[Event Log] pre-create event ids for event log documents #64240
Labels
estimate:small
Small Estimated Level of Effort
Feature:EventLog
good first issue
low hanging fruit
resilience
Issues related to Platform resilience in terms of scale, performance & backwards compatibility
response-ops-ec-backlog
ResponseOps E&C backlog
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
Comments
pmuellr
added
Feature:Alerting
Team:ResponseOps
|
Pinging @elastic/kibana-alerting-services (Team:Alerting Services) |
pmuellr
changed the title
|
Moving from |
gmmorris
added
resilience
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently event log documents are written to ES using POST, allowing ES to create the id for them. We should instead be generating the id's ourself, and write them via PUT.
This will solve the problem of writing the same event log document twice - which I don't think is a problem now, but could be once we start buffering event writing. If ES goes down during a buffered write, we won't really know if the documents got written or not. Writing them again, without having our own ids, would create duplicate documents if they did get written. When using our own IDs, we would ensure there was only one document written for the event.
This could also be needed if we ever want to allow event log records to be "linked" together - eg, when an action is scheduled by an alert, being able to associate the specific action execution log document to the action scheduled log document. Using the document id for this purpose seems like a nice way to handle those "references".
Not sure what the downsides of creating your own ES document ids is, beyond making sure they are unique (or unique "enough" given some UUID scheme). Need to look into that ...
The text was updated successfully, but these errors were encountered: