-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Lens] Turn off Group remaining values as "Other"
setting when visualization has more than 1000 terms aggregation
#162456
Comments
Pinging @elastic/kibana-visualizations @elastic/kibana-visualizations-external (Team:Visualizations) |
Group remaining values as "Other"
setting when visualization has more than 1000 terms aggregation
Agree with option 2, let's just turn it off at 1000 terms but let the user re-enable it. |
I also agree with option 2. |
"Agree with option 2, let's just turn it off at 1000 terms but let the user re-enable it." 100% agree. Training operators reviewing security log data with these issues is too much overhead. Will be a lot easier to disable the Grouping feature. |
Agree with option 2 |
…al 1000 (#167141) ## Summary Closes #162456 It switches off the other bucket switch if the user updates the terms to a number greater than equal 1000. In the beginning I had made it simpler so the switch would change to false if size >= 1000 and to true if size < 1000. But I am not sure I like this experience so I decided to do something else: - The other bucket defaults to true if size < 1000 - If the user changes to a value >=1000 then it changes to false (The user can always enable it) - If the user changes this to a value < 1000 it doesn't change back to true. The user must change it manually. Let me know if you agree that this experience makes more sense. <img width="2346" alt="image" src="https://github.com/elastic/kibana/assets/17003240/29d64ab7-7e55-4b2a-b769-b5f9c6b6d385"> ### Checklist - [ ] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios --------- Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
Recently we got a fair number of performance problems coming from the customers who want to do visualizations with >1000 of top values (usually to get a datatable and export it to csv and use their own tools). The problem is that by default we have a setting
Group remaining values as "Other"
on and that makes the performance way worse.(Tech explanation: The reason for the performance problems is how ES works under the hood. Kibana has to send another, more expensive call to ES to get
other
. ES gathers all the other terms from all the documents that exist except from the ones from the x top values and that can be very heavy when there's a lot of terms and documents)For the users, the most common usecase for having >1000 of top values is what I mentioned above - get a datatable of data and export it to CSV, so the
Group as other
is not really needed in this case.So we could solve the customers problem in two ways:
Group remaining values as "Other"
if there are more than 1000 of top values (or we could go with 100 or whatever arbitrary number we find useful)Let me know your thoughts!
The text was updated successfully, but these errors were encountered: