Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ML] Saved search where kibana has index pattern with comma separated values create invalid datafeed #64534

Closed
jguay opened this issue Apr 27, 2020 · 1 comment · Fixed by #64567
Closed

[ML] Saved search where kibana has index pattern with comma separated values create invalid datafeed #64534

jguay opened this issue Apr 27, 2020 · 1 comment · Fixed by #64567
Labels
Feature:Anomaly Detection ML anomaly detection :ml

Comments

@jguay
Copy link
Contributor

jguay commented Apr 27, 2020

Kibana version:
7.6.2
Elasticsearch version:
7.6.2
Describe the bug:
When saved search use index-pattern with multiple entries like indexa,indexb, datafeed definition is invalid and result in no match
Steps to reproduce:

  1. Create index pattern in kibana with comma separated values ".monitoring-es*,.monitoring-e*"
  2. Go to Discover and save the search
  3. Create ML job based on saved search

Expected behavior:
Should see data coming though
Provide logs and/or server output (if relevant):
GET _ml/datafeeds returns :

{
  "count" : 1,
  "datafeeds" : [
    {
      "datafeed_id" : "datafeed-test2wildcardedpatterns",
      "job_id" : "test2wildcardedpatterns",
      "query_delay" : "88230ms",
      "indices" : [
        ".monitoring-es*,.monitoring-e*"
      ],
      "query" : {
        "bool" : {
          "must" : [
            {
              "match_all" : { }
            }
          ],
          "filter" : [ ],
          "must_not" : [ ]
        }
      },
      "aggregations" : {
        "buckets" : {
          "date_histogram" : {
            "field" : "timestamp",
            "fixed_interval" : "900000ms"
          },
          "aggregations" : {
            "timestamp" : {
              "max" : {
                "field" : "timestamp"
              }
            }
          }
        }
      },
      "scroll_size" : 1000,
      "chunking_config" : {
        "mode" : "manual",
        "time_span" : "900000000ms"
      },
      "delayed_data_check_config" : {
        "enabled" : true
      }
    }
  ]
}

Data shows correctly after the datafeed is modified from :

"indices" : [
        ".monitoring-es*,.monitoring-e*"
      ]

to 2 valid separate entries

"indices" : [
        ".monitoring-es*",".monitoring-e*"
      ]
@jguay jguay added the :ml label Apr 27, 2020
@jgowdyelastic jgowdyelastic mentioned this issue Apr 27, 2020
Merged
@jgowdyelastic
Copy link
Member

This bug is also present in non-saved search jobs.

  1. Create index pattern in kibana with comma separated values ".monitoring-es*,.monitoring-e*"
  2. Create a job using this index pattern.

@peteharverson peteharverson added the Feature:Anomaly Detection ML anomaly detection label Apr 28, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Feature:Anomaly Detection ML anomaly detection :ml
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[ML] Fix new job wizard with multiple indices jgowdyelastic/kibana
3 participants
@peteharverson @jguay @jgowdyelastic