[Streams 🌊] Enrichment - Add support for date processor#213559
[Streams 🌊] Enrichment - Add support for date processor#213559Kerry350 merged 13 commits intoelastic:mainfrom
Conversation
tonyghiani
added
Team:obs-onboarding
|
Pinging @elastic/obs-ux-logs-team (Team:obs-ux-logs) |
tonyghiani
added
the
release_note:skip
…t --include-path /api/status --include-path /api/alerting/rule/ --include-path /api/alerting/rules --include-path /api/actions --include-path /api/security/role --include-path /api/spaces --include-path /api/streams --include-path /api/fleet --include-path /api/dashboards --update'
flash1293
left a comment
flash1293
left a comment
There was a problem hiding this comment.
The tag input looks nice, but it is not suited for editing date formats. I tried to use it with some actual data, and you need to submit the tag to run the simulation, but then you notice you made a mistake and have to delete the tag again to make a change. I would say either let's just go with a single format (the user can create multiple processors if necessary) or with multiple inputs like grok does it.
This is a bit confusing - it says it updates the input time field, but then it says it defaults to @timestamp. Seems like the latter is true:
With this I think it's a good starting point, but we need to add a lot of other things as well to make it really nice (kind of similar to the grok integration). Those can be follow-ups though.
|
Taking this over from Marco.
I'll change this to a single format for now 👍
I'll update the wording. The latter is true, from the docs:
|
|
I'm just comparing this to the Stack Management implementation (which is likely why we have the incorrect information about the input field being updated in place in both places). Thinking more about Is your concern with the current implementation (matching Stack Management also) that if you make a mistake on an earlier "tag" / format, you need to remove all of them and start again? We could also allow a comma separated list (or does that conflict with certain formats 🤔). I'm not sure we need all the ceremony of multiple inputs (in the way the Grok processor does it).
|
Exactly - try to use it to type a format from scratch manually and you will notice. It's really hard to use if you are not nailing it with the first try.
It does conflict with certain formats, e.g. it's common for the milli seconds to be separated by comma.
I would be happy if we could avoid it, but it needs to be possible to type, see the result, then fix. A single input would solve it as well for now, we can also come back to this, but the current solution isn't feasible I think. |
|
@flash1293 Understood 👌 I've updated the field descriptions to be accurate (reflect the docs). And I've changed formats to just a singular input that takes one format (multiple processors can be used for multiple formats). This isn't quite ready for re-review yet as there seems to be a bug whereby changes to optional fields don't retrigger the simulation. I'll ping you when it's ready 👍 |
|
@flash1293 Should be good to go now 👍 |
There was a problem hiding this comment.
All works as expected now, thanks for the updates!
Some more general thoughts - wdyt about this @LucaWintergerst and @Kerry350 ?
Using this made me realize that it's actually quite awkward how the processors are cut here - most of the time you parse out a weird date format from the message, then you want to normalize it and stuff it into @timestamp, but we force users to put it into a separate field first, use the date processor there and then put it where it actually belongs, and then removing the temporary field.
Maybe we could fuse these common steps and allow users to normalize the date as part of a single grok processor instead of forcing them to do this dance manually?
I guess there are still cases where you want to dance the dance, but then it's important to allow the user to clean up the temporary time field which we don't do right now. Should we add the drop field processor that to the list of processors we want to support? Seems like that one is helpful also to cut down storage costs.
Yeah, this seems like a good suggestion to me. But I think we should focus on getting the core functionality in first, before adding these (helpful) additional steps.
This seems like a good first step, so at least cleanup can be carried out. Then we could almost look at adding something like "workflows" (just a random name, could be called anything) that wrap multiple processor steps in a graceful way. We could maybe add these for common, known workflows (like this). |
|
good suggestion @flash1293 , I agree that in the coming weeks we should work towards more workflows of some kind. We'll need to think this through when the right time for this is - I think we should add support for all processors first, and then work on making the rough edges nicer |
💚 Build Succeeded
Metrics [docs]Module Count
Public APIs missing comments
Any counts in public APIs
Async chunks
History
|
|
Starting backport for target branches: 8.x https://github.com/elastic/kibana/actions/runs/13969868191 |
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
|
Oh for sure, that was all future talk but I put it here because of the context :) Agreed with adding the processors like this for now, I don't think that use case will go away. |
## 📓 Summary Part of elastic/streams-program#38 This work adds the `date` processor along with the dissect and grok ones in the enrichment section. It scales well following the current folder structure, but we should definitely polish it a bit more once more processors get added, such as getting the right form component, improve form state derivation, etc. https://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025 --------- Co-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co> Co-authored-by: Joe Reuter <johannes.reuter@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com> (cherry picked from commit 8f65dce) # Conflicts: # oas_docs/bundle.json # oas_docs/output/kibana.yaml
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
… (#215359) # Backport This will backport the following commits from `main` to `8.x`: - [[Streams 🌊] Enrichment - Add support for date processor (#213559)](#213559) <!--- Backport version: 9.6.6 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sorenlouv/backport) <!--BACKPORT [{"author":{"name":"Marco Antonio Ghiani","email":"marcoantonio.ghiani01@gmail.com"},"sourceCommit":{"committedDate":"2025-03-20T12:57:47Z","message":"[Streams 🌊] Enrichment - Add support for date processor (#213559)\n\n## 📓 Summary\n\nPart of https://github.com/elastic/streams-program/issues/38\n\nThis work adds the `date` processor along with the dissect and grok ones\nin the enrichment section.\nIt scales well following the current folder structure, but we should\ndefinitely polish it a bit more once more processors get added, such as\ngetting the right form component, improve form state derivation, etc.\n\n\nhttps://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025\n\n---------\n\nCo-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co>\nCo-authored-by: Joe Reuter <johannes.reuter@elastic.co>\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com>","sha":"8f65dceefca69c70de33be8176942d0c89fb0e27","branchLabelMapping":{"^v9.1.0$":"main","^v8.19.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","Team:obs-ux-logs","backport:version","Feature:Streams","v9.1.0","v8.19.0"],"title":"[Streams 🌊] Enrichment - Add support for date processor","number":213559,"url":"https://github.com/elastic/kibana/pull/213559","mergeCommit":{"message":"[Streams 🌊] Enrichment - Add support for date processor (#213559)\n\n## 📓 Summary\n\nPart of https://github.com/elastic/streams-program/issues/38\n\nThis work adds the `date` processor along with the dissect and grok ones\nin the enrichment section.\nIt scales well following the current folder structure, but we should\ndefinitely polish it a bit more once more processors get added, such as\ngetting the right form component, improve form state derivation, etc.\n\n\nhttps://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025\n\n---------\n\nCo-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co>\nCo-authored-by: Joe Reuter <johannes.reuter@elastic.co>\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com>","sha":"8f65dceefca69c70de33be8176942d0c89fb0e27"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.1.0","branchLabelMappingKey":"^v9.1.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/213559","number":213559,"mergeCommit":{"message":"[Streams 🌊] Enrichment - Add support for date processor (#213559)\n\n## 📓 Summary\n\nPart of https://github.com/elastic/streams-program/issues/38\n\nThis work adds the `date` processor along with the dissect and grok ones\nin the enrichment section.\nIt scales well following the current folder structure, but we should\ndefinitely polish it a bit more once more processors get added, such as\ngetting the right form component, improve form state derivation, etc.\n\n\nhttps://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025\n\n---------\n\nCo-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co>\nCo-authored-by: Joe Reuter <johannes.reuter@elastic.co>\nCo-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>\nCo-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com>","sha":"8f65dceefca69c70de33be8176942d0c89fb0e27"}},{"branch":"8.x","label":"v8.19.0","branchLabelMappingKey":"^v8.19.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> --------- Co-authored-by: Marco Antonio Ghiani <marcoantonio.ghiani01@gmail.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
## 📓 Summary Part of elastic/streams-program#38 This work adds the `date` processor along with the dissect and grok ones in the enrichment section. It scales well following the current folder structure, but we should definitely polish it a bit more once more processors get added, such as getting the right form component, improve form state derivation, etc. https://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025 --------- Co-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co> Co-authored-by: Joe Reuter <johannes.reuter@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com>
|
Just followed the discussion and changes and everything LGTM, thanks for the carrying this on @Kerry350! |
## 📓 Summary Part of elastic/streams-program#38 This work adds the `date` processor along with the dissect and grok ones in the enrichment section. It scales well following the current folder structure, but we should definitely polish it a bit more once more processors get added, such as getting the right form component, improve form state derivation, etc. https://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025 --------- Co-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co> Co-authored-by: Joe Reuter <johannes.reuter@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com>
## 📓 Summary Part of elastic/streams-program#38 This work adds the `date` processor along with the dissect and grok ones in the enrichment section. It scales well following the current folder structure, but we should definitely polish it a bit more once more processors get added, such as getting the right form component, improve form state derivation, etc. https://github.com/user-attachments/assets/824d15c8-ce9d-455a-ae0b-97aeec8cf025 --------- Co-authored-by: Kerry Gallagher <kerry.gallagher@elastic.co> Co-authored-by: Joe Reuter <johannes.reuter@elastic.co> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kerry Gallagher <471693+Kerry350@users.noreply.github.com>
6 participants
📓 Summary
Part of https://github.com/elastic/streams-program/issues/38
This work adds the
dateprocessor along with the dissect and grok ones in the enrichment section.It scales well following the current folder structure, but we should definitely polish it a bit more once more processors get added, such as getting the right form component, improve form state derivation, etc.
demo.mov