[ML] AIOps: Adds Pattern analysis tab in Discover

[jgowdyelastic]

Closes #178534

Replaces the pattern analysis flyout in Discover with a tab which sits alongside the Documents and Field statistics tabs.

Field selection
Lists all of the text fields in the index. Auto selects message, then error.message, then event.original and if none of these fields are available, it just selects the first field in the list.

The Options menu provides some configuration options:

Minimum time range
Sets the minimum time range used for the pattern analysis search. The pattern matching results results will be more accurate the more data it sees, so if the user has selected e.g. last 15mins in the time picker, this settings will ensure a wider time range is used to improve the accuracy of the patterns. If the time picker has a larger time range than this setting, the larger time range will be used.

Random sampling
Improves the search performance by using a random sampler. This is the same setting as before.

[jgowdyelastic]

/ci

[jgowdyelastic]

/ci

[jgowdyelastic]

/ci

[qn895]

Tested latest changes and ML-changes LGTM. Please feel free to merge this one ahead of the ES|QL field stats in Discover PR 👍 . I'll wait to merge it after this one is in.

[qn895]

nit: import type

[jgowdyelastic]

Updated in 1aaa89f

[andreadelrio]

Hi @jgowdyelastic sending design comments below:

• Add a heading to the Pattern analysis settings popover. For reference, this should look like the Keyboard shortcuts popover in the Document tab.

• Increase the padding on the left side of the Patterns tab to achieve something similar to what we have in the Documents tab.

Long term and as I mentioned to Aris, it would be beneficial to consider using EuiDataGrid for this view as well. It would match nicely with the Documents tab. On that note, given the amount of information you're displaying when expanding the row, I would suggest considering moving it to a flyout. This would be similar to how in Documents tab the user presses the expand icon and the push flyout appears. The pattern shown in the flyout would be highlighted in the main Patterns table. Here's a quick mockup of how that flyout could look like:

cc @kertal @davismcphee @ryankeairns for awareness.

[jgowdyelastic]

@andreadelrio

• Add a heading to the Pattern analysis settings popover. For reference, this should look like the Keyboard shortcuts popover in the Document tab.

Updated in 13e4b30

• Increase the padding on the left side of the Patterns tab to achieve something similar to what we have in the Documents tab.

Updated in. 13e4b30

Long term and as I mentioned to Aris, it would be beneficial to consider using EuiDataGrid for this view as well. It would match nicely with the Documents tab. On that note, given the amount of information you're displaying when expanding the row, I would suggest considering moving it to a flyout. This would be similar to how in Documents tab the user presses the expand icon and the push flyout appears. The pattern shown in the flyout would be highlighted in the main Patterns table. Here's a quick mockup of how that flyout could look like:

Yeah, I think this would be an improvement to the expanded rows.
I think we would also need to navigation controls similar to the document flyout to allow users to easily move between patterns. e.g.

I can look into this for a follow up PR.

[peteharverson]

Tested latest changes and LGTM.

[jughosta]

Great feature! And thanks for addressing the comments!

Some things to consider improving as a follow up:

• What are these warnings 0% contain 3 or more tokens about? The shown patterns seem to be fine:

• Noticed that cancelling a patterns request does not always work right away. Is it expected?

• Once canceled, should there be a button to restart?

Style nits:

• The label is to close to the side:

• Mobile view is a little off:

[jgowdyelastic]

Follow on tasks have been added to this meta issue #183922

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: ec9b46e

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
aiops	610	618	+8
apm	1806	1799	-7
discover	910	906	-4
eventAnnotationListing	613	606	-7
lens	1477	1470	-7
logsExplorer	600	593	-7
securitySolution	5497	5490	-7
slo	846	839	-7
total			-38

Public APIs missing comments

Total count of every public API that lacks a comment. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats comments for more detailed information.

id	before	after	diff
aiops	4	9	+5

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
aiops	520.7KB	547.1KB	+26.4KB
dataVisualizer	757.9KB	757.9KB	+28.0B
discover	809.4KB	810.0KB	+616.0B
lens	1.5MB	1.5MB	-1.5KB
ml	4.2MB	4.2MB	+56.0B
securitySolution	15.1MB	15.1MB	-1.5KB
slo	870.2KB	868.7KB	-1.5KB
transform	479.4KB	479.4KB	+28.0B
total			+22.5KB

Public APIs missing exports

Total count of every type that is part of your API that should be exported but is not. This will cause broken links in the API documentation system. Target amount is 0. Run node scripts/build_api_docs --plugin [yourplugin] --stats exports for more detailed information.

id	before	after	diff
@kbn/unified-field-list	10	9	-1
aiops	1	2	+1
total			-0

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id	before	after	diff
aiops	7.1KB	7.5KB	+400.0B
discover	35.6KB	35.6KB	+14.0B
savedSearch	11.5KB	11.5KB	+27.0B
total			+441.0B

Unknown metric groups

API count

id	before	after	diff
@kbn/ml-date-picker	48	50	+2
aiops	67	74	+7
total			+9

async chunk count

id	before	after	diff
aiops	24	27	+3

ESLint disabled line counts

id	before	after	diff
@kbn/unified-field-list	17	16	-1
aiops	26	29	+3
total			+2

Total ESLint disabled count

id	before	after	diff
@kbn/unified-field-list	17	16	-1
aiops	26	29	+3
total			+2

History

• 💛 Build #211443 was flaky 4760aaa
• 💛 Build #211235 was flaky 35aa588
• 💔 Build #211178 failed 245e557
• 💚 Build #211143 succeeded 9962621
• 💔 Build #211040 failed 13e4b30
• 💚 Build #210656 succeeded 8721bf3

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @jgowdyelastic