Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Detection Engine][FTRs] Break down long running FTR groups and fix threshold preview bug #197368

Merged
merged 6 commits into from
Oct 30, 2024

Conversation

yctercero
Copy link
Contributor

@yctercero yctercero commented Oct 23, 2024

Summary

This PR breaks down long running FTR groups into smaller chunks that now run in <~15 min.

Flakey test runner does not run MKI environment. I ran that manually on my local.

Important

When isolating the tests into different groups, found a bug where running rule preview on a Threshold rule prior
to the .preview-alerts index being created fails. Because there is no execution history, threshold rule attempts
to recreate it by searching alerts index (which is not yet created). Spoke with @marshallmain who pointed me to
the offending code and suggested a fix of adding ignore_unavailable.

See #198209 for details on bug.

Running flakey test runner after fix should see all pass.

@kibanamachine

This comment was marked as outdated.

@kibanamachine

This comment was marked as outdated.

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#7258

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_types/basic_license_essentials_tier/configs/ess.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/date_types/basic_license_essentials_tier/configs/serverless.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/double/basic_license_essentials_tier/configs/ess.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/double/basic_license_essentials_tier/configs/serverless.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/float/basic_license_essentials_tier/configs/ess.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/float/basic_license_essentials_tier/configs/serverless.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/ess.config.ts: 25/25 tests passed.
[❌] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/serverless.config.ts: 0/25 tests passed.

see run history

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#7269

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/ess.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/exceptions/operators_data_types/integer/basic_license_essentials_tier/configs/serverless.config.ts: 25/25 tests passed.

see run history

@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🟠 Some tests failed. - kibana-flaky-test-suite-runner#7268

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/ess.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/eql/trial_license_complete_tier/configs/serverless.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/ess.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/esql/trial_license_complete_tier/configs/serverless.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/ess.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/general_logic/trial_license_complete_tier/configs/serverless.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/configs/ess.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/indicator_match/trial_license_complete_tier/configs/serverless.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/configs/ess.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/machine_learning/trial_license_complete_tier/configs/serverless.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/new_terms/trial_license_complete_tier/configs/ess.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/new_terms/trial_license_complete_tier/configs/serverless.config.ts: 10/10 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/query/trial_license_complete_tier/configs/ess.config.ts: 10/10 tests passed.
[❌] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/query/trial_license_complete_tier/configs/serverless.config.ts: 1/10 tests passed.
[❌] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/ess.config.ts: 0/10 tests passed.
[❌] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/serverless.config.ts: 0/10 tests passed.

see run history

@yctercero yctercero changed the title breaking down long running FTR groups [Detection Engine][FTRs] Break down long running FTR groups Oct 25, 2024
@yctercero yctercero self-assigned this Oct 25, 2024
@yctercero yctercero added v9.0.0 Team:Detection Engine Security Solution Detection Engine Area v8.17.0 Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. release_note:skip Skip the PR/issue when compiling release notes labels Oct 25, 2024
@kibanamachine

This comment was marked as outdated.

…iew fails when trying to rebuild history using preview alerts index - thanks marshall for helping fix
@yctercero yctercero marked this pull request as ready for review October 29, 2024 21:33
@yctercero yctercero requested review from a team as code owners October 29, 2024 21:33
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@yctercero yctercero requested a review from rylnd October 29, 2024 21:34
@elasticmachine
Copy link
Contributor

Pinging @elastic/security-detection-engine (Team:Detection Engine)

@yctercero yctercero added the backport:version Backport to applied version labels label Oct 29, 2024
@kibanamachine
Copy link
Contributor

Flaky Test Runner Stats

🎉 All tests passed! - kibana-flaky-test-suite-runner#7299

[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/ess.config.ts: 25/25 tests passed.
[✅] x-pack/test/security_solution_api_integration/test_suites/detections_response/detection_engine/rule_execution_logic/threshold/trial_license_complete_tier/configs/serverless.config.ts: 25/25 tests passed.

see run history

@elasticmachine
Copy link
Contributor

💚 Build Succeeded

Metrics [docs]

✅ unchanged

cc @yctercero

@yctercero yctercero changed the title [Detection Engine][FTRs] Break down long running FTR groups [Detection Engine][FTRs] Break down long running FTR groups and fix threshold preview bug Oct 30, 2024
@@ -46,6 +46,9 @@ export const getThresholdSignalHistory = async ({
const response = await esClient.search({
...request,
index: indexPattern,
// If alerts index is not yet created,
// do not throw a 404
ignore_unavailable: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@yctercero yctercero merged commit cd1fafe into elastic:main Oct 30, 2024
45 checks passed
@kibanamachine
Copy link
Contributor

Starting backport for target branches: 8.x

https://github.com/elastic/kibana/actions/runs/11598766940

kibanamachine pushed a commit to kibanamachine/kibana that referenced this pull request Oct 30, 2024
…hreshold preview bug (elastic#197368)

## Summary

This PR breaks down long running FTR groups into smaller chunks that now
run in <~15 min.
- Addresses elastic#192109
- There is no existing ticket but rule_execution group tests are taking
~55m to run and will soon be a bottle neck for us.
- No edits made to any existing tests.
- Purely just a reshuffle of the tests.

See elastic#198209 for details on bug.

(cherry picked from commit cd1fafe)
@kibanamachine
Copy link
Contributor

💚 All backports created successfully

Status Branch Result
8.x

Note: Successful backport PRs will be merged automatically after passing CI.

Questions ?

Please refer to the Backport tool documentation

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
backport:version Backport to applied version labels release_note:skip Skip the PR/issue when compiling release notes Team:Detection Engine Security Solution Detection Engine Area Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. v8.17.0 v9.0.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants