[Task Manager] Evenly distribute bulk-enabled alerting rules #172742
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Zacqary
added
Team:ResponseOps
🤖 GitHub commentsExpand to view the GitHub comments
Just comment with:
|
|
Pinging @elastic/response-ops (Team:ResponseOps) |
💛 Build succeeded, but was flaky
Failed CI Steps
Test Failures
Metrics [docs]
History
To update your PR or re-run it, just comment with: |
|
I learned a few things as I started reviewing this PR, we'll need to address these before we benefit from this change:
Happy to brainstorm if needed. cc @kobelb |
|
@mikecote Should we merge this PR but change the definition of done on the issue? I feel like this change is at least part of the solution. |
Yes we can continue with this PR as part of the solution. I'll continue my review in it's current state but I think we'll need to hold off closing the #171980 issue until we fix the last two bullet points that I mentioned earlier, and we'll need to ask or work with Security Solution to move to use our bulk enable API. cc @XavierM I think the main goal @kobelb wants solved is when enabling > 1,000 security solution rules that we don't make the K8s autoscaler go crazy. I think it would need the bullet points I mentioned earlier to be solved. |
mikecote
approved these changes
Dec 20, 2023
ersin-erdal
added a commit
that referenced
this pull request
Jan 17, 2024
resolves: #171980 This is a follow-on issue of: #172742 Above issue randomises `runAt` of the bulk enabled rules. And creates new tasks (by using `scheduleTask` for each one of them) if they don't have any. But, as we create the tasks already enabled `bulkEnable` method of the TM skips them. This PR replaces scheduleTask with bulkSchedule and creates task as disabled, so `bulkEnable` can pick them up. ## To verify: Add Security Solutions' [prebuilt detection rules](http://localhost:5601/app/security/rules/management?sourcerer=(default:(id:security-solution-default,selectedPatterns:!()))&timeline=(activeTab:query,graphEventId:%27%27,isOpen:!f)) and bulk enable them after installing all.
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this pull request
Feb 15, 2024
resolves: elastic#171980 This is a follow-on issue of: elastic#172742 Above issue randomises `runAt` of the bulk enabled rules. And creates new tasks (by using `scheduleTask` for each one of them) if they don't have any. But, as we create the tasks already enabled `bulkEnable` method of the TM skips them. This PR replaces scheduleTask with bulkSchedule and creates task as disabled, so `bulkEnable` can pick them up. ## To verify: Add Security Solutions' [prebuilt detection rules](http://localhost:5601/app/security/rules/management?sourcerer=(default:(id:security-solution-default,selectedPatterns:!()))&timeline=(activeTab:query,graphEventId:%27%27,isOpen:!f)) and bulk enable them after installing all.
CoenWarmer
pushed a commit
to CoenWarmer/kibana
that referenced
this pull request
Feb 15, 2024
resolves: elastic#171980 This is a follow-on issue of: elastic#172742 Above issue randomises `runAt` of the bulk enabled rules. And creates new tasks (by using `scheduleTask` for each one of them) if they don't have any. But, as we create the tasks already enabled `bulkEnable` method of the TM skips them. This PR replaces scheduleTask with bulkSchedule and creates task as disabled, so `bulkEnable` can pick them up. ## To verify: Add Security Solutions' [prebuilt detection rules](http://localhost:5601/app/security/rules/management?sourcerer=(default:(id:security-solution-default,selectedPatterns:!()))&timeline=(activeTab:query,graphEventId:%27%27,isOpen:!f)) and bulk enable them after installing all.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
ClosesPart of #171980When
bulkEnableing more than 1 task, adds a random delay to each subsequent task'srunAtandscheduledAtto more evenly distribute their execution times. This offset is a maximum of 5 minutes, or the task's interval, whichever is shorter.As per Slack discussion with @mikecote, this is a random distribution of execution times instead of a predictable, algorithmic offset. We believe that a random distribution will do a better job of avoiding spikes than anything more directed.
Checklist