[elasticsearch module] serialize shards properties #30408
Conversation
klacabane
added
Team:Integrations
|
Pinging @elastic/integrations (Team:Integrations) |
|
Pinging @elastic/stack-monitoring (Stack monitoring) |
botelastic
bot
added
needs_team
|
This pull request doesn't have a |
|
@sayden any idea why we omit the shards properties in 8.0 ? |
💚 Build Succeeded
Expand to view the summary
Build stats
Test stats 🧪
💚 Flaky test reportTests succeeded. 🤖 GitHub commentsTo re-run your PR in the CI, just comment with:
|
I imagine it is somehow related to this investigation: elastic/kibana#125258 i.e. we've known for a while that we collect too much shard information, so we have been trying to reduce that footprint piece by piece. If there is a way to only use a single field for what we need in alerts, that'd be great, but if that's not feasible / stable, then we should prioritize making the alert work for 8.0.1 for now and address this later. |
There was a problem hiding this comment.
LGTM. Regarding the question, at some point we tried to reduce the amount of data we were ingesting related to shards because it's one of those metricsets were we stored a lot of documents in each period. Imagine, a 1000 nodes cluster will generate 1000 docs every period. So we try to reduce the size of each of those documents.
(cherry picked from commit 2571b52)
(cherry picked from commit 2571b52)
(cherry picked from commit 2571b52) Co-authored-by: Kevin Lacabane <[email protected]>
(cherry picked from commit 2571b52) Co-authored-by: Kevin Lacabane <[email protected]>
…nd-k8s-env * upstream/main: fix typos and improve sentences (elastic#30432) Add drop and explicit tests to avoid duplicate ingest of elasticsearch logs (elastic#30440) {,x-pack/}auditbeat: replace uses of github.com/pkg/errors with stdlib equivalents (elastic#30321) Spelling fix (elastic#30439) packetbeat/beater: make sure Npcap installation runs before interfaces are needed in all cases (elastic#30438) Add BC about Homebrew no longer being available in 8.0 (elastic#30419) Install gawk as a replacement for mawk in Docker containers. (elastic#30452) Clean up python-related system tests (elastic#30415) Fix TestNewModuleRegistry flakiness (elastic#30453) [Filebeat] [auditd]: Support EXECVE events with truncated argument list (elastic#30382) Set `log.offset` to the start of the reported line in filestream (elastic#30445) clarify SelectedPackageTypes meaning and improve its usage (elastic#30142) [elasticsearch module] serialize shards properties (elastic#30408) Add docs about hints and templates autodiscovery priority (elastic#30343)
…ckaging-docker * upstream/main: (26 commits) Update docker/distribution to 2.8.0 (elastic#30462) Add `parsers` examples to `filestream` reference configuration (elastic#30529) extend documentation about setting orchestrator.cluster fields (elastic#30518) Forward-port 8.0.1 changelog to main (elastic#30522) Switch skip to use `CI` (elastic#30512) packetbeat/beater: don't attempt to install npcap when already installed (elastic#30509) Fix Docker module: rename fields on dashboards (elastic#30500) fix typos and improve sentences (elastic#30432) Add drop and explicit tests to avoid duplicate ingest of elasticsearch logs (elastic#30440) {,x-pack/}auditbeat: replace uses of github.com/pkg/errors with stdlib equivalents (elastic#30321) Spelling fix (elastic#30439) packetbeat/beater: make sure Npcap installation runs before interfaces are needed in all cases (elastic#30438) Add BC about Homebrew no longer being available in 8.0 (elastic#30419) Install gawk as a replacement for mawk in Docker containers. (elastic#30452) Clean up python-related system tests (elastic#30415) Fix TestNewModuleRegistry flakiness (elastic#30453) [Filebeat] [auditd]: Support EXECVE events with truncated argument list (elastic#30382) Set `log.offset` to the start of the reported line in filestream (elastic#30445) clarify SelectedPackageTypes meaning and improve its usage (elastic#30142) [elasticsearch module] serialize shards properties (elastic#30408) ...
Summary
Rel elastic/kibana#125315
In 8.0 most of the
elasticsearch.index.shardsproperties are omitted when serializing the objects. Stack Monitoring relies on theshards.primariesproperty (I didn't find any references of the other omitted fields) to compute an alert state. This change re-enables the property.Testing
elasticsearch-xpackenabledmetricset.name: indexdocuments and ensured it contained properties