Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Rule Registry] Updating index.mapping.total_fields.limit index setting on concrete backing indices #143409

Merged
merged 5 commits into from
Oct 20, 2022
Merged

[Rule Registry] Updating index.mapping.total_fields.limit index setting on concrete backing indices #143409

merged 5 commits into from
Oct 20, 2022

Conversation

ymao1
Copy link
Contributor

@ymao1 ymao1 commented Oct 14, 2022
edited
Loading

Summary

Upgrade testing on the QA cluster revealed that this PR to add the ECS component template to the observability alerts as data index templates will cause errors during rule registry initialization when the mappings are updated for existing concrete indices for 7.17 that have a total field limit of 1000. While we specify a higher limit in the index template specification, those changes are not applied to existing indices, instead they will apply when the indices roll over. This PR updates this specific index setting for existing concrete indices.

To Verify

  1. Run 7.17 and create an observability rule. Make sure that rule becomes active and writes out alerts as data (this ensures that the concrete index is created. Go to the index settings for this concrete index and verify that the total fields limit is 1000.
  2. Run this branch using the same ES data and verify there are no rule registry initialization errors during startup. Go to the index settings for the concrete index and verify that the total fields limit has been updated to 1900.

@ymao1 ymao1 changed the title Updating index settings [Rule Registry] Updating index.mapping.total_fields.limit index setting on concrete backing indices Oct 17, 2022
@ymao1 ymao1 self-assigned this Oct 17, 2022
@ymao1 ymao1 added Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) Feature:Alerting/Alerts-as-Data Issues related to Alerts-as-data and RuleRegistry v8.6.0 labels Oct 17, 2022
@ymao1 ymao1 marked this pull request as ready for review October 17, 2022 12:00
@ymao1 ymao1 requested review from a team as code owners October 17, 2022 12:00
@elasticmachine
Copy link
Contributor

Pinging @elastic/response-ops (Team:ResponseOps)

@ymao1
Copy link
Contributor Author

ymao1 commented Oct 17, 2022

@elasticmachine merge upstream

@ymao1
Copy link
Contributor Author

ymao1 commented Oct 18, 2022

@elasticmachine merge upstream

fkanout
fkanout approved these changes Oct 18, 2022
View reviewed changes
Copy link
Contributor

@fkanout fkanout left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable Observability changes LGTM

@ymao1
Copy link
Contributor Author

ymao1 commented Oct 20, 2022

@elasticmachine merge upstream

@kibana-ci
Copy link
Collaborator

💛 Build succeeded, but was flaky

Failed CI Steps

Test Failures

  • [job] [logs] FTR Configs #6 / Reporting APIs Job parameter validation printablePdfV2 fails if there is an invalid layout ID

Metrics [docs]

✅ unchanged

History

To update your PR or re-run it, just comment with:
@elasticmachine merge upstream

cc @ymao1

ersin-erdal
ersin-erdal approved these changes Oct 20, 2022
View reviewed changes
Copy link
Contributor

@ersin-erdal ersin-erdal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@ymao1 ymao1 merged commit 758bb68 into elastic:main Oct 20, 2022
@ymao1 ymao1 deleted the rule-registry/update-total-fields-limit branch October 20, 2022 15:04
@kibanamachine kibanamachine added the backport:skip This commit does not require backporting label Oct 20, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ersin-erdal ersin-erdal ersin-erdal approved these changes

@fkanout fkanout fkanout approved these changes

Assignees

@ymao1 ymao1

Labels
backport:skip This commit does not require backporting Feature:Alerting/Alerts-as-Data Issues related to Alerts-as-data and RuleRegistry Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.6.0
Projects
No open projects
AppEx: ResponseOps - Execution & Connectors
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@ymao1 @elasticmachine @kibana-ci @fkanout @ersin-erdal @kibanamachine