[Maps] "Point to Point" Data Source #41575
Comments
alexfrancoeur
added
discuss
[Deprecated-Use Team:Presentation]Team:Geo
|
Pinging @elastic/kibana-gis |
I don't think the source should provide all three features. Instead, the source would just provide a client-side generated line between two points The reason the source should not also include the source and destination points is because it would make styling more complicated. Style settings would have to be nested for each part: source point, destination point, and connection line. Also, what would the legend icon be for a source that has three separate styling blocks? I think we should always consider a source/layer as returning a single data set with a single styling. Then we could work on grouping layers to declutter/organize the legend as suggested in #37252 |
|
++ that works for me, agreed that the nested styling would add additional complexity and I like the concept of grouping layers. I've heard this request a few times now. |
|
Do we need to involve design here at all for this data source? If so, it's probably a minimal need. I'm not sure if we need a separate icon for this new type of data source. As far as the input goes, I'd imagine you select an index pattern and then choose two IP's in your document. A source / origin and a destination. Are there any limitations as far as styling goes? Separately, naming for this type of data source will be interested. Brain dump below, open to any thoughts / feedback
|
|
I like "point to point" best as its the most descriptive to what the source is doing. The problem with flow is that is more of region to region map, showing data from one region migrating to another region. I think we may want a flow map in the future that behaves more like the "term joins" today and uses a term aggregation to derive the metrics and looks up a path between the matching regions. |
|
Updating the title to "Point to point" for now |
alexfrancoeur
changed the title
|
Just noticed this is in master, are we good to close now @nreese? |
|
closed by #41504 |
As we begin talks with the SIEM team around a pew pew map (
SHIELDS!😆 ) and explore potentially handling this type of map on the client rather than using ageo_shapeLineString(elastic/beats#11702) in Elasticsearch, I thought it'd be interesting to consider this type of map as a generic data source. ECS has standardized numerousgeo_pointsin the same document, so it's possible that this could become a common ask.So rather than having three layers to build a map like this, you'd be able to condense into a single layer and aggregate on common paths.
This type of layer would end up looking similar to @nreese's POC #41504. I'm guessing the behavior would be similar to a document layer as far as global and layer filtering goes. We could potentially style each point as well as the line and offer a customize-able (but capped) destinations. This is just a concept at the moment, but would love to get some feedback from the group and our community. I could see this being useful for Elastic APM RUM maps, tracking origin / destination on things like flight patterns or package deliveries, etc.
cc: @tsg @MikePaquette @spong @thomasneirynck
The text was updated successfully, but these errors were encountered: