-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Endpoint Telemetry: Agents Metrics + Policy Config / Response #102171
Conversation
Pinging @elastic/security-solution (Team: SecuritySolution) |
@elasticmachine merge upstream |
…ana into pjhampton/endpoint-telemetry
@elasticmachine merge upstream |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
|
||
const endpointPolicyCache = new Map<string, FullAgentPolicyInput>(); | ||
for (const policyInfo of fleetAgents.values()) { | ||
if (policyInfo.policy_id !== null && policyInfo.policy_id !== undefined) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a personal preference here, but might make it a bit easier to read intent if we store the boolean logic in a variable
const shouldCachePolicy =
policyInfo.policy_id !== null &&
policyInfo.policy_id !== undefined &&
!endpointPolicyCache.has(policyInfo.policy_id)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that is slick. Thanks for the feedback!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good! Thanks for making these changes. We can work on performance improvements on a follow up PR 👍🏾
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
…c#102171) * [PH] Initial setup for endpoint task telemetry. * Refactor / Add daily task for collecting fleet detail / policy resp / EP metrics * [PH CD] Code walkthrough. Start fetching fleet policy configs. * [PH] pass in fleet agent service rather than homebrew kuerys. * [PH] prepare to move away from legacy es client. Get fleet ep agents. * Fetch agent policy configs. * Stub ep policy responses. * Fix CI + Types. Fix dep injection. Reimagine SO client creation. * Create SO client properly * Fetch EP Policy responses. * Fetch EP Policy responses. * Remove unused import * Fetch failed policy responses from EP data stream. * Remove unused imports. * Combine failed policy responses with policy configs. * Attach fleet agent + ep agent ids * Add dedicated channel sender. Temp disable with feature flag. * Remove ublock from the failed policy response. * Fetch endpoint metrics. * Fix bad merge commit. * Get EP telemetry. * Record last execution time of endpoint task * Remove send on demand feature flag. * Simplify cache conditional. * Refactor into Promise.allSettled * Fix type error. * Bail if there is no endpoint metrics * Bump interval to 24h. Co-authored-by: Kibana Machine <[email protected]>
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
… (#103851) * [PH] Initial setup for endpoint task telemetry. * Refactor / Add daily task for collecting fleet detail / policy resp / EP metrics * [PH CD] Code walkthrough. Start fetching fleet policy configs. * [PH] pass in fleet agent service rather than homebrew kuerys. * [PH] prepare to move away from legacy es client. Get fleet ep agents. * Fetch agent policy configs. * Stub ep policy responses. * Fix CI + Types. Fix dep injection. Reimagine SO client creation. * Create SO client properly * Fetch EP Policy responses. * Fetch EP Policy responses. * Remove unused import * Fetch failed policy responses from EP data stream. * Remove unused imports. * Combine failed policy responses with policy configs. * Attach fleet agent + ep agent ids * Add dedicated channel sender. Temp disable with feature flag. * Remove ublock from the failed policy response. * Fetch endpoint metrics. * Fix bad merge commit. * Get EP telemetry. * Record last execution time of endpoint task * Remove send on demand feature flag. * Simplify cache conditional. * Refactor into Promise.allSettled * Fix type error. * Bail if there is no endpoint metrics * Bump interval to 24h. Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Pete Hampton <[email protected]>
…-png-pdf-report-type * 'master' of github.com:elastic/kibana: (178 commits) [test] Migrating to kbn_archiver from es_archiver - for the Maps app (elastic#103028) [Reporting] Reintroduce "ILM policy for managing reporting indices" (elastic#103850) [Security Solution][Endpoint] Allow activity log scrolling on small screens (elastic#103852) Allow zero (0) to unset unenroll_timeout field (elastic#103790) [TSVB] Metric count is depicted as `-` instead of 0 (elastic#103717) [Query] Es query/field base (elastic#103177) Remove add data button from nav (elastic#103810) Fix telemetry advanced setting style (elastic#103838) [Transform] Fix default naming and sorting fields suggestion for `top_metrics` agg (elastic#103690) [APM] use conventional error rate color for correlations (elastic#103500) Endpoint Telemetry: Agents Metrics + Policy Config / Response (elastic#102171) [Alerting] Fixed search results are not updated when search term is removed on Rules and Connectors page (elastic#103663) fix too many rernders (elastic#103672) [APM] Add “Analyze Data” button (elastic#103485) [Lens] Fix value popover spacing (elastic#103081) [TSVB] Fix TSVB is not reporting all categories of Elasticsearch error (elastic#102926) [SECURITY] Adds security links to doc link service (elastic#102676) Update dependency @elastic/charts to v31 (elastic#102078) [Security Solution][CTI] Investigation time enrichment UI (elastic#103383) Adds ECS guide to doc links service (elastic#102246) ... # Conflicts: # x-pack/plugins/reporting/public/share_context_menu/register_pdf_png_reporting.tsx
Summary
This PR retrieves and transmits Endpoint agent telemetry if cluster permissions permit.
There have been auxiliary PRs / Issues opened:
kibana_system
user to.ds-metrics-endpoint.policy-*
kibana_system
user to.ds-metrics-endpoint.metrics-*
We are currently sharing the telemetry with the Endpoint team. We will be making changes to the final payload.
Implementation
The implementation is not that straightforward - here is a high level of how it works
endpoint
, add to a cache associating the fleet agent id with the policy idendpoint-meta
telemetry channelFollow up
I'm hosting a call week beginning 28/Jun re this telemetry + design.
Let me know if you want me to swing you an invite.
Checklist