024
edited
Loading

💚 Build Succeeded

  • Buildkite Build
  • Commit: a49c97e
  • Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-199609-a49c97ef15b9

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
entityManagerApp - 45 +45

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id before after diff
@kbn/entities-schema 45 50 +5
entityManager 20 35 +15
total +20

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
entityManagerApp - 11.4KB +11.4KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id before after diff
entityManager 3 2 -1

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
entityManager 7.3KB 7.4KB +70.0B
entityManagerApp - 5.1KB +5.1KB
total +5.2KB
Unknown metric groups

API count

id before after diff
@kbn/entities-schema 45 50 +5
entityManager 20 35 +15
total +20

async chunk count

id before after diff
entityManagerApp - 1 +1

History

cc @klacabane

@klacabane klacabane merged commit 0b3f4fb into elastic:main Nov 22, 2024
43 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11975189293

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.x Backport failed because of merge conflicts

You might need to backport the following PRs to 8.x:
- [Entity Analytics][Entity Store] Init: Put engine in error state if data view does not exist (#201140)
- [Search][a11y] Fixing wrong navigation sequence after Reset or Save Default Settings (#201163)
- [Search] Introduce search navigation plugin (#200314)
- [Obs AI Assistant] Query remote indices by default (#193462)
- [A11y] Fix space button clearing the index name input (#201349)
- chore(slo): refactor transform generators and managers dependency injection (#201031)
- fix(slo): remove KibanaThemeProvider' (#201257)
- [APM] Migrate traces tests to deployment agnostic (#200561)
- [React18] Migrate test suites to account for testing library upgrades ml-ui (#201161)
- [ML] Trained Models: fix NaN in a progress bar during the download task initialization (#201221)

Manual backport

To create the backport manually run:

node scripts/backport --pr 199609

Questions ?

Please refer to the Backport tool documentation

@kibanamachine kibanamachine added the backport missing Added to PRs automatically when the are determined to be missing a backport. label Nov 25, 2024
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 199609 locally

1 similar comment
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 199609 locally

paulinashakirova pushed a commit to paulinashakirova/kibana that referenced this pull request Nov 26, 2024
@klacabane @kibanamachine
@miltonhultgren @paulinashakirova
[eem] _search endpoint / initial entity manager UI (elastic#199609)
5a46f38 
## Summary

- create `_search` endpoint to discover entities with esql queries. It
currently reads sources of the provided `type` from
`kibana_entity_definitions` index. Run this query to insert a
definition:
```
POST kibana_entity_definitions/_doc
{
    "entity_type": "service",
    "index_patterns": ["remote_cluster:logs-*"],
    "metadata_fields": [],
    "identity_fields": ["service.name"],
    "filters": [],
    "timestamp_field": "@timestamp"
}
```

By default `_search` will look at data in the last 5m. The lookup period
can be overriden by providing `start`/`end` parameters in ISO format. It
also accepts a `limit` to specify the number of entities returned which
defaults to 10

```
POST kbn:/internal/entities/v2/_search
{
    "type": "service",
    "start": "2024-11-19T20:40:00.000Z",
    "end": "2024-11-19T20:50:00.000Z",
    "limit": 20
}
```

- create `_search/preview` endpoint to preview output of entity sources
without persisting them
 
- create UI to preview results of an entity definition at
`/app/entity_manager`. The application is living in its own plugin at
`observability_solution/entity_manager_app`
![Screenshot 2024-11-11 at 11 37
18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Milton Hultgren <[email protected]>
@kibanamachine
Copy link
Contributor

Friendly reminder: Looks like this PR hasn’t been backported yet.
To create automatically backports add a backport:* label or prevent reminders by adding the backport:skip label.
You can also create backports manually by running node scripts/backport --pr 199609 locally

klacabane added a commit to klacabane/kibana that referenced this pull request Nov 27, 2024
@klacabane
[eem] _search endpoint / initial entity manager UI (elastic#199609)
77fbf6b 
## Summary

- create `_search` endpoint to discover entities with esql queries. It
currently reads sources of the provided `type` from
`kibana_entity_definitions` index. Run this query to insert a
definition:
```
POST kibana_entity_definitions/_doc
{
    "entity_type": "service",
    "index_patterns": ["remote_cluster:logs-*"],
    "metadata_fields": [],
    "identity_fields": ["service.name"],
    "filters": [],
    "timestamp_field": "@timestamp"
}
```

By default `_search` will look at data in the last 5m. The lookup period
can be overriden by providing `start`/`end` parameters in ISO format. It
also accepts a `limit` to specify the number of entities returned which
defaults to 10

```
POST kbn:/internal/entities/v2/_search
{
    "type": "service",
    "start": "2024-11-19T20:40:00.000Z",
    "end": "2024-11-19T20:50:00.000Z",
    "limit": 20
}
```

- create `_search/preview` endpoint to preview output of entity sources
without persisting them

- create UI to preview results of an entity definition at
`/app/entity_manager`. The application is living in its own plugin at
`observability_solution/entity_manager_app`
![Screenshot 2024-11-11 at 11 37
18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Milton Hultgren <[email protected]>
(cherry picked from commit 0b3f4fb)

# Conflicts:
#	.github/CODEOWNERS
@klacabane klacabane mentioned this pull request Nov 27, 2024
Merged
@klacabane
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

@kibanamachine kibanamachine mentioned this pull request Nov 27, 2024
Merged
1 task
klacabane added a commit that referenced this pull request Nov 28, 2024
@klacabane @kibanamachine
[8.x] [eem] _search endpoint / initial entity manager UI (#199609) (#…
337ab20 
…202050)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[eem] _search endpoint / initial entity manager UI
(#199609)](#199609)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Kevin
Lacabane","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-22T15:12:04Z","message":"[eem]
_search endpoint / initial entity manager UI (#199609)\n\n##
Summary\r\n\r\n- create `_search` endpoint to discover entities with
esql queries. It\r\ncurrently reads sources of the provided `type`
from\r\n`kibana_entity_definitions` index. Run this query to insert
a\r\ndefinition:\r\n```\r\nPOST kibana_entity_definitions/_doc\r\n{\r\n
\"entity_type\": \"service\",\r\n \"index_patterns\":
[\"remote_cluster:logs-*\"],\r\n \"metadata_fields\": [],\r\n
\"identity_fields\": [\"service.name\"],\r\n \"filters\": [],\r\n
\"timestamp_field\": \"@timestamp\"\r\n}\r\n```\r\n\r\nBy default
`_search` will look at data in the last 5m. The lookup period\r\ncan be
overriden by providing `start`/`end` parameters in ISO format.
It\r\nalso accepts a `limit` to specify the number of entities returned
which\r\ndefaults to 10\r\n\r\n```\r\nPOST
kbn:/internal/entities/v2/_search\r\n{\r\n \"type\": \"service\",\r\n
\"start\": \"2024-11-19T20:40:00.000Z\",\r\n \"end\":
\"2024-11-19T20:50:00.000Z\",\r\n \"limit\": 20\r\n}\r\n```\r\n\r\n-
create `_search/preview` endpoint to preview output of entity
sources\r\nwithout persisting them\r\n \r\n- create UI to preview
results of an entity definition at\r\n`/app/entity_manager`. The
application is living in its own plugin
at\r\n`observability_solution/entity_manager_app`\r\n![Screenshot
2024-11-11 at 11
37\r\n18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Milton Hultgren
<[email protected]>","sha":"0b3f4fbd3cd60663289fc13f8f01e3f4c9131479","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport
missing","v9.0.0","backport:prev-minor","ci:project-deploy-observability","Team:obs-entities"],"number":199609,"url":"https://github.com/elastic/kibana/pull/199609","mergeCommit":{"message":"[eem]
_search endpoint / initial entity manager UI (#199609)\n\n##
Summary\r\n\r\n- create `_search` endpoint to discover entities with
esql queries. It\r\ncurrently reads sources of the provided `type`
from\r\n`kibana_entity_definitions` index. Run this query to insert
a\r\ndefinition:\r\n```\r\nPOST kibana_entity_definitions/_doc\r\n{\r\n
\"entity_type\": \"service\",\r\n \"index_patterns\":
[\"remote_cluster:logs-*\"],\r\n \"metadata_fields\": [],\r\n
\"identity_fields\": [\"service.name\"],\r\n \"filters\": [],\r\n
\"timestamp_field\": \"@timestamp\"\r\n}\r\n```\r\n\r\nBy default
`_search` will look at data in the last 5m. The lookup period\r\ncan be
overriden by providing `start`/`end` parameters in ISO format.
It\r\nalso accepts a `limit` to specify the number of entities returned
which\r\ndefaults to 10\r\n\r\n```\r\nPOST
kbn:/internal/entities/v2/_search\r\n{\r\n \"type\": \"service\",\r\n
\"start\": \"2024-11-19T20:40:00.000Z\",\r\n \"end\":
\"2024-11-19T20:50:00.000Z\",\r\n \"limit\": 20\r\n}\r\n```\r\n\r\n-
create `_search/preview` endpoint to preview output of entity
sources\r\nwithout persisting them\r\n \r\n- create UI to preview
results of an entity definition at\r\n`/app/entity_manager`. The
application is living in its own plugin
at\r\n`observability_solution/entity_manager_app`\r\n![Screenshot
2024-11-11 at 11
37\r\n18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Milton Hultgren
<[email protected]>","sha":"0b3f4fbd3cd60663289fc13f8f01e3f4c9131479"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199609","number":199609,"mergeCommit":{"message":"[eem]
_search endpoint / initial entity manager UI (#199609)\n\n##
Summary\r\n\r\n- create `_search` endpoint to discover entities with
esql queries. It\r\ncurrently reads sources of the provided `type`
from\r\n`kibana_entity_definitions` index. Run this query to insert
a\r\ndefinition:\r\n```\r\nPOST kibana_entity_definitions/_doc\r\n{\r\n
\"entity_type\": \"service\",\r\n \"index_patterns\":
[\"remote_cluster:logs-*\"],\r\n \"metadata_fields\": [],\r\n
\"identity_fields\": [\"service.name\"],\r\n \"filters\": [],\r\n
\"timestamp_field\": \"@timestamp\"\r\n}\r\n```\r\n\r\nBy default
`_search` will look at data in the last 5m. The lookup period\r\ncan be
overriden by providing `start`/`end` parameters in ISO format.
It\r\nalso accepts a `limit` to specify the number of entities returned
which\r\ndefaults to 10\r\n\r\n```\r\nPOST
kbn:/internal/entities/v2/_search\r\n{\r\n \"type\": \"service\",\r\n
\"start\": \"2024-11-19T20:40:00.000Z\",\r\n \"end\":
\"2024-11-19T20:50:00.000Z\",\r\n \"limit\": 20\r\n}\r\n```\r\n\r\n-
create `_search/preview` endpoint to preview output of entity
sources\r\nwithout persisting them\r\n \r\n- create UI to preview
results of an entity definition at\r\n`/app/entity_manager`. The
application is living in its own plugin
at\r\n`observability_solution/entity_manager_app`\r\n![Screenshot
2024-11-11 at 11
37\r\n18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>\r\nCo-authored-by:
Milton Hultgren
<[email protected]>","sha":"0b3f4fbd3cd60663289fc13f8f01e3f4c9131479"}}]}]
BACKPORT-->

---------

Co-authored-by: kibanamachine <[email protected]>
@kibanamachine kibanamachine added v8.18.0 and removed backport missing Added to PRs automatically when the are determined to be missing a backport. labels Nov 28, 2024
@simianhacker simianhacker mentioned this pull request Dec 2, 2024
Closed
@gsoldevila gsoldevila mentioned this pull request Dec 6, 2024
Merged
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Dec 12, 2024
@klacabane @kibanamachine
@miltonhultgren @CAWilson94
[eem] _search endpoint / initial entity manager UI (elastic#199609)
53a8432 
## Summary

- create `_search` endpoint to discover entities with esql queries. It
currently reads sources of the provided `type` from
`kibana_entity_definitions` index. Run this query to insert a
definition:
```
POST kibana_entity_definitions/_doc
{
    "entity_type": "service",
    "index_patterns": ["remote_cluster:logs-*"],
    "metadata_fields": [],
    "identity_fields": ["service.name"],
    "filters": [],
    "timestamp_field": "@timestamp"
}
```

By default `_search` will look at data in the last 5m. The lookup period
can be overriden by providing `start`/`end` parameters in ISO format. It
also accepts a `limit` to specify the number of entities returned which
defaults to 10

```
POST kbn:/internal/entities/v2/_search
{
    "type": "service",
    "start": "2024-11-19T20:40:00.000Z",
    "end": "2024-11-19T20:50:00.000Z",
    "limit": 20
}
```

- create `_search/preview` endpoint to preview output of entity sources
without persisting them
 
- create UI to preview results of an entity definition at
`/app/entity_manager`. The application is living in its own plugin at
`observability_solution/entity_manager_app`
![Screenshot 2024-11-11 at 11 37
18](https://github.com/user-attachments/assets/f284342d-21a3-4ba1-be94-38cff311266c)

---------

Co-authored-by: kibanamachine <[email protected]>
Co-authored-by: Milton Hultgren <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miltonhultgren miltonhultgren miltonhultgren approved these changes

@tommyers-elastic tommyers-elastic tommyers-elastic approved these changes

@Ikuni17 Ikuni17 Ikuni17 approved these changes

@afharo afharo afharo approved these changes

Assignees

@klacabane klacabane

Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) ci:project-deploy-observability Create an Observability project release_note:skip Skip the PR/issue when compiling release notes Team:obs-entities Observability Entities Team v8.18.0 v9.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@klacabane @elasticmachine @kibanamachine @miltonhultgren @afharo @Ikuni17 @tommyers-elastic