[Cascade] Handle grouping on fields with unset values#260033
Merged
eokoneyo merged 3 commits intoelastic:mainfrom Mar 31, 2026
Merged
[Cascade] Handle grouping on fields with unset values#260033eokoneyo merged 3 commits intoelastic:mainfrom
eokoneyo merged 3 commits intoelastic:mainfrom
Conversation
eokoneyo
added
release_note:skip
eokoneyo
changed the title
eokoneyo
force-pushed
the
chore/resolve-260026
branch
from
74ec839 to
b1963ce
Compare
eokoneyo
changed the title
Contributor
Author
|
/ci |
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
|
Pinging @elastic/kibana-data-discovery (Team:DataDiscovery) |
eokoneyo
force-pushed
the
chore/resolve-260026
branch
from
9d78ca8 to
9ae41e6
Compare
davismcphee
approved these changes
Mar 30, 2026
Contributor
davismcphee
left a comment
davismcphee
left a comment
There was a problem hiding this comment.
Works as expected, thanks!
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Async chunks
Page load bundle
History
cc @eokoneyo |
mbondyra
added a commit
to mbondyra/kibana
that referenced
this pull request
Mar 31, 2026
…e_for_children6 * commit '3402744f63ca1196e97b11ffac4e7f7efab240df': (80 commits) [PerUserAuth] Add EARS auth type for Connectors V2 (elastic#253695) Fix `@elastic/eui/require-aria-label-for-modals` lint violations across `@elastic/kibana-core` files (elastic#259757) [Entity Analytics][Leads generation][4] Add API routes, LeadDataClient, and async generation (elastic#257046) [Agent Builder] Agent-centric UX redesign (elastic#258005) fix query streams failing test (elastic#260277) [Lens as code] Add list layout to the new API (elastic#259967) [FTR] Add warning comments to deployment-agnostic FTR base configs (elastic#260018) [Discover][Logs profile] Fix missing search highlights (elastic#260056) Plugin system: safe deletion (elastic#259038) [Infra] Fix Hosts filter options to match selected schema (elastic#259825) Manual Entity Resolution and flyout representation (elastic#260162) [Cascade] Handle grouping on fields with unset values (elastic#260033) [Fleet] generate OTel config for integration packages with otelcol inputs (elastic#259968) [Search] Switch over to V2 index management details (elastic#259866) [inference] increase timeout for ES inference calls (elastic#260382) [ES|QL] Enable subqueries (elastic#257455) [ES|QL] Change Point order free options (elastic#260282) [Auth] Added authentication strategy for UIAM OAuth (elastic#256182) [Security Solution] Add "alerts_candidate_count" rule execution metric (elastic#259917) [api-docs] 2026-03-31 Daily api_docs build (elastic#260380) ...
jeramysoucy
pushed a commit
to jeramysoucy/kibana
that referenced
this pull request
Apr 1, 2026
## Summary Closes elastic#260026 Any record with an unset field is represented as "(null)", whilst constructing queries for the cascade experience when a value that matches this string is encountered, it receives a special treatment; - For column operations on the leaf node; an encounter with a column with the value of "(null)", will result in a query where the we search for a column that is null, this is reproducible with the sample data that's available by default in Kibana, from the index **kibana_sample_data_logs**, running a STATS query on the column `memory` we encounter some records where the fields value is not set in this scenario, we'd use a query similar to the one below; ```txt FROM kibana_sample_data_logs | INLINE STATS count = COUNT(*), avg_bytes = AVG(bytes), p95 = PERCENTILE(memory, 95), median_ram_size = MEDIAN(machine.ram) BY memory | WHERE memory IS NULL ``` - For filtering operations, to filter in we apply a where clause that asserts the columns is null like so; `WHERE column IS NULL`, and to filter out we assert that we want all columns that aren't null like so `WHERE column IS NOT NULL`. P.S. It should be noted we don't apply this conditions to the CATEGORIZE function. <!-- ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --> --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
paulinashakirova
pushed a commit
to paulinashakirova/kibana
that referenced
this pull request
Apr 2, 2026
## Summary Closes elastic#260026 Any record with an unset field is represented as "(null)", whilst constructing queries for the cascade experience when a value that matches this string is encountered, it receives a special treatment; - For column operations on the leaf node; an encounter with a column with the value of "(null)", will result in a query where the we search for a column that is null, this is reproducible with the sample data that's available by default in Kibana, from the index **kibana_sample_data_logs**, running a STATS query on the column `memory` we encounter some records where the fields value is not set in this scenario, we'd use a query similar to the one below; ```txt FROM kibana_sample_data_logs | INLINE STATS count = COUNT(*), avg_bytes = AVG(bytes), p95 = PERCENTILE(memory, 95), median_ram_size = MEDIAN(machine.ram) BY memory | WHERE memory IS NULL ``` - For filtering operations, to filter in we apply a where clause that asserts the columns is null like so; `WHERE column IS NULL`, and to filter out we assert that we want all columns that aren't null like so `WHERE column IS NOT NULL`. P.S. It should be noted we don't apply this conditions to the CATEGORIZE function. <!-- ### Checklist Check the PR satisfies following conditions. Reviewers should verify this PR satisfies this list as well. - [ ] Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/main/src/platform/packages/shared/kbn-i18n/README.md) - [ ] [Documentation](https://www.elastic.co/guide/en/kibana/master/development-documentation.html) was added for features that require explanation or tutorials - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] If a plugin configuration key changed, check if it needs to be allowlisted in the cloud and added to the [docker list](https://github.com/elastic/kibana/blob/main/src/dev/build/tasks/os_packages/docker_generator/resources/base/bin/kibana-docker) - [ ] This was checked for breaking HTTP API changes, and any breaking changes have been approved by the breaking-change committee. The `release_note:breaking` label should be applied in these situations. - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed - [ ] The PR description includes the appropriate Release Notes section, and the correct `release_note:*` label is applied per the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) - [ ] Review the [backport guidelines](https://docs.google.com/document/d/1VyN5k91e5OVumlc0Gb9RPa3h1ewuPE705nRtioPiTvY/edit?usp=sharing) and apply applicable `backport:*` labels. ### Identify risks Does this PR introduce any risks? For example, consider risks like hard to test bugs, performance regression, potential of data loss. Describe the risk, its severity, and mitigation for each identified risk. Invite stakeholders and evaluate how to proceed before merging. - [ ] [See some risk examples](https://github.com/elastic/kibana/blob/main/RISK_MATRIX.mdx) - [ ] ... --> --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Closes #260026
Any record with an unset field is represented as "(null)", whilst constructing queries for the cascade experience when a value that matches this string is encountered, it receives a special treatment;
memorywe encounter some records where the fields value is not set in this scenario, we'd use a query similar to the one below;FROM kibana_sample_data_logs | INLINE STATS count = COUNT(*), avg_bytes = AVG(bytes), p95 = PERCENTILE(memory, 95), median_ram_size = MEDIAN(machine.ram) BY memory | WHERE memory IS NULLWHERE column IS NULL, and to filter out we assert that we want all columns that aren't null like soWHERE column IS NOT NULL.P.S. It should be noted we don't apply this conditions to the CATEGORIZE function.