Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set refresh according to stateful vs stateless when indexing alert documents #201209

Merged
merged 16 commits into from
Nov 28, 2024

Conversation

mikecote
Copy link
Contributor

@mikecote mikecote commented Nov 21, 2024

In this PR, I'm making the change so when Kibana is running with Elasticsearch stateful we set refresh to wait_for (instead of true) so we are not putting too much pressure on the Elasticsearch indices when under load.

To verify

Very using the Cloud deployment and Serverless project created from this PR

  1. Create an always firing ES Query rule
  2. Create an always firing security detection rule w/ alert suppression
  3. Verify the ECH cluster logs and observe *** Refresh value when indexing alerts: wait_for and *** Rule registry - refresh value when indexing alerts: wait_for messages
  4. Verify the serverless project logs on QA overview and observe *** Refresh value when indexing alerts: true and *** Rule registry - refresh value when indexing alerts: true messages

To-Do

  • Revert commit 7c19b45 that was added for testing purposes

@mikecote mikecote added Feature:Alerting Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) labels Nov 21, 2024
@mikecote mikecote self-assigned this Nov 21, 2024
@mikecote mikecote added ci:cloud-deploy Create or update a Cloud deployment ci:project-deploy-elasticsearch Create an Elasticsearch Serverless project labels Nov 25, 2024
@mikecote mikecote added ci:project-deploy-security Create a Security Serverless Project release_note:skip Skip the PR/issue when compiling release notes v9.0.0 backport:version Backport to applied version labels v8.17.0 v8.16.1 and removed ci:project-deploy-elasticsearch Create an Elasticsearch Serverless project labels Nov 25, 2024
@mikecote mikecote marked this pull request as ready for review November 25, 2024 19:01
@mikecote mikecote requested review from a team as code owners November 25, 2024 19:01
@mikecote
Copy link
Contributor Author

Just curious: what happens when using wait_for while the cluster is under heavy load? I'd expect requests just take longer (possibly timeout? is this a different type of error we need to explicitly handle?)

@jloleysens from my observations, requests take 0-1s longer with wait_for so they return at the next 1s refresh interval, but there was no further delays when testing with 32,000 bulk requests per minute. It was significantly better than when refresh: true was used, where in that case unrelated data in other indices wouldn't be searchable for a growing amount of time as the stress continued (minutes to hours).

Copy link
Contributor

@kdelemme kdelemme left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code change for obs-ux-management LGTM

Copy link
Contributor

@ymao1 ymao1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mikecote mikecote removed ci:cloud-deploy Create or update a Cloud deployment ci:project-deploy-observability Create an Observability project ci:project-deploy-security Create a Security Serverless Project labels Nov 26, 2024
@botelastic botelastic bot added the ci:project-deploy-observability Create an Observability project label Nov 26, 2024
Copy link
Contributor

🤖 GitHub comments

Expand to view the GitHub comments

Just comment with:

  • /oblt-deploy : Deploy a Kibana instance using the Observability test environments.
  • run docs-build : Re-trigger the docs validation. (use unformatted text in the comment!)

@elasticmachine
Copy link
Contributor

⏳ Build in-progress

  • Buildkite Build
  • Commit: cc2cadc
  • Kibana Serverless Image: docker.elastic.co/kibana-ci/kibana-serverless:pr-201209-cc2cadc7fdfd

History

cc @mikecote

Copy link
Contributor

@nkhristinin nkhristinin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

DE changes LGTM!

@mikecote mikecote merged commit a4cb330 into elastic:main Nov 28, 2024
8 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.16, 8.17

https://github.com/elastic/kibana/actions/runs/12073149086

@kibanamachine
Copy link
Contributor

💔 All backports failed

Status Branch Result
8.16 Backport failed because of merge conflicts
8.17 Backport failed because of merge conflicts

Manual backport

To create the backport manually run:

node scripts/backport --pr 201209

Questions ?

Please refer to the Backport tool documentation

@mikecote
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.17
8.16

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

mikecote added a commit to mikecote/kibana that referenced this pull request Nov 28, 2024
…cuments (elastic#201209)

In this PR, I'm making the change so when Kibana is running with
Elasticsearch stateful we set refresh to `wait_for` (instead of `true`)
so we are not putting too much pressure on the Elasticsearch indices
when under load.

## To verify

Very using the Cloud deployment and Serverless project created from this
PR

1. Create an always firing ES Query rule
2. Create an always firing security detection rule w/ alert suppression
3. Verify the ECH cluster logs and observe `*** Refresh value when
indexing alerts: wait_for` and `*** Rule registry - refresh value when
indexing alerts: wait_for` messages
4. Verify the serverless project logs on QA overview and observe `***
Refresh value when indexing alerts: true` and `*** Rule registry -
refresh value when indexing alerts: true` messages

## To-Do

- [x] Revert commit
elastic@7c19b45
that was added for testing purposes

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit a4cb330)

# Conflicts:
#	x-pack/plugins/alerting/kibana.jsonc
#	x-pack/plugins/alerting/server/plugin.ts
mikecote added a commit to mikecote/kibana that referenced this pull request Nov 28, 2024
…cuments (elastic#201209)

In this PR, I'm making the change so when Kibana is running with
Elasticsearch stateful we set refresh to `wait_for` (instead of `true`)
so we are not putting too much pressure on the Elasticsearch indices
when under load.

## To verify

Very using the Cloud deployment and Serverless project created from this
PR

1. Create an always firing ES Query rule
2. Create an always firing security detection rule w/ alert suppression
3. Verify the ECH cluster logs and observe `*** Refresh value when
indexing alerts: wait_for` and `*** Rule registry - refresh value when
indexing alerts: wait_for` messages
4. Verify the serverless project logs on QA overview and observe `***
Refresh value when indexing alerts: true` and `*** Rule registry -
refresh value when indexing alerts: true` messages

## To-Do

- [x] Revert commit
elastic@7c19b45
that was added for testing purposes

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit a4cb330)

# Conflicts:
#	x-pack/plugins/alerting/server/plugin.ts
@mikecote
Copy link
Contributor Author

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

mikecote added a commit to mikecote/kibana that referenced this pull request Nov 28, 2024
…cuments (elastic#201209)

In this PR, I'm making the change so when Kibana is running with
Elasticsearch stateful we set refresh to `wait_for` (instead of `true`)
so we are not putting too much pressure on the Elasticsearch indices
when under load.

## To verify

Very using the Cloud deployment and Serverless project created from this
PR

1. Create an always firing ES Query rule
2. Create an always firing security detection rule w/ alert suppression
3. Verify the ECH cluster logs and observe `*** Refresh value when
indexing alerts: wait_for` and `*** Rule registry - refresh value when
indexing alerts: wait_for` messages
4. Verify the serverless project logs on QA overview and observe `***
Refresh value when indexing alerts: true` and `*** Rule registry -
refresh value when indexing alerts: true` messages

## To-Do

- [x] Revert commit
elastic@7c19b45
that was added for testing purposes

---------

Co-authored-by: kibanamachine <[email protected]>
(cherry picked from commit a4cb330)
mikecote added a commit that referenced this pull request Nov 29, 2024
…ert documents (#201209) (#202227)

# Backport

This will backport the following commits from `main` to `8.x`:
- [Set refresh according to stateful vs stateless when indexing alert
documents (#201209)](#201209)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mike
Côté","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-28T17:10:56Z","message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:Alerting","release_note:skip","Team:ResponseOps","v9.0.0","ci:project-deploy-observability","Team:obs-ux-management","backport:version","v8.17.0","v8.16.1","v8.18.0"],"number":201209,"url":"https://github.com/elastic/kibana/pull/201209","mergeCommit":{"message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201209","number":201209,"mergeCommit":{"message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece"}},{"branch":"8.17","label":"v8.17.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/202221","number":202221,"state":"OPEN"},{"branch":"8.16","label":"v8.16.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"url":"https://github.com/elastic/kibana/pull/202222","number":202222,"state":"OPEN"},{"branch":"8.x","label":"v8.18.0","labelRegex":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
mikecote added a commit that referenced this pull request Nov 29, 2024
…lert documents (#201209) (#202221)

# Backport

This will backport the following commits from `main` to `8.17`:
- [Set refresh according to stateful vs stateless when indexing alert
documents (#201209)](#201209)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mike
Côté","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-28T17:10:56Z","message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:Alerting","release_note:skip","Team:ResponseOps","v9.0.0","ci:project-deploy-observability","Team:obs-ux-management","backport:version","v8.17.0","v8.16.1"],"number":201209,"url":"https://github.com/elastic/kibana/pull/201209","mergeCommit":{"message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece"}},"sourceBranch":"main","suggestedTargetBranches":["8.17","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201209","number":201209,"mergeCommit":{"message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece"}},{"branch":"8.17","label":"v8.17.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
mikecote added a commit that referenced this pull request Nov 29, 2024
…lert documents (#201209) (#202222)

# Backport

This will backport the following commits from `main` to `8.16`:
- [Set refresh according to stateful vs stateless when indexing alert
documents (#201209)](#201209)

<!--- Backport version: 8.9.8 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Mike
Côté","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-28T17:10:56Z","message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Feature:Alerting","release_note:skip","Team:ResponseOps","v9.0.0","ci:project-deploy-observability","Team:obs-ux-management","backport:version","v8.17.0","v8.16.1"],"number":201209,"url":"https://github.com/elastic/kibana/pull/201209","mergeCommit":{"message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece"}},"sourceBranch":"main","suggestedTargetBranches":["8.17","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","labelRegex":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/201209","number":201209,"mergeCommit":{"message":"Set
refresh according to stateful vs stateless when indexing alert documents
(#201209)\n\nIn this PR, I'm making the change so when Kibana is running
with\r\nElasticsearch stateful we set refresh to `wait_for` (instead of
`true`)\r\nso we are not putting too much pressure on the Elasticsearch
indices\r\nwhen under load.\r\n\r\n## To verify\r\n\r\nVery using the
Cloud deployment and Serverless project created from
this\r\nPR\r\n\r\n1. Create an always firing ES Query rule\r\n2. Create
an always firing security detection rule w/ alert suppression\r\n3.
Verify the ECH cluster logs and observe `*** Refresh value
when\r\nindexing alerts: wait_for` and `*** Rule registry - refresh
value when\r\nindexing alerts: wait_for` messages\r\n4. Verify the
serverless project logs on QA overview and observe `***\r\nRefresh value
when indexing alerts: true` and `*** Rule registry -\r\nrefresh value
when indexing alerts: true` messages\r\n\r\n## To-Do\r\n\r\n- [x] Revert
commit\r\nhttps://github.com//pull/201209/commits/7c19b458e6f55866bfff6a5b0f39188ae95dc6c6\r\nthat
was added for testing purposes\r\n\r\n---------\r\n\r\nCo-authored-by:
kibanamachine
<[email protected]>","sha":"a4cb330af2d414e383d75efce526513171098ece"}},{"branch":"8.17","label":"v8.17.0","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.1","labelRegex":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->
CAWilson94 pushed a commit to CAWilson94/kibana that referenced this pull request Dec 12, 2024
…cuments (elastic#201209)

In this PR, I'm making the change so when Kibana is running with
Elasticsearch stateful we set refresh to `wait_for` (instead of `true`)
so we are not putting too much pressure on the Elasticsearch indices
when under load.

## To verify

Very using the Cloud deployment and Serverless project created from this
PR

1. Create an always firing ES Query rule
2. Create an always firing security detection rule w/ alert suppression
3. Verify the ECH cluster logs and observe `*** Refresh value when
indexing alerts: wait_for` and `*** Rule registry - refresh value when
indexing alerts: wait_for` messages
4. Verify the serverless project logs on QA overview and observe `***
Refresh value when indexing alerts: true` and `*** Rule registry -
refresh value when indexing alerts: true` messages

## To-Do

- [x] Revert commit
elastic@7c19b45
that was added for testing purposes

---------

Co-authored-by: kibanamachine <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:version Backport to applied version labels ci:project-deploy-observability Create an Observability project Feature:Alerting release_note:skip Skip the PR/issue when compiling release notes Team:obs-ux-management Observability Management User Experience Team Team:ResponseOps Label for the ResponseOps team (formerly the Cases and Alerting teams) v8.16.1 v8.16.2 v8.17.0 v8.18.0 v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

7 participants