added avg aggs

elastic · Oct 19, 2021 · 216bc96 · 216bc96
1 parent 91e9b09
commit 216bc96
Show file tree

Hide file tree

Showing 9 changed files with 235 additions and 3 deletions.
diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts
@@ -322,6 +322,8 @@ export async function getExecutionsTotalCount(
   countByType: Record<string, number>;
   countFailures: number;
   countFailuresByType: Record<string, number>;
+  avgExecutionTime: number;
+  avgExecutionTimeByType: Record<string, number>;
 }> {
   const scriptedMetric = {
     scripted_metric: {
@@ -423,20 +425,80 @@ export async function getExecutionsTotalCount(
             },
           },
         },
+        avgDuration: { avg: { field: 'event.duration' } },
       },
     },
   });
 
   // @ts-expect-error aggegation type is not specified
   const aggsExecutions = actionResults.aggregations.totalExecutions?.byConnectorTypeId.value;
+  const aggsAvgExecutionTime = Math.round(
+    // @ts-expect-error aggegation type is not specified
+    actionResults.aggregations.avgDuration.value / (1000 * 1000)
+  ); // nano seconds
   const aggsFailureExecutions =
     // @ts-expect-error aggegation type is not specified
     actionResults.aggregations.failuresExecutions?.refs?.byConnectorTypeId.value;
 
+  const avgExecutionTimeByType: Record<string, number> = {};
+  for (const [key] of Object.entries(aggsExecutions.connectorTypes)) {
+    const { body: connectorTypeResults } = await esClient.search({
+      index: eventLogIndex,
+      body: {
+        query: {
+          bool: {
+            filter: {
+              bool: {
+                must: [
+                  {
+                    term: { 'event.action': 'execute' },
+                  },
+                  {
+                    nested: {
+                      path: 'kibana.saved_objects',
+                      query: {
+                        bool: {
+                          must: [
+                            {
+                              term: {
+                                'kibana.saved_objects.type': {
+                                  value: 'action',
+                                },
+                              },
+                            },
+                            {
+                              term: {
+                                'kibana.saved_objects.type_id': {
+                                  value: key,
+                                },
+                              },
+                            },
+                          ],
+                        },
+                      },
+                    },
+                  },
+                ],
+              },
+            },
+          },
+        },
+        aggs: {
+          avgDuration: { avg: { field: 'event.duration' } },
+        },
+      },
+    });
+    avgExecutionTimeByType[key] =
+      // @ts-expect-error aggegation type is not specified
+      Math.round(connectorTypeResults.aggregations?.avgDuration.value / (1000 * 1000));
+  }
+
   return {
     countTotal: aggsExecutions.total,
     countByType: aggsExecutions.connectorTypes,
     countFailures: aggsFailureExecutions.total,
     countFailuresByType: aggsFailureExecutions.connectorTypes,
+    avgExecutionTime: aggsAvgExecutionTime,
+    avgExecutionTimeByType,
   };
 }
diff --git a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts
@@ -58,6 +58,8 @@ export function createActionsUsageCollector(
       count_actions_executions_by_type: byTypeSchema,
       count_actions_executions_failured: { type: 'long' },
       count_actions_executions_failured_by_type: byTypeSchema,
+      avg_execution_time: { type: 'long' },
+      avg_execution_time_by_type: byTypeSchema,
     },
     fetch: async () => {
       try {
@@ -81,6 +83,8 @@ export function createActionsUsageCollector(
           count_actions_executions_by_type: {},
           count_actions_executions_failured: 0,
           count_actions_executions_failured_by_type: {},
+          avg_execution_time: 0,
+          avg_execution_time_by_type: {},
         };
       }
     },

diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts
@@ -117,6 +117,8 @@ export function telemetryTaskRunner(
                 count_actions_executions_by_type: totalExecutions.countByType,
                 count_actions_executions_failured: totalExecutions.countFailures,
                 count_actions_executions_failured_by_type: totalExecutions.countFailuresByType,
+                avg_execution_time: totalExecutions.avgExecutionTime,
+                avg_execution_time_by_type: totalExecutions.avgExecutionTimeByType,
               },
               runAt: getNextMidnight(),
             };

diff --git a/x-pack/plugins/actions/server/usage/types.ts b/x-pack/plugins/actions/server/usage/types.ts
@@ -16,4 +16,6 @@ export interface ActionsUsage {
   count_actions_executions_by_type: Record<string, number>;
   count_actions_executions_failured: number;
   count_actions_executions_failured_by_type: Record<string, number>;
+  avg_execution_time: number;
+  avg_execution_time_by_type: Record<string, number>;
 }
diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts
@@ -36,10 +36,12 @@ const alertTypeMetric = {
 
 const ruleTypeExecutionsMetric = {
   scripted_metric: {
-    init_script: 'state.ruleTypes = [:];',
+    init_script: 'state.ruleTypes = [:]; state.ruleTypesDuration = [:];',
     map_script: `
-      String ruleType = doc['rule.category'].value; 
+      String ruleType = doc['rule.category'].value;
+      long duration = doc['event.duration'].value / (1000 * 1000); 
       state.ruleTypes.put(ruleType, state.ruleTypes.containsKey(ruleType) ? state.ruleTypes.get(ruleType) + 1 : 1);
+      state.ruleTypesDuration.put(ruleType, state.ruleTypesDuration.containsKey(ruleType) ? state.ruleTypesDuration.get(ruleType) + duration : duration);
     `,
     // Combine script is executed per cluster, but we already have a key-value pair per cluster.
     // Despite docs that say this is optional, this script can't be blank.
@@ -430,14 +432,22 @@ export async function getTotalExecutionsCount(
       aggs: {
         byRuleTypeId: ruleTypeExecutionsMetric,
         failuresByReason: ruleTypeFailureExecutionsMetric,
+        avgDuration: { avg: { field: 'event.duration' } },
       },
     },
   });
 
   const executionsAggregations = searchResult.aggregations as {
-    byRuleTypeId: { value: { ruleTypes: Record<string, string> } };
+    byRuleTypeId: {
+      value: { ruleTypes: Record<string, string>; ruleTypesDuration: Record<string, number> };
+    };
   };
 
+  const aggsAvgExecutionTime = Math.round(
+    // @ts-expect-error aggegation type is not specified
+    searchResult.aggregations.avgDuration.value / (1000 * 1000)
+  ); // nano seconds
+
   const executionFailuresAggregations = searchResult.aggregations as {
     failuresByReason: { value: { reasons: Record<string, Record<string, string>> } };
   };
@@ -499,5 +509,18 @@ export async function getTotalExecutionsCount(
       }),
       {}
     ),
+    avgExecutionTime: aggsAvgExecutionTime,
+    avgExecutionTimeByType: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce(
+      // ES DSL aggregations are returned as `any` by esClient.search
+      // eslint-disable-next-line @typescript-eslint/no-explicit-any
+      (obj: any, key: string) => ({
+        ...obj,
+        [replaceFirstAndLastDotSymbols(key)]: Math.round(
+          executionsAggregations.byRuleTypeId.value.ruleTypesDuration[key] /
+            parseInt(executionsAggregations.byRuleTypeId.value.ruleTypes[key], 10)
+        ),
+      }),
+      {}
+    ),
   };
 }
diff --git a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts
@@ -115,6 +115,8 @@ export function createAlertsUsageCollector(
           count_rules_executions_failured: 0,
           count_rules_executions_failured_by_reason: {},
           count_rules_executions_failured_by_reason_by_type: {},
+          avg_execution_time: 0,
+          avg_execution_time_by_type: {},
         };
       }
     },
@@ -144,6 +146,8 @@ export function createAlertsUsageCollector(
       count_rules_executions_failured: { type: 'long' },
       count_rules_executions_failured_by_reason: byReasonSchema,
       count_rules_executions_failured_by_reason_by_type: byReasonSchemaByType,
+      avg_execution_time: { type: 'long' },
+      avg_execution_time_by_type: byTypeSchema,
     },
   });
 }

diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts
@@ -109,6 +109,8 @@ export function telemetryTaskRunner(
                 count_rules_executions_failured_by_reason: totalExecutions.countFailuresByReason,
                 count_rules_executions_failured_by_reason_by_type:
                   totalExecutions.countFailuresByReasonByType,
+                avg_execution_time: totalExecutions.avgExecutionTime,
+                avg_execution_time_by_type: totalExecutions.avgExecutionTimeByType,
               },
               runAt: getNextMidnight(),
             };

diff --git a/x-pack/plugins/alerting/server/usage/types.ts b/x-pack/plugins/alerting/server/usage/types.ts
@@ -16,6 +16,8 @@ export interface AlertsUsage {
   count_rules_executions_failured: number;
   count_rules_executions_failured_by_reason: Record<string, number>;
   count_rules_executions_failured_by_reason_by_type: Record<string, Record<string, number>>;
+  avg_execution_time: number;
+  avg_execution_time_by_type: Record<string, number>;
   throttle_time: {
     min: string;
     avg: string;

diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
@@ -185,6 +185,49 @@
               "type": "long"
             }
           }
+        },
+        "avg_execution_time": {
+          "type": "long"
+        },
+        "avg_execution_time_by_type": {
+          "properties": {
+            "DYNAMIC_KEY": {
+              "type": "long"
+            },
+            "__email": {
+              "type": "long"
+            },
+            "__index": {
+              "type": "long"
+            },
+            "__pagerduty": {
+              "type": "long"
+            },
+            "__swimlane": {
+              "type": "long"
+            },
+            "__server-log": {
+              "type": "long"
+            },
+            "__slack": {
+              "type": "long"
+            },
+            "__webhook": {
+              "type": "long"
+            },
+            "__servicenow": {
+              "type": "long"
+            },
+            "__jira": {
+              "type": "long"
+            },
+            "__resilient": {
+              "type": "long"
+            },
+            "__teams": {
+              "type": "long"
+            }
+          }
         }
       }
     },
@@ -205,6 +248,94 @@
         "count_rules_executions_failured": {
           "type": "long"
         },
+        "avg_execution_time": {
+          "type": "long"
+        },
+        "avg_execution_time_by_type": {
+          "properties": {
+            "DYNAMIC_KEY": {
+              "type": "long"
+            },
+            "__index-threshold": {
+              "type": "long"
+            },
+            "__es-query": {
+              "type": "long"
+            },
+            "transform_health": {
+              "type": "long"
+            },
+            "apm__error_rate": {
+              "type": "long"
+            },
+            "apm__transaction_error_rate": {
+              "type": "long"
+            },
+            "apm__transaction_duration": {
+              "type": "long"
+            },
+            "apm__transaction_duration_anomaly": {
+              "type": "long"
+            },
+            "metrics__alert__threshold": {
+              "type": "long"
+            },
+            "metrics__alert__inventory__threshold": {
+              "type": "long"
+            },
+            "logs__alert__document__count": {
+              "type": "long"
+            },
+            "monitoring_alert_cluster_health": {
+              "type": "long"
+            },
+            "monitoring_alert_cpu_usage": {
+              "type": "long"
+            },
+            "monitoring_alert_disk_usage": {
+              "type": "long"
+            },
+            "monitoring_alert_elasticsearch_version_mismatch": {
+              "type": "long"
+            },
+            "monitoring_alert_kibana_version_mismatch": {
+              "type": "long"
+            },
+            "monitoring_alert_license_expiration": {
+              "type": "long"
+            },
+            "monitoring_alert_logstash_version_mismatch": {
+              "type": "long"
+            },
+            "monitoring_alert_nodes_changed": {
+              "type": "long"
+            },
+            "siem__signals": {
+              "type": "long"
+            },
+            "siem__notifications": {
+              "type": "long"
+            },
+            "xpack__uptime__alerts__monitorStatus": {
+              "type": "long"
+            },
+            "xpack__uptime__alerts__tls": {
+              "type": "long"
+            },
+            "xpack__uptime__alerts__durationAnomaly": {
+              "type": "long"
+            },
+            "__geo-containment": {
+              "type": "long"
+            },
+            "xpack__ml__anomaly_detection_alert": {
+              "type": "long"
+            },
+            "xpack__ml__anomaly_detection_jobs_health": {
+              "type": "long"
+            }
+          }
+        },
         "count_rules_executions_failured_by_reason": {
           "properties": {
             "DYNAMIC_KEY": {