[ML] AIOps: Identify spike/dips with change point detection for log rate analysis

[walterra]

Summary

• Uses change point detection to identify point in time for deviation timestamp.
• Expands deviation timestamp into time range covering the whole deviation area of interest and highlights the time range in the date histogram chart.
• When clicking on the detected deviation time range, the selected deviation will be exactly the detected time range.
• If no change point is detected, we just fall back to the previous behavior.

Review notes:

• For the obs-ux team it's just some imports that needed to be updated.

Checklist

• Unit or functional tests were updated or added to match the most common scenarios
• Flaky Test Runner was used on any tests changed
• This was checked for breaking API changes and was labeled appropriately

[walterra]

✅ Flaky Test Runner: https://buildkite.com/elastic/kibana-flaky-test-suite-runner/builds/5541

[elasticmachine]

Pinging @elastic/ml-ui (:ml)

[peteharverson]

A good enhancement! Some feedback on the selection and messaging:

• I think we need some extra help to indicate what is being displayed after selection of the data view - as in we've auto-detected the most significant deviation. Could the 'Run analysis' be added to this sort of prompt?

• Should the change point highlight be dropped once the analysis starts running? I find it slightly confusing that if I choose to select a different spike or dip that the auto-selected range stays highlighted. Somewhat contrived example below, but you get my point...

• Should hitting 'Reset' also remove the auto-detected change point?

• Saw this example in the o11y log threshold alert details page (again somewhat contrived example), where the auto-detected spike ends up in the deviation range:

[maryam-saeidi]

Import changes LGTM!

[elasticmachine]

Pinging @elastic/obs-ux-management-team (Team:obs-ux-management)

[walterra]

@peteharverson Good input!

I updated the behavior:

• Detected change points will only be highlighted when the analysis hasn't been run yet. That should avoid the confusion if you intentionally select another time range as well as the highlighting in alerting.
• The prompts were updated to show an adapted version if we detect a spike or dip including a button to run the analysis.

Custom prompt when we detect a change point:

Change point highlighting disabled when user selected another time range:

[peteharverson]

Maybe it's because I'm used to it, but should we show the brushes for the baseline and deviation when the analysis is run on the auto-detected spike / dip?

[walterra]

@peteharverson thanks for catching that! The brushes not showing up should be fixed now in d8daf32.

[peteharverson]

The brushes are now appearing, but the 'Run analysis' button goes into the 'update needed' state:

[walterra]

Should be fixed now in d754830, ready for another look!

[peteharverson]

Tested latest changes and LGTM

[alvarezmelissa87]

LGTM ⚡

[kibana-ci]

💚 Build Succeeded

• Buildkite Build
• Commit: 1a4711c

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id	before	after	diff
aiops	485	490	+5
dataVisualizer	637	642	+5
total			+10

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id	before	after	diff
aiops	408.7KB	411.6KB	+2.9KB

Unknown metric groups

API count

id	before	after	diff
@kbn/aiops-components	35	36	+1
@kbn/aiops-utils	20	41	+21
total			+22

History

• 💚 Build #199513 succeeded d754830
• 💚 Build #199417 succeeded d8daf32
• 💚 Build #199340 succeeded fb68fc8
• 💚 Build #199209 succeeded 0502871
• 💚 Build #198702 succeeded a713d8b
• 💔 Build #198653 failed 6d43fdf

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @walterra