[Change Proposal] Add support for synthetic source #340
Comments
|
++ having this available in the package spec. Ideally, it would also be possible to turn it on / off in the Fleet UI somewhere. |
|
This is a 3rd use case for expanding our proposal in elastic/kibana#132818 to allow enabling this on an integration or data stream level for testing before we allow packages to enable this by default. |
|
My preferred approach as of today would be: Initial Phase - enabling integrations
Future phase
|
|
@andresrc the current idea we had as of elastic/kibana#132818 is the following:
This is functionally similar to what you are suggesting, but we wouldn't need to add a new kind of configuration, and this feature would be available in all data streams, without needing changes on integrations. |
|
Thanks @jsoriano , that approach looks better, yes. The questions is: Would the flag be global or per-data stream? I think it should be per-data stream as folks might be relying on In the future, we could add the setting the package so that they can set the default values (e.g, we should use it for every new data stream, as there is no risk of breaking change) |
It seems that the current plan is to implement this flag at the package level (see elastic/kibana#132818 (comment)). Do you think this would be enough granularity?
Yep, if we see any risk of breaking changes, we should add a setting to ensure backwards compatibility. But as the feature is being designed now, it should be backwards compatibility, except for some known cases we may not have in integrations. |
Better than global for sure. It will depend on wether we find there's a different impact on logs and metrics, but it might be a reasonable compromise. |
Won't this be a breaking change for all data streams then? We don't know how users are using this in their own custom visualizations or external systems. If we flip this on by default on a package upgrade, we can/will break things for some users. I think we have to make this an opt-in feature for existing packages / data streams and consider making it the default in the next major version. Now that said, I think we could get away with making it a breaking change in the package rather than in the Stack. The problem is we don't have a UI flow for helping users through package major version upgrades. |
|
It'd be good to confirm how many users of our Fleet-based solutions are using The opt-in flag is a good tool to help users and developers test the results for the cases where When we decide to enable it, we may also decide to do it by default in new policies only, letting it disabled on existing policies and upgrades, so users need to explicitly enable it in potentially breaking cases. I wouldn't leave the decision to package developers (that is making this a flag in the package). What uses cases would we cover with this? This would open the gate to packages that make long-term use of |
|
@tommyers-elastic has found that one use we do of @alvarezmelissa87 do you think that these jobs would work with synthetic source? |
|
I expect with elastic/kibana#132818 to soon have a way for us to enable synthetic source per data stream. Experiments on existing data streams have shown very promising results. Because of this, I'm convinced we should start the discussion on the package-spec flag. For now synthetics sources works well for metrics. My ideal scenario would be:
I wonder how we could make the above possible with default but stay compatible. Different package-spec versions? |
Is the use of synthetic source a decision to make by the package developer? If it is, we need a flag. If it isn't, then I don't think we should put anything in the spec. I think we need to wait for some more results before making a decision here. My general impression at the moment is that we are going to be able to enable it in all metrics data streams by default, specially given that efforts are being done to overcome current limitations as the issues with When we take the step of enabling synthetic source by default I am ok though with keeping the setting in the fleet UI, allowing users to keep the source if they want it for some reason, and keeping installed data streams as they are to avoid breaking current uses of the source. This decision doesn't affect the behavior of the package, so I think it is ok if users can take it. (As a counter-example of who should make the decision, we have TSDB, where we decided to add a flag in the spec, because we thought that the decision of using TSDB is a decision to make by the package developer and not by the user, as this will also affect how the data can be queried) |
Yes, a package dev can decide to turn it on / off per data stream. It might be possible to overwrite this in Fleet at least short term, long term this might not even be needed. |
But why would a package developer decide if synthetic source should be used or not? Is there any use case for this? |
|
The simplified version is, metrics-* have synthetics source, logs-* use _source. But there will be exceptions to this and that is where the package dev needs to have the option to overwrite our default. |
Ok, for the exceptions it can make sense to have a toggle for this. Let's then add something similar to what we added for TSDB in #357. cc @kpollich this will affect the plans for elastic/kibana#132818, as Fleet will need to read this new setting. |
Elasticsearch is going to introduce a new feature called synthetic source. It allows to ingest documents without keeping the source, and rebuild it if needed from the indexed data. Not storing the source produces significative disk space savings.
We may decide in the future to enable synthetic source everywhere, but in the meantime we should have a way to enable it per data stream.
Slightly Blocked by: elastic/kibana#132818
The text was updated successfully, but these errors were encountered: