[EUI][Data] - Add index field selectors to EUI or Data

[yctercero]

Describe the feature:

Currently the security solutions team is working to move exception list UI into the lists plugin. In doing so, it's clear that a number of areas use similar components and that similar components exist within other plugins like data. I'll try to dig into the shared functionality and areas where it's being used as best I can to demonstrate that a streamlined component could be useful.

With the RAC initiative (unified alerting experience), these components will start being used in other plugins like observability.

Describe a specific use case for the feature:
Below are some of the areas in which this component shows up. data plugin has had a version for a while. When we were building out exceptions we chose not to use theirs because we weren't able to customize which operators could be used and it didn't have support for nested fields (at least not displayed the way we wanted).

Common functionality

• Pass an index pattern into component that determines what fields to show in the initial selector
• Operators - not all use multiple operators or the same operators, but all do have the same basic principle some field is some value
• Value selection includes autocomplete
  • This is where I think maybe it's a better component to be maintained in data possibly?
• Allows multiple of these to be AND-ed or OR-ed in some cases it's logic that is abstracted. Adding filters for example, it has you do one at a time as opposed to allowing the user to explicitly AND it

Exceptions

• Code is being moved into the lists plugin

Example of exceptions with nested

Indicator Match Rule

• Exceptions code was forked and lives within security solution

Trusted Apps

• Exceptions code was forked and lives within security solution

Adding a Filter

• Code from data plugin

Severity Override

• Left a copy of the autocomplete components

[elasticmachine]

Pinging @elastic/eui-design (EUI)

[elasticmachine]

Pinging @elastic/security-solution (Team: SecuritySolution)

[elasticmachine]

Pinging @elastic/kibana-core (Team:Core)

[yctercero]

@lizozom I think @spong had mentioned that you previously talked about something similar? I know we chatted back when exceptions was being built out and found that we couldn't use the existing data components.

[yctercero]

A low-hanging fruit here would be to hoist up the rounded badge into EUI as it will now be in 3 different plugins (lists, observability, security solution):

[pgayvallet]

A low-hanging fruit here would be to hoist up the rounded badge into EUI as it will now be in 3 different plugins

Why EUI and not simply an utility component?

[cchaos]

I will agree, that the rounded badge seems very particular to this component in the way that it's displayed along with the connecting dots.

I would be worried about making this a very specific EUI component. But I do agree that all these places could probably benefit from the same UI. I would recommend starting with a shared component/utility in Kibana and work to replace those places mentioned with this new component to see how well it works before we consider pulling it up to EUI.

Does that seem like an ok approach?