Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ML] Anomaly detection rule lookback interval improvements #97370

Merged
merged 21 commits into from Apr 20, 2021
Merged

[ML] Anomaly detection rule lookback interval improvements #97370

merged 21 commits into from Apr 20, 2021

Conversation

darnautov
Copy link
Contributor

@darnautov darnautov commented Apr 16, 2021
edited

Summary

Part of #96381

This PR Improves the lookback interval logic. Instead of a plain time range query for 2x bucket spans the rule executor performs the following:

  • Use a lookback interval provided by the user or compute it by the formula max(2m, 2 * bucket_span) + query_delay + 1s
  • Apply date_histogram aggregation with a fixed interval of the bucket span length and descending order
  • Utilize pipeline max aggregation to retrieve the maximum anomaly score within each bucket of time
  • Truncate buckets based on the number of latest buckets to check. It can be user-defined or 1 by default for bucket spans bigger than 1 minute, or 60/bucket_span_in_sec for buckets smaller than 1 minute.
  • Obtain the most anomalous bucket from the list of requested buckets and create an alert

As mentioned above, it's possible to override the lookback interval and the number of buckets params by the user in the rule flyout. The warning callout pops up in case the rule check interval is higher than the lookback interval.
image

Checklist

@darnautov darnautov requested a review from a team as a code owner April 16, 2021 12:23
@darnautov darnautov self-assigned this Apr 16, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/ml-ui (:ml)

szabosteve
szabosteve reviewed Apr 19, 2021
View reviewed changes
Copy link
Contributor

@szabosteve szabosteve left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I left two minor suggestions.

x-pack/plugins/ml/public/alerting/advanced_settings.tsx Outdated Show resolved Hide resolved
x-pack/plugins/ml/public/alerting/config_validator.tsx Outdated Show resolved Hide resolved
darnautov
darnautov commented Apr 19, 2021
View reviewed changes
x-pack/plugins/ml/server/lib/alerts/alerting_service.ts
Comment on lines -344 to +362
Math.round(
resolveBucketSpanInSeconds(jobsResponse.map((v) => v.analysis_config.bucket_span)) * 2
),
Math.round(maxBucket * 2),
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please ignore these changes. Rule executor now utilized fetchResult function.

szabosteve
szabosteve approved these changes Apr 19, 2021
View reviewed changes
Copy link
Contributor

@szabosteve szabosteve left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

UI text LGTM! Thanks! 👍

@darnautov darnautov mentioned this pull request Apr 19, 2021
Closed
14 tasks
jgowdyelastic
jgowdyelastic approved these changes Apr 19, 2021
View reviewed changes
Copy link
Member

@jgowdyelastic jgowdyelastic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

x-pack/plugins/ml/server/models/job_service/datafeeds.ts
) {
return datafeedsResults[0];
if (Array.isArray(datafeedsResults)) {
const result = datafeedsResults.filter((d) => jobIds.includes(d.job_id));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line could be moved down a few lines so result is only created just before being used.

droberts195
droberts195 approved these changes Apr 19, 2021
View reviewed changes
Copy link
Contributor

@droberts195 droberts195 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

I am not qualified to review the details of the TypeScript code, but the high level approach looks like what was agreed. 👍

@darnautov darnautov requested a review from pheyos April 19, 2021 12:51
peteharverson
peteharverson approved these changes Apr 20, 2021
View reviewed changes
Copy link
Contributor

@peteharverson peteharverson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested and LGTM

pheyos
pheyos reviewed Apr 20, 2021
View reviewed changes
Copy link
Member

@pheyos pheyos left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few suggestions for the functional tests.
Also, I've noticed that the created alerts are not cleaned up after the test. Would be good to create a service method for it and add that to the after method of the suite.

x-pack/test/functional/services/ml/alerting.ts Show resolved Hide resolved
x-pack/test/functional/services/ml/alerting.ts Show resolved Hide resolved
x-pack/test/functional/services/ml/alerting.ts Show resolved Hide resolved
@darnautov
Copy link
Contributor Author

thanks for the feedback @pheyos! as we discussed, I'm going to address your comments in a follow-up PR

@darnautov darnautov added the auto-backport Deprecated: Automatically backport this PR after it's merged label Apr 20, 2021
@darnautov darnautov merged commit 20b585d into elastic:master Apr 20, 2021
@darnautov darnautov deleted the ML-alerting-enhancements branch April 20, 2021 08:53
@kibanamachine kibanamachine mentioned this pull request Apr 20, 2021
Merged
kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Apr 20, 2021
@darnautov @kibanamachine
[ML] Anomaly detection rule lookback interval improvements (elastic#9…
5843601 
…7370)

* [ML] add advanced settings

* [ML] default advanced settings

* [ML] advanced settings validators

* [ML] range control for top n buckets

* [ML] execute rule with a new query for most recent anomalies

* [ML] find most anomalous bucket from the top N

* Revert "[ML] range control for top n buckets"

This reverts commit e039f25

* [ML] validate check interval against the lookback interval

* [ML] update descriptions

* [ML] fix test subjects

* [ML] update warning message

* [ML] add functional tests

* [ML] adjust unit tests, mark getLookbackInterval

* [ML] update lookback interval description and warning message

* [ML] update fetchResult tsDoc

* [ML] cleanup

* [ML] fix imports to reduce bundle size

* [ML] round up lookback interval

* [ML] update functional test assertion

* [ML] async import for validator
@kibanamachine
Copy link
Contributor

💚 Backport successful

Status Branch Result
7.x

This backport PR will be merged automatically after passing CI.

kibanamachine added a commit that referenced this pull request Apr 20, 2021
@kibanamachine @darnautov
[ML] Anomaly detection rule lookback interval improvements (#97370) (#…
a796024 
…97595)

* [ML] add advanced settings

* [ML] default advanced settings

* [ML] advanced settings validators

* [ML] range control for top n buckets

* [ML] execute rule with a new query for most recent anomalies

* [ML] find most anomalous bucket from the top N

* Revert "[ML] range control for top n buckets"

This reverts commit e039f25

* [ML] validate check interval against the lookback interval

* [ML] update descriptions

* [ML] fix test subjects

* [ML] update warning message

* [ML] add functional tests

* [ML] adjust unit tests, mark getLookbackInterval

* [ML] update lookback interval description and warning message

* [ML] update fetchResult tsDoc

* [ML] cleanup

* [ML] fix imports to reduce bundle size

* [ML] round up lookback interval

* [ML] update functional test assertion

* [ML] async import for validator

Co-authored-by: Dima Arnautov <dmitrii.arnautov@elastic.co>
@darnautov darnautov mentioned this pull request Apr 22, 2021
Merged
1 task
@kibanamachine
Copy link
Contributor

💛 Build succeeded, but was flaky

Test Failures

Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/lens/field_stats·ts.apis Lens index stats apis field distribution "before all" hook for "should return a 404 for missing index patterns"

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 11 times on tracked branches: https://github.com/elastic/kibana/issues/97390

[00:00:00]       │
[00:00:00]         └-: apis
[00:00:00]           └-> "before all" hook in "apis"
[00:07:19]           └-: Lens
[00:07:19]             └-> "before all" hook in "Lens"
[00:07:19]             └-: index stats apis
[00:07:19]               └-> "before all" hook in "index stats apis"
[00:07:19]               └-> "before all" hook in "index stats apis"
[00:07:19]                 │ info [logstash_functional] Loading "mappings.json"
[00:07:19]                 │ info [logstash_functional] Loading "data.json.gz"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.22"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.20"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.21"
[00:07:20]                 │ info java.lang.OutOfMemoryError: Java heap space
[00:07:20]                 │      Dumping heap to data/java_pid131517.hprof ...
[00:07:21]                 │ info Heap dump file created [689021169 bytes in 1.265 secs]
[00:07:21]                 │ info [o.e.m.j.JvmGcMonitorService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820] [gc][466] overhead, spent [316ms] collecting in the last [1.2s]
[00:07:21]               └-: field distribution
[00:07:21]                 └-> "before all" hook for "should return a 404 for missing index patterns"
[00:07:21]                 └-> "before all" hook for "should return a 404 for missing index patterns"
[00:07:21]                   │ info [o.e.b.ElasticsearchUncaughtExceptionHandler] [kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820] fatal error in thread [elasticsearch[kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820][system_read][T#1]], exiting
[00:07:21]                   │      java.lang.OutOfMemoryError: Java heap space
[00:07:21]                   │      	at java.util.Arrays.copyOfRange(Arrays.java:3821) ~[?:?]
[00:07:21]                   │      	at java.lang.String.<init>(String.java:397) ~[?:?]
[00:07:21]                   │      	at java.util.Base64$Encoder.encodeToString(Base64.java:346) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.encodeResponse(AsyncTaskIndexService.java:462) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.updateResponse(AsyncTaskIndexService.java:205) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction.onFinalResponse(TransportSubmitAsyncSearchAction.java:178) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1.lambda$onResponse$1(TransportSubmitAsyncSearchAction.java:102) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1$$Lambda$7263/0x0000000801b95660.accept(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask.executeCompletionListeners(AsyncSearchTask.java:308) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:441) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:365) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:163) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter$$Lambda$5120/0x0000000801816f38.accept(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$RunAfterActionListener.onResponse(ActionListener.java:339) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.sendSearchResponse(AbstractSearchAsyncAction.java:657) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.ExpandSearchPhase.run(ExpandSearchPhase.java:109) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executePhase(AbstractSearchAsyncAction.java:424) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:418) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.moveToNextPhase(FetchSearchPhase.java:219) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.lambda$innerRun$1(FetchSearchPhase.java:101) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$$Lambda$6583/0x0000000801aa1450.run(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.countDown(CountedCollector.java:40) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector$$Lambda$7179/0x0000000801b9caf0.run(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.search.ArraySearchPhaseResults.consumeResult(ArraySearchPhaseResults.java:35) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.onResult(CountedCollector.java:48) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:171) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:166) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:34) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:18) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:43) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │ERROR fatal error in thread [elasticsearch[kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820][system_read][T#1]], exiting
[00:07:21]                   │      
[00:07:21]                   │ERROR java.lang.OutOfMemoryError: Java heap space
[00:07:21]                   │      	at java.base/java.util.Arrays.copyOfRange(Arrays.java:3821)
[00:07:21]                   │      	at java.base/java.lang.String.<init>(String.java:397)
[00:07:21]                   │      	at java.base/java.util.Base64$Encoder.encodeToString(Base64.java:346)
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.encodeResponse(AsyncTaskIndexService.java:462)
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.updateResponse(AsyncTaskIndexService.java:205)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction.onFinalResponse(TransportSubmitAsyncSearchAction.java:178)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1.lambda$onResponse$1(TransportSubmitAsyncSearchAction.java:102)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1$$Lambda$7263/0x0000000801b95660.accept(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask.executeCompletionListeners(AsyncSearchTask.java:308)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:441)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:365)
[00:07:21]                   │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31)
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:163)
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter$$Lambda$5120/0x0000000801816f38.accept(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217)
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$RunAfterActionListener.onResponse(ActionListener.java:339)
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.sendSearchResponse(AbstractSearchAsyncAction.java:657)
[00:07:21]                   │      	at org.elasticsearch.action.search.ExpandSearchPhase.run(ExpandSearchPhase.java:109)
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executePhase(AbstractSearchAsyncAction.java:424)
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:418)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.moveToNextPhase(FetchSearchPhase.java:219)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.lambda$innerRun$1(FetchSearchPhase.java:101)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$$Lambda$6583/0x0000000801aa1450.run(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.countDown(CountedCollector.java:40)
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector$$Lambda$7179/0x0000000801b9caf0.run(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.action.search.ArraySearchPhaseResults.consumeResult(ArraySearchPhaseResults.java:35)
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.onResult(CountedCollector.java:48)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:171)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:166)
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:34)
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:18)
[00:07:21]                   │      	at org.elasticsearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:43)
[00:07:21]                   │      
[00:07:21]                   │ info [visualize/default] Loading "mappings.json"
[00:07:21]                   │ info [visualize/default] Loading "data.json"
[00:07:22]                   └- ✖ fail: apis Lens index stats apis field distribution "before all" hook for "should return a 404 for missing index patterns"
[00:07:22]                   │      ConnectionError: socket hang up
[00:07:22]                   │       at ClientRequest.onError (/dev/shm/workspace/parallel/4/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:115:16)
[00:07:22]                   │       at Socket.socketCloseListener (_http_client.js:443:11)
[00:07:22]                   │       at TCP.<anonymous> (net.js:673:12)
[00:07:22]                   │ 
[00:07:22]                   │

Stack Trace

ConnectionError: socket hang up
    at ClientRequest.onError (/dev/shm/workspace/parallel/4/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:115:16)
    at Socket.socketCloseListener (_http_client.js:443:11)
    at TCP.<anonymous> (net.js:673:12) {
  meta: {
    body: null,
    statusCode: null,
    headers: null,
    meta: {
      context: null,
      request: [Object],
      name: 'elasticsearch-js',
      connection: [Object],
      attempts: 3,
      aborted: false
    }
  }
}
Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/lens/field_stats·ts.apis Lens index stats apis field distribution "after all" hook for "should apply filters and queries"

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 11 times on tracked branches: https://github.com/elastic/kibana/issues/97391

[00:00:00]       │
[00:00:00]         └-: apis
[00:00:00]           └-> "before all" hook in "apis"
[00:07:19]           └-: Lens
[00:07:19]             └-> "before all" hook in "Lens"
[00:07:19]             └-: index stats apis
[00:07:19]               └-> "before all" hook in "index stats apis"
[00:07:19]               └-> "before all" hook in "index stats apis"
[00:07:19]                 │ info [logstash_functional] Loading "mappings.json"
[00:07:19]                 │ info [logstash_functional] Loading "data.json.gz"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.22"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.20"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.21"
[00:07:20]                 │ info java.lang.OutOfMemoryError: Java heap space
[00:07:20]                 │      Dumping heap to data/java_pid131517.hprof ...
[00:07:21]                 │ info Heap dump file created [689021169 bytes in 1.265 secs]
[00:07:21]                 │ info [o.e.m.j.JvmGcMonitorService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820] [gc][466] overhead, spent [316ms] collecting in the last [1.2s]
[00:07:21]               └-: field distribution
[00:07:21]                 └-> "before all" hook for "should return a 404 for missing index patterns"
[00:07:21]                 └-> "before all" hook for "should return a 404 for missing index patterns"
[00:07:21]                   │ info [o.e.b.ElasticsearchUncaughtExceptionHandler] [kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820] fatal error in thread [elasticsearch[kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820][system_read][T#1]], exiting
[00:07:21]                   │      java.lang.OutOfMemoryError: Java heap space
[00:07:21]                   │      	at java.util.Arrays.copyOfRange(Arrays.java:3821) ~[?:?]
[00:07:21]                   │      	at java.lang.String.<init>(String.java:397) ~[?:?]
[00:07:21]                   │      	at java.util.Base64$Encoder.encodeToString(Base64.java:346) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.encodeResponse(AsyncTaskIndexService.java:462) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.updateResponse(AsyncTaskIndexService.java:205) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction.onFinalResponse(TransportSubmitAsyncSearchAction.java:178) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1.lambda$onResponse$1(TransportSubmitAsyncSearchAction.java:102) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1$$Lambda$7263/0x0000000801b95660.accept(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask.executeCompletionListeners(AsyncSearchTask.java:308) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:441) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:365) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:163) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter$$Lambda$5120/0x0000000801816f38.accept(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$RunAfterActionListener.onResponse(ActionListener.java:339) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.sendSearchResponse(AbstractSearchAsyncAction.java:657) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.ExpandSearchPhase.run(ExpandSearchPhase.java:109) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executePhase(AbstractSearchAsyncAction.java:424) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:418) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.moveToNextPhase(FetchSearchPhase.java:219) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.lambda$innerRun$1(FetchSearchPhase.java:101) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$$Lambda$6583/0x0000000801aa1450.run(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.countDown(CountedCollector.java:40) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector$$Lambda$7179/0x0000000801b9caf0.run(Unknown Source) ~[?:?]
[00:07:21]                   │      	at org.elasticsearch.action.search.ArraySearchPhaseResults.consumeResult(ArraySearchPhaseResults.java:35) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.onResult(CountedCollector.java:48) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:171) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:166) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:34) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:18) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │      	at org.elasticsearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:43) ~[elasticsearch-8.0.0-SNAPSHOT.jar:8.0.0-SNAPSHOT]
[00:07:21]                   │ERROR fatal error in thread [elasticsearch[kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820][system_read][T#1]], exiting
[00:07:21]                   │      
[00:07:21]                   │ERROR java.lang.OutOfMemoryError: Java heap space
[00:07:21]                   │      	at java.base/java.util.Arrays.copyOfRange(Arrays.java:3821)
[00:07:21]                   │      	at java.base/java.lang.String.<init>(String.java:397)
[00:07:21]                   │      	at java.base/java.util.Base64$Encoder.encodeToString(Base64.java:346)
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.encodeResponse(AsyncTaskIndexService.java:462)
[00:07:21]                   │      	at org.elasticsearch.xpack.core.async.AsyncTaskIndexService.updateResponse(AsyncTaskIndexService.java:205)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction.onFinalResponse(TransportSubmitAsyncSearchAction.java:178)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1.lambda$onResponse$1(TransportSubmitAsyncSearchAction.java:102)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.TransportSubmitAsyncSearchAction$1$1$$Lambda$7263/0x0000000801b95660.accept(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask.executeCompletionListeners(AsyncSearchTask.java:308)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:441)
[00:07:21]                   │      	at org.elasticsearch.xpack.search.AsyncSearchTask$Listener.onResponse(AsyncSearchTask.java:365)
[00:07:21]                   │      	at org.elasticsearch.action.support.ContextPreservingActionListener.onResponse(ContextPreservingActionListener.java:31)
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter.lambda$applyInternal$2(SecurityActionFilter.java:163)
[00:07:21]                   │      	at org.elasticsearch.xpack.security.action.filter.SecurityActionFilter$$Lambda$5120/0x0000000801816f38.accept(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$DelegatingFailureActionListener.onResponse(ActionListener.java:217)
[00:07:21]                   │      	at org.elasticsearch.action.ActionListener$RunAfterActionListener.onResponse(ActionListener.java:339)
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.sendSearchResponse(AbstractSearchAsyncAction.java:657)
[00:07:21]                   │      	at org.elasticsearch.action.search.ExpandSearchPhase.run(ExpandSearchPhase.java:109)
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executePhase(AbstractSearchAsyncAction.java:424)
[00:07:21]                   │      	at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:418)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.moveToNextPhase(FetchSearchPhase.java:219)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase.lambda$innerRun$1(FetchSearchPhase.java:101)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$$Lambda$6583/0x0000000801aa1450.run(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.countDown(CountedCollector.java:40)
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector$$Lambda$7179/0x0000000801b9caf0.run(Unknown Source)
[00:07:21]                   │      	at org.elasticsearch.action.search.ArraySearchPhaseResults.consumeResult(ArraySearchPhaseResults.java:35)
[00:07:21]                   │      	at org.elasticsearch.action.search.CountedCollector.onResult(CountedCollector.java:48)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:171)
[00:07:21]                   │      	at org.elasticsearch.action.search.FetchSearchPhase$2.innerOnResponse(FetchSearchPhase.java:166)
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:34)
[00:07:21]                   │      	at org.elasticsearch.action.search.SearchActionListener.onResponse(SearchActionListener.java:18)
[00:07:21]                   │      	at org.elasticsearch.action.ActionListenerResponseHandler.handleResponse(ActionListenerResponseHandler.java:43)
[00:07:21]                   │      
[00:07:21]                   │ info [visualize/default] Loading "mappings.json"
[00:07:21]                   │ info [visualize/default] Loading "data.json"
[00:07:22]                   └- ✖ fail: apis Lens index stats apis field distribution "before all" hook for "should return a 404 for missing index patterns"
[00:07:22]                   │      ConnectionError: socket hang up
[00:07:22]                   │       at ClientRequest.onError (/dev/shm/workspace/parallel/4/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:115:16)
[00:07:22]                   │       at Socket.socketCloseListener (_http_client.js:443:11)
[00:07:22]                   │       at TCP.<anonymous> (net.js:673:12)
[00:07:22]                   │ 
[00:07:22]                   │ 
[00:07:22]                   │ proc [kibana]   log   [23:33:00.134] [error][plugins][taskManager] Failed to poll for work: ConnectionError: connect ECONNREFUSED 127.0.0.1:6142
[00:07:22]                   └-> "after all" hook for "should apply filters and queries"
[00:07:22]                     │ info [visualize/default] Unloading indices from "mappings.json"
[00:07:22]                     └- ✖ fail: apis Lens index stats apis field distribution "after all" hook for "should apply filters and queries"
[00:07:22]                     │      ConnectionError: connect ECONNREFUSED 127.0.0.1:6142
[00:07:22]                     │       at ClientRequest.onError (/dev/shm/workspace/parallel/4/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:115:16)
[00:07:22]                     │       at Socket.socketErrorListener (_http_client.js:469:9)
[00:07:22]                     │       at emitErrorNT (internal/streams/destroy.js:106:8)
[00:07:22]                     │       at emitErrorCloseNT (internal/streams/destroy.js:74:3)
[00:07:22]                     │       at processTicksAndRejections (internal/process/task_queues.js:80:21)
[00:07:22]                     │ 
[00:07:22]                     │

Stack Trace

ConnectionError: connect ECONNREFUSED 127.0.0.1:6142
    at ClientRequest.onError (/dev/shm/workspace/parallel/4/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:115:16)
    at Socket.socketErrorListener (_http_client.js:469:9)
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  meta: {
    body: null,
    statusCode: null,
    headers: null,
    meta: {
      context: null,
      request: [Object],
      name: 'elasticsearch-js',
      connection: [Object],
      attempts: 3,
      aborted: false
    }
  }
}
Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/lens/field_stats·ts.apis Lens index stats apis "after all" hook in "index stats apis"

Link to Jenkins

Standard Out

Failed Tests Reporter:
  - Test has failed 13 times on tracked branches: https://github.com/elastic/kibana/issues/97392

[00:00:00]       │
[00:00:00]         └-: apis
[00:00:00]           └-> "before all" hook in "apis"
[00:07:19]           └-: Lens
[00:07:19]             └-> "before all" hook in "Lens"
[00:07:19]             └-: index stats apis
[00:07:19]               └-> "before all" hook in "index stats apis"
[00:07:19]               └-> "before all" hook in "index stats apis"
[00:07:19]                 │ info [logstash_functional] Loading "mappings.json"
[00:07:19]                 │ info [logstash_functional] Loading "data.json.gz"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.22"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.20"
[00:07:19]                 │ info [logstash_functional] Skipped restore for existing index "logstash-2015.09.21"
[00:07:20]                 │ info java.lang.OutOfMemoryError: Java heap space
[00:07:20]                 │      Dumping heap to data/java_pid131517.hprof ...
[00:07:21]                 │ info Heap dump file created [689021169 bytes in 1.265 secs]
[00:07:21]                 │ info [o.e.m.j.JvmGcMonitorService] [kibana-ci-immutable-ubuntu-16-tests-xxl-1619562739502638820] [gc][466] overhead, spent [316ms] collecting in the last [1.2s]
[00:07:22]                   └-> "after all" hook in "index stats apis"
[00:07:22]                     │ info [logstash_functional] Unloading indices from "mappings.json"
[00:07:22]                     └- ✖ fail: apis Lens index stats apis "after all" hook in "index stats apis"
[00:07:22]                     │      ConnectionError: connect ECONNREFUSED 127.0.0.1:6142
[00:07:22]                     │       at ClientRequest.onError (/dev/shm/workspace/parallel/4/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:115:16)
[00:07:22]                     │       at Socket.socketErrorListener (_http_client.js:469:9)
[00:07:22]                     │       at emitErrorNT (internal/streams/destroy.js:106:8)
[00:07:22]                     │       at emitErrorCloseNT (internal/streams/destroy.js:74:3)
[00:07:22]                     │       at processTicksAndRejections (internal/process/task_queues.js:80:21)
[00:07:22]                     │ 
[00:07:22]                     │

Stack Trace

ConnectionError: connect ECONNREFUSED 127.0.0.1:6142
    at ClientRequest.onError (/dev/shm/workspace/parallel/4/kibana/node_modules/@elastic/elasticsearch/lib/Connection.js:115:16)
    at Socket.socketErrorListener (_http_client.js:469:9)
    at emitErrorNT (internal/streams/destroy.js:106:8)
    at emitErrorCloseNT (internal/streams/destroy.js:74:3)
    at processTicksAndRejections (internal/process/task_queues.js:80:21) {
  meta: {
    body: null,
    statusCode: null,
    headers: null,
    meta: {
      context: null,
      request: [Object],
      name: 'elasticsearch-js',
      connection: [Object],
      attempts: 3,
      aborted: false
    }
  }
}

Metrics [docs]

Module Count

Fewer modules leads to a faster build time

id before after diff
ml 1792 1796 +4

Async chunks

Total size of all lazy-loaded chunks that will be downloaded as the user navigates the app

id before after diff
ml 6.0MB 6.0MB +7.4KB

Page load bundle

Size of the bundles that are downloaded on every page load. Target size is below 100kb

id before after diff
ml 67.2KB 68.8KB +1.6KB
Unknown metric groups

async chunk count

id before after diff
ml 23 24 +1

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @darnautov

@peteharverson peteharverson added release_note:feature Makes this part of the condensed release notes and removed release_note:enhancement labels May 4, 2021
madirey pushed a commit to madirey/kibana that referenced this pull request May 11, 2021
@darnautov @madirey
[ML] Anomaly detection rule lookback interval improvements (elastic#9…
4c7c2f8 
…7370)

* [ML] add advanced settings

* [ML] default advanced settings

* [ML] advanced settings validators

* [ML] range control for top n buckets

* [ML] execute rule with a new query for most recent anomalies

* [ML] find most anomalous bucket from the top N

* Revert "[ML] range control for top n buckets"

This reverts commit e039f25

* [ML] validate check interval against the lookback interval

* [ML] update descriptions

* [ML] fix test subjects

* [ML] update warning message

* [ML] add functional tests

* [ML] adjust unit tests, mark getLookbackInterval

* [ML] update lookback interval description and warning message

* [ML] update fetchResult tsDoc

* [ML] cleanup

* [ML] fix imports to reduce bundle size

* [ML] round up lookback interval

* [ML] update functional test assertion

* [ML] async import for validator
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pheyos pheyos pheyos left review comments

@peteharverson peteharverson peteharverson approved these changes

@droberts195 droberts195 droberts195 approved these changes

@jgowdyelastic jgowdyelastic jgowdyelastic approved these changes

@szabosteve szabosteve szabosteve approved these changes

Assignees

@darnautov darnautov

Labels
auto-backport Deprecated: Automatically backport this PR after it's merged Feature:Alerting :ml release_note:feature Makes this part of the condensed release notes v7.13.0 v8.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
8 participants
@darnautov @elasticmachine @kibanamachine @pheyos @peteharverson @droberts195 @jgowdyelastic @szabosteve