-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[alerting event log] buffer events being written instead of writing when logged #55634
Labels
Feature:EventLog
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
pmuellr
added
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
labels
Jan 22, 2020
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
21 tasks
Was just poking through rxjs, and noticed a handy We'll likely want to buffer for 1 to some small number of seconds, for maybe 100 events max. We can then do a bulk index of those events. |
pmuellr
added a commit
to pmuellr/kibana
that referenced
this issue
Nov 16, 2020
resolves elastic#55634 Buffers event docs being written for a fixed interval / buffer size, and indexes those docs via a bulk ES call.
pmuellr
added a commit
to pmuellr/kibana
that referenced
this issue
Nov 20, 2020
…#80941) resolves elastic#55634 resolves elastic#65746 Buffers event docs being written for a fixed interval / buffer size, and indexes those docs via a bulk ES call. Also now flushing those buffers at plugin stop() time, which we couldn't do before with the single index calls, which were run via `setImmediate()`.
pmuellr
added a commit
to pmuellr/kibana
that referenced
this issue
Nov 20, 2020
resolves elastic#55634 resolves elastic#65746 Buffers event docs being written for a fixed interval / buffer size, and indexes those docs via a bulk ES call. Also now flushing those buffers at plugin stop() time, which we couldn't do before with the single index calls, which were run via `setImmediate()`. This is a redo of PR elastic#80941 which had to be reverted.
pmuellr
added a commit
that referenced
this issue
Nov 20, 2020
…83927) resolves #55634 resolves #65746 Buffers event docs being written for a fixed interval / buffer size, and indexes those docs via a bulk ES call. Also now flushing those buffers at plugin stop() time, which we couldn't do before with the single index calls, which were run via `setImmediate()`. This is a redo of PR #80941 which had to be reverted.
pmuellr
added a commit
to pmuellr/kibana
that referenced
this issue
Nov 20, 2020
…lastic#83927) resolves elastic#55634 resolves elastic#65746 Buffers event docs being written for a fixed interval / buffer size, and indexes those docs via a bulk ES call. Also now flushing those buffers at plugin stop() time, which we couldn't do before with the single index calls, which were run via `setImmediate()`. This is a redo of PR elastic#80941 which had to be reverted.
pmuellr
added a commit
that referenced
this issue
Nov 20, 2020
…83927) (#83962) resolves #55634 resolves #65746 Buffers event docs being written for a fixed interval / buffer size, and indexes those docs via a bulk ES call. Also now flushing those buffers at plugin stop() time, which we couldn't do before with the single index calls, which were run via `setImmediate()`. This is a redo of PR #80941 which had to be reverted.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Feature:EventLog
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Currently, event log entries are written to the es index when clients make the call to log an event.
Instead, we should buffer these events, and do a bulk index (write) of them, as needed.
As needed probably means:
There is already an initial take on a "bounded queue", written to deal with this: https://github.com/elastic/kibana/blob/master/x-pack/plugins/event_log/server/lib/bounded_queue.ts
Having these buffered solves a couple of issues:
One other note I've been thinking of. We probably want to assign id's for the event log entries as uuid's, or other unique keys we can generate in the plugin. If we can do that, since the event_log is append only, if the same event gets written twice, for some reason, the second would just be overwriting the first, rather than appearing as a clone entry of the first.
The text was updated successfully, but these errors were encountered: