From b1683b3e05071d1ad1112f5dd54cab58a7ec450e Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Sun, 17 Oct 2021 20:27:31 -0700 Subject: [PATCH 01/18] [Alerting] More telemetry for 8.0 based on Event Log data --- .../actions/server/usage/actions_telemetry.ts | 127 +++- .../server/usage/actions_usage_collector.ts | 8 + x-pack/plugins/actions/server/usage/task.ts | 13 +- x-pack/plugins/actions/server/usage/types.ts | 7 +- .../alerting/server/usage/alerts_telemetry.ts | 152 ++++- .../server/usage/alerts_usage_collector.ts | 29 + x-pack/plugins/alerting/server/usage/task.ts | 19 +- x-pack/plugins/alerting/server/usage/types.ts | 5 + .../schema/xpack_plugins.json | 625 ++++++++++++++++++ 9 files changed, 972 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index 4a3d0c70e535a..8fbb32c0b558f 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -314,4 +314,129 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -// TODO: Implement executions count telemetry with eventLog, when it will write to index +export async function getExecutionsTotalCount( + esClient: ElasticsearchClient, + kibanaIndex: string +): Promise<{ + countTotal: number; + countByType: Record; + countFailures: number; + countFailuresByType: Record; +}> { + const scriptedMetric = { + scripted_metric: { + init_script: 'state.connectorTypes = [:]; state.total = 0;', + map_script: ` + if (doc['kibana.saved_objects.type'].value == 'action') { + String connectorType = doc['kibana.saved_objects.type_id'].value; + state.connectorTypes.put(connectorType, state.connectorTypes.containsKey(connectorType) ? state.connectorTypes.get(connectorType) + 1 : 1); + state.total++; + } + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map connectorTypes = [:]; + long total = 0; + for (state in states) { + if (state !== null) { + total += state.total; + for (String k : state.connectorTypes.keySet()) { + connectorTypes.put(k, connectorTypes.containsKey(k) ? connectorTypes.get(k) + state.connectorTypes.get(k) : state.connectorTypes.get(k)); + } + } + } + Map result = new HashMap(); + result.total = total; + result.connectorTypes = connectorTypes; + return result; + `, + }, + }; + + const { body: actionResults } = await esClient.search({ + index: kibanaIndex, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + nested: { + path: 'kibana.saved_objects', + query: { + bool: { + must: [ + { + term: { + 'kibana.saved_objects.type': { + value: 'action', + }, + }, + }, + ], + }, + }, + }, + }, + ], + }, + }, + }, + }, + aggs: { + totalExecutions: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + byConnectorTypeId: scriptedMetric, + }, + }, + failuresExecutions: { + filter: { + bool: { + filter: [ + { + term: { + 'event.outcome': 'failure', + }, + }, + ], + }, + }, + aggs: { + refs: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + byConnectorTypeId: scriptedMetric, + }, + }, + }, + }, + }, + }, + }); + + // @ts-expect-error aggegation type is not specified + const aggsExecutions = actionResults.aggregations.totalExecutions?.byConnectorTypeId.value; + const aggsFailureExecutions = + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.failuresExecutions?.refs?.byConnectorTypeId.value; + + return { + countTotal: aggsExecutions.total, + countByType: aggsExecutions.connectorTypes, + countFailures: aggsFailureExecutions.total, + countFailuresByType: aggsFailureExecutions.connectorTypes, + }; +} diff --git a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts index 80e0c19092c78..04b67625adc12 100644 --- a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts +++ b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts @@ -54,6 +54,10 @@ export function createActionsUsageCollector( }, count_by_type: byTypeSchema, count_active_by_type: byTypeSchema, + count_actions_executions: { type: 'long' }, + count_actions_executions_by_type: byTypeSchema, + count_actions_executions_failured: { type: 'long' }, + count_actions_executions_failured_by_type: byTypeSchema, }, fetch: async () => { try { @@ -73,6 +77,10 @@ export function createActionsUsageCollector( count_active_alert_history_connectors: 0, count_active_by_type: {}, count_by_type: {}, + count_actions_executions: 0, + count_actions_executions_by_type: {}, + count_actions_executions_failured: 0, + count_actions_executions_failured_by_type: {}, }; } }, diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index 7cbfb87dedda6..e258a73098f7a 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -13,7 +13,7 @@ import { TaskManagerStartContract, } from '../../../task_manager/server'; import { PreConfiguredAction } from '../types'; -import { getTotalCount, getInUseTotalCount } from './actions_telemetry'; +import { getTotalCount, getInUseTotalCount, getExecutionsTotalCount } from './actions_telemetry'; export const TELEMETRY_TASK_TYPE = 'actions_telemetry'; @@ -43,7 +43,7 @@ function registerActionsTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Actions usage fetch task', - timeout: '5m', + timeout: '5s', createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, preconfiguredActions), }, }); @@ -84,8 +84,9 @@ export function telemetryTaskRunner( return Promise.all([ getTotalCount(esClient, kibanaIndex, preconfiguredActions), getInUseTotalCount(esClient, kibanaIndex), + getExecutionsTotalCount(esClient, kibanaIndex), ]) - .then(([totalAggegations, totalInUse]) => { + .then(([totalAggegations, totalInUse, totalExecutions]) => { return { state: { runs: (state.runs || 0) + 1, @@ -94,6 +95,10 @@ export function telemetryTaskRunner( count_active_total: totalInUse.countTotal, count_active_by_type: totalInUse.countByType, count_active_alert_history_connectors: totalInUse.countByAlertHistoryConnectorType, + count_actions_executions: totalExecutions.countTotal, + count_actions_executions_by_type: totalExecutions.countByType, + count_actions_executions_failured: totalExecutions.countFailures, + count_actions_executions_failured_by_type: totalExecutions.countFailuresByType, }, runAt: getNextMidnight(), }; @@ -111,5 +116,5 @@ export function telemetryTaskRunner( } function getNextMidnight() { - return moment().add(1, 'd').startOf('d').toDate(); + return moment().add(1, 'm').startOf('m').toDate(); } diff --git a/x-pack/plugins/actions/server/usage/types.ts b/x-pack/plugins/actions/server/usage/types.ts index 9221ba8ea5688..14a8710642d91 100644 --- a/x-pack/plugins/actions/server/usage/types.ts +++ b/x-pack/plugins/actions/server/usage/types.ts @@ -12,7 +12,8 @@ export interface ActionsUsage { count_active_alert_history_connectors: number; count_by_type: Record; count_active_by_type: Record; - // TODO: Implement executions count telemetry with eventLog, when it will write to index - // executions_by_type: Record; - // executions_total: number; + count_actions_executions: number; + count_actions_executions_by_type: Record; + count_actions_executions_failured: number; + count_actions_executions_failured_by_type: Record; } diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts index 7d8c1593f533d..9aba11409ba97 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts @@ -34,6 +34,63 @@ const alertTypeMetric = { }, }; +const ruleTypeExecutionsMetric = { + scripted_metric: { + init_script: 'state.ruleTypes = [:];', + map_script: ` + String ruleType = doc['rule.category'].value; + state.ruleTypes.put(ruleType, state.ruleTypes.containsKey(ruleType) ? state.ruleTypes.get(ruleType) + 1 : 1); + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map result = [:]; + for (Map m : states.toArray()) { + if (m !== null) { + for (String k : m.keySet()) { + result.put(k, result.containsKey(k) ? result.get(k) + m.get(k) : m.get(k)); + } + } + } + return result; + `, + }, +}; + +const ruleTypeFailureExecutionsMetric = { + scripted_metric: { + init_script: 'state.reasons = [:]', + map_script: ` + if (doc['event.outcome'].value == 'failure') { + String reason = doc['event.reason'].value; + String ruleType = doc['rule.category'].value; + Map ruleTypes = state.reasons.containsKey(reason) ? state.reasons.get(reason) : [:]; + ruleTypes.put(ruleType, ruleTypes.containsKey(ruleType) ? ruleTypes.get(ruleType) + 1 : 1); + state.reasons.put(reason, ruleTypes); + } + `, + // Combine script is executed per cluster, but we already have a key-value pair per cluster. + // Despite docs that say this is optional, this script can't be blank. + combine_script: 'return state', + // Reduce script is executed across all clusters, so we need to add up all the total from each cluster + // This also needs to account for having no data + reduce_script: ` + Map result = [:]; + for (Map m : states.toArray()) { + if (m !== null) { + for (String k : m.keySet()) { + result.put(k, result.containsKey(k) ? result.get(k) + m.get(k) : m.get(k)); + } + } + } + return result; + `, + }, +}; + export async function getTotalCountAggregations( esClient: ElasticsearchClient, kibanaInex: string @@ -347,4 +404,97 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -// TODO: Implement executions count telemetry with eventLog, when it will write to index +export async function getTotalExecutionsCount(esClient: ElasticsearchClient, kibanaInex: string) { + const { body: searchResult } = await esClient.search({ + index: kibanaInex, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + term: { 'event.kind': 'alert' }, + }, + ], + }, + }, + }, + }, + aggs: { + byRuleTypeId: ruleTypeExecutionsMetric, + failuresByReason: ruleTypeFailureExecutionsMetric, + }, + }, + }); + + const executionsAggregations = searchResult.aggregations as { + byRuleTypeId: { value: { ruleTypes: Record } }; + }; + + const executionFailuresAggregations = searchResult.aggregations as { + failuresByReason: { value: { reasons: Record> } }; + }; + + return { + countTotal: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + (total: number, key: string) => + parseInt(executionsAggregations.byRuleTypeId.value.ruleTypes[key], 10) + total, + 0 + ), + countByType: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: + executionsAggregations.byRuleTypeId.value.ruleTypes[key], + }), + {} + ), + countTotalFailures: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce((total: number, reason: string) => { + const byRuleTypesRefs = executionFailuresAggregations.failuresByReason.value.reasons[reason]; + const countByRuleTypes = Object.keys(byRuleTypesRefs).reduce( + (totalByType, ruleType) => parseInt(byRuleTypesRefs[ruleType] + totalByType, 10), + 0 + ); + return countByRuleTypes + total; + }, 0), + countFailuresByReason: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, reason: string) => { + const byRuleTypesRefs = + executionFailuresAggregations.failuresByReason.value.reasons[reason]; + const countByRuleTypes = Object.keys(byRuleTypesRefs).reduce( + (totalByType, ruleType) => parseInt(byRuleTypesRefs[ruleType] + totalByType, 10), + 0 + ); + return { + ...obj, + [replaceFirstAndLastDotSymbols(reason)]: countByRuleTypes, + }; + }, + {} + ), + countFailuresByReasonByType: Object.keys( + executionFailuresAggregations.failuresByReason.value.reasons + ).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: + executionFailuresAggregations.failuresByReason.value.reasons[key], + }), + {} + ), + }; +} diff --git a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts index 453a29b5884e6..5aac2f249d95d 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts @@ -50,6 +50,25 @@ const byTypeSchema: MakeSchemaFrom['count_by_type'] = { xpack__ml__anomaly_detection_jobs_health: { type: 'long' }, // eslint-disable-line @typescript-eslint/naming-convention }; +const byReasonSchema: MakeSchemaFrom['count_rules_executions_failured_by_reason'] = { + // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) + DYNAMIC_KEY: { type: 'long' }, + read: { type: 'long' }, + decrypt: { type: 'long' }, + license: { type: 'long' }, + unknown: { type: 'long' }, +}; + +const byReasonSchemaByType: MakeSchemaFrom['count_rules_executions_failured_by_reason_by_type'] = + { + // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) + DYNAMIC_KEY: byTypeSchema, + read: byTypeSchema, + decrypt: byTypeSchema, + license: byTypeSchema, + unknown: byTypeSchema, + }; + export function createAlertsUsageCollector( usageCollection: UsageCollectionSetup, taskManager: Promise @@ -91,6 +110,11 @@ export function createAlertsUsageCollector( }, count_active_by_type: {}, count_by_type: {}, + count_rules_executions: 0, + count_rules_executions_by_type: {}, + count_rules_executions_failured: 0, + count_rules_executions_failured_by_reason: {}, + count_rules_executions_failured_by_reason_by_type: {}, }; } }, @@ -115,6 +139,11 @@ export function createAlertsUsageCollector( }, count_active_by_type: byTypeSchema, count_by_type: byTypeSchema, + count_rules_executions: { type: 'long' }, + count_rules_executions_by_type: byTypeSchema, + count_rules_executions_failured: { type: 'long' }, + count_rules_executions_failured_by_reason: byReasonSchema, + count_rules_executions_failured_by_reason_by_type: byReasonSchemaByType, }, }); } diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 043d970ddd231..0e0888257a507 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -13,7 +13,11 @@ import { TaskManagerStartContract, } from '../../../task_manager/server'; -import { getTotalCountAggregations, getTotalCountInUse } from './alerts_telemetry'; +import { + getTotalCountAggregations, + getTotalCountInUse, + getTotalExecutionsCount, +} from './alerts_telemetry'; export const TELEMETRY_TASK_TYPE = 'alerting_telemetry'; @@ -43,7 +47,7 @@ function registerAlertingTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Alerting usage fetch task', - timeout: '5m', + timeout: '5s', createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex), }, }); @@ -80,8 +84,9 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex return Promise.all([ getTotalCountAggregations(esClient, kibanaIndex), getTotalCountInUse(esClient, kibanaIndex), + getTotalExecutionsCount(esClient, kibanaIndex), ]) - .then(([totalCountAggregations, totalInUse]) => { + .then(([totalCountAggregations, totalInUse, totalExecutions]) => { return { state: { runs: (state.runs || 0) + 1, @@ -89,6 +94,12 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex count_active_by_type: totalInUse.countByType, count_active_total: totalInUse.countTotal, count_disabled_total: totalCountAggregations.count_total - totalInUse.countTotal, + count_rules_executions: totalExecutions.countByType, + count_rules_executions_by_type: totalExecutions.countByType, + count_rules_executions_failured: totalExecutions.countTotalFailures, + count_rules_executions_failured_by_reason: totalExecutions.countFailuresByReason, + count_rules_executions_failured_by_reason_by_type: + totalExecutions.countFailuresByReasonByType, }, runAt: getNextMidnight(), }; @@ -106,5 +117,5 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex } function getNextMidnight() { - return moment().add(1, 'd').startOf('d').toDate(); + return moment().add(1, 'm').startOf('m').toDate(); } diff --git a/x-pack/plugins/alerting/server/usage/types.ts b/x-pack/plugins/alerting/server/usage/types.ts index c3c750da73a7f..d8cc5c4205196 100644 --- a/x-pack/plugins/alerting/server/usage/types.ts +++ b/x-pack/plugins/alerting/server/usage/types.ts @@ -11,6 +11,11 @@ export interface AlertsUsage { count_disabled_total: number; count_by_type: Record; count_active_by_type: Record; + count_rules_executions: number; + count_rules_executions_by_type: Record; + count_rules_executions_failured: number; + count_rules_executions_failured_by_reason: Record; + count_rules_executions_failured_by_reason_by_type: Record>; throttle_time: { min: string; avg: string; diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 5bb559c137390..f98277dd71e54 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -20,6 +20,92 @@ "description": "The total number of preconfigured alert history connectors used by rules." } }, + "count_actions_executions": { + "type": "long" + }, + "count_actions_executions_failured": { + "type": "long" + }, + "count_actions_executions_failured_by_type": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } + }, + "count_actions_executions_by_type": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } + }, "count_by_type": { "properties": { "DYNAMIC_KEY": { @@ -113,6 +199,545 @@ "count_disabled_total": { "type": "long" }, + "count_rules_executions": { + "type": "long" + }, + "count_rules_executions_failured": { + "type": "long" + }, + "count_rules_executions_failured_by_reason": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "read": { + "type": "long" + }, + "decrypt": { + "type": "long" + }, + "license": { + "type": "long" + }, + "unknown": { + "type": "long" + } + } + }, + "count_rules_executions_failured_by_reason_by_type": { + "properties": { + "DYNAMIC_KEY": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "read": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "decrypt": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "license": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, + "unknown": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + } + } + }, + "count_rules_executions_by_type": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, "throttle_time": { "properties": { "min": { From 34eb76108ab97999d3c21cfe84a28d8d79c3b502 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Sun, 17 Oct 2021 21:42:15 -0700 Subject: [PATCH 02/18] fixed event log index mapping --- x-pack/plugins/actions/server/plugin.ts | 3 +- .../actions/server/usage/actions_telemetry.ts | 4 +-- x-pack/plugins/actions/server/usage/task.ts | 30 +++++++++++++++---- x-pack/plugins/alerting/server/plugin.ts | 3 +- .../alerting/server/usage/alerts_telemetry.ts | 7 +++-- x-pack/plugins/alerting/server/usage/task.ts | 21 +++++++++---- .../event_log/server/event_log_service.ts | 4 +++ x-pack/plugins/event_log/server/types.ts | 1 + 8 files changed, 55 insertions(+), 18 deletions(-) diff --git a/x-pack/plugins/actions/server/plugin.ts b/x-pack/plugins/actions/server/plugin.ts index d0404a253c0d9..befbed9cf6df7 100644 --- a/x-pack/plugins/actions/server/plugin.ts +++ b/x-pack/plugins/actions/server/plugin.ts @@ -261,7 +261,8 @@ export class ActionsPlugin implements Plugin; @@ -358,7 +358,7 @@ export async function getExecutionsTotalCount( }; const { body: actionResults } = await esClient.search({ - index: kibanaIndex, + index: eventLogIndex, body: { query: { bool: { diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index e258a73098f7a..07bede0274d08 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -7,6 +7,7 @@ import { Logger, CoreSetup } from 'kibana/server'; import moment from 'moment'; +import { IEventLogService } from '../../../event_log/server'; import { RunContext, TaskManagerSetupContract, @@ -24,9 +25,17 @@ export function initializeActionsTelemetry( taskManager: TaskManagerSetupContract, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { - registerActionsTelemetryTask(logger, taskManager, core, kibanaIndex, preconfiguredActions); + registerActionsTelemetryTask( + logger, + taskManager, + core, + kibanaIndex, + preconfiguredActions, + eventLog + ); } export function scheduleActionsTelemetry(logger: Logger, taskManager: TaskManagerStartContract) { @@ -38,13 +47,20 @@ function registerActionsTelemetryTask( taskManager: TaskManagerSetupContract, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Actions usage fetch task', timeout: '5s', - createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, preconfiguredActions), + createTaskRunner: telemetryTaskRunner( + logger, + core, + kibanaIndex, + preconfiguredActions, + eventLog + ), }, }); } @@ -66,10 +82,12 @@ export function telemetryTaskRunner( logger: Logger, core: CoreSetup, kibanaIndex: string, - preconfiguredActions: PreConfiguredAction[] + preconfiguredActions: PreConfiguredAction[], + eventLog: IEventLogService ) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; + const eventLogIndex = eventLog.getIndexPatterns(); const getEsClient = () => core.getStartServices().then( ([ @@ -84,7 +102,7 @@ export function telemetryTaskRunner( return Promise.all([ getTotalCount(esClient, kibanaIndex, preconfiguredActions), getInUseTotalCount(esClient, kibanaIndex), - getExecutionsTotalCount(esClient, kibanaIndex), + getExecutionsTotalCount(esClient, eventLogIndex), ]) .then(([totalAggegations, totalInUse, totalExecutions]) => { return { diff --git a/x-pack/plugins/alerting/server/plugin.ts b/x-pack/plugins/alerting/server/plugin.ts index b63fa94fbad72..b5cb012fd24cc 100644 --- a/x-pack/plugins/alerting/server/plugin.ts +++ b/x-pack/plugins/alerting/server/plugin.ts @@ -216,7 +216,8 @@ export class AlertingPlugin { this.telemetryLogger, core, plugins.taskManager, - config.kibana.index + config.kibana.index, + plugins.eventLog ); }); } diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts index 9aba11409ba97..4cf93fcd64d8c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts @@ -404,9 +404,12 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -export async function getTotalExecutionsCount(esClient: ElasticsearchClient, kibanaInex: string) { +export async function getTotalExecutionsCount( + esClient: ElasticsearchClient, + eventLogIndex: string +) { const { body: searchResult } = await esClient.search({ - index: kibanaInex, + index: eventLogIndex, body: { query: { bool: { diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 0e0888257a507..c72b163224e81 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -7,6 +7,7 @@ import { Logger, CoreSetup } from 'kibana/server'; import moment from 'moment'; +import { IEventLogService } from '../../../event_log/server'; import { RunContext, TaskManagerSetupContract, @@ -27,9 +28,10 @@ export function initializeAlertingTelemetry( logger: Logger, core: CoreSetup, taskManager: TaskManagerSetupContract, - kibanaIndex: string + kibanaIndex: string, + eventLog: IEventLogService ) { - registerAlertingTelemetryTask(logger, core, taskManager, kibanaIndex); + registerAlertingTelemetryTask(logger, core, taskManager, kibanaIndex, eventLog); } export function scheduleAlertingTelemetry(logger: Logger, taskManager?: TaskManagerStartContract) { @@ -42,13 +44,14 @@ function registerAlertingTelemetryTask( logger: Logger, core: CoreSetup, taskManager: TaskManagerSetupContract, - kibanaIndex: string + kibanaIndex: string, + eventLog: IEventLogService ) { taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Alerting usage fetch task', timeout: '5s', - createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex), + createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, eventLog), }, }); } @@ -66,9 +69,15 @@ async function scheduleTasks(logger: Logger, taskManager: TaskManagerStartContra } } -export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex: string) { +export function telemetryTaskRunner( + logger: Logger, + core: CoreSetup, + kibanaIndex: string, + eventLog: IEventLogService +) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; + const eventLogIndex = eventLog.getIndexPatterns(); const getEsClient = () => core.getStartServices().then( ([ @@ -84,7 +93,7 @@ export function telemetryTaskRunner(logger: Logger, core: CoreSetup, kibanaIndex return Promise.all([ getTotalCountAggregations(esClient, kibanaIndex), getTotalCountInUse(esClient, kibanaIndex), - getTotalExecutionsCount(esClient, kibanaIndex), + getTotalExecutionsCount(esClient, eventLogIndex), ]) .then(([totalCountAggregations, totalInUse, totalExecutions]) => { return { diff --git a/x-pack/plugins/event_log/server/event_log_service.ts b/x-pack/plugins/event_log/server/event_log_service.ts index 993631ed3ca8a..6be814e721aae 100644 --- a/x-pack/plugins/event_log/server/event_log_service.ts +++ b/x-pack/plugins/event_log/server/event_log_service.ts @@ -92,6 +92,10 @@ export class EventLogService implements IEventLogService { return this.savedObjectProviderRegistry.registerProvider(type, provider); } + getIndexPatterns() { + return this.esContext.esNames.indexPattern; + } + getLogger(initialProperties: IEvent): IEventLogger { return new EventLogger({ esContext: this.esContext, diff --git a/x-pack/plugins/event_log/server/types.ts b/x-pack/plugins/event_log/server/types.ts index c50bed7e01dd5..49fec7fd53c8c 100644 --- a/x-pack/plugins/event_log/server/types.ts +++ b/x-pack/plugins/event_log/server/types.ts @@ -33,6 +33,7 @@ export interface IEventLogService { getProviderActions(): Map>; registerSavedObjectProvider(type: string, provider: SavedObjectProvider): void; getLogger(properties: IEvent): IEventLogger; + getIndexPatterns(): string; } export interface IEventLogClientService { From 30c9ae7cabd7d42531a7ba70b970bfb0802b0318 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Mon, 18 Oct 2021 09:06:11 -0700 Subject: [PATCH 03/18] fixed typecheck --- x-pack/plugins/event_log/server/event_log_service.mock.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/x-pack/plugins/event_log/server/event_log_service.mock.ts b/x-pack/plugins/event_log/server/event_log_service.mock.ts index a3ad81eb0e5a6..50aa177e0ad9d 100644 --- a/x-pack/plugins/event_log/server/event_log_service.mock.ts +++ b/x-pack/plugins/event_log/server/event_log_service.mock.ts @@ -17,6 +17,7 @@ const createEventLogServiceMock = () => { getProviderActions: jest.fn(), registerSavedObjectProvider: jest.fn(), getLogger: jest.fn().mockReturnValue(eventLoggerMock.create()), + getIndexPatterns: jest.fn(), }; return mock; }; From 91e9b09bc4f3580d20d964f6e16eeee2e600a824 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Mon, 18 Oct 2021 15:49:57 -0700 Subject: [PATCH 04/18] fixed tests --- x-pack/plugins/alerting/server/usage/task.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index c72b163224e81..45b86aba5f751 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -103,7 +103,7 @@ export function telemetryTaskRunner( count_active_by_type: totalInUse.countByType, count_active_total: totalInUse.countTotal, count_disabled_total: totalCountAggregations.count_total - totalInUse.countTotal, - count_rules_executions: totalExecutions.countByType, + count_rules_executions: totalExecutions.countTotal, count_rules_executions_by_type: totalExecutions.countByType, count_rules_executions_failured: totalExecutions.countTotalFailures, count_rules_executions_failured_by_reason: totalExecutions.countFailuresByReason, From 216bc961ad1cddfaddab5053d63490f5ee3ad0a3 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Mon, 18 Oct 2021 20:11:11 -0700 Subject: [PATCH 05/18] added avg aggs --- .../actions/server/usage/actions_telemetry.ts | 62 +++++++++ .../server/usage/actions_usage_collector.ts | 4 + x-pack/plugins/actions/server/usage/task.ts | 2 + x-pack/plugins/actions/server/usage/types.ts | 2 + .../alerting/server/usage/alerts_telemetry.ts | 29 +++- .../server/usage/alerts_usage_collector.ts | 4 + x-pack/plugins/alerting/server/usage/task.ts | 2 + x-pack/plugins/alerting/server/usage/types.ts | 2 + .../schema/xpack_plugins.json | 131 ++++++++++++++++++ 9 files changed, 235 insertions(+), 3 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index ae8c8c6667c3f..253f35e5d6c52 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -322,6 +322,8 @@ export async function getExecutionsTotalCount( countByType: Record; countFailures: number; countFailuresByType: Record; + avgExecutionTime: number; + avgExecutionTimeByType: Record; }> { const scriptedMetric = { scripted_metric: { @@ -423,20 +425,80 @@ export async function getExecutionsTotalCount( }, }, }, + avgDuration: { avg: { field: 'event.duration' } }, }, }, }); // @ts-expect-error aggegation type is not specified const aggsExecutions = actionResults.aggregations.totalExecutions?.byConnectorTypeId.value; + const aggsAvgExecutionTime = Math.round( + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.avgDuration.value / (1000 * 1000) + ); // nano seconds const aggsFailureExecutions = // @ts-expect-error aggegation type is not specified actionResults.aggregations.failuresExecutions?.refs?.byConnectorTypeId.value; + const avgExecutionTimeByType: Record = {}; + for (const [key] of Object.entries(aggsExecutions.connectorTypes)) { + const { body: connectorTypeResults } = await esClient.search({ + index: eventLogIndex, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + nested: { + path: 'kibana.saved_objects', + query: { + bool: { + must: [ + { + term: { + 'kibana.saved_objects.type': { + value: 'action', + }, + }, + }, + { + term: { + 'kibana.saved_objects.type_id': { + value: key, + }, + }, + }, + ], + }, + }, + }, + }, + ], + }, + }, + }, + }, + aggs: { + avgDuration: { avg: { field: 'event.duration' } }, + }, + }, + }); + avgExecutionTimeByType[key] = + // @ts-expect-error aggegation type is not specified + Math.round(connectorTypeResults.aggregations?.avgDuration.value / (1000 * 1000)); + } + return { countTotal: aggsExecutions.total, countByType: aggsExecutions.connectorTypes, countFailures: aggsFailureExecutions.total, countFailuresByType: aggsFailureExecutions.connectorTypes, + avgExecutionTime: aggsAvgExecutionTime, + avgExecutionTimeByType, }; } diff --git a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts index 04b67625adc12..6e9893d63a63c 100644 --- a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts +++ b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts @@ -58,6 +58,8 @@ export function createActionsUsageCollector( count_actions_executions_by_type: byTypeSchema, count_actions_executions_failured: { type: 'long' }, count_actions_executions_failured_by_type: byTypeSchema, + avg_execution_time: { type: 'long' }, + avg_execution_time_by_type: byTypeSchema, }, fetch: async () => { try { @@ -81,6 +83,8 @@ export function createActionsUsageCollector( count_actions_executions_by_type: {}, count_actions_executions_failured: 0, count_actions_executions_failured_by_type: {}, + avg_execution_time: 0, + avg_execution_time_by_type: {}, }; } }, diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index 07bede0274d08..e82ffa79ceb04 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -117,6 +117,8 @@ export function telemetryTaskRunner( count_actions_executions_by_type: totalExecutions.countByType, count_actions_executions_failured: totalExecutions.countFailures, count_actions_executions_failured_by_type: totalExecutions.countFailuresByType, + avg_execution_time: totalExecutions.avgExecutionTime, + avg_execution_time_by_type: totalExecutions.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/actions/server/usage/types.ts b/x-pack/plugins/actions/server/usage/types.ts index 14a8710642d91..82d5986de288f 100644 --- a/x-pack/plugins/actions/server/usage/types.ts +++ b/x-pack/plugins/actions/server/usage/types.ts @@ -16,4 +16,6 @@ export interface ActionsUsage { count_actions_executions_by_type: Record; count_actions_executions_failured: number; count_actions_executions_failured_by_type: Record; + avg_execution_time: number; + avg_execution_time_by_type: Record; } diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts index 4cf93fcd64d8c..a808911491ae2 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts @@ -36,10 +36,12 @@ const alertTypeMetric = { const ruleTypeExecutionsMetric = { scripted_metric: { - init_script: 'state.ruleTypes = [:];', + init_script: 'state.ruleTypes = [:]; state.ruleTypesDuration = [:];', map_script: ` - String ruleType = doc['rule.category'].value; + String ruleType = doc['rule.category'].value; + long duration = doc['event.duration'].value / (1000 * 1000); state.ruleTypes.put(ruleType, state.ruleTypes.containsKey(ruleType) ? state.ruleTypes.get(ruleType) + 1 : 1); + state.ruleTypesDuration.put(ruleType, state.ruleTypesDuration.containsKey(ruleType) ? state.ruleTypesDuration.get(ruleType) + duration : duration); `, // Combine script is executed per cluster, but we already have a key-value pair per cluster. // Despite docs that say this is optional, this script can't be blank. @@ -430,14 +432,22 @@ export async function getTotalExecutionsCount( aggs: { byRuleTypeId: ruleTypeExecutionsMetric, failuresByReason: ruleTypeFailureExecutionsMetric, + avgDuration: { avg: { field: 'event.duration' } }, }, }, }); const executionsAggregations = searchResult.aggregations as { - byRuleTypeId: { value: { ruleTypes: Record } }; + byRuleTypeId: { + value: { ruleTypes: Record; ruleTypesDuration: Record }; + }; }; + const aggsAvgExecutionTime = Math.round( + // @ts-expect-error aggegation type is not specified + searchResult.aggregations.avgDuration.value / (1000 * 1000) + ); // nano seconds + const executionFailuresAggregations = searchResult.aggregations as { failuresByReason: { value: { reasons: Record> } }; }; @@ -499,5 +509,18 @@ export async function getTotalExecutionsCount( }), {} ), + avgExecutionTime: aggsAvgExecutionTime, + avgExecutionTimeByType: Object.keys(executionsAggregations.byRuleTypeId.value.ruleTypes).reduce( + // ES DSL aggregations are returned as `any` by esClient.search + // eslint-disable-next-line @typescript-eslint/no-explicit-any + (obj: any, key: string) => ({ + ...obj, + [replaceFirstAndLastDotSymbols(key)]: Math.round( + executionsAggregations.byRuleTypeId.value.ruleTypesDuration[key] / + parseInt(executionsAggregations.byRuleTypeId.value.ruleTypes[key], 10) + ), + }), + {} + ), }; } diff --git a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts index 5aac2f249d95d..2268859fdd030 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts @@ -115,6 +115,8 @@ export function createAlertsUsageCollector( count_rules_executions_failured: 0, count_rules_executions_failured_by_reason: {}, count_rules_executions_failured_by_reason_by_type: {}, + avg_execution_time: 0, + avg_execution_time_by_type: {}, }; } }, @@ -144,6 +146,8 @@ export function createAlertsUsageCollector( count_rules_executions_failured: { type: 'long' }, count_rules_executions_failured_by_reason: byReasonSchema, count_rules_executions_failured_by_reason_by_type: byReasonSchemaByType, + avg_execution_time: { type: 'long' }, + avg_execution_time_by_type: byTypeSchema, }, }); } diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 45b86aba5f751..3923770c6e940 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -109,6 +109,8 @@ export function telemetryTaskRunner( count_rules_executions_failured_by_reason: totalExecutions.countFailuresByReason, count_rules_executions_failured_by_reason_by_type: totalExecutions.countFailuresByReasonByType, + avg_execution_time: totalExecutions.avgExecutionTime, + avg_execution_time_by_type: totalExecutions.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/alerting/server/usage/types.ts b/x-pack/plugins/alerting/server/usage/types.ts index d8cc5c4205196..5d9493731df61 100644 --- a/x-pack/plugins/alerting/server/usage/types.ts +++ b/x-pack/plugins/alerting/server/usage/types.ts @@ -16,6 +16,8 @@ export interface AlertsUsage { count_rules_executions_failured: number; count_rules_executions_failured_by_reason: Record; count_rules_executions_failured_by_reason_by_type: Record>; + avg_execution_time: number; + avg_execution_time_by_type: Record; throttle_time: { min: string; avg: string; diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index f98277dd71e54..8afed4e10b1d5 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -185,6 +185,49 @@ "type": "long" } } + }, + "avg_execution_time": { + "type": "long" + }, + "avg_execution_time_by_type": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__email": { + "type": "long" + }, + "__index": { + "type": "long" + }, + "__pagerduty": { + "type": "long" + }, + "__swimlane": { + "type": "long" + }, + "__server-log": { + "type": "long" + }, + "__slack": { + "type": "long" + }, + "__webhook": { + "type": "long" + }, + "__servicenow": { + "type": "long" + }, + "__jira": { + "type": "long" + }, + "__resilient": { + "type": "long" + }, + "__teams": { + "type": "long" + } + } } } }, @@ -205,6 +248,94 @@ "count_rules_executions_failured": { "type": "long" }, + "avg_execution_time": { + "type": "long" + }, + "avg_execution_time_by_type": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } + } + }, "count_rules_executions_failured_by_reason": { "properties": { "DYNAMIC_KEY": { From 6005cd44cf2ea77a89979028d233219c233c9cb2 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Thu, 21 Oct 2021 12:46:42 -0700 Subject: [PATCH 06/18] set size to 0 --- .../server/usage/actions_telemetry.test.ts | 62 ++++++++++++ .../actions/server/usage/actions_telemetry.ts | 97 ++++++++++--------- .../server/usage/actions_usage_collector.ts | 8 +- x-pack/plugins/actions/server/usage/task.ts | 4 +- x-pack/plugins/actions/server/usage/types.ts | 4 +- 5 files changed, 122 insertions(+), 53 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts index 0e6b7fff04451..40bb60bc556a7 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts @@ -459,6 +459,68 @@ Object { }, "countTotal": 6, } +`); + }); + + test('getExecutionsTotalCount', async () => { + const mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser; + mockEsClient.search.mockReturnValueOnce( + // @ts-expect-error not full search response + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + totalExecutions: { + byConnectorTypeId: { + connectorTypes: { + '.slack': 100, + '.server-log': 20, + }, + }, + }, + failedExecutions: { + refs: { + byConnectorTypeId: { + connectorTypes: { + '.slack': 7, + }, + }, + }, + }, + avgDuration: { value: 10 }, + }, + }) + ); + + // for .slack connectors + mockEsClient.search.mockReturnValueOnce( + // @ts-expect-error not full search response + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + avgDuration: { value: 10 }, + }, + }) + ); + + // for .server-log connectorss + mockEsClient.search.mockReturnValueOnce( + // @ts-expect-error not full search response + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + avgDuration: { value: 2 }, + }, + }) + ); + const telemetry = await getInUseTotalCount(mockEsClient, 'test'); + + expect(mockEsClient.search).toHaveBeenCalledTimes(2); + expect(telemetry).toMatchInlineSnapshot(` +Object { + "countByAlertHistoryConnectorType": 0, + "countByType": Object { + "__server-log": 1, + "__slack": 1, + }, + "countTotal": 2, +} `); }); }); diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index 253f35e5d6c52..160fbe651ef08 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -42,6 +42,7 @@ export async function getTotalCount( const { body: searchResult } = await esClient.search({ index: kibanaIndex, + size: 0, body: { query: { bool: { @@ -162,6 +163,7 @@ export async function getInUseTotalCount( const { body: actionResults } = await esClient.search({ index: kibanaIndex, + size: 0, body: { query: { bool: { @@ -320,8 +322,8 @@ export async function getExecutionsTotalCount( ): Promise<{ countTotal: number; countByType: Record; - countFailures: number; - countFailuresByType: Record; + countFailed: number; + countFailedByType: Record; avgExecutionTime: number; avgExecutionTimeByType: Record; }> { @@ -361,6 +363,7 @@ export async function getExecutionsTotalCount( const { body: actionResults } = await esClient.search({ index: eventLogIndex, + size: 0, body: { query: { bool: { @@ -402,7 +405,7 @@ export async function getExecutionsTotalCount( byConnectorTypeId: scriptedMetric, }, }, - failuresExecutions: { + failedExecutions: { filter: { bool: { filter: [ @@ -436,68 +439,72 @@ export async function getExecutionsTotalCount( // @ts-expect-error aggegation type is not specified actionResults.aggregations.avgDuration.value / (1000 * 1000) ); // nano seconds - const aggsFailureExecutions = + const aggsFailedExecutions = // @ts-expect-error aggegation type is not specified - actionResults.aggregations.failuresExecutions?.refs?.byConnectorTypeId.value; + actionResults.aggregations.failedExecutions?.refs?.byConnectorTypeId.value; const avgExecutionTimeByType: Record = {}; - for (const [key] of Object.entries(aggsExecutions.connectorTypes)) { - const { body: connectorTypeResults } = await esClient.search({ - index: eventLogIndex, - body: { - query: { - bool: { - filter: { - bool: { - must: [ - { - term: { 'event.action': 'execute' }, - }, - { - nested: { - path: 'kibana.saved_objects', - query: { - bool: { - must: [ - { - term: { - 'kibana.saved_objects.type': { - value: 'action', + Promise.all( + Object.entries(aggsExecutions.connectorTypes).map(([key]) => + esClient.search({ + index: eventLogIndex, + size: 1, + body: { + query: { + bool: { + filter: { + bool: { + must: [ + { + term: { 'event.action': 'execute' }, + }, + { + nested: { + path: 'kibana.saved_objects', + query: { + bool: { + must: [ + { + term: { + 'kibana.saved_objects.type': { + value: 'action', + }, }, }, - }, - { - term: { - 'kibana.saved_objects.type_id': { - value: key, + { + term: { + 'kibana.saved_objects.type_id': { + value: key, + }, }, }, - }, - ], + ], + }, }, }, }, - }, - ], + ], + }, }, }, }, + aggs: { + avgDuration: { avg: { field: 'event.duration' } }, + }, }, - aggs: { - avgDuration: { avg: { field: 'event.duration' } }, - }, - }, - }); - avgExecutionTimeByType[key] = + }) + ) + ).then((connectorTypeResults) => { + avgExecutionTimeByType[replaceFirstAndLastDotSymbols('')] = // @ts-expect-error aggegation type is not specified Math.round(connectorTypeResults.aggregations?.avgDuration.value / (1000 * 1000)); - } + }); return { countTotal: aggsExecutions.total, countByType: aggsExecutions.connectorTypes, - countFailures: aggsFailureExecutions.total, - countFailuresByType: aggsFailureExecutions.connectorTypes, + countFailed: aggsFailedExecutions.total, + countFailedByType: aggsFailedExecutions.connectorTypes, avgExecutionTime: aggsAvgExecutionTime, avgExecutionTimeByType, }; diff --git a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts index 6e9893d63a63c..95a34de355228 100644 --- a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts +++ b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts @@ -56,8 +56,8 @@ export function createActionsUsageCollector( count_active_by_type: byTypeSchema, count_actions_executions: { type: 'long' }, count_actions_executions_by_type: byTypeSchema, - count_actions_executions_failured: { type: 'long' }, - count_actions_executions_failured_by_type: byTypeSchema, + count_actions_executions_failed: { type: 'long' }, + count_actions_executions_failed_by_type: byTypeSchema, avg_execution_time: { type: 'long' }, avg_execution_time_by_type: byTypeSchema, }, @@ -81,8 +81,8 @@ export function createActionsUsageCollector( count_by_type: {}, count_actions_executions: 0, count_actions_executions_by_type: {}, - count_actions_executions_failured: 0, - count_actions_executions_failured_by_type: {}, + count_actions_executions_failed: 0, + count_actions_executions_failed_by_type: {}, avg_execution_time: 0, avg_execution_time_by_type: {}, }; diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index e82ffa79ceb04..28237de6c37a3 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -115,8 +115,8 @@ export function telemetryTaskRunner( count_active_alert_history_connectors: totalInUse.countByAlertHistoryConnectorType, count_actions_executions: totalExecutions.countTotal, count_actions_executions_by_type: totalExecutions.countByType, - count_actions_executions_failured: totalExecutions.countFailures, - count_actions_executions_failured_by_type: totalExecutions.countFailuresByType, + count_actions_executions_failed: totalExecutions.countFailed, + count_actions_executions_failed_by_type: totalExecutions.countFailedByType, avg_execution_time: totalExecutions.avgExecutionTime, avg_execution_time_by_type: totalExecutions.avgExecutionTimeByType, }, diff --git a/x-pack/plugins/actions/server/usage/types.ts b/x-pack/plugins/actions/server/usage/types.ts index 82d5986de288f..3219bf0f273d2 100644 --- a/x-pack/plugins/actions/server/usage/types.ts +++ b/x-pack/plugins/actions/server/usage/types.ts @@ -14,8 +14,8 @@ export interface ActionsUsage { count_active_by_type: Record; count_actions_executions: number; count_actions_executions_by_type: Record; - count_actions_executions_failured: number; - count_actions_executions_failured_by_type: Record; + count_actions_executions_failed: number; + count_actions_executions_failed_by_type: Record; avg_execution_time: number; avg_execution_time_by_type: Record; } From 6b5bc6187766d08d5534e9338ef86aa1acd0151b Mon Sep 17 00:00:00 2001 From: Yuliia Naumenko Date: Mon, 25 Oct 2021 21:55:34 -0700 Subject: [PATCH 07/18] fixed due to comments --- .../actions/server/usage/actions_telemetry.ts | 32 +++++++------------ x-pack/plugins/actions/server/usage/task.ts | 6 ++-- .../alerting/server/usage/alerts_telemetry.ts | 6 ++-- x-pack/plugins/alerting/server/usage/task.ts | 6 ++-- .../server/event_log_service.mock.ts | 2 +- .../event_log/server/event_log_service.ts | 2 +- x-pack/plugins/event_log/server/types.ts | 2 +- 7 files changed, 25 insertions(+), 31 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index 7b4e7485d2791..bc681a854f0bc 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -437,22 +437,7 @@ export async function getExecutionsTotalCount( term: { 'event.action': 'execute' }, }, { - nested: { - path: 'kibana.saved_objects', - query: { - bool: { - must: [ - { - term: { - 'kibana.saved_objects.type': { - value: 'action', - }, - }, - }, - ], - }, - }, - }, + term: { 'event.provider': 'actions' }, }, ], }, @@ -498,10 +483,11 @@ export async function getExecutionsTotalCount( // @ts-expect-error aggegation type is not specified const aggsExecutions = actionResults.aggregations.totalExecutions?.byConnectorTypeId.value; + // convert nanoseconds to milliseconds const aggsAvgExecutionTime = Math.round( // @ts-expect-error aggegation type is not specified actionResults.aggregations.avgDuration.value / (1000 * 1000) - ); // nano seconds + ); const aggsFailedExecutions = // @ts-expect-error aggegation type is not specified actionResults.aggregations.failedExecutions?.refs?.byConnectorTypeId.value; @@ -521,6 +507,9 @@ export async function getExecutionsTotalCount( { term: { 'event.action': 'execute' }, }, + { + term: { 'event.provider': 'actions' }, + }, { nested: { path: 'kibana.saved_objects', @@ -545,7 +534,7 @@ export async function getExecutionsTotalCount( }, }, }, - }, + } ], }, }, @@ -558,9 +547,12 @@ export async function getExecutionsTotalCount( }) ) ).then((connectorTypeResults) => { - avgExecutionTimeByType[replaceFirstAndLastDotSymbols('')] = + connectorTypeResults.forEach((result) => { + avgExecutionTimeByType[replaceFirstAndLastDotSymbols(result.body.hits.hits[0]?._source?.kibana.saved_objects.type_id)] = // @ts-expect-error aggegation type is not specified - Math.round(connectorTypeResults.aggregations?.avgDuration.value / (1000 * 1000)); + // convert nanoseconds to milliseconds + Math.round(result.aggregations?.avgDuration.value / (1000 * 1000)); + }); }); return { diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index cc49dc3ad2a88..67e484ed5d78a 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -53,7 +53,7 @@ function registerActionsTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Actions usage fetch task', - timeout: '5s', + timeout: '5m', createTaskRunner: telemetryTaskRunner( logger, core, @@ -87,7 +87,7 @@ export function telemetryTaskRunner( ) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; - const eventLogIndex = eventLog.getIndexPatterns(); + const eventLogIndex = eventLog.getIndexPattern(); const getEsClient = () => core.getStartServices().then( ([ @@ -138,5 +138,5 @@ export function telemetryTaskRunner( } function getNextMidnight() { - return moment().add(1, 'm').startOf('m').toDate(); + return moment().add(1, 'd').startOf('d').toDate(); } diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts index 5af39fdfa01fd..016d8dce54f8c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts @@ -325,6 +325,7 @@ export async function getTotalExecutionsCount( ) { const { body: searchResult } = await esClient.search({ index: eventLogIndex, + size: 0, body: { query: { bool: { @@ -335,7 +336,7 @@ export async function getTotalExecutionsCount( term: { 'event.action': 'execute' }, }, { - term: { 'event.kind': 'alert' }, + term: { 'event.provider': 'alerting' }, }, ], }, @@ -358,8 +359,9 @@ export async function getTotalExecutionsCount( const aggsAvgExecutionTime = Math.round( // @ts-expect-error aggegation type is not specified + // convert nanoseconds to milliseconds searchResult.aggregations.avgDuration.value / (1000 * 1000) - ); // nano seconds + ); const executionFailuresAggregations = searchResult.aggregations as { failuresByReason: { value: { reasons: Record> } }; diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 2e87bb25b64b5..3433a47afa37d 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -50,7 +50,7 @@ function registerAlertingTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Alerting usage fetch task', - timeout: '5s', + timeout: '5m', createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, eventLog), }, }); @@ -77,7 +77,7 @@ export function telemetryTaskRunner( ) { return ({ taskInstance }: RunContext) => { const { state } = taskInstance; - const eventLogIndex = eventLog.getIndexPatterns(); + const eventLogIndex = eventLog.getIndexPattern(); const getEsClient = () => core.getStartServices().then( ([ @@ -129,5 +129,5 @@ export function telemetryTaskRunner( } function getNextMidnight() { - return moment().add(1, 'm').startOf('m').toDate(); + return moment().add(1, 'd').startOf('d').toDate(); } diff --git a/x-pack/plugins/event_log/server/event_log_service.mock.ts b/x-pack/plugins/event_log/server/event_log_service.mock.ts index 50aa177e0ad9d..f43f3e025a7cf 100644 --- a/x-pack/plugins/event_log/server/event_log_service.mock.ts +++ b/x-pack/plugins/event_log/server/event_log_service.mock.ts @@ -17,7 +17,7 @@ const createEventLogServiceMock = () => { getProviderActions: jest.fn(), registerSavedObjectProvider: jest.fn(), getLogger: jest.fn().mockReturnValue(eventLoggerMock.create()), - getIndexPatterns: jest.fn(), + getIndexPattern: jest.fn(), }; return mock; }; diff --git a/x-pack/plugins/event_log/server/event_log_service.ts b/x-pack/plugins/event_log/server/event_log_service.ts index 6be814e721aae..2cf22b0f20755 100644 --- a/x-pack/plugins/event_log/server/event_log_service.ts +++ b/x-pack/plugins/event_log/server/event_log_service.ts @@ -92,7 +92,7 @@ export class EventLogService implements IEventLogService { return this.savedObjectProviderRegistry.registerProvider(type, provider); } - getIndexPatterns() { + getIndexPattern() { return this.esContext.esNames.indexPattern; } diff --git a/x-pack/plugins/event_log/server/types.ts b/x-pack/plugins/event_log/server/types.ts index 49fec7fd53c8c..6ffde7fd6dbe0 100644 --- a/x-pack/plugins/event_log/server/types.ts +++ b/x-pack/plugins/event_log/server/types.ts @@ -33,7 +33,7 @@ export interface IEventLogService { getProviderActions(): Map>; registerSavedObjectProvider(type: string, provider: SavedObjectProvider): void; getLogger(properties: IEvent): IEventLogger; - getIndexPatterns(): string; + getIndexPattern(): string; } export interface IEventLogClientService { From 86d3cf5e07e6e9b839eb7f8cb2f79019a5ba074e Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Tue, 26 Oct 2021 18:47:29 -0700 Subject: [PATCH 08/18] fixed telemetry schema --- .../schema/xpack_plugins.json | 508 +++++++++--------- 1 file changed, 254 insertions(+), 254 deletions(-) diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index 803f95a8a1475..12040810dcb45 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -11,13 +11,7 @@ "count_total": { "type": "long" }, - "count_actions_executions": { - "type": "long" - }, - "count_actions_executions_failured": { - "type": "long" - }, - "count_actions_executions_failured_by_type": { + "count_by_type": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -57,7 +51,16 @@ } } }, - "count_actions_executions_by_type": { + "count_active_total": { + "type": "long" + }, + "count_active_alert_history_connectors": { + "type": "long", + "_meta": { + "description": "The total number of preconfigured alert history connectors used by rules." + } + }, + "count_active_by_type": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -97,7 +100,10 @@ } } }, - "count_by_type": { + "count_actions_executions": { + "type": "long" + }, + "count_actions_executions_by_type": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -137,16 +143,38 @@ } } }, - "count_active_total": { + "count_active_email_connectors_by_service_type": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "exchange_server": { + "type": "long" + }, + "gmail": { + "type": "long" + }, + "outlook365": { + "type": "long" + }, + "elastic_cloud": { + "type": "long" + }, + "other": { + "type": "long" + }, + "ses": { + "type": "long" + } + } + }, + "count_actions_namespaces": { "type": "long" }, - "count_active_alert_history_connectors": { - "type": "long", - "_meta": { - "description": "The total number of preconfigured alert history connectors used by rules." - } + "count_actions_executions_failed": { + "type": "long" }, - "count_active_by_type": { + "count_actions_executions_failed_by_type": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -228,58 +256,236 @@ "type": "long" } } + } + } + }, + "alerts": { + "properties": { + "count_total": { + "type": "long" + }, + "count_active_total": { + "type": "long" + }, + "count_disabled_total": { + "type": "long" + }, + "throttle_time": { + "properties": { + "min": { + "type": "long" + }, + "avg": { + "type": "float" + }, + "max": { + "type": "long" + } + } }, - "count_active_email_connectors_by_service_type": { + "schedule_time": { + "properties": { + "min": { + "type": "long" + }, + "avg": { + "type": "float" + }, + "max": { + "type": "long" + } + } + }, + "connectors_per_alert": { + "properties": { + "min": { + "type": "long" + }, + "avg": { + "type": "float" + }, + "max": { + "type": "long" + } + } + }, + "count_active_by_type": { "properties": { "DYNAMIC_KEY": { "type": "long" }, - "exchange_server": { + "__index-threshold": { "type": "long" }, - "gmail": { + "__es-query": { "type": "long" }, - "outlook365": { + "transform_health": { "type": "long" }, - "elastic_cloud": { + "apm__error_rate": { "type": "long" }, - "other": { + "apm__transaction_error_rate": { "type": "long" }, - "ses": { + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { "type": "long" } } }, - "count_actions_namespaces": { - "type": "long" + "count_by_type": { + "properties": { + "DYNAMIC_KEY": { + "type": "long" + }, + "__index-threshold": { + "type": "long" + }, + "__es-query": { + "type": "long" + }, + "transform_health": { + "type": "long" + }, + "apm__error_rate": { + "type": "long" + }, + "apm__transaction_error_rate": { + "type": "long" + }, + "apm__transaction_duration": { + "type": "long" + }, + "apm__transaction_duration_anomaly": { + "type": "long" + }, + "metrics__alert__threshold": { + "type": "long" + }, + "metrics__alert__inventory__threshold": { + "type": "long" + }, + "logs__alert__document__count": { + "type": "long" + }, + "monitoring_alert_cluster_health": { + "type": "long" + }, + "monitoring_alert_cpu_usage": { + "type": "long" + }, + "monitoring_alert_disk_usage": { + "type": "long" + }, + "monitoring_alert_elasticsearch_version_mismatch": { + "type": "long" + }, + "monitoring_alert_kibana_version_mismatch": { + "type": "long" + }, + "monitoring_alert_license_expiration": { + "type": "long" + }, + "monitoring_alert_logstash_version_mismatch": { + "type": "long" + }, + "monitoring_alert_nodes_changed": { + "type": "long" + }, + "siem__signals": { + "type": "long" + }, + "siem__notifications": { + "type": "long" + }, + "xpack__uptime__alerts__monitorStatus": { + "type": "long" + }, + "xpack__uptime__alerts__tls": { + "type": "long" + }, + "xpack__uptime__alerts__durationAnomaly": { + "type": "long" + }, + "__geo-containment": { + "type": "long" + }, + "xpack__ml__anomaly_detection_alert": { + "type": "long" + }, + "xpack__ml__anomaly_detection_jobs_health": { + "type": "long" + } } - } - }, - "alerts": { - "properties": { - "count_total": { - "type": "long" - }, - "count_active_total": { - "type": "long" }, - "count_disabled_total": { + "count_rules_namespaces": { "type": "long" }, "count_rules_executions": { "type": "long" }, - "count_rules_executions_failured": { - "type": "long" - }, - "avg_execution_time": { - "type": "long" - }, - "avg_execution_time_by_type": { + "count_rules_executions_by_type": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -364,6 +570,9 @@ } } }, + "count_rules_executions_failured": { + "type": "long" + }, "count_rules_executions_failured_by_reason": { "properties": { "DYNAMIC_KEY": { @@ -812,216 +1021,10 @@ } } }, - "count_rules_executions_by_type": { - "properties": { - "DYNAMIC_KEY": { - "type": "long" - }, - "__index-threshold": { - "type": "long" - }, - "__es-query": { - "type": "long" - }, - "transform_health": { - "type": "long" - }, - "apm__error_rate": { - "type": "long" - }, - "apm__transaction_error_rate": { - "type": "long" - }, - "apm__transaction_duration": { - "type": "long" - }, - "apm__transaction_duration_anomaly": { - "type": "long" - }, - "metrics__alert__threshold": { - "type": "long" - }, - "metrics__alert__inventory__threshold": { - "type": "long" - }, - "logs__alert__document__count": { - "type": "long" - }, - "monitoring_alert_cluster_health": { - "type": "long" - }, - "monitoring_alert_cpu_usage": { - "type": "long" - }, - "monitoring_alert_disk_usage": { - "type": "long" - }, - "monitoring_alert_elasticsearch_version_mismatch": { - "type": "long" - }, - "monitoring_alert_kibana_version_mismatch": { - "type": "long" - }, - "monitoring_alert_license_expiration": { - "type": "long" - }, - "monitoring_alert_logstash_version_mismatch": { - "type": "long" - }, - "monitoring_alert_nodes_changed": { - "type": "long" - }, - "siem__signals": { - "type": "long" - }, - "siem__notifications": { - "type": "long" - }, - "xpack__uptime__alerts__monitorStatus": { - "type": "long" - }, - "xpack__uptime__alerts__tls": { - "type": "long" - }, - "xpack__uptime__alerts__durationAnomaly": { - "type": "long" - }, - "__geo-containment": { - "type": "long" - }, - "xpack__ml__anomaly_detection_alert": { - "type": "long" - }, - "xpack__ml__anomaly_detection_jobs_health": { - "type": "long" - } - } - }, - "throttle_time": { - "properties": { - "min": { - "type": "long" - }, - "avg": { - "type": "float" - }, - "max": { - "type": "long" - } - } - }, - "schedule_time": { - "properties": { - "min": { - "type": "long" - }, - "avg": { - "type": "float" - }, - "max": { - "type": "long" - } - } - }, - "connectors_per_alert": { - "properties": { - "min": { - "type": "long" - }, - "avg": { - "type": "float" - }, - "max": { - "type": "long" - } - } - }, - "count_active_by_type": { - "properties": { - "DYNAMIC_KEY": { - "type": "long" - }, - "__index-threshold": { - "type": "long" - }, - "__es-query": { - "type": "long" - }, - "transform_health": { - "type": "long" - }, - "apm__error_rate": { - "type": "long" - }, - "apm__transaction_error_rate": { - "type": "long" - }, - "apm__transaction_duration": { - "type": "long" - }, - "apm__transaction_duration_anomaly": { - "type": "long" - }, - "metrics__alert__threshold": { - "type": "long" - }, - "metrics__alert__inventory__threshold": { - "type": "long" - }, - "logs__alert__document__count": { - "type": "long" - }, - "monitoring_alert_cluster_health": { - "type": "long" - }, - "monitoring_alert_cpu_usage": { - "type": "long" - }, - "monitoring_alert_disk_usage": { - "type": "long" - }, - "monitoring_alert_elasticsearch_version_mismatch": { - "type": "long" - }, - "monitoring_alert_kibana_version_mismatch": { - "type": "long" - }, - "monitoring_alert_license_expiration": { - "type": "long" - }, - "monitoring_alert_logstash_version_mismatch": { - "type": "long" - }, - "monitoring_alert_nodes_changed": { - "type": "long" - }, - "siem__signals": { - "type": "long" - }, - "siem__notifications": { - "type": "long" - }, - "xpack__uptime__alerts__monitorStatus": { - "type": "long" - }, - "xpack__uptime__alerts__tls": { - "type": "long" - }, - "xpack__uptime__alerts__durationAnomaly": { - "type": "long" - }, - "__geo-containment": { - "type": "long" - }, - "xpack__ml__anomaly_detection_alert": { - "type": "long" - }, - "xpack__ml__anomaly_detection_jobs_health": { - "type": "long" - } - } + "avg_execution_time": { + "type": "long" }, - "count_by_type": { + "avg_execution_time_by_type": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -1105,9 +1108,6 @@ "type": "long" } } - }, - "count_rules_namespaces": { - "type": "long" } } }, From 899a624c7297b13d30542ded175a1a8e24c3d555 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Wed, 27 Oct 2021 20:56:39 -0700 Subject: [PATCH 09/18] fixed query --- .../server/usage/actions_telemetry.test.ts | 36 ++++++- .../actions/server/usage/actions_telemetry.ts | 95 +++++++------------ x-pack/plugins/actions/server/usage/task.ts | 4 +- x-pack/plugins/alerting/server/usage/task.ts | 4 +- 4 files changed, 71 insertions(+), 68 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts index 3dce0058173e2..d5603165b946d 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts @@ -7,7 +7,7 @@ // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { elasticsearchClientMock } from '../../../../../src/core/server/elasticsearch/client/mocks'; -import { getInUseTotalCount, getTotalCount } from './actions_telemetry'; +import { getExecutionsTotalCount, getInUseTotalCount, getTotalCount } from './actions_telemetry'; describe('actions telemetry', () => { test('getTotalCount should replace first symbol . to __ for action types names', async () => { @@ -629,6 +629,38 @@ Object { }, }, avgDuration: { value: 10 }, + avgDurationByType: { + doc_count: 216, + actionSavedObjects: { + doc_count: 108, + byTypeId: { + doc_count_error_upper_bound: 0, + sum_other_doc_count: 0, + buckets: [ + { + key: '.server-log', + doc_count: 99, + refs: { + doc_count: 99, + avgDuration: { + value: 919191.9191919192, + }, + }, + }, + { + key: '.email', + doc_count: 9, + refs: { + doc_count: 9, + avgDuration: { + value: 4.196666666666667e8, + }, + }, + }, + ], + }, + }, + }, }, }) ); @@ -652,7 +684,7 @@ Object { }, }) ); - const telemetry = await getInUseTotalCount(mockEsClient, 'test'); + const telemetry = await getExecutionsTotalCount(mockEsClient, 'test'); expect(mockEsClient.search).toHaveBeenCalledTimes(2); expect(telemetry).toMatchInlineSnapshot(` diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index 7da606c766d09..48695bc1fe510 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -477,6 +477,31 @@ export async function getExecutionsTotalCount( }, }, avgDuration: { avg: { field: 'event.duration' } }, + avgDurationByType: { + nested: { + path: 'kibana.saved_objects', + }, + aggs: { + actionSavedObjects: { + filter: { term: { 'kibana.saved_objects.type': 'action' } }, + aggs: { + byTypeId: { + terms: { + field: 'kibana.saved_objects.type_id', + }, + aggs: { + refs: { + reverse_nested: {}, + aggs: { + avgDuration: { avg: { field: 'event.duration' } }, + }, + }, + }, + }, + }, + }, + }, + }, }, }, }); @@ -492,68 +517,14 @@ export async function getExecutionsTotalCount( // @ts-expect-error aggegation type is not specified actionResults.aggregations.failedExecutions?.refs?.byConnectorTypeId.value; - const avgExecutionTimeByType: Record = {}; - Promise.all( - Object.entries(aggsExecutions.connectorTypes).map(([key]) => - esClient.search({ - index: eventLogIndex, - size: 1, - body: { - query: { - bool: { - filter: { - bool: { - must: [ - { - term: { 'event.action': 'execute' }, - }, - { - term: { 'event.provider': 'actions' }, - }, - { - nested: { - path: 'kibana.saved_objects', - query: { - bool: { - must: [ - { - term: { - 'kibana.saved_objects.type': { - value: 'action', - }, - }, - }, - { - term: { - 'kibana.saved_objects.type_id': { - value: key, - }, - }, - }, - ], - }, - }, - }, - } - ], - }, - }, - }, - }, - aggs: { - avgDuration: { avg: { field: 'event.duration' } }, - }, - }, - }) - ) - ).then((connectorTypeResults) => { - connectorTypeResults.forEach((result) => { - avgExecutionTimeByType[replaceFirstAndLastDotSymbols(result.body.hits.hits[0]?._source?.kibana.saved_objects.type_id)] = - // @ts-expect-error aggegation type is not specified - // convert nanoseconds to milliseconds - Math.round(result.aggregations?.avgDuration.value / (1000 * 1000)); - }); - }); + const avgDurationByType = + // @ts-expect-error aggegation type is not specified + actionResults.aggregations.avgDurationByType?.actionSavedObjects?.byTypeId?.buckets; + + // @ts-expect-error aggegation type is not specified + const avgExecutionTimeByType: Record = avgDurationByType.map((bucket) => ({ + [replaceFirstAndLastDotSymbols(bucket.key)]: bucket?.refs.avgDuration.value, + })); return { countTotal: aggsExecutions.total, diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index 67e484ed5d78a..989027b49e3a9 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -53,7 +53,7 @@ function registerActionsTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Actions usage fetch task', - timeout: '5m', + timeout: '5s', createTaskRunner: telemetryTaskRunner( logger, core, @@ -138,5 +138,5 @@ export function telemetryTaskRunner( } function getNextMidnight() { - return moment().add(1, 'd').startOf('d').toDate(); + return moment().add(1, 'm').startOf('m').toDate(); } diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 3433a47afa37d..e7b39534ccbc5 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -50,7 +50,7 @@ function registerAlertingTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Alerting usage fetch task', - timeout: '5m', + timeout: '5s', createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, eventLog), }, }); @@ -129,5 +129,5 @@ export function telemetryTaskRunner( } function getNextMidnight() { - return moment().add(1, 'd').startOf('d').toDate(); + return moment().add(1, 'm').startOf('m').toDate(); } From 26efb8029306e9dc3038f4a9f39fdf275d1f9004 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Wed, 27 Oct 2021 20:58:27 -0700 Subject: [PATCH 10/18] removed test data --- x-pack/plugins/actions/server/usage/task.ts | 4 ++-- x-pack/plugins/alerting/server/usage/task.ts | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index 989027b49e3a9..67e484ed5d78a 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -53,7 +53,7 @@ function registerActionsTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Actions usage fetch task', - timeout: '5s', + timeout: '5m', createTaskRunner: telemetryTaskRunner( logger, core, @@ -138,5 +138,5 @@ export function telemetryTaskRunner( } function getNextMidnight() { - return moment().add(1, 'm').startOf('m').toDate(); + return moment().add(1, 'd').startOf('d').toDate(); } diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index e7b39534ccbc5..3433a47afa37d 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -50,7 +50,7 @@ function registerAlertingTelemetryTask( taskManager.registerTaskDefinitions({ [TELEMETRY_TASK_TYPE]: { title: 'Alerting usage fetch task', - timeout: '5s', + timeout: '5m', createTaskRunner: telemetryTaskRunner(logger, core, kibanaIndex, eventLog), }, }); @@ -129,5 +129,5 @@ export function telemetryTaskRunner( } function getNextMidnight() { - return moment().add(1, 'm').startOf('m').toDate(); + return moment().add(1, 'd').startOf('d').toDate(); } From 712d84cd5f4a013fac7aa1a65c8c8dfec598eebe Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Wed, 27 Oct 2021 21:11:59 -0700 Subject: [PATCH 11/18] added tests --- .../server/usage/alerts_telemetry.test.ts | 62 ++++++++++++++++++- 1 file changed, 61 insertions(+), 1 deletion(-) diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts index 03a96d19b8e8a..d836c73036c61 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts @@ -7,7 +7,11 @@ // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { elasticsearchClientMock } from '../../../../../src/core/server/elasticsearch/client/mocks'; -import { getTotalCountAggregations, getTotalCountInUse } from './alerts_telemetry'; +import { + getTotalCountAggregations, + getTotalCountInUse, + getTotalExecutionsCount, +} from './alerts_telemetry'; describe('alerts telemetry', () => { test('getTotalCountInUse should replace first "." symbol to "__" in alert types names', async () => { @@ -112,6 +116,62 @@ Object { "min": 0, }, } +`); + }); + + test('getTotalExecutionsCount should return execution aggregations for total count, count by rule type and number of failed executions', async () => { + const mockEsClient = elasticsearchClientMock.createClusterClient().asScoped().asInternalUser; + mockEsClient.search.mockReturnValue( + // @ts-expect-error @elastic/elasticsearch Aggregate only allows unknown values + elasticsearchClientMock.createSuccessTransportRequestPromise({ + aggregations: { + byRuleTypeId: { + value: { + ruleTypes: { + '.index-threshold': 2, + 'logs.alert.document.count': 1, + 'document.test.': 1, + }, + ruleTypesDuration: { + '.index-threshold': 2087868, + 'logs.alert.document.count': 1675765, + 'document.test.': 17687687, + }, + }, + }, + failuresByReason: { + value: { + reasons: { + unknown: { + '.index-threshold': 2, + 'logs.alert.document.count': 1, + 'document.test.': 1, + }, + }, + }, + }, + avgDuration: { value: 10 }, + }, + hits: { + hits: [], + }, + }) + ); + + const telemetry = await getTotalExecutionsCount(mockEsClient, 'test'); + + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + + expect(telemetry).toMatchInlineSnapshot(` +Object { + "countByType": Object { + "__index-threshold": 2, + "document.test__": 1, + "logs.alert.document.count": 1, + }, + "countNamespaces": 1, + "countTotal": 4, +} `); }); }); From d4866974ce1aa88aed47c42c7aacf167c498921d Mon Sep 17 00:00:00 2001 From: Yuliia Naumenko Date: Wed, 27 Oct 2021 22:03:14 -0700 Subject: [PATCH 12/18] fixed test --- .../server/usage/actions_telemetry.test.ts | 64 +++++++++++-------- .../actions/server/usage/actions_telemetry.ts | 10 ++- .../server/usage/alerts_telemetry.test.ts | 36 +++++++---- 3 files changed, 71 insertions(+), 39 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts index d5603165b946d..01e5a6bc20777 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts @@ -613,17 +613,23 @@ Object { aggregations: { totalExecutions: { byConnectorTypeId: { - connectorTypes: { - '.slack': 100, - '.server-log': 20, + value: { + connectorTypes: { + '.slack': 100, + '.server-log': 20, + }, + total: 120, }, }, }, failedExecutions: { refs: { byConnectorTypeId: { - connectorTypes: { - '.slack': 7, + value: { + connectorTypes: { + '.slack': 7, + }, + total: 7, }, }, }, @@ -674,28 +680,34 @@ Object { }, }) ); - - // for .server-log connectorss - mockEsClient.search.mockReturnValueOnce( - // @ts-expect-error not full search response - elasticsearchClientMock.createSuccessTransportRequestPromise({ - aggregations: { - avgDuration: { value: 2 }, - }, - }) - ); const telemetry = await getExecutionsTotalCount(mockEsClient, 'test'); - expect(mockEsClient.search).toHaveBeenCalledTimes(2); - expect(telemetry).toMatchInlineSnapshot(` -Object { - "countByAlertHistoryConnectorType": 0, - "countByType": Object { - "__server-log": 1, - "__slack": 1, - }, - "countTotal": 2, -} -`); + expect(mockEsClient.search).toHaveBeenCalledTimes(1); + expect(telemetry).toStrictEqual({ + avgExecutionTime: 0, + avgExecutionTimeByType: [ + { + '__server-log': 919191.9191919192, + }, + { + __email: 419666666.6666667, + }, + ], + countByType: [ + { + __slack: 100, + }, + { + '__server-log': 20, + }, + ], + countFailed: 7, + countFailedByType: [ + { + __slack: 7, + }, + ], + countTotal: 120, + }); }); }); diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index 48695bc1fe510..62464849c991a 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -528,9 +528,15 @@ export async function getExecutionsTotalCount( return { countTotal: aggsExecutions.total, - countByType: aggsExecutions.connectorTypes, + // @ts-expect-error aggegation type is not specified + countByType: Object.entries(aggsExecutions.connectorTypes).map(([key, value]) => ({ + [replaceFirstAndLastDotSymbols(key)]: value, + })), countFailed: aggsFailedExecutions.total, - countFailedByType: aggsFailedExecutions.connectorTypes, + // @ts-expect-error aggegation type is not specified + countFailedByType: Object.entries(aggsFailedExecutions.connectorTypes).map(([key, value]) => ({ + [replaceFirstAndLastDotSymbols(key)]: value, + })), avgExecutionTime: aggsAvgExecutionTime, avgExecutionTimeByType, }; diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts index d836c73036c61..a11a78ce1476c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts @@ -162,16 +162,30 @@ Object { expect(mockEsClient.search).toHaveBeenCalledTimes(1); - expect(telemetry).toMatchInlineSnapshot(` -Object { - "countByType": Object { - "__index-threshold": 2, - "document.test__": 1, - "logs.alert.document.count": 1, - }, - "countNamespaces": 1, - "countTotal": 4, -} -`); + expect(telemetry).toStrictEqual({ + avgExecutionTime: 0, + avgExecutionTimeByType: { + '__index-threshold': 1043934, + 'document.test__': 17687687, + 'logs.alert.document.count': 1675765, + }, + countByType: { + '__index-threshold': 2, + 'document.test__': 1, + 'logs.alert.document.count': 1, + }, + countFailuresByReason: { + unknown: 4, + }, + countFailuresByReasonByType: { + unknown: { + '.index-threshold': 2, + 'document.test.': 1, + 'logs.alert.document.count': 1, + }, + }, + countTotal: 4, + countTotalFailures: 4, + }); }); }); From 04a5eea70a0e14b7068e781f1ef9fee35cf5a9df Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Thu, 28 Oct 2021 09:29:07 -0700 Subject: [PATCH 13/18] fixed query --- .../server/usage/actions_telemetry.test.ts | 34 +++++++----------- .../actions/server/usage/actions_telemetry.ts | 36 ++++++++++++------- 2 files changed, 37 insertions(+), 33 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts index 01e5a6bc20777..3dec640b58110 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts @@ -685,28 +685,20 @@ Object { expect(mockEsClient.search).toHaveBeenCalledTimes(1); expect(telemetry).toStrictEqual({ avgExecutionTime: 0, - avgExecutionTimeByType: [ - { - '__server-log': 919191.9191919192, - }, - { - __email: 419666666.6666667, - }, - ], - countByType: [ - { - __slack: 100, - }, - { - '__server-log': 20, - }, - ], + avgExecutionTimeByType: { + '__server-log': 919191.9191919192, + __email: 419666666.6666667, + }, + + countByType: { + __slack: 100, + + '__server-log': 20, + }, countFailed: 7, - countFailedByType: [ - { - __slack: 7, - }, - ], + countFailedByType: { + __slack: 7, + }, countTotal: 120, }); }); diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index 62464849c991a..ea27c27096173 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -521,22 +521,34 @@ export async function getExecutionsTotalCount( // @ts-expect-error aggegation type is not specified actionResults.aggregations.avgDurationByType?.actionSavedObjects?.byTypeId?.buckets; - // @ts-expect-error aggegation type is not specified - const avgExecutionTimeByType: Record = avgDurationByType.map((bucket) => ({ - [replaceFirstAndLastDotSymbols(bucket.key)]: bucket?.refs.avgDuration.value, - })); + const avgExecutionTimeByType: Record = avgDurationByType.reduce( + // @ts-expect-error aggegation type is not specified + (res: Record, bucket) => { + res[replaceFirstAndLastDotSymbols(bucket.key)] = bucket?.refs.avgDuration.value; + return res; + }, + {} + ); return { countTotal: aggsExecutions.total, - // @ts-expect-error aggegation type is not specified - countByType: Object.entries(aggsExecutions.connectorTypes).map(([key, value]) => ({ - [replaceFirstAndLastDotSymbols(key)]: value, - })), + countByType: Object.entries(aggsExecutions.connectorTypes).reduce( + (res: Record, [key, value]) => { + // @ts-expect-error aggegation type is not specified + res[replaceFirstAndLastDotSymbols(key)] = value; + return res; + }, + {} + ), countFailed: aggsFailedExecutions.total, - // @ts-expect-error aggegation type is not specified - countFailedByType: Object.entries(aggsFailedExecutions.connectorTypes).map(([key, value]) => ({ - [replaceFirstAndLastDotSymbols(key)]: value, - })), + countFailedByType: Object.entries(aggsFailedExecutions.connectorTypes).reduce( + (res: Record, [key, value]) => { + // @ts-expect-error aggegation type is not specified + res[replaceFirstAndLastDotSymbols(key)] = value; + return res; + }, + {} + ), avgExecutionTime: aggsAvgExecutionTime, avgExecutionTimeByType, }; From 692019043b0e561eda06caa8f442d5f133675489 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Mon, 1 Nov 2021 22:23:30 -0700 Subject: [PATCH 14/18] added exection detalization by day --- .../actions/server/usage/actions_telemetry.ts | 9 ++++++- .../server/usage/actions_usage_collector.ts | 24 +++++++++---------- x-pack/plugins/actions/server/usage/task.ts | 19 ++++++++------- x-pack/plugins/actions/server/usage/types.ts | 12 +++++----- 4 files changed, 36 insertions(+), 28 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.ts index ea27c27096173..d288611af5e21 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.ts @@ -379,7 +379,7 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -export async function getExecutionsTotalCount( +export async function getExecutionsPerDayCount( esClient: ElasticsearchClient, eventLogIndex: string ): Promise<{ @@ -439,6 +439,13 @@ export async function getExecutionsTotalCount( { term: { 'event.provider': 'actions' }, }, + { + range: { + '@timestamp': { + gte: 'now-1d', + }, + }, + }, ], }, }, diff --git a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts index 97cc03a8c4174..3e690d18063d6 100644 --- a/x-pack/plugins/actions/server/usage/actions_usage_collector.ts +++ b/x-pack/plugins/actions/server/usage/actions_usage_collector.ts @@ -37,14 +37,14 @@ export function createActionsUsageCollector( }, }, count_active_by_type: byTypeSchema, - count_actions_executions: { type: 'long' }, - count_actions_executions_by_type: byTypeSchema, + count_actions_executions_per_day: { type: 'long' }, + count_actions_executions_by_type_per_day: byTypeSchema, count_active_email_connectors_by_service_type: byServiceProviderTypeSchema, count_actions_namespaces: { type: 'long' }, - count_actions_executions_failed: { type: 'long' }, - count_actions_executions_failed_by_type: byTypeSchema, - avg_execution_time: { type: 'long' }, - avg_execution_time_by_type: byTypeSchema, + count_actions_executions_failed_per_day: { type: 'long' }, + count_actions_executions_failed_by_type_per_day: byTypeSchema, + avg_execution_time_per_day: { type: 'long' }, + avg_execution_time_by_type_per_day: byTypeSchema, }, fetch: async () => { try { @@ -66,12 +66,12 @@ export function createActionsUsageCollector( count_active_by_type: {}, count_active_email_connectors_by_service_type: {}, count_actions_namespaces: 0, - count_actions_executions: 0, - count_actions_executions_by_type: {}, - count_actions_executions_failed: 0, - count_actions_executions_failed_by_type: {}, - avg_execution_time: 0, - avg_execution_time_by_type: {}, + count_actions_executions_per_day: 0, + count_actions_executions_by_type_per_day: {}, + count_actions_executions_failed_per_day: 0, + count_actions_executions_failed_by_type_per_day: {}, + avg_execution_time_per_day: 0, + avg_execution_time_by_type_per_day: {}, }; } }, diff --git a/x-pack/plugins/actions/server/usage/task.ts b/x-pack/plugins/actions/server/usage/task.ts index 67e484ed5d78a..5ddcbab4261d1 100644 --- a/x-pack/plugins/actions/server/usage/task.ts +++ b/x-pack/plugins/actions/server/usage/task.ts @@ -14,7 +14,7 @@ import { TaskManagerStartContract, } from '../../../task_manager/server'; import { PreConfiguredAction } from '../types'; -import { getTotalCount, getInUseTotalCount, getExecutionsTotalCount } from './actions_telemetry'; +import { getTotalCount, getInUseTotalCount, getExecutionsPerDayCount } from './actions_telemetry'; export const TELEMETRY_TASK_TYPE = 'actions_telemetry'; @@ -102,9 +102,9 @@ export function telemetryTaskRunner( return Promise.all([ getTotalCount(esClient, kibanaIndex, preconfiguredActions), getInUseTotalCount(esClient, kibanaIndex, undefined, preconfiguredActions), - getExecutionsTotalCount(esClient, eventLogIndex), + getExecutionsPerDayCount(esClient, eventLogIndex), ]) - .then(([totalAggegations, totalInUse, totalExecutions]) => { + .then(([totalAggegations, totalInUse, totalExecutionsPerDay]) => { return { state: { runs: (state.runs || 0) + 1, @@ -115,12 +115,13 @@ export function telemetryTaskRunner( count_active_alert_history_connectors: totalInUse.countByAlertHistoryConnectorType, count_active_email_connectors_by_service_type: totalInUse.countEmailByService, count_actions_namespaces: totalInUse.countNamespaces, - count_actions_executions: totalExecutions.countTotal, - count_actions_executions_by_type: totalExecutions.countByType, - count_actions_executions_failed: totalExecutions.countFailed, - count_actions_executions_failed_by_type: totalExecutions.countFailedByType, - avg_execution_time: totalExecutions.avgExecutionTime, - avg_execution_time_by_type: totalExecutions.avgExecutionTimeByType, + count_actions_executions_per_day: totalExecutionsPerDay.countTotal, + count_actions_executions_by_type_per_day: totalExecutionsPerDay.countByType, + count_actions_executions_failed_per_day: totalExecutionsPerDay.countFailed, + count_actions_executions_failed_by_type_per_day: + totalExecutionsPerDay.countFailedByType, + avg_execution_time_per_day: totalExecutionsPerDay.avgExecutionTime, + avg_execution_time_by_type_per_day: totalExecutionsPerDay.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/actions/server/usage/types.ts b/x-pack/plugins/actions/server/usage/types.ts index ede16291a93bd..2d041b1ba0d0e 100644 --- a/x-pack/plugins/actions/server/usage/types.ts +++ b/x-pack/plugins/actions/server/usage/types.ts @@ -16,12 +16,12 @@ export interface ActionsUsage { count_active_by_type: Record; count_active_email_connectors_by_service_type: Record; count_actions_namespaces: number; - count_actions_executions: number; - count_actions_executions_by_type: Record; - count_actions_executions_failed: number; - count_actions_executions_failed_by_type: Record; - avg_execution_time: number; - avg_execution_time_by_type: Record; + count_actions_executions_per_day: number; + count_actions_executions_by_type_per_day: Record; + count_actions_executions_failed_per_day: number; + count_actions_executions_failed_by_type_per_day: Record; + avg_execution_time_per_day: number; + avg_execution_time_by_type_per_day: Record; } export const byTypeSchema: MakeSchemaFrom['count_by_type'] = { From 92f84df5357553b5a7c9ce904d14a7d01f3803da Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Mon, 1 Nov 2021 22:24:18 -0700 Subject: [PATCH 15/18] fixed test --- x-pack/plugins/actions/server/usage/actions_telemetry.test.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts index 3dec640b58110..07f7f83333844 100644 --- a/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts +++ b/x-pack/plugins/actions/server/usage/actions_telemetry.test.ts @@ -7,7 +7,7 @@ // eslint-disable-next-line @kbn/eslint/no-restricted-paths import { elasticsearchClientMock } from '../../../../../src/core/server/elasticsearch/client/mocks'; -import { getExecutionsTotalCount, getInUseTotalCount, getTotalCount } from './actions_telemetry'; +import { getExecutionsPerDayCount, getInUseTotalCount, getTotalCount } from './actions_telemetry'; describe('actions telemetry', () => { test('getTotalCount should replace first symbol . to __ for action types names', async () => { @@ -680,7 +680,7 @@ Object { }, }) ); - const telemetry = await getExecutionsTotalCount(mockEsClient, 'test'); + const telemetry = await getExecutionsPerDayCount(mockEsClient, 'test'); expect(mockEsClient.search).toHaveBeenCalledTimes(1); expect(telemetry).toStrictEqual({ From 20672e41e3a00e5830e462fa25c27cf22b501714 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Mon, 1 Nov 2021 22:35:36 -0700 Subject: [PATCH 16/18] fixed for rules --- .../server/usage/alerts_telemetry.test.ts | 4 +-- .../alerting/server/usage/alerts_telemetry.ts | 9 +++++- .../server/usage/alerts_usage_collector.ts | 28 +++++++++---------- x-pack/plugins/alerting/server/usage/task.ts | 19 +++++++------ x-pack/plugins/alerting/server/usage/types.ts | 14 +++++----- 5 files changed, 41 insertions(+), 33 deletions(-) diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts index a11a78ce1476c..af08c8c75c144 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.test.ts @@ -10,7 +10,7 @@ import { elasticsearchClientMock } from '../../../../../src/core/server/elastics import { getTotalCountAggregations, getTotalCountInUse, - getTotalExecutionsCount, + getExecutionsPerDayCount, } from './alerts_telemetry'; describe('alerts telemetry', () => { @@ -158,7 +158,7 @@ Object { }) ); - const telemetry = await getTotalExecutionsCount(mockEsClient, 'test'); + const telemetry = await getExecutionsPerDayCount(mockEsClient, 'test'); expect(mockEsClient.search).toHaveBeenCalledTimes(1); diff --git a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts index 016d8dce54f8c..180ee4300f18c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_telemetry.ts @@ -319,7 +319,7 @@ function replaceFirstAndLastDotSymbols(strToReplace: string) { return hasLastSymbolDot ? `${appliedString.slice(0, -1)}__` : appliedString; } -export async function getTotalExecutionsCount( +export async function getExecutionsPerDayCount( esClient: ElasticsearchClient, eventLogIndex: string ) { @@ -338,6 +338,13 @@ export async function getTotalExecutionsCount( { term: { 'event.provider': 'alerting' }, }, + { + range: { + '@timestamp': { + gte: 'now-1d', + }, + }, + }, ], }, }, diff --git a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts index 37545008e6661..0a21e687ebf36 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts @@ -111,13 +111,13 @@ export function createAlertsUsageCollector( count_active_by_type: {}, count_by_type: {}, count_rules_namespaces: 0, - count_rules_executions: 0, - count_rules_executions_by_type: {}, - count_rules_executions_failured: 0, - count_rules_executions_failured_by_reason: {}, - count_rules_executions_failured_by_reason_by_type: {}, - avg_execution_time: 0, - avg_execution_time_by_type: {}, + count_rules_executions_per_day: 0, + count_rules_executions_by_type_per_day: {}, + count_rules_executions_failured_per_day: 0, + count_rules_executions_failured_by_reason_per_day: {}, + count_rules_executions_failured_by_reason_by_type_per_day: {}, + avg_execution_time_per_day: 0, + avg_execution_time_by_type_per_day: {}, }; } }, @@ -143,13 +143,13 @@ export function createAlertsUsageCollector( count_active_by_type: byTypeSchema, count_by_type: byTypeSchema, count_rules_namespaces: { type: 'long' }, - count_rules_executions: { type: 'long' }, - count_rules_executions_by_type: byTypeSchema, - count_rules_executions_failured: { type: 'long' }, - count_rules_executions_failured_by_reason: byReasonSchema, - count_rules_executions_failured_by_reason_by_type: byReasonSchemaByType, - avg_execution_time: { type: 'long' }, - avg_execution_time_by_type: byTypeSchema, + count_rules_executions_per_day: { type: 'long' }, + count_rules_executions_by_type_per_day: byTypeSchema, + count_rules_executions_failured_per_day: { type: 'long' }, + count_rules_executions_failured_by_reason_per_day: byReasonSchema, + count_rules_executions_failured_by_reason_by_type_per_day: byReasonSchemaByType, + avg_execution_time_per_day: { type: 'long' }, + avg_execution_time_by_type_per_day: byTypeSchema, }, }); } diff --git a/x-pack/plugins/alerting/server/usage/task.ts b/x-pack/plugins/alerting/server/usage/task.ts index 3433a47afa37d..2fbd56c105c31 100644 --- a/x-pack/plugins/alerting/server/usage/task.ts +++ b/x-pack/plugins/alerting/server/usage/task.ts @@ -17,7 +17,7 @@ import { import { getTotalCountAggregations, getTotalCountInUse, - getTotalExecutionsCount, + getExecutionsPerDayCount, } from './alerts_telemetry'; export const TELEMETRY_TASK_TYPE = 'alerting_telemetry'; @@ -93,7 +93,7 @@ export function telemetryTaskRunner( return Promise.all([ getTotalCountAggregations(esClient, kibanaIndex), getTotalCountInUse(esClient, kibanaIndex), - getTotalExecutionsCount(esClient, eventLogIndex), + getExecutionsPerDayCount(esClient, eventLogIndex), ]) .then(([totalCountAggregations, totalInUse, totalExecutions]) => { return { @@ -104,14 +104,15 @@ export function telemetryTaskRunner( count_active_total: totalInUse.countTotal, count_disabled_total: totalCountAggregations.count_total - totalInUse.countTotal, count_rules_namespaces: totalInUse.countNamespaces, - count_rules_executions: totalExecutions.countTotal, - count_rules_executions_by_type: totalExecutions.countByType, - count_rules_executions_failured: totalExecutions.countTotalFailures, - count_rules_executions_failured_by_reason: totalExecutions.countFailuresByReason, - count_rules_executions_failured_by_reason_by_type: + count_rules_executions_per_day: totalExecutions.countTotal, + count_rules_executions_by_type_per_day: totalExecutions.countByType, + count_rules_executions_failured_per_day: totalExecutions.countTotalFailures, + count_rules_executions_failured_by_reason_per_day: + totalExecutions.countFailuresByReason, + count_rules_executions_failured_by_reason_by_type_per_day: totalExecutions.countFailuresByReasonByType, - avg_execution_time: totalExecutions.avgExecutionTime, - avg_execution_time_by_type: totalExecutions.avgExecutionTimeByType, + avg_execution_time_per_day: totalExecutions.avgExecutionTime, + avg_execution_time_by_type_per_day: totalExecutions.avgExecutionTimeByType, }, runAt: getNextMidnight(), }; diff --git a/x-pack/plugins/alerting/server/usage/types.ts b/x-pack/plugins/alerting/server/usage/types.ts index 6f635f08cc571..50d9b80c44b70 100644 --- a/x-pack/plugins/alerting/server/usage/types.ts +++ b/x-pack/plugins/alerting/server/usage/types.ts @@ -12,13 +12,13 @@ export interface AlertsUsage { count_by_type: Record; count_active_by_type: Record; count_rules_namespaces: number; - count_rules_executions: number; - count_rules_executions_by_type: Record; - count_rules_executions_failured: number; - count_rules_executions_failured_by_reason: Record; - count_rules_executions_failured_by_reason_by_type: Record>; - avg_execution_time: number; - avg_execution_time_by_type: Record; + count_rules_executions_per_day: number; + count_rules_executions_by_type_per_day: Record; + count_rules_executions_failured_per_day: number; + count_rules_executions_failured_by_reason_per_day: Record; + count_rules_executions_failured_by_reason_by_type_per_day: Record>; + avg_execution_time_per_day: number; + avg_execution_time_by_type_per_day: Record; throttle_time: { min: number; avg: number; From 5c6a53e0a98d7614d6c1f2b72579553e5e0374a4 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Mon, 1 Nov 2021 22:38:02 -0700 Subject: [PATCH 17/18] fixed schema --- .../schema/xpack_plugins.json | 26 +++++++++---------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json index a938748cad309..8ac619d479bef 100644 --- a/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json +++ b/x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json @@ -100,10 +100,10 @@ } } }, - "count_actions_executions": { + "count_actions_executions_per_day": { "type": "long" }, - "count_actions_executions_by_type": { + "count_actions_executions_by_type_per_day": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -171,10 +171,10 @@ "count_actions_namespaces": { "type": "long" }, - "count_actions_executions_failed": { + "count_actions_executions_failed_per_day": { "type": "long" }, - "count_actions_executions_failed_by_type": { + "count_actions_executions_failed_by_type_per_day": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -214,10 +214,10 @@ } } }, - "avg_execution_time": { + "avg_execution_time_per_day": { "type": "long" }, - "avg_execution_time_by_type": { + "avg_execution_time_by_type_per_day": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -482,10 +482,10 @@ "count_rules_namespaces": { "type": "long" }, - "count_rules_executions": { + "count_rules_executions_per_day": { "type": "long" }, - "count_rules_executions_by_type": { + "count_rules_executions_by_type_per_day": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -570,10 +570,10 @@ } } }, - "count_rules_executions_failured": { + "count_rules_executions_failured_per_day": { "type": "long" }, - "count_rules_executions_failured_by_reason": { + "count_rules_executions_failured_by_reason_per_day": { "properties": { "DYNAMIC_KEY": { "type": "long" @@ -592,7 +592,7 @@ } } }, - "count_rules_executions_failured_by_reason_by_type": { + "count_rules_executions_failured_by_reason_by_type_per_day": { "properties": { "DYNAMIC_KEY": { "properties": { @@ -1021,10 +1021,10 @@ } } }, - "avg_execution_time": { + "avg_execution_time_per_day": { "type": "long" }, - "avg_execution_time_by_type": { + "avg_execution_time_by_type_per_day": { "properties": { "DYNAMIC_KEY": { "type": "long" From 04717ddd16dc2820ea4258280c63b62017769366 Mon Sep 17 00:00:00 2001 From: YulNaumenko Date: Tue, 2 Nov 2021 08:25:09 -0700 Subject: [PATCH 18/18] fixed schema --- .../server/usage/alerts_usage_collector.ts | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts index 0a21e687ebf36..e5b25ea75fc1c 100644 --- a/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts +++ b/x-pack/plugins/alerting/server/usage/alerts_usage_collector.ts @@ -50,16 +50,17 @@ const byTypeSchema: MakeSchemaFrom['count_by_type'] = { xpack__ml__anomaly_detection_jobs_health: { type: 'long' }, // eslint-disable-line @typescript-eslint/naming-convention }; -const byReasonSchema: MakeSchemaFrom['count_rules_executions_failured_by_reason'] = { - // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) - DYNAMIC_KEY: { type: 'long' }, - read: { type: 'long' }, - decrypt: { type: 'long' }, - license: { type: 'long' }, - unknown: { type: 'long' }, -}; +const byReasonSchema: MakeSchemaFrom['count_rules_executions_failured_by_reason_per_day'] = + { + // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) + DYNAMIC_KEY: { type: 'long' }, + read: { type: 'long' }, + decrypt: { type: 'long' }, + license: { type: 'long' }, + unknown: { type: 'long' }, + }; -const byReasonSchemaByType: MakeSchemaFrom['count_rules_executions_failured_by_reason_by_type'] = +const byReasonSchemaByType: MakeSchemaFrom['count_rules_executions_failured_by_reason_by_type_per_day'] = { // TODO: Find out an automated way to populate the keys or reformat these into an array (and change the Remote Telemetry indexer accordingly) DYNAMIC_KEY: byTypeSchema,