Add search_after support to SO find API using PIT
#86301
Comments
joshdover
added
Team:Core
|
Pinging @elastic/kibana-core (Team:Core) |
|
From https://www.elastic.co/guide/en/elasticsearch/reference/7.x/paginate-search-results.html, even when using a PIT,
If one of the initial need for Also
I don't think this is pointing to the correct issue? |
If this is the case, then I don't think moving forward with this gets us much. We're likely to need to do #86300, but since that requires some non-trivial changes to SO migrations, we had decided to delay that until after SO Migrations v2 has shipped. @lukeelmers Could you confirm that the note in the doc above is accurate with the Elasticsearch (Distrib?) team? And if so, do you agree that we should kick this can down the road until after 7.12 / Migrations v2? |
As discussed offline, it looks as if this should be resolved in 7.12 by elastic/elasticsearch#66093, so we can still move forward. |
|
Been spending some time working on this, and I think the key question is how we want to deal with PIT... Adding await so.find({
search: 'foo*',
type: ['whatever'],
sortField: '@timestamp',
sortOrder: 'desc',
+ searchAfter: [123456, 'some_id']
});We would add a await so.find({
search: 'foo*',
type: ['whatever'],
sortField: '@timestamp',
sortOrder: 'desc',
+ pit: { id: 'some_pit', keep_alive: '1m' },
});Then we’d also need to update export interface SavedObjectsFindResponse<T = unknown> {
saved_objects: Array<SavedObjectsFindResult<T>>;
total: number;
per_page: number;
page: number;
+ pit_id?: string;
}But here's where it gets interesting: you need to open a PIT against the relevant index in advance (as a separate request), however consumers of Here are the options I've come up with so far:
I'm not a huge fan of (1) or (3), so I'm leaning toward (2) since (so far) we will be the only ones using PIT with the SO client, and it is the least invasive. Plus it wouldn't preclude us from later adding a more magical way to do this as in (4). But I'd like to get feedback from others. @rudolf @pgayvallet @joshdover WDYT? Are there any other options I'm missing? |
It's important to note that kibana/src/core/server/saved_objects/service/lib/repository.ts Lines 787 to 788 in 25f16db From what I see in the ES documentation, a PIT seems to be bound to a (single) specific index, which means that when using My first question would be: is this single-type limitation dealbreaker for the issue we want to address here? I don't think it is, but just want to be sure.
Imho, Also, I don't like consumers being forced to use both the Now, between an explicit API ( So in short, for me, it would be either
Are we? from #77961 (comment), the main need seems to be coming from plugins?
We could go with a totally distinct API instead of increasing (yet again) the options of |
|
I tried using the API and it successfully opened a PIT against multiple indices, so I think the docs could be misleading (but I didn't do a full test to search against my PIT).
We'd like to use this to make backup exports which should include all saved object types (if we really need to we could make a request per type, but it would be more awkward and we'll loose the benefit of the consistency of a single PIT). I agree with @pgayvallet, option three seems preferable. It's two api calls for a consumer but if that's how the ES API works it seems better to do the same. This is a bit of a meta comment... but we have many examples where saved objects have added too much abstraction on top of ES and it's limiting the features we can expose and holding back plugins. So I envision saved objects becoming a thinner layer over ES in the future rather than the original goal of saved objects being a black box with ES strictly being an implementation detail that needs to be completely abstracted away. I think this also has the advantage of developers only having to learn how ES works instead of having to understand the intricate details of how SO works with ES under the hood. |
Of course we do... In that case, I guess we will be technically forced to perform one request per index? Note that I would love to be wrong here. Please, someone tells me that PITs are supporting multi-indices searches?
The worse thing is, I agree and disagree with your at the same time. I guess SO discussions are dangerous for one's sanity 😅 . |
|
Whatever we decide, we will probably regret at least 10% of our decisions in two years time 😂 |
These points are the reason why I had originally preferred option (2), as it means consumers would need to make the separate PIT request on their own and be aware of how that works. However, as @pgayvallet rightfully points out, this is also less than ideal from a DX perspective - it would be nice if you didn't need to use both ES client and SO client. That said, I'm not strongly opposed to (3) and am comfortable moving in that direction since it seems to strike a balance between the two extremes (you don't need to have ES client, but you still need to explicitly open the PIT).
Worth pointing out that we'll need some special validation in
Glad you tried this @rudolf! I will do a test of this and verify w/ ES team that multiple indices are supported. When I originally tested I only used a single index as that's what the docs seemed to indicate, so my plan in that case was to take an approach like what Pierre describes & restrict PIT searches to only be permitted against a single type. But not having this restriction would be ideal... will report back 🤞
In my experience so far, I would say this is an accurate estimate 😉 TLDR - Will confirm that PIT supports multiple indices, and if so, plan to move ahead with option (3) unless we think of any other good reasons not to. |
Tested and confirmed that both opening a PIT and searching against a PIT works with multiple indices, even though it isn't explicitly mentioned in the docs. Also double-checked with the ES search team & they confirmed that this is correct. 🎉 |
|
After chatting with @jimczi, it turns out that the PR linked above does not fully complete the work of automatic tiebreaking after all: it adds the sort field for tiebreaking but doesn't yet apply it to all queries within a PIT. The issue to follow for the full feature is elastic/elasticsearch#56828; I'll keep an eye on that to make sure it lands before this PR does. (EDIT: Worst case scenario this shouldn't block us: we can still manually add the sort field on Kibana side if we need to.) |
That's amazing news!
Do they have any idea when this one is approximatively planned for? |
@pgayvallet Targeting 7.12 still, but even if that misses we could consider shipping our changes. The previous PR introduces a new field that can be used as a tiebreaker, so even without it automatically being applied, we would be able to take that field and insert it into the request in Kibana. Basically ES has already done the work of creating the tiebreaker field for us, what we are waiting on still is for it to be applied automatically. But in the interim we can still do it manually. [Edit: I should add that I haven't tested adding it manually yet, this is just based on my chat with Jim] |
Ok. In that case we're right, the impact on us would be minor. |
Part of #77961 (comment)
Integrate with exports in the same PR to exercise the new API
The text was updated successfully, but these errors were encountered: