Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Inconsistent field display in visualization for ES|QL with custom timestamp #206095

Open
behnam-ramouzeh opened this issue Jan 9, 2025 · 0 comments
Open

Inconsistent field display in visualization for ES|QL with custom timestamp #206095

behnam-ramouzeh opened this issue Jan 9, 2025 · 0 comments
Labels
bug Fixes for quality problems that affect the customer experience needs-team Issues missing a team label

Comments

@behnam-ramouzeh
Copy link

behnam-ramouzeh commented Jan 9, 2025
edited
Loading

Kibana version:
Kibana Demo 8.17.0

Describe the bug:

When running an ES|QL command without specifying a custom timestamp field, the visualization in Kibana shows one less field (host) compared to when a custom timestamp field is specified.

This inconsistency occurs despite the responses being the same, as the utc_time field is equal to the @timestamp field.

Steps to Reproduce

  1. Go to https://demo.elastic.co/app/discover and click on Try ES|QL. Run the following ES|QL command without specifying a custom timestamp field:

    FROM kibana_sample_data_logs | STATS min_time = MIN(utc_time), max_time = MAX(utc_time) by host | EVAL delta = DATE_DIFF("minute", min_time, max_time)

    Request sent:

    POST /_query/async?drop_null_columns
{
  "query": "FROM kibana_sample_data_logs | STATS min_time = MIN(utc_time), max_time = MAX(utc_time) by host | EVAL delta = DATE_DIFF(\"minute\", min_time, max_time) ",
  "locale": "en",
  "include_ccs_metadata": true,
  "filter": {
    "bool": {
      "must": [],
      "filter": [
        {
          "range": {
            "@timestamp": {
              "format": "strict_date_optional_time",
              "gte": "2025-01-09T15:40:55.978Z",
              "lte": "2025-01-09T15:55:55.978Z"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
}

  2. Observe the response:

    {
  "rawResponse": {
    "is_running": false,
    "took": 20,
    "all_columns": [
      {
        "name": "min_time",
        "type": "date"
      },
      {
        "name": "max_time",
        "type": "date"
      },
      {
        "name": "host",
        "type": "text"
      },
      {
        "name": "delta",
        "type": "integer"
      }
    ],
    "columns": [
      {
        "name": "min_time",
        "type": "date"
      },
      {
        "name": "max_time",
        "type": "date"
      },
      {
        "name": "host",
        "type": "text"
      },
      {
        "name": "delta",
        "type": "integer"
      }
    ],
    "values": [
      [
        "2025-01-09T15:49:16.516Z",
        "2025-01-09T15:49:16.516Z",
        "artifacts.elastic.co",
        0
      ],
      [
        "2025-01-09T15:44:22.843Z",
        "2025-01-09T15:55:50.611Z",
        "www.elastic.co",
        11
      ],
      [
        "2025-01-09T15:54:37.430Z",
        "2025-01-09T15:54:37.430Z",
        "cdn.elastic-elastic-elastic.org",
        0
      ]
    ]
  }
}

  3. Run the following ES|QL command specifying a custom timestamp field:

    FROM kibana_sample_data_logs | WHERE utc_time >= ?_tstart AND utc_time <= ?_tend | STATS min_time = MIN(utc_time), max_time = MAX(utc_time) by host | EVAL delta = DATE_DIFF("minute", min_time, max_time)

    Request sent:

    POST /_query/async?drop_null_columns
{
  "query": "FROM kibana_sample_data_logs | WHERE utc_time >= ?_tstart AND utc_time <= ?_tend | STATS min_time = MIN(utc_time), max_time = MAX(utc_time) by host | EVAL delta = DATE_DIFF(\"minute\", min_time, max_time) ",
  "locale": "en",
  "include_ccs_metadata": true,
  "params": [
    {
      "_tstart": "2025-01-09T15:40:58.514Z"
    },
    {
      "_tend": "2025-01-09T15:55:58.515Z"
    }
  ],
  "filter": {
    "bool": {
      "must": [],
      "filter": [
        {
          "range": {
            "utc_time": {
              "format": "strict_date_optional_time",
              "gte": "2025-01-09T15:40:58.515Z",
              "lte": "2025-01-09T15:55:58.515Z"
            }
          }
        }
      ],
      "should": [],
      "must_not": []
    }
  }
}

  4. Observe the response:

    {
  "rawResponse": {
    "is_running": false,
    "took": 12,
    "all_columns": [
      {
        "name": "min_time",
        "type": "date"
      },
      {
        "name": "max_time",
        "type": "date"
      },
      {
        "name": "host",
        "type": "text"
      },
      {
        "name": "delta",
        "type": "integer"
      }
    ],
    "columns": [
      {
        "name": "min_time",
        "type": "date"
      },
      {
        "name": "max_time",
        "type": "date"
      },
      {
        "name": "host",
        "type": "text"
      },
      {
        "name": "delta",
        "type": "integer"
      }
    ],
    "values": [
      [
        "2025-01-09T15:49:16.516Z",
        "2025-01-09T15:49:16.516Z",
        "artifacts.elastic.co",
        0
      ],
      [
        "2025-01-09T15:44:22.843Z",
        "2025-01-09T15:55:50.611Z",
        "www.elastic.co",
        11
      ],
      [
        "2025-01-09T15:54:37.430Z",
        "2025-01-09T15:54:37.430Z",
        "cdn.elastic-elastic-elastic.org",
        0
      ]
    ]
  }
}

Expected Behavior

The visualization should display the same fields regardless of whether a custom timestamp field is specified, as the responses are identical.

Actual Behavior

The visualization shows one less field (host) when the custom timestamp field is specified.

Additional context

The utc_time field is equal to the @timestamp field in the dataset.

Video

ESQL.-.Issue.with.the.customized.timestamp.mp4
@behnam-ramouzeh behnam-ramouzeh added the bug Fixes for quality problems that affect the customer experience label Jan 9, 2025
@botelastic botelastic bot added the needs-team Issues missing a team label label Jan 9, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Fixes for quality problems that affect the customer experience needs-team Issues missing a team label
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@behnam-ramouzeh