Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security Solution] Add README and helper util functions for moving data to frozen quickly #197288

Open
wants to merge 11 commits into
base: main
Choose a base branch
from

Conversation

marshallmain
Copy link
Contributor

Summary

For creating test data in frozen tier.

@marshallmain marshallmain requested a review from a team as a code owner October 22, 2024 15:25
@marshallmain marshallmain added release_note:skip Skip the PR/issue when compiling release notes backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) labels Oct 22, 2024
Copy link
Contributor

@nkhristinin nkhristinin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for implementing that!

Probably we should mention that user need to register snapshot repository
https://docs.elastic.dev/security-soution/analyst-experience-team/eng-prod/how-to/configure-local-frozen-tier

Because I had a error before I did that.

Another thing, that I wanted to use it to test our _tier filters

But locally this request return 0 documents

GET my-data-stream/_search/
{
  "query": {
    "terms": {
      "_tier": [
        "data_frozen"
      ]
    }
  }
}

Another thing, that when I call

GET my-data-stream/_ilm/explain

It stuck in step

"step": "wait-for-index-color"

Screenshot 2024-11-13 at 13 04 21

Do you have the same output?

@marshallmain
Copy link
Contributor Author

Probably we should mention that user need to register snapshot repository
https://docs.elastic.dev/security-soution/analyst-experience-team/eng-prod/how-to/configure-local-frozen-tier

Good point, I was testing a cluster on cloud with real frozen nodes so that probably accounts for the differences. I added a few sentences to clarify the expected environment for these instructions and a link to those docs for local testing efforts.

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

History

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:prev-minor Backport to (8.x) the previous minor version (i.e. one version back from main) release_note:skip Skip the PR/issue when compiling release notes
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants