It would be useful to improve data analytics functionality having a filter functionality that creates a filter matching all the value of a specific field for the current view.
Use case:
View all the document produced by entities (hosts, container, users, etc...) that have a specific behavior.
Practical example:
See all the documents created by a group of hosts that created a specific kind of error in a certain timeframe.
At the current state of Kibana, you have to find all these host ids and create a filter to match those ids manually.
It would be nice to have a filter type that will do this for you:
Select field name.
Select the new filter type (e.g. values), optionally set the top N hit.
Save. At this point, Kibana should run a query to get these ids by running a query with the current filter and time settings and build a filtered query.
Now you can deactivate all the other filters and you will see all the document produced by the hots identified by the first analysis.
From the Github issue: https://github.com/elastic/kibana/issues/16702
I am currently working on this but I am not very familiar with JavaScript and Kibana internal, so any help or direction would be great.
What I am struggling with:
- Get the Elasticsearch client to run the query.
- Run the query to get the IDs with the current state of filter and time picker.
Any help will be deeply appreciated.
Thanks