🌊 Show detected field types for classic streams enrichment #222579

flash1293 · 2025-06-04T14:02:18Z

Adds "detected fields" tab for classic streams enrichment editor

This PR adds the "detected fields" tab for classic streams by fetching the actual Elasticsearch field type from field caps and showing it along with the detected fields. This currently doesn't work for fields that are not mapped yet but would get added as part of the simulation (Elasticsearch feature request here: elastic/elasticsearch#128760 ).

This adds a new column "Elasticsearch field type" to the schema editor table. For wired streams, this column is not relevant at all, but it can be helpful for classic streams to highlight the non-managed parts.

elasticmachine · 2025-06-04T16:03:25Z

Pinging @elastic/obs-ux-logs-team (Team:obs-ux-logs)

…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/streams --include-path /api/fleet --include-path /api/dashboards --include-path /api/saved_objects/_import --include-path /api/saved_objects/_export --include-path /api/maintenance_window --update'

klacabane · 2025-06-04T17:40:49Z

...tform/plugins/shared/streams/server/routes/internal/streams/processing/simulation_handler.ts

-    return { name, type: confirmedValidDetectedFields[name]?.type };
+    const existingFieldCaps = Object.keys(streamFieldCaps[name] || {});
+
+    const esType = existingFieldCaps.length > 0 ? existingFieldCaps[0] : undefined;


to double check, since we only query the field caps of the write index only one type can be defined per field ?

klacabane · 2025-06-04T18:44:04Z

Unrelated but should the aliases show as Mapped instead of Inherited for the origin stream ?

tonyghiani · 2025-06-05T05:28:50Z

...tform/plugins/shared/streams/server/routes/internal/streams/processing/simulation_handler.ts

-  const lastIndexMapping = await scopedClusterClient.asCurrentUser.indices.get({
-    index: lastIndex.index_name,
-  });
+  const [lastIndexMapping, lastIndexFieldCaps] = await Promise.all([


nit: this is a wrongly naming I leftover from some previous work, but this is retrieving the last index, not its mappings only. Can you fix the naming around this retrieved value please?

Also, I might be wrong but doesn't the fieldCaps return the same field types as specified in the last index mappings, which is available already on the retrieved index? Or does it return a different result?

The field caps have it in normalized form - the same information should be in the mapping as well, but it's very messy (flattened fields, multiple layers of object fields and so on). The structure of field caps is much easier to parse.

tonyghiani

IMO it's a bit confusing from a user perspective to differentiate between esType and type, for the end user it should be transparent when we talk about a data type, otherwise it might raise questions around what data type a field really has.
For this work, I initially thought the esType (when available) would have been a fallback value for the unmapped fields type, not a parallel value. Can you explain the reasoing behing this choice?

…es-for-classic

flash1293 · 2025-06-05T08:13:44Z

Can you explain the reasoing behing this choice?

The streams-level field type is a normalized thing which we control. The underlying esType can be much more and is not controlled by streams. I made it a separate thing to emphasize the difference (one is something that is controllable by streams, the other thing is a piece of meta data we explicitly don't control). Is your concern about the API/data structure or how it's shown as separate columns in the fields table?

flash1293 · 2025-06-05T08:14:49Z

Thinking about it, I think it would be OK to make it a fallback of the type column in the table and maybe have a tooltip icon next to it that explains instead of a separate column? Not opposed to that at all. Wdyt?

…293/kibana into flash1293/field-types-for-classic

tonyghiani · 2025-06-05T08:31:02Z

Thinking about it, I think it would be OK to make it a fallback of the type column in the table and maybe have a tooltip icon next to it that explains instead of a separate column?

Much better IMO, we want to keep the UI as simple as possible for the user, and having multiple column for types might complicate it. A single type column with additional context (tooltip) sound good.

flash1293 · 2025-06-05T09:45:47Z

@tonyghiani adjusted like this:

tonyghiani

LGTM

kibanamachine · 2025-06-05T11:45:55Z

Starting backport for target branches: 8.19

https://github.com/elastic/kibana/actions/runs/15466176690

elasticmachine · 2025-06-05T11:46:16Z

💛 Build succeeded, but was flaky

Buildkite Build
Commit: 212bab3

Failed CI Steps

FTR Configs #75

Metrics [docs]

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
`streamsApp`	546.7KB	547.2KB	+547.0B

History

💛 Build #305333 was flaky ae64675

…22579) Adds "detected fields" tab for classic streams enrichment editor <img width="1005" alt="Screenshot 2025-06-04 at 17 58 57" src="https://github.com/user-attachments/assets/3f3bc959-a27d-4e53-af96-153f0cd0fb54" /> This PR adds the "detected fields" tab for classic streams by fetching the actual Elasticsearch field type from field caps and showing it along with the detected fields. This currently doesn't work for fields that are not mapped yet but would get added as part of the simulation (Elasticsearch feature request here: elastic/elasticsearch#128760 ). This adds a new column "Elasticsearch field type" to the schema editor table. For wired streams, this column is not relevant at all, but it can be helpful for classic streams to highlight the non-managed parts. --------- Co-authored-by: kibanamachine <[email protected]> (cherry picked from commit 36699ad)

kibanamachine · 2025-06-05T11:52:17Z

💚 All backports created successfully

Status	Branch	Result
✅	8.19

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

…22579) Adds "detected fields" tab for classic streams enrichment editor <img width="1005" alt="Screenshot 2025-06-04 at 17 58 57" src="https://github.com/user-attachments/assets/3f3bc959-a27d-4e53-af96-153f0cd0fb54" /> This PR adds the "detected fields" tab for classic streams by fetching the actual Elasticsearch field type from field caps and showing it along with the detected fields. This currently doesn't work for fields that are not mapped yet but would get added as part of the simulation (Elasticsearch feature request here: elastic/elasticsearch#128760 ). This adds a new column "Elasticsearch field type" to the schema editor table. For wired streams, this column is not relevant at all, but it can be helpful for classic streams to highlight the non-managed parts. --------- Co-authored-by: kibanamachine <[email protected]>

kibanamachine · 2025-06-09T11:48:43Z