Do not allow APM UI to query frozen tier #190559
Assignees
Labels
apm
bug
Fixes for quality problems that affect the customer experience
sdh-linked
Team:obs-ux-infra_services
Observability Infrastructure & Services User Experience Team
Comments
smith
added
bug
|
Pinging @elastic/obs-ux-infra_services-team (Team:obs-ux-infra_services) |
smith
added
the
needs-refinement
|
It is worth mentioning it might be interesting to discuss this with Security Solutions. Also, we need to think about alerting. We need to make sure the UI and Alerting are coherent with the setting. |
|
@lucabelluccini , security solution has already something for this:
The plan is to use the setting everywhere we run queries in APM, Infra and make it available to the rest of obs solutions |
|
Hello @crespocarlos feel free to reach me out privately for details, but you'll see a linked private real situation linked to this public issue. |
|
@smith @lucabelluccini I've spoken with Security Solution folks and we agreed to create a Kibana-wide setting. They've also experienced the same problem (CPU spikes and cold/frozen being hit when not desired) in the past :#186908. This setting could also benefit @elastic/stack-monitoring, as it has recently had SDH issues caused by queries hitting the frozen tier. |
Absolutely, this coming up in a few different places around Stack Monitoring, most notably this one where we are thinking of doing something similar, but only for a specific set of |
crespocarlos
removed
the
needs-refinement
This was referenced Sep 9, 2024
|
I had a chat with @elastic/kibana-data-discovery, and they advised against implementing a Kibana-wide setting. One concern is the potential for confusion. For example:
Basically, exclusions should be analyzed case by case. @elastic/kibana-data-discovery will continue discussing a unified approach, but for now, we'll proceed with an O11y-specific setting. |
crespocarlos
added a commit
that referenced
this issue
Sep 16, 2024
…ata tiers from queries (#192570) part of [#190559](#190559) ## Summary This PR introduces a new `Advanced Settings` under `Observabilty` to provide a way of configuring the exclusion of indices in the `data_cold` and/or `data_frozen` tiers from queries. The change will help to address issues encountered in O11y, most specifically in APM, and could also affect Infra and other features, with unbounded queries targeting the frozen tier. ### For reviewers This PR replaces #192276 --------- Co-authored-by: Elastic Machine <[email protected]>
smith
pushed a commit
that referenced
this issue
Sep 23, 2024
closes [#190559](#190559) ## Summary This PR updates the ES clients in APM to respect the excluded tier configuration. When this config is set, the ES clients will automatically add a filter to exclude the specified tiers from queries. <img width="600" alt="image" src="https://github.com/user-attachments/assets/9b0de76d-242c-4343-bc30-d5c787316f59"> All queries in APM should have the `_tier` filter (via `get_apm_events_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/c525602f-f239-4be8-99c4-65d617962656"> This change also affects alerting (via `alerting_es_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/750df4d7-5b49-4de5-9294-7afedf11d7e5"> And it impacts the alerts column (via `get_apm_alert_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/44bd9129-1e72-4a3a-af32-d42a9cd9164d"> ### What won't automatically add a filter for `_tier` - Embeddables - ML queries ### How to test - Set the config in Advanced Settings to exclude `data_frozen` and `data_cold` (optional) - Navigate to APM and check the query `Inspect` to see if the filter is present. - Click through APM to confirm things still work. - Create one of each type of APM alerts - Without the config set, queries should not include the `_tier` filter` --------- Co-authored-by: Elastic Machine <[email protected]>
crespocarlos
added a commit
to crespocarlos/kibana
that referenced
this issue
Sep 23, 2024
…ata tiers from queries (elastic#192570) part of [elastic#190559](elastic#190559) ## Summary This PR introduces a new `Advanced Settings` under `Observabilty` to provide a way of configuring the exclusion of indices in the `data_cold` and/or `data_frozen` tiers from queries. The change will help to address issues encountered in O11y, most specifically in APM, and could also affect Infra and other features, with unbounded queries targeting the frozen tier. ### For reviewers This PR replaces elastic#192276 --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit f029f80)
crespocarlos
added a commit
that referenced
this issue
Sep 24, 2024
…ding data tiers from queries (#192570) (#193784) # Backport This will backport the following commits from `main` to `8.x`: - [[Observability] Create observability-specific setting for excluding data tiers from queries (#192570)](#192570) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Carlos Crespo","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-16T14:58:13Z","message":"[Observability] Create observability-specific setting for excluding data tiers from queries (#192570)\n\npart of [#190559](https://github.com/elastic/kibana/issues/190559)\r\n\r\n## Summary\r\n\r\nThis PR introduces a new `Advanced Settings` under `Observabilty` to\r\nprovide a way of configuring the exclusion of indices in the `data_cold`\r\nand/or `data_frozen` tiers from queries.\r\n\r\nThe change will help to address issues encountered in O11y, most\r\nspecifically in APM, and could also affect Infra and other features,\r\nwith unbounded queries targeting the frozen tier.\r\n\r\n### For reviewers\r\n\r\nThis PR replaces https://github.com/elastic/kibana/pull/192276\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f029f8086a6731b5f435775c915d46e110a34658","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","backport:skip","v9.0.0","ci:project-deploy-observability","Team:obs-ux-infra_services","Team:obs-ux-management"],"number":192570,"url":"https://github.com/elastic/kibana/pull/192570","mergeCommit":{"message":"[Observability] Create observability-specific setting for excluding data tiers from queries (#192570)\n\npart of [#190559](https://github.com/elastic/kibana/issues/190559)\r\n\r\n## Summary\r\n\r\nThis PR introduces a new `Advanced Settings` under `Observabilty` to\r\nprovide a way of configuring the exclusion of indices in the `data_cold`\r\nand/or `data_frozen` tiers from queries.\r\n\r\nThe change will help to address issues encountered in O11y, most\r\nspecifically in APM, and could also affect Infra and other features,\r\nwith unbounded queries targeting the frozen tier.\r\n\r\n### For reviewers\r\n\r\nThis PR replaces https://github.com/elastic/kibana/pull/192276\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f029f8086a6731b5f435775c915d46e110a34658"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192570","number":192570,"mergeCommit":{"message":"[Observability] Create observability-specific setting for excluding data tiers from queries (#192570)\n\npart of [#190559](https://github.com/elastic/kibana/issues/190559)\r\n\r\n## Summary\r\n\r\nThis PR introduces a new `Advanced Settings` under `Observabilty` to\r\nprovide a way of configuring the exclusion of indices in the `data_cold`\r\nand/or `data_frozen` tiers from queries.\r\n\r\nThe change will help to address issues encountered in O11y, most\r\nspecifically in APM, and could also affect Infra and other features,\r\nwith unbounded queries targeting the frozen tier.\r\n\r\n### For reviewers\r\n\r\nThis PR replaces https://github.com/elastic/kibana/pull/192276\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"f029f8086a6731b5f435775c915d46e110a34658"}}]}] BACKPORT-->
cauemarcondes
pushed a commit
to cauemarcondes/kibana
that referenced
this issue
Sep 24, 2024
closes [elastic#190559](elastic#190559) ## Summary This PR updates the ES clients in APM to respect the excluded tier configuration. When this config is set, the ES clients will automatically add a filter to exclude the specified tiers from queries. <img width="600" alt="image" src="https://github.com/user-attachments/assets/9b0de76d-242c-4343-bc30-d5c787316f59"> All queries in APM should have the `_tier` filter (via `get_apm_events_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/c525602f-f239-4be8-99c4-65d617962656"> This change also affects alerting (via `alerting_es_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/750df4d7-5b49-4de5-9294-7afedf11d7e5"> And it impacts the alerts column (via `get_apm_alert_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/44bd9129-1e72-4a3a-af32-d42a9cd9164d"> ### What won't automatically add a filter for `_tier` - Embeddables - ML queries ### How to test - Set the config in Advanced Settings to exclude `data_frozen` and `data_cold` (optional) - Navigate to APM and check the query `Inspect` to see if the filter is present. - Click through APM to confirm things still work. - Create one of each type of APM alerts - Without the config set, queries should not include the `_tier` filter` --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit ee5ef81)
cauemarcondes
pushed a commit
to cauemarcondes/kibana
that referenced
this issue
Sep 24, 2024
closes [elastic#190559](elastic#190559) ## Summary This PR updates the ES clients in APM to respect the excluded tier configuration. When this config is set, the ES clients will automatically add a filter to exclude the specified tiers from queries. <img width="600" alt="image" src="https://github.com/user-attachments/assets/9b0de76d-242c-4343-bc30-d5c787316f59"> All queries in APM should have the `_tier` filter (via `get_apm_events_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/c525602f-f239-4be8-99c4-65d617962656"> This change also affects alerting (via `alerting_es_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/750df4d7-5b49-4de5-9294-7afedf11d7e5"> And it impacts the alerts column (via `get_apm_alert_client`) <img width="600" alt="image" src="https://github.com/user-attachments/assets/44bd9129-1e72-4a3a-af32-d42a9cd9164d"> ### What won't automatically add a filter for `_tier` - Embeddables - ML queries ### How to test - Set the config in Advanced Settings to exclude `data_frozen` and `data_cold` (optional) - Navigate to APM and check the query `Inspect` to see if the filter is present. - Click through APM to confirm things still work. - Create one of each type of APM alerts - Without the config set, queries should not include the `_tier` filter` --------- Co-authored-by: Elastic Machine <[email protected]> (cherry picked from commit ee5ef81) # Conflicts: # x-pack/packages/observability/observability_utils/es/queries/exclude_frozen_query.ts # x-pack/plugins/cloud_integrations/cloud_experiments/public/launch_darkly_client/index.ts # x-pack/plugins/observability_solution/apm/server/lib/helpers/create_es_client/create_apm_event_client/index.test.ts # x-pack/plugins/observability_solution/apm/server/lib/helpers/get_apm_event_client.ts # x-pack/plugins/observability_solution/apm/server/lib/helpers/tier_filter.ts # x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/create_es_client/create_apm_event_client/index.ts # x-pack/plugins/observability_solution/apm_data_access/server/lib/helpers/index.ts # x-pack/plugins/observability_solution/apm_data_access/tsconfig.json # x-pack/plugins/observability_solution/observability/server/ui_settings.ts
cauemarcondes
added a commit
that referenced
this issue
Sep 24, 2024
# Backport This will backport the following commits from `main` to `8.x`: - [[APM] Use excluded data tiers setting (#192373)](#192373) <!--- Backport version: 8.9.8 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Carlos Crespo","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-09-23T15:59:08Z","message":"[APM] Use excluded data tiers setting (#192373)\n\ncloses [#190559](https://github.com/elastic/kibana/issues/190559)\r\n\r\n## Summary\r\n\r\nThis PR updates the ES clients in APM to respect the excluded tier\r\nconfiguration. When this config is set, the ES clients will\r\nautomatically add a filter to exclude the specified tiers from queries.\r\n\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/9b0de76d-242c-4343-bc30-d5c787316f59\">\r\n\r\nAll queries in APM should have the `_tier` filter (via\r\n`get_apm_events_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/c525602f-f239-4be8-99c4-65d617962656\">\r\n\r\nThis change also affects alerting (via `alerting_es_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/750df4d7-5b49-4de5-9294-7afedf11d7e5\">\r\n\r\nAnd it impacts the alerts column (via `get_apm_alert_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/44bd9129-1e72-4a3a-af32-d42a9cd9164d\">\r\n\r\n### What won't automatically add a filter for `_tier`\r\n\r\n- Embeddables\r\n- ML queries\r\n\r\n### How to test\r\n- Set the config in Advanced Settings to exclude `data_frozen` and\r\n`data_cold` (optional)\r\n- Navigate to APM and check the query `Inspect` to see if the filter is\r\npresent.\r\n- Click through APM to confirm things still work.\r\n- Create one of each type of APM alerts\r\n- Without the config set, queries should not include the `_tier` filter`\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"ee5ef8166b74041f359862f3f22e0eb491f1443c","branchLabelMapping":{"^v9.0.0$":"main","^v8.16.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","apm","backport:prev-major","ci:project-deploy-observability","Team:obs-ux-infra_services","Team:obs-ux-management","v8.16.0"],"number":192373,"url":"https://github.com/elastic/kibana/pull/192373","mergeCommit":{"message":"[APM] Use excluded data tiers setting (#192373)\n\ncloses [#190559](https://github.com/elastic/kibana/issues/190559)\r\n\r\n## Summary\r\n\r\nThis PR updates the ES clients in APM to respect the excluded tier\r\nconfiguration. When this config is set, the ES clients will\r\nautomatically add a filter to exclude the specified tiers from queries.\r\n\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/9b0de76d-242c-4343-bc30-d5c787316f59\">\r\n\r\nAll queries in APM should have the `_tier` filter (via\r\n`get_apm_events_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/c525602f-f239-4be8-99c4-65d617962656\">\r\n\r\nThis change also affects alerting (via `alerting_es_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/750df4d7-5b49-4de5-9294-7afedf11d7e5\">\r\n\r\nAnd it impacts the alerts column (via `get_apm_alert_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/44bd9129-1e72-4a3a-af32-d42a9cd9164d\">\r\n\r\n### What won't automatically add a filter for `_tier`\r\n\r\n- Embeddables\r\n- ML queries\r\n\r\n### How to test\r\n- Set the config in Advanced Settings to exclude `data_frozen` and\r\n`data_cold` (optional)\r\n- Navigate to APM and check the query `Inspect` to see if the filter is\r\npresent.\r\n- Click through APM to confirm things still work.\r\n- Create one of each type of APM alerts\r\n- Without the config set, queries should not include the `_tier` filter`\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"ee5ef8166b74041f359862f3f22e0eb491f1443c"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/192373","number":192373,"mergeCommit":{"message":"[APM] Use excluded data tiers setting (#192373)\n\ncloses [#190559](https://github.com/elastic/kibana/issues/190559)\r\n\r\n## Summary\r\n\r\nThis PR updates the ES clients in APM to respect the excluded tier\r\nconfiguration. When this config is set, the ES clients will\r\nautomatically add a filter to exclude the specified tiers from queries.\r\n\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/9b0de76d-242c-4343-bc30-d5c787316f59\">\r\n\r\nAll queries in APM should have the `_tier` filter (via\r\n`get_apm_events_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/c525602f-f239-4be8-99c4-65d617962656\">\r\n\r\nThis change also affects alerting (via `alerting_es_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/750df4d7-5b49-4de5-9294-7afedf11d7e5\">\r\n\r\nAnd it impacts the alerts column (via `get_apm_alert_client`)\r\n<img width=\"600\" alt=\"image\"\r\nsrc=\"https://github.com/user-attachments/assets/44bd9129-1e72-4a3a-af32-d42a9cd9164d\">\r\n\r\n### What won't automatically add a filter for `_tier`\r\n\r\n- Embeddables\r\n- ML queries\r\n\r\n### How to test\r\n- Set the config in Advanced Settings to exclude `data_frozen` and\r\n`data_cold` (optional)\r\n- Navigate to APM and check the query `Inspect` to see if the filter is\r\npresent.\r\n- Click through APM to confirm things still work.\r\n- Create one of each type of APM alerts\r\n- Without the config set, queries should not include the `_tier` filter`\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>","sha":"ee5ef8166b74041f359862f3f22e0eb491f1443c"}},{"branch":"8.x","label":"v8.16.0","labelRegex":"^v8.16.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Carlos Crespo <[email protected]>
|
A pair of questions if I may:
|
The new setting could be used by other O11y apps.
Unfortunately, there isn’t isn't a centralized elasticsearch client usage that would allow a setting like this to be applied across O11y without additional effort, so, yes, we'd need follow up work. Preferably, aiming to make O11y solutions to consume a single elasticsearch client wrapper instead of having each application implementing it in their own way. Besides, even within applications that may use this setting, it won't affect queries performed by platform components that use |
|
Makes sense - thanks for clarifying |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In a Cross Cluster Search (CCS) environment, it's possible for different clusters to serve different data tiers in responses.
If one of the requested clusters responds slowly with data from the frozen tier, this can cause a timeout at the proxy after 320s, and 502 responses presented as failure toast messages in the UI with no data loaded.
Proposed solution
Don't allow APM to query the frozen tier.
We can add
{must_not: { term: { _tier: 'data_frozen' } } }query to all of our requests (in the APMEventClient).Advanced setting
We need users to be able to exclude APM requests from the specified data tiers.
I asked @elastic/kibana-data-discovery about reusing the deprecated
search:includeFrozenbut it might be a better idea to create a new advanced setting that behaves the same asdata_views:fields_excluded_data_tiersandsecuritySolution:excludedDataTiersForRuleExecution:Not sure if this should be a Kibana-wide setting under Search or Observability-specific. So
search:search_excluded_data_tiersorobservability:search_excluded_data_tiers.In the case of APM, all requests use APMEventClient. I assume most Observability solution plugins have a centralized place where all _search queries can be modified with one code change. It would be ok to call the setting
observabilityand not immediately update all the non-APM plugins, but if we don't fix them all we should make follow up issues for the respective teams.My tasks
Acceptance criteria
The text was updated successfully, but these errors were encountered: