Resolver refactoring #70312
Resolver refactoring #70312
Conversation
oatkiller
added
Feature:Endpoint
|
Pinging @elastic/endpoint-data-visibility-team (Team:Endpoint Data Visibility) |
|
Pinging @elastic/endpoint-app-team (Feature:Endpoint) |
| * Return the 'total' stats (whatever that means) for a process by entity ID | ||
| * TODO, how does this work for legacy events? | ||
| */ | ||
| export const relatedEventTotalForProcess: ( |
There was a problem hiding this comment.
What was the justification for this? I'd like to put it down in comments here.
There was a problem hiding this comment.
There was a problem hiding this comment.
Now that I understand what this is doing I see that this number doesn't match the number of events. Is there any point in showing this?
There was a problem hiding this comment.
@bkimmel you might want to comment here.
There is a difference between total events and the total amount of all the categories added up which is what is happening here. It really depends on what we want to communicate to the user. If we communicate that there are 5 total related events, when they look at the break down the values won't always added up to 5 because a single event could fall into multiple categories. So it could be confusing.
There was a problem hiding this comment.
What I'm not following is:
how does coming up w/ this number make things less confusing?
There was a problem hiding this comment.
For a set of related events with the following ECS categories:
[DNS, File], [DNS, File], [Registry]
We break counts in submenus as:
DNS: 2
File: 2
Registry: 1
There are 2 choices then, for how to display the total: 5 or 3
If I'm not mistaken, I believe it was you, Robert, who suggested that 5 is less confusing (and I think everyone agreed). This is what counts to 5. There are implications in other places, but that's the crux of what's happening here.
| return null; | ||
| } | ||
| let total = 0; | ||
| for (const value of Object.values(stats.events.byCategory)) { |
There was a problem hiding this comment.
Is events.byCategory a structure we made up?
There was a problem hiding this comment.
events.byCategory is what the backend returns. It's an object of number of events that fall in a particular category for example:
{
'network': 3,
'file': 2,
}
e899fed to
d2cf840
Compare
Also cleanup related events view code for readability
I find this more readable.
We use try...catch for HTTP control flow logic. We don't want to treat runtime errors the same as HTTP errors though. Move `dispatch` call out of that try catch.
oatkiller
force-pushed
the
resolver-refactoring
branch
from
d2cf840 to
662cef4
Compare
| break; | ||
| } | ||
| const actionableButtonsTopOffset = | ||
| (isShowingEventActions ? 3.5 : isShowingDescriptionText ? 1 : 21) * xScale + 5; |
There was a problem hiding this comment.
Nice, you don't have anything against nested ternary's from a readability standpoint?
There was a problem hiding this comment.
wanted your thoughts on this (esp. since you wrote the original.)
- I found the original a lot to read due to boilerplate. Specifically, reading
actionableButtonsTopOffsetvsactionalButtonsBaseTopOffsetwas hard. - The repeated part of
actionalButtonsBaseTopOffset +and* magFactorXrequired me to visually compared the 3 versions to see that they were the same. - I didn't realize at first that this was using
truein the switch statement. - I haven't read a switch statement since at least 2008 :p (but seriously)
- part of my motivation to make this terse is because the function it is in is long, and has many variables that aren't related to each other. That isn't the best motivation to make something terse. We could move the logic out of the function instead.
So maybe we keep it less terse? Eventually the function its in will get cleaned up.
Or maybe we keep it less terse and move it to an external fn?
There was a problem hiding this comment.
- agreed, makes sense
- also makes sense
- I like to throw in the occasional switch every now and again 😂
- ^^
- Even if it's terse, it's still readable, so no need to revert any of it. I like moving it into an external function though because it will be a better separation of concerns and eventually it can probably be removed altogether in favor of mostly pure css.
| return () => null; | ||
| } | ||
| return (event: ResolverEvent) => { | ||
| const nodeStats = statsMap.get(uniquePidForProcess(event)); |
There was a problem hiding this comment.
Just leaving the note here like we talked about before @oatkiller this function uniquePidForProcess will suffer from the same problem we talked about before where unique_pid will have collisions in the map just like the entityId function. We'll need to do the serialization or something for that function too.
There was a problem hiding this comment.
I'll get something formally added to the team's backlog about this.
| * Return the 'total' stats (whatever that means) for a process by entity ID | ||
| * TODO, how does this work for legacy events? | ||
| */ | ||
| export const relatedEventTotalForProcess: ( |
There was a problem hiding this comment.
@bkimmel you might want to comment here.
There is a difference between total events and the total amount of all the categories added up which is what is happening here. It really depends on what we want to communicate to the user. If we communicate that there are 5 total related events, when they look at the break down the values won't always added up to 5 because a single event could fall into multiple categories. So it could be confusing.
| return null; | ||
| } | ||
| let total = 0; | ||
| for (const value of Object.values(stats.events.byCategory)) { |
There was a problem hiding this comment.
events.byCategory is what the backend returns. It's an object of number of events that fall in a particular category for example:
{
'network': 3,
'file': 2,
}
| @@ -9,7 +9,6 @@ import { DataState } from '../../types'; | |||
| import { ResolverAction } from '../actions'; | |||
|
|
|||
| const initialState: DataState = { | |||
| relatedEventsStats: new Map(), | |||
There was a problem hiding this comment.
The logic that used to populate this piece of state has been moved to the selector called relatedEventsStats
There was a problem hiding this comment.
| @@ -97,6 +97,7 @@ export const ProcessEventListNarrowedByType = memo(function ProcessEventListNarr | |||
| }) { | |||
| const processName = processEvent && event.eventName(processEvent); | |||
| const processEntityId = event.entityId(processEvent); | |||
|
|
|||
There was a problem hiding this comment.
I think more than just this file have a file name that doesn't line up with the component name. Would probably make sense to fix those as well
There was a problem hiding this comment.
I'm changing them as I find 'em. I don't think we need a rule that says '1:1 relationship between components and filenames.' That said, if a file has just one export, which is a component, it would be nice to name the component and the file the same.
| @@ -24,7 +24,7 @@ import { useResolverDispatch } from './use_resolver_dispatch'; | |||
| import * as event from '../../../common/endpoint/models/event'; | |||
| import { ResolverEvent, ResolverNodeStats } from '../../../common/endpoint/types'; | |||
| import { SideEffectContext } from './side_effect_context'; | |||
| import { ProcessEventListNarrowedByType } from './panels/panel_content_related_list'; | |||
| import { ProcessEventListNarrowedByType } from './panels/process_event_list_narrowed_by_type'; | |||
There was a problem hiding this comment.
this file should probably be panels/index.tsx instead of just panel.tsx
There was a problem hiding this comment.
🔴 That's not a list of process events - it's a list of related events like (registry creation, file creation, etc.). Also, if we're changing the name of one of the panel content components, we should change the prefix on all of them.
There was a problem hiding this comment.
I gave it the wrong name from the export -> The file name should stay the same, the export name should change,
There was a problem hiding this comment.
Maybe something like relatedEventListNarrowedByType ?
There was a problem hiding this comment.
I'll revert this part of the PR.
Per our discussion, I think I've addressed your concerns. Let me know if I can do anything else. |
| @@ -177,11 +179,11 @@ type EventDisplayName = typeof displayNameRecord[keyof typeof displayNameRecord] | |||
| typeof unknownEventTypeMessage; | |||
|
|
|||
| /** | |||
| * Take a gross `schemaName` and return a beautiful translated one. | |||
There was a problem hiding this comment.
Just trying to get clarity.
| @@ -4,14 +4,16 @@ | |||
| * you may not use this file except in compliance with the Elastic License. | |||
There was a problem hiding this comment.
🆒 Thank you for not changing the name of process_event_dot . I have an attachment to the name. It's a nice reminder that everything starts as a dot.
There was a problem hiding this comment.
To @kqualters-elastic point, we could probably improve it in the future by making it more like a dot and less like a giant thing with a bunch of code in it but 🤷
oatkiller
force-pushed
the
resolver-refactoring
branch
from
662cef4 to
54043fd
Compare
|
took out the part about changing file names. lets do it in a follow up w/ @bkimmel's help |
|
@bkimmel lets follow up re: anything 'off'. Otherwise I'll just keep doing more of it. |
💚 Build SucceededBuild metrics
History
To update your PR or re-run it, just comment with: |
* remove unused piece of state * Move related event total calculation to selector * rename xScale * remove `let` * Move `dispatch` call out of HTTP try-catch
* remove unused piece of state * Move related event total calculation to selector * rename xScale * remove `let` * Move `dispatch` call out of HTTP try-catch
…-based-rbac * upstream/master: (38 commits) Move logger configuration integration test to jest (elastic#70378) Changes observability plugin codeowner (elastic#70439) update (elastic#70424) [Logs UI] Avoid CCS-incompatible index name resolution (elastic#70179) Enable "Explore underlying data" actions for Lens visualizations (elastic#70047) Initial work on uptime homepage API (elastic#70135) expressions indexPattern function (elastic#70315) [Discover] Deangularization context error message refactoring (elastic#70090) [Lens] Add "no data" popover (elastic#69147) [Lens] Move chart switcher over (elastic#70182) chore: add missing mjs extension (elastic#70326) [Lens] Multiple y axes (elastic#69911) skip flaky suite (elastic#70386) fix bug to add timeline to case (elastic#70343) [QA][Code Coverage] Drop catchError and use try / catch instead, (elastic#69198) [QA] [Code Coverage] Integrate with Team Assignment Pipeline and Add Research and Development Indexes and Cluster (elastic#69348) [Metrics UI] Add context.reason and alertOnNoData to Inventory alerts (elastic#70260) Resolver refactoring (elastic#70312) [Ingest Manager] Fix agent ack after input format change (elastic#70335) [eslint][ts] Enable prefer-ts-expect-error (elastic#70022) ...
Summary
Hey y'all.
There's a few subjective changes here. Feel free to say 'I liked it that way.'
DataStatecalledrelatedEventStats. I forgot to remove the field itself. This PR removes the field.magFactorX(the first element of the projection matrix) withxScalefor consistency with naming elsewhere in resolver.actionableButtonsTopOffsetfor readabilitydispatchin thetry...catchused for HTTP request control flow. Ifdispatchthrew an error due to code in the reducer or middleware, the error would be treated the same as a HTTP error (e.g. returning 500 from the server.) Moved the dispatch out of try...catch so it can be handled in the same way as other runtime errors. NB: we should look to replace our standard try...catch approach with something better.ProcessEventListNarrowedByTypewas in a module calledpanels/panel_content_related_list.tsx. This moves it topanels/process_event_list_narrowed_by_typefor readabilityChecklist
Just refatoring.
For maintainers