In Kibana's Maps, selecting time range narrows map points, but not vice versa

Mathemaphysics · May 26, 2023, 6:38pm

I've been able to successfully query and plot documents with geo_points in maps in Kibana alongside time series plots of other data in standard fashion. When I select the time range in a time series plot, it correctly narrows the geo_points displayed in the map. However, I would like to be able to do a shape query to select the time range displayed as well. This does not happen naturally.

In fact all of my time series data becomes de-selected when selecting any part of the map data which matches in time. Do I need to have geo_point data fields named the same in my other documents? If not is there an aggregation that I could do to accomplish this?

jsanz · May 29, 2023, 2:46pm

Sorry but I don't understand your question. Can you describe this with some instructions or screenshots? If you could do this with any of the Kibana sample datasets that would be even better.

Mathemaphysics · May 31, 2023, 8:48pm

I may simply be using data from different indexes which don't link. I just don't understand why geo-query select a set of geographical points (which have timestamps associated with them) and it doesn't narrow the time range and in fact de-selects everything when I do the geographical query.

I'll try to produce it in sample data.

leandrojmp · May 31, 2023, 9:04pm

When you select a time range, it will be applied using the time field for your data view, so all the documents that have that time field will be filtered.

When you select a shape on a map the filter will be applied to the geo_point field used in that map, if a document does not have that geo_point field, then it will be filtered out.

Mathemaphysics · May 31, 2023, 11:00pm

So when I select a shape on a map, it will filter the view to any document with the same field geo_point which lies within the bounds? If so that makes sense.

There's a broader theme I'm looking to figure out: How can I automatically adjust the time range according to a KQL or Lucene query? Is there a setting that might cause Kibana to automatically adjust the view time range resulting from a selection query like survey_name: "my_specific_survey"?

I realize this -- in general -- isn't practical. The range could be massive. But what if our selections are known to be reasonably small and we would like to automatically adjust the time range resulting from a query. Is that possible?

jsanz · June 1, 2023, 10:02am

That's exactly the defition of what the shape filter does. One thing that helps a lot to understand how things work is to check the Inspector tool that displays the exact queries that are being passed to Elasticsearch.

So for example using the Kibana Flights sample dataset added as a Document layer, and with the DestLocation as the geometry rendered (remember an index can have multiple geometry fields!) the bounds filter generates a query like this:

POST /kibana_sample_data_flights/_mvt/DestLocation/0/0/0
{
  "buffer": 0,
  "grid_precision": 0,
  "exact_bounds": true,
  "extent": 4096,
  "query": {
    "bool": {
      "filter": [
        {
          "bool": {
            "must": [
              {
                "exists": {
                  "field": "DestLocation"
                }
              },
              {
                "geo_shape": {
                  "DestLocation": {
                    "relation": "INTERSECTS",
                    "shape": {
                      "coordinates": [
                        [
...
                        ]
                      ],
                      "type": "Polygon"
                    }
                  },
                  "ignore_unmapped": true
                }
              }
            ]
          }
        },
        {
          "range": {
            "timestamp": {
              "format": "strict_date_optional_time",
              "gte": "2022-05-31T22:00:00.000Z",
              "lte": "2023-06-01T09:54:00.812Z"
            }
          }
        }
      ],
      "must": [],
      "must_not": [],
      "should": []
    }
  },
  "runtime_mappings": {
    "hour_of_day": {
      "script": {
        "source": "emit(doc['timestamp'].value.getHour());"
      },
      "type": "long"
    }
  },
  "track_total_hits": 10001,
  "with_labels": false,
  "fields": []
}

At the maps side we have that captured here, feel free to chime in with any additional comments or feedback.

github.com/elastic/kibana

[Maps] Should be able to fit to timerange of layer-data

opened 12:59PM - 14 Jul 21 UTC

thomasneirynck

enhancement usability Team:Presentation impact:medium Feature:Maps

**Describe the feature:** One of the layer-actions should be something like "…Expand time-selection range to data". Clicking this would change the global time-range to the time-range of the data in the layer. **Describe a specific use case for the feature:** This would be similar like the fit2bounds button. But rather than adjusting the extent of the map, it extends/shrinks the global time picker to the time-range extent of the data. ------ This is different from https://github.com/elastic/kibana/issues/105596. This improvement asks for a layer-action to "fit" to the time-range of the layer data (which could "zoom in" or "zoom out", depending on the existing time-eslection). https://github.com/elastic/kibana/issues/105596 asks for a button on the timeslider to "zoom-in" on the selected timeslide.

jsanz · June 1, 2023, 10:04am

Forgot to mention that every layer can ignore the global search bar and date picker individually, which can be convenient in certain cases where we want our data to render independently (or in conjunction with other regular datasets). Layers can also have their own filter as well.

Nathan_Reese · June 1, 2023, 2:19pm

I think you are looking for something like Timepicker - All option · Issue #1723 · elastic/kibana · GitHub that allows timepicker to select the range based on the query. This is not possible at the moment

Mathemaphysics · June 5, 2023, 5:42pm

Thanks for the reply. I'll look at this.

Mathemaphysics · June 5, 2023, 6:22pm

Okay this makes much more sense. Thanks.

I think I'm filtering data by geometry and hoping to select related points which don't actually share geo_point data. That seems to have been the problem.

system · July 3, 2023, 6:22pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.