[Metrics UI] Drop partial buckets from ALL Metrics UI queries #104784
Conversation
- Change offset calculation to millisecond percission - Change dropLastBucket to dropPartialBuckets - Impliment partial bucket filter - Adding partial bucket filter to metric threshold alerts
simianhacker
added
release_note:fix
Feature:Metrics UI
|
jenkins, test this (had to abort for Jenkins upgrade) |
…offset-ms-percission-trin-buckets
…offset-ms-percission-trin-buckets
|
Pinging @elastic/logs-metrics-ui (Team:logs-metrics-ui) |
…offset-ms-percission-trin-buckets
There was a problem hiding this comment.
I took a first quick look, I have some small questions, but I think I need a better understanding of the problem we are trying to solve.
I don't really understand how this scenario can be possible. Shouldn't the query limit the documents that are returned? If in the query I filter documents "lt": "2021-07-07T19:37:00.000Z" it seems to me really unintuitive that are returned documents >=2021-07-07T19:37:00.000Z.
Also, from what I understood reviewing the PR, this could be a problem of precision, would it work if, instead of putting the upper limit to 2021-07-07T19:37:00.000Z, we put something like 2021-07-07T19:36:59.999Z?
This came to my mind looking at the example you put in the linked issue. In that case, we get an extra bucket with documents >=2021-07-07T19:37:00.000Z to <=2021-07-07T19:38:00.000Z, because documents like 2021-07-07T19:37:xx.xxxZ goes to this extra bucket. Since we get rid of this data, setting a slightly lower limit, shouldn't return any 2021-07-07T19:37:xx.xxxZ documents. Does this make any sense? I could be missing a million things here 😅
x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/evaluate_alert.ts
Show resolved
Hide resolved
x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/evaluate_alert.ts
Show resolved
Hide resolved
| undefined, | ||
| timerange | ||
| ); | ||
| test('by rounding timestamps to the nearest timeUnit', () => { |
There was a problem hiding this comment.
Not sure if this was removed on purpose. If it's on purpose I think the describe that contains it, can also be removed as there is no other test.
There was a problem hiding this comment.
Whoops... good catch on the describe. This part of the function was moved up a level.
|
@estermv Good questions, I'm not sure changing the time range will help. Here is my attempt at distilling what's happening and what this change is trying to mitigate. When This produces this response: If the The same thing happens on the other end, the last bucket's starting timestamp is This PR changes the resolution of the offset to For most scenarios, the changing the |
| const from = params?.body.query.bool.filter[0]?.range['@timestamp'].gte; | ||
| if (params.index === 'alternatebeat-*') return mocks.changedSourceIdResponse(from); |
There was a problem hiding this comment.
Just commenting here, as I think this is totally unrelated to the PR. I would like to understand the reason why we have this logic here (the whole implementation of the mock). This is a place for potential bugs and makes it hard to understand what each test is testing.
There was a problem hiding this comment.
LGTM 🚀
@simianhacker thanks for the detailed explanation, it helped a lot 🙌
The only thing I notice is that in the alerts preview charts we display one less column but I don't expect anyone to count them 😅
Please, don't forget to remove the describe mentioned here https://github.com/elastic/kibana/pull/104784/files#r670377393 before merging it!
…offset-ms-percission-trin-buckets
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: |
…c#104784) * [Metrics UI] Change dropLastBucket to dropPartialBuckets - Change offset calculation to millisecond percission - Change dropLastBucket to dropPartialBuckets - Impliment partial bucket filter - Adding partial bucket filter to metric threshold alerts * Cleaning up getElasticsearchMetricQuery * Change timestamp to from_as_string to align to how date_histgram works * Fixing tests to be more realistic * fixing types; removing extra imports * Fixing new mock data to work with previews * Removing value checks since they don't really provide much value * Removing test for refactored functinality * Change value to match millisecond resolution * Fixing values for new partial bucket scheme * removing unused var * Fixing lookback since drops more than last buckets * Changing results count * fixing more tests * Removing empty describe Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
… (#106153) * [Metrics UI] Change dropLastBucket to dropPartialBuckets - Change offset calculation to millisecond percission - Change dropLastBucket to dropPartialBuckets - Impliment partial bucket filter - Adding partial bucket filter to metric threshold alerts * Cleaning up getElasticsearchMetricQuery * Change timestamp to from_as_string to align to how date_histgram works * Fixing tests to be more realistic * fixing types; removing extra imports * Fixing new mock data to work with previews * Removing value checks since they don't really provide much value * Removing test for refactored functinality * Change value to match millisecond resolution * Fixing values for new partial bucket scheme * removing unused var * Fixing lookback since drops more than last buckets * Changing results count * fixing more tests * Removing empty describe Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
…y-show-migrate-to-authzd-users * 'master' of github.com:elastic/kibana: (187 commits) Space management page UX improvements (elastic#100448) [Reporting] Unskip flaky test when downloading CSV with "no data" (elastic#105252) Update dependency @elastic/charts to v33 (master) (elastic#105633) [Observability RAC] Improve alerts table columns (elastic#105446) Introduce `preboot` lifecycle stage (elastic#103636) [Security Solution] Invalid kql query timeline refresh bug (elastic#105525) skip flaky suite (elastic#106121) [Security Solution][Endpoint] Fix UI inconsistency between isolation forms and remove display of Pending isolation statuses (elastic#106118) docs: APM RUM Source map API (elastic#105332) [CTI] Adds indicator match rule improvements (elastic#97310) [Security Solution] update text for Isolation action submissions (elastic#105956) EP Meta Telemetry Perf (elastic#104396) [Metrics UI] Drop partial buckets from ALL Metrics UI queries (elastic#104784) Remove beta admonitions for Fleet docs (elastic#106010) [Observability RAC] Remove indexing of rule evaluation documents (elastic#104970) Parameterize migration test for kibana version (elastic#105417) [Alerting] Allow rule to execute if the value is 0 and that mets the condition (elastic#105626) [ML] Fix Index data visualizer sometimes shows wrong doc count for saved searches (elastic#106007) [Security Solution] UX fixes for Policy page and Case Host Isolation comment (elastic#106027) [Security Solution]Memory protection configuration card for policies integration. (elastic#101365) ... # Conflicts: # x-pack/plugins/reporting/public/management/report_listing.test.tsx # x-pack/plugins/reporting/public/management/report_listing.tsx
…ations inside of metrics threshold alerts (#106947) (#107167) * [Metrics UI] Correct inaccurate offsetting for non-rate aggregations inside of metrics threshold alerts (#106947) * Don't skip last bucket for most aggs * Allow alerting on partial buckets for certain aggs * Fix test, PR feedback, and some comments * Remove all offset logic for date_range aggs * Remove code comment * Add delivery delay * Fix the date range for query * Add TODO * Port over changes from PR on master #104784 * Add missing change
…c#104784) * [Metrics UI] Change dropLastBucket to dropPartialBuckets - Change offset calculation to millisecond percission - Change dropLastBucket to dropPartialBuckets - Impliment partial bucket filter - Adding partial bucket filter to metric threshold alerts * Cleaning up getElasticsearchMetricQuery * Change timestamp to from_as_string to align to how date_histgram works * Fixing tests to be more realistic * fixing types; removing extra imports * Fixing new mock data to work with previews * Removing value checks since they don't really provide much value * Removing test for refactored functinality * Change value to match millisecond resolution * Fixing values for new partial bucket scheme * removing unused var * Fixing lookback since drops more than last buckets * Changing results count * fixing more tests * Removing empty describe Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> # Conflicts: # x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.ts
…104784) (#107838) * [Metrics UI] Drop partial buckets from ALL Metrics UI queries (#104784) * [Metrics UI] Change dropLastBucket to dropPartialBuckets - Change offset calculation to millisecond percission - Change dropLastBucket to dropPartialBuckets - Impliment partial bucket filter - Adding partial bucket filter to metric threshold alerts * Cleaning up getElasticsearchMetricQuery * Change timestamp to from_as_string to align to how date_histgram works * Fixing tests to be more realistic * fixing types; removing extra imports * Fixing new mock data to work with previews * Removing value checks since they don't really provide much value * Removing test for refactored functinality * Change value to match millisecond resolution * Fixing values for new partial bucket scheme * removing unused var * Fixing lookback since drops more than last buckets * Changing results count * fixing more tests * Removing empty describe Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> # Conflicts: # x-pack/plugins/infra/server/lib/alerting/metric_threshold/lib/metric_query.ts * Fix bad merge Co-authored-by: Chris Cowan <chris@chriscowan.us>
Summary
This PR fixes #104699 by adding functions to drop partial buckets, including "micro buckets". This PR also changes the resolution of the histogram offset from seconds to milliseconds; in turn this will further eliminate the possibility of "micro buckets".
Checklist