-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Fleet] added cardinality agg when counting acks in action_status #141651
[Fleet] added cardinality agg when counting acks in action_status #141651
Conversation
Pinging @elastic/fleet (Team:Fleet) |
@@ -39,6 +39,11 @@ export async function getActionStatuses( | |||
terms: { field: 'action_id', size: actions.length || 10 }, | |||
aggs: { | |||
max_timestamp: { max: { field: '@timestamp' } }, | |||
agent_count: { | |||
cardinality: { | |||
field: 'agent_id', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we use precision_threshold
here to have a more accurate response https://www.elastic.co/guide/en/elasticsearch/reference/current/search-aggregations-metrics-cardinality-aggregation.html ?
@elasticmachine merge upstream |
💚 Build Succeeded
Metrics [docs]Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
…astic#141651) * added cardinality agg when counting acks in action_status * added precision_threshold, added tests for activity flyout * fixed tests * fixed tests Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit adffaa4)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
…41651) (#141764) * added cardinality agg when counting acks in action_status * added precision_threshold, added tests for activity flyout * fixed tests * fixed tests Co-authored-by: Kibana Machine <[email protected]> (cherry picked from commit adffaa4) Co-authored-by: Julia Bardi <[email protected]>
Summary
Related to #140267
During scalability testing with 75k agents, we encountered an issue that the number of acks for an action were greater than the agents actioned, this resulted the action showing up as in progress.
It is possible that one agent acks multiple times, if the update of action result takes long, and the agent checks in multiple times.
To fix this, added a cardinality agg on agent id when fetching action results, to make sure we are only counting one ack per agent.
The fix is hard to reproduce locally with small agent count, so would have to be tested again with larger clusters on cloud.
cc @joshdover