-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Data Quality dashboard storage metrics #155581
[Security Solution] Data Quality dashboard storage metrics #155581
Conversation
Pinging @elastic/security-solution (Team: SecuritySolution) |
Files by Code Ownerelastic/security-threat-hunting-explore
|
ba5f1d2
to
64b3bb6
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Explore changes LGTM!
2413edd
to
01b06fc
Compare
expect(getValidValues(field)).toEqual([ | ||
'authentication', | ||
'configuration', | ||
// no entry for 'database' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
these inline comments for what's changed are helpful 👌🏾
updatePatternIndexNames={updatePatternIndexNames} | ||
updatePatternRollup={updatePatternRollup} | ||
/> | ||
{i !== patterns.length - 1 ? ( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
it's the same thing, but you could do patterns[i + 1] ? (<Spacer>) : null
or maybe just patterns[i + 1] && <Spacer>
value != null ? numeral(value).format(defaultBytesFormat) : EMPTY_STAT; | ||
|
||
const ilmPhases = ['hot', 'warm', 'unmanaged']; | ||
const patterns = ['.alerts-security.alerts-default', 'auditbeat-*', 'packetbeat-*']; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nit and def not necessary, but with discussions around alerts index name changes, may be better to use the ${DEFAULT_ALERTS_INDEX}-default
here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i'm reluctant to use ${DEFAULT_ALERTS_INDEX}-default
in the context of these tests (and others) because artifacts of the current value, .alerts-security.alerts-default
, are ubiquitous in the mock (stats
and ILM
) data, and in most of the tests.
In most contexts, there's nothing magic about .alerts-security.alerts-default
other than it's currently a "foreign key" in the mock data. If the value behind the ${DEFAULT_ALERTS_INDEX}-default
changes, tests may start failing (with false positives) unless the mock data is manually updated via search & replace.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yea, took me a sec to realize all of these are just in test files, so doesn't really matter what it is as long as it aligns with the mocks. Ignore me...I've been seeing the index pattern everywhere so I'm very sensitive to it 😂
pattern: string; | ||
flattenedBuckets: FlattenedBucket[]; | ||
}): LegendItem[] => | ||
sortBy( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use orderBy
to sort in descending order without the additional reverse
. Not sure which is more performant though
error.toString() != null | ||
? error.toString() | ||
: i18n.AN_ERROR_OCCURRED_CHECKING_INDEX(indexName), | ||
error: error != null ? error.toString() : i18n.AN_ERROR_OCCURRED_CHECKING_INDEX(indexName), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nice catch
return sortedPatterns.reduce<IndexToCheck[]>((acc, pattern) => { | ||
const indexNames = patternIndexNames[pattern] ?? []; | ||
const indexNames = patternIndexNames[pattern]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
you can use orderBy
in this function as well
`| ${RESULT} | ${INDEX} | ${DOCS} | ${INCOMPATIBLE_FIELDS} | ${ILM_PHASE} | | ||
|--------|-------|------|---------------------|-----------|`; | ||
`| ${RESULT} | ${INDEX} | ${DOCS} | ${INCOMPATIBLE_FIELDS} | ${ILM_PHASE} | ${SIZE} | | ||
|--------|-------|------|---------------------|-----------|------|`; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SUPER random thought, but you can have a space-builder so it's easier to get an idea of the numerical spacing.
Something like ${addSpace(8)}
and const addSpace = (spaces: number) => Array(spaces).fill('-').join('');
. DEFINITELY over-engineered, but couldn't help myself
? allIndexes.reduce<number>((acc, incompatible) => acc + Number(incompatible), 0) | ||
: undefined; | ||
if (sortByDirection === 'desc') { | ||
return sortBy(sortByColumn, summaryTableItems).reverse(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll stop commenting on these after this.. re the orderBy
vs sort().reverse()
. And once again, not sure which would be more performant
<EuiFlexGroup data-test-subj="storageTreemap" gutterSize="none"> | ||
<ChartFlexItem grow={true} $maxChartHeight={maxChartHeight} $minChartHeight={minChartHeight}> | ||
{flattenedBuckets.length === 0 ? ( | ||
<NoData reason="" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Do you need to pass the reason=""
? or keep it the same as line 143?
|
||
const NoDataComponent: React.FC<Props> = ({ reason }) => ( | ||
<EuiFlexGroup alignItems="center" gutterSize="none"> | ||
<EuiFlexItem grow={true}> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: you should be able to just pass grow
* 2.0. | ||
*/ | ||
|
||
export const mockUnallowedValuesResponse = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: missed the 'n' in unallowed
for the name of this file :) and file path :)
@@ -31,7 +35,21 @@ export const getTotalDocsCount = ( | |||
|
|||
// only return the total when all `PatternRollup`s have a `docsCount`: | |||
return allRollupsHaveDocsCount | |||
? allRollups.reduce((acc, { docsCount }) => acc + (docsCount ?? 0), 0) | |||
? allRollups.reduce((acc, { docsCount }) => acc + Number(docsCount), 0) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there ever a scenario where we would want to show partial results if one of the indices didn't return a value? Not necessary now, but just a thought. We'll see how often users run into this scenario...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The test coverage here is excellent. Thank you for adding them. Desk tested locally across multiple spaces with all ilm phases selected and de-selected and it works great! The tooltips all have the text as expected and there are no signs of the beta
tag as far as I can tell. Nice work! 🚀 Just added some minor nits and questions.
![storage_metrics_animated](https://user-images.githubusercontent.com/4459398/233871314-6894b380-63ac-4622-b64f-965752a96019.gif) _Above: The new storage metrics treemap updates as indices are checked_ ![storage_metrics](https://user-images.githubusercontent.com/4459398/233880225-8242733a-4bd6-40b3-bffa-e283ce0d77cd.png) _Above: Storage metrics in the Data Quality dashboard_ ## Summary This PR introduces [storage metrics](elastic/security-team#6047) to the _Data Quality_ dashboard - Multiple views are enhanced to display the size of indices - A new interactive treemap visualizes the relative sizes of indices - Markdown reports include the size of indices - The Data Quality dashboard `Beta` tag is removed - Inline action buttons replace the `Take action` popover - The Global stats panel remains visible when the `Select one or more ILM phases` help is displayed - Code coverage is improved throughout the dashboard ## Details ### Multiple views enhanced to display the size of indices The following views have been enhanced to display the `Size` of indices, per the screenshots below: - The pattern table's `Size` column displays the size of a single index ![04_size_column](https://user-images.githubusercontent.com/4459398/233870161-d86eadbd-9f01-4ed6-aa6f-98f6044a4f57.png) - The pattern table's `Size` tooltip ![05_size_column_tooltip](https://user-images.githubusercontent.com/4459398/233868732-08059ba9-5e4b-4f68-a152-eb4b41db6f96.png) - The pattern rollup's `Size` stat displays the total size of indices in a pattern ![06_pattern_rollups_size](https://user-images.githubusercontent.com/4459398/233868817-babc96eb-c0aa-4b7f-bb45-54e3039d06f2.png) - The pattern rollup's `Size` stat tooltip ![07_pattern_rollups_size_tooltip](https://user-images.githubusercontent.com/4459398/233868858-14a43aa2-324f-40bd-a185-1cb7ac15c81b.png) - The global stats rollup `Size` stat displays the total size of all the patterns ![08_global_stats_rollup_size](https://user-images.githubusercontent.com/4459398/233868900-e3cbc00b-3b5a-4756-8246-cb31a1b8bac8.png) - The global stats rollup `Size` stat tooltip ![09_global_stats_rollup_size_tooltip](https://user-images.githubusercontent.com/4459398/233868952-b9c27432-c8a4-4ad5-9dda-5e1aa903758c.png) ### New interactive treemap A new interactive treemap visualizes the relative sizes of indices: - The color of indices in the treemap and its legend update as the data is checked ![storage_metrics_animated](https://user-images.githubusercontent.com/4459398/233871314-6894b380-63ac-4622-b64f-965752a96019.gif) - Clicking on an index in the treemap or the legend expands (and scrolls to) the index ### Markdown reports include the `Size` of indices Markdown reports are enhanced to include the new `Size` statistic in: - Pattern markdown tables | Result | Index | Docs | Incompatible fields | ILM Phase | Size | |--------|-------|------|---------------------|-----------|------| | ❌ | auditbeat-7.14.2-2023.04.09-000001 | 48,077 (4.3%) | 12 | `hot` | 41.3MB | | ❌ | auditbeat-7.3.2-2023.04.09-000001 | 48,068 (4.3%) | 8 | `hot` | 31MB | | ❌ | auditbeat-7.11.2-2023.04.09-000001 | 48,064 (4.3%) | 12 | `hot` | 40.8MB | - Pattern rollup markdown tables | Incompatible fields | Indices checked | Indices | Size | Docs | |---------------------|-----------------|---------|------|------| | 164 | 26 | 26 | 899.3MB | 1,118,155 | - The global stats markdown table | Incompatible fields | Indices checked | Indices | Size | Docs | |---------------------|-----------------|---------|------|------| | 166 | 32 | 32 | 9.2GB | 20,779,245 | ### Data Quality dashboard `Beta` tag removed The Data Quality dashboard `Beta` tag is removed from the following views: - The `Dashboards` page **Before:** ![11_dashboards_before](https://user-images.githubusercontent.com/4459398/233869434-d4d2ed14-4e6f-4eab-bae6-a9c9b976e20f.png) **After:** ![12_dashboards_after](https://user-images.githubusercontent.com/4459398/233869088-9dc62d7d-44cb-46cb-8880-976a7b7e9c56.png) - Security Solution side navigation **Before:** ![13_side_navigation_before](https://user-images.githubusercontent.com/4459398/233869467-e7725285-1199-40e1-ac65-054bea8b02f6.png) **After:** ![14_side_navigation_after](https://user-images.githubusercontent.com/4459398/233869146-7b89cb47-3509-478e-8675-9f1653749b18.png) - The Data Quality dashboard page header **Before:** ![15_page_header_before](https://user-images.githubusercontent.com/4459398/233869404-0b04c2ec-3d2e-4ba8-9520-68013f80e43a.png) **After:** ![16_page_header_after](https://user-images.githubusercontent.com/4459398/233869219-b54ee61e-07b7-470d-a668-b4f5ed4327e6.png) ### Inline action buttons replace the `Take action` popover Inline `Add to new case` and `Copy to clipboard` action buttons replace the `Take action` popover, the previous home of these actions: **Before:** ![17_actions_before](https://user-images.githubusercontent.com/4459398/233869306-0182145f-affc-4ad1-b63f-72e43d34234c.png) **After:** ![18_actions_after](https://user-images.githubusercontent.com/4459398/233869345-754b7448-9d28-4253-9186-5b2389acf4ff.png) ### Global stats panel remains visible when the `Select one or more ILM phases` help is displayed The Global stats panel now remains visible when the `Select one or more ILM phases` help is displayed: **Before:** ![19_select_ilm_phases_before](https://user-images.githubusercontent.com/4459398/233869754-2067fa5d-7153-407b-aa45-65332b16bc7a.png) **After:** ![20_select_ilm_phases_after](https://user-images.githubusercontent.com/4459398/233869762-38d069de-3191-4e28-8692-df42ab3b21a5.png) ### Code coverage improvements Code coverage is improved throughout the dashboard, as measured by running the following command: ```sh node scripts/jest --watch x-pack/packages/kbn-ecs-data-quality-dashboard --coverage ```
…on/public/overview/links.ts`
01b06fc
to
177eed0
Compare
💛 Build succeeded, but was flaky
Failed CI StepsMetrics [docs]Module Count
Async chunks
Unknown metric groupsESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
…55581) # [Security Solution] Data Quality dashboard storage metrics ![storage_metrics_animated](https://user-images.githubusercontent.com/4459398/233871314-6894b380-63ac-4622-b64f-965752a96019.gif) _Above: The new storage metrics treemap updates as indices are checked_ ![storage_metrics](https://user-images.githubusercontent.com/4459398/233880225-8242733a-4bd6-40b3-bffa-e283ce0d77cd.png) _Above: Storage metrics in the Data Quality dashboard_ ## Summary This PR introduces [storage metrics](elastic/security-team#6047) to the _Data Quality_ dashboard - Multiple views are enhanced to display the size of indices - A new interactive treemap visualizes the relative sizes of indices - Markdown reports include the size of indices - The Data Quality dashboard `Beta` tag is removed - Inline action buttons replace the `Take action` popover - The Global stats panel remains visible when the `Select one or more ILM phases` help is displayed - Code coverage is improved throughout the dashboard ## Details ### Multiple views enhanced to display the size of indices The following views have been enhanced to display the `Size` of indices, per the screenshots below: - The pattern table's `Size` column displays the size of a single index ![04_size_column](https://user-images.githubusercontent.com/4459398/233870161-d86eadbd-9f01-4ed6-aa6f-98f6044a4f57.png) - The pattern table's `Size` tooltip ![05_size_column_tooltip](https://user-images.githubusercontent.com/4459398/233868732-08059ba9-5e4b-4f68-a152-eb4b41db6f96.png) - The pattern rollup's `Size` stat displays the total size of indices in a pattern ![06_pattern_rollups_size](https://user-images.githubusercontent.com/4459398/233868817-babc96eb-c0aa-4b7f-bb45-54e3039d06f2.png) - The pattern rollup's `Size` stat tooltip ![07_pattern_rollups_size_tooltip](https://user-images.githubusercontent.com/4459398/233868858-14a43aa2-324f-40bd-a185-1cb7ac15c81b.png) - The global stats rollup `Size` stat displays the total size of all the patterns ![08_global_stats_rollup_size](https://user-images.githubusercontent.com/4459398/233868900-e3cbc00b-3b5a-4756-8246-cb31a1b8bac8.png) - The global stats rollup `Size` stat tooltip ![09_global_stats_rollup_size_tooltip](https://user-images.githubusercontent.com/4459398/233868952-b9c27432-c8a4-4ad5-9dda-5e1aa903758c.png) ### New interactive treemap A new interactive treemap visualizes the relative sizes of indices: - The color of indices in the treemap and its legend update as the data is checked ![storage_metrics_animated](https://user-images.githubusercontent.com/4459398/233871314-6894b380-63ac-4622-b64f-965752a96019.gif) - Clicking on an index in the treemap or the legend expands (and scrolls to) the index ### Markdown reports include the `Size` of indices Markdown reports are enhanced to include the new `Size` statistic in: - Pattern markdown tables | Result | Index | Docs | Incompatible fields | ILM Phase | Size | |--------|-------|------|---------------------|-----------|------| | ❌ | auditbeat-7.14.2-2023.04.09-000001 | 48,077 (4.3%) | 12 | `hot` | 41.3MB | | ❌ | auditbeat-7.3.2-2023.04.09-000001 | 48,068 (4.3%) | 8 | `hot` | 31MB | | ❌ | auditbeat-7.11.2-2023.04.09-000001 | 48,064 (4.3%) | 12 | `hot` | 40.8MB | - Pattern rollup markdown tables | Incompatible fields | Indices checked | Indices | Size | Docs | |---------------------|-----------------|---------|------|------| | 164 | 26 | 26 | 899.3MB | 1,118,155 | - The global stats markdown table | Incompatible fields | Indices checked | Indices | Size | Docs | |---------------------|-----------------|---------|------|------| | 166 | 32 | 32 | 9.2GB | 20,779,245 | ### Data Quality dashboard `Beta` tag removed The Data Quality dashboard `Beta` tag is removed from the following views: - The `Dashboards` page **Before:** ![11_dashboards_before](https://user-images.githubusercontent.com/4459398/233869434-d4d2ed14-4e6f-4eab-bae6-a9c9b976e20f.png) **After:** ![12_dashboards_after](https://user-images.githubusercontent.com/4459398/233869088-9dc62d7d-44cb-46cb-8880-976a7b7e9c56.png) - Security Solution side navigation **Before:** ![13_side_navigation_before](https://user-images.githubusercontent.com/4459398/233869467-e7725285-1199-40e1-ac65-054bea8b02f6.png) **After:** ![14_side_navigation_after](https://user-images.githubusercontent.com/4459398/233869146-7b89cb47-3509-478e-8675-9f1653749b18.png) - The Data Quality dashboard page header **Before:** ![15_page_header_before](https://user-images.githubusercontent.com/4459398/233869404-0b04c2ec-3d2e-4ba8-9520-68013f80e43a.png) **After:** ![16_page_header_after](https://user-images.githubusercontent.com/4459398/233869219-b54ee61e-07b7-470d-a668-b4f5ed4327e6.png) ### Inline action buttons replace the `Take action` popover Inline `Add to new case` and `Copy to clipboard` action buttons replace the `Take action` popover, the previous home of these actions: **Before:** ![17_actions_before](https://user-images.githubusercontent.com/4459398/233869306-0182145f-affc-4ad1-b63f-72e43d34234c.png) **After:** ![18_actions_after](https://user-images.githubusercontent.com/4459398/233869345-754b7448-9d28-4253-9186-5b2389acf4ff.png) ### Global stats panel remains visible when the `Select one or more ILM phases` help is displayed The Global stats panel now remains visible when the `Select one or more ILM phases` help is displayed: **Before:** ![19_select_ilm_phases_before](https://user-images.githubusercontent.com/4459398/233869754-2067fa5d-7153-407b-aa45-65332b16bc7a.png) **After:** ![20_select_ilm_phases_after](https://user-images.githubusercontent.com/4459398/233869762-38d069de-3191-4e28-8692-df42ab3b21a5.png) ### Code coverage improvements Code coverage is improved throughout the dashboard, as measured by running the following command: ```sh node scripts/jest --watch x-pack/packages/kbn-ecs-data-quality-dashboard --coverage ```
@andrew-goldstein could we use the following screenshot in the 8.8 release blog? |
yes @dhru42, thanks! |
[Security Solution] Data Quality dashboard storage metrics
Above: The new storage metrics treemap updates as indices are checked
Above: Storage metrics in the Data Quality dashboard
Summary
This PR introduces storage metrics to the Data Quality dashboard
Multiple views are enhanced to display the size of indices
A new interactive treemap visualizes the relative sizes of indices
Markdown reports include the size of indices
The Data Quality dashboard
Beta
tag is removedInline action buttons replace the
Take action
popoverThe Global stats panel remains visible when the
Select one or more ILM phases
help is displayedCode coverage is improved throughout the dashboard
Details
Multiple views enhanced to display the size of indices
The following views have been enhanced to display the
Size
of indices, per the screenshots below:Size
column displays the size of a single indexSize
tooltipSize
stat displays the total size of indices in a patternSize
stat tooltipSize
stat displays the total size of all the patternsSize
stat tooltipNew interactive treemap
A new interactive treemap visualizes the relative sizes of indices:
Markdown reports include the
Size
of indicesMarkdown reports are enhanced to include the new
Size
statistic in:hot
hot
hot
Data Quality dashboard
Beta
tag removedThe Data Quality dashboard
Beta
tag is removed from the following views:Dashboards
pageBefore:
After:
Before:
After:
Before:
After:
Inline action buttons replace the
Take action
popoverInline
Add to new case
andCopy to clipboard
action buttons replace theTake action
popover, the previous home of these actions:Before:
After:
Global stats panel remains visible when the
Select one or more ILM phases
help is displayedThe Global stats panel now remains visible when the
Select one or more ILM phases
help is displayed:Before:
After:
Code coverage improvements
Code coverage is improved throughout the dashboard, as measured by running the following command: