Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Alerting RBAC - manually build KueryNode #76960

Closed
kobelb opened this issue Sep 8, 2020 · 1 comment · Fixed by #77040
Closed

Alerting RBAC - manually build KueryNode #76960

kobelb opened this issue Sep 8, 2020 · 1 comment · Fixed by #77040
Assignees
@gmmorris
Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)

Comments

@kobelb
Copy link
Contributor

kobelb commented Sep 8, 2020
edited
Loading

Currently, Alerting is using string-concatenation to build a KQL expression string which is used as a filter that is passed to SavedObjectsClient#find. While investigating some performance concerns, it's come to our attention that parsing a KQL expression string is exceedingly slow, and this is actively being discussed in #76811.

Our only mitigation at the moment is to not parse KQL expression strings whenever possible and to manually construct the KueryNodes. An example of where this is being done by Fleet:

kibana/x-pack/plugins/ingest_manager/server/services/agents/actions.ts

Lines 33 to 47 in 7ed80d5

const filter = nodeTypes.function.buildNode('and', [
nodeTypes.function.buildNode(
'not',
nodeTypes.function.buildNodeWithArgumentNodes('is', [
nodeTypes.literal.buildNode(`${AGENT_ACTION_SAVED_OBJECT_TYPE}.attributes.sent_at`),
nodeTypes.wildcard.buildNode(nodeTypes.wildcard.wildcardSymbol),
nodeTypes.literal.buildNode(false),
])
),
nodeTypes.function.buildNodeWithArgumentNodes('is', [
nodeTypes.literal.buildNode(`${AGENT_ACTION_SAVED_OBJECT_TYPE}.attributes.agent_id`),
nodeTypes.literal.buildNode(agentId),
nodeTypes.literal.buildNode(false),
]),
]);

@kobelb kobelb added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) :Alerting labels Sep 8, 2020
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-alerting-services (Team:Alerting Services)

@gmmorris gmmorris self-assigned this Sep 8, 2020
@gmmorris gmmorris mentioned this issue Sep 9, 2020
Merged
2 tasks
@kobelb kobelb added the needs-team Issues missing a team label label Jan 31, 2022
@botelastic botelastic bot removed the needs-team Issues missing a team label label Jan 31, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gmmorris gmmorris

Labels
Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams)
Projects
None yet
Milestone
No milestone
3 participants
@gmmorris @kobelb @elasticmachine