[Endpoint] Sample data generator CLI script #59952
Conversation
marshallmain
added
release_note:skip
|
|
||
| async function main() { | ||
| const argv = yargs.help().options({ | ||
| seed: { |
| public randomizeIPs() { | ||
| // This function will create new values for all the host fields, so documents from a different endpoint can be created | ||
| // This provides a convenient way to make documents from multiple endpoints that are all tied to a single seed value | ||
| public randomizeHostData() { |
There was a problem hiding this comment.
We could probably have the constructor call this function so the calls aren't duplicated.
There was a problem hiding this comment.
Good idea. The compiler complained that the class variables weren't definitely assigned when I called it as it was so I pulled the fields into a new structure. It's now returned by the private function below and assigned in this function and the constructor.
|
Pinging @elastic/endpoint-app-team (Feature:Endpoint) |
|
Pinging @elastic/endpoint-response (Team:Endpoint Response) |
marshallmain
force-pushed
the
generator-cli
branch
from
85dff7b
to
1170303
Compare
|
can you add some Docs citing how to use this with a basic example please? |
| ); | ||
| const body = resolverDocs | ||
| .map(doc => [{ index: { _index: argv.eventIndex } }, doc]) | ||
| .reduce((array, value) => (array.push(...value), array), []); |
There was a problem hiding this comment.
I think you could get rid of map() here if you did:
resolverDocs.reduce((array, doc) => (array.push({ index: { _index: argv.eventIndex } }, doc), array), []);
| @@ -0,0 +1,8 @@ | |||
| { | |||
There was a problem hiding this comment.
I would prefer if we renamed this configuration file so that it's not picked up automatically by IDEs as the configuration for the whole endpoint app code base. You could rename it to something like cli_tsconfig.json and then point ts-node to use it like:
ts-node --project cli_tsconfig.json scripts/resolver_generator.ts
|
@marshallmain I agree with @EricDavisX's comment. Could you please add a |
marshallmain
force-pushed
the
generator-cli
branch
from
c3879ce
to
84940c7
Compare
|
@elasticmachine merge upstream |
| --numEndpoints, --ne number of different endpoints to generate alerts | ||
| for [number] [default: 1] | ||
| --alertsPerEndpoint, --ape number of resolver trees to make for each endpoint | ||
| [number] [default: 1]``` |
There was a problem hiding this comment.
You have a markdown formatting issue here. The ``` appears in the readme.
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
* master: (30 commits) [TSVB] fix text color when using custom background color (elastic#60261) Fix import to timefilter from in TSVB (elastic#60296) [NP] Get rid of usage redirectWhenMissing service (elastic#59777) [SIEM] Fix Timeline footer styling (elastic#59587) [ML] Fixes to error handling for analytics jobs and file data viz (elastic#60249) Give better stack traces for Unhandled Promise Rejection warnings (elastic#60235) resolves elastic#58905 (elastic#60120) Added variables button for text fields in Pagerduty component. (elastic#60189) adds test that action vars are rendered for alert action parms (elastic#60310) Closes 59786 by removing the update toast (elastic#60172) [EPM] Packages list tabs (elastic#60167) Added message variables button for Webhook body form field (elastic#60174) Revert "adds new test (elastic#60064)" [Maps] move MapSavedObject type out of telemetry (elastic#60127) [Reporting] Fix error handling for job handler in route (elastic#60161) [Endpoint] TEST: verify alerts page header says 'Alerts' (elastic#60206) EMT-248: implement ack resource to accept event payload to acknowledge agent actions (elastic#60218) Migrate dual validated range (elastic#59689) Embeddable triggers (elastic#58440) [Endpoint] Sample data generator CLI script (elastic#59952) ...
* start on cli * make it work * cleanup * remove failed attempt code * update package and tsconfig * remove empty file * generate resolver events from multiple endpoints * re-add child randomization * align index names with real plugin * remove duplication * better naming * add temporary mapping to sample data generator * error handling, move tsconfig * add readme * Update README.md * move mapping from common to scripts * make delete index option * remove unnecessary map call * fix import style Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
* start on cli * make it work * cleanup * remove failed attempt code * update package and tsconfig * remove empty file * generate resolver events from multiple endpoints * re-add child randomization * align index names with real plugin * remove duplication * better naming * add temporary mapping to sample data generator * error handling, move tsconfig * add readme * Update README.md * move mapping from common to scripts * make delete index option * remove unnecessary map call * fix import style Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com> Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
Summary
Extends the work in #58936 and provides a configurable script that should generate everything necessary for a resolver tree (endpoint metadata document, process events with correlated entity_ids, an alert document, and related events for some of the process events).
The script takes a number of configuration options, including the
--numEndpointsand--alertsPerEndpointoptions which allow you to create a number of resolver trees at the same time.Checklist
Delete any items that are not applicable to this PR.
For maintainers