[SIEM] Fixes FTUE when APM node is present #56574
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Pinging @elastic/siem (Team:SIEM) |
|
About the flicker, does that mean that there's no extra delay on normal load? If yes, then I'd say that's a reasonable compromise, we want to optimize for the normal operation. |
|
Not for this PR ;) I am wondering with the new platform life cycle |
|
@XavierM -- @andrew-goldstein and I were contemplating how we could tighten this up with some new platform magic like you mentioned. Having all this information gathered by the time SIEM starts would be ideal 🙂 For now though, another option would be to not do these checks in parallel, but rather just do the SIEM specific check first since it's so quick (just checking for shard count), and then only do the APM check if that returns 0. This would ensure the same speedy normal load throughout the app when there's SIEM data, and keep the FTUE flicker to around the same as it is in the second gif above (since that SIEM specific check is so quick). |
|
FYI: I've updated the flow here as as detailed in the second half of my comment above. This will keep normal app usage snappy on initial loads (or at least as it is currently), while not ballooning the FTUE flicker too much since the SIEM index check is so quick. |
|
during my review, I was wondering if we will be better later on to do a special empty prompt where we used the APM data. To differentiate it to the end-user. Instead to make it globally. |
|
@elasticmachine merge upstream |
💚 Build SucceededHistory
To update your PR or re-run it, just comment with: |
This was referenced Feb 3, 2020
spong
added a commit
to spong/kibana
that referenced
this pull request
Feb 3, 2020
## Summary This PR resolves elastic#56363 found in `7.6 BC4`, where configuring a cloud instance with an APM node would circumvent our FTUE checks and would show the Overview Page when no data is present. As detailed in the above issue, this resolves the problem by performing a similar check as to what APM performs to determine their `empty data` state. As can be observed in the gifs below, this check adds additional latency to the full-app flicker, which is not ideal... Perhaps we can tweak the query further to improve this? #### Deployment w/o APM node:  #### Deployment w/ APM node:  ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
spong
added a commit
to spong/kibana
that referenced
this pull request
Feb 3, 2020
## Summary This PR resolves elastic#56363 found in `7.6 BC4`, where configuring a cloud instance with an APM node would circumvent our FTUE checks and would show the Overview Page when no data is present. As detailed in the above issue, this resolves the problem by performing a similar check as to what APM performs to determine their `empty data` state. As can be observed in the gifs below, this check adds additional latency to the full-app flicker, which is not ideal... Perhaps we can tweak the query further to improve this? #### Deployment w/o APM node:  #### Deployment w/ APM node:  ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
spong
added a commit
that referenced
this pull request
Feb 4, 2020
## Summary This PR resolves #56363 found in `7.6 BC4`, where configuring a cloud instance with an APM node would circumvent our FTUE checks and would show the Overview Page when no data is present. As detailed in the above issue, this resolves the problem by performing a similar check as to what APM performs to determine their `empty data` state. As can be observed in the gifs below, this check adds additional latency to the full-app flicker, which is not ideal... Perhaps we can tweak the query further to improve this? #### Deployment w/o APM node:  #### Deployment w/ APM node:  ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
spong
added a commit
that referenced
this pull request
Feb 4, 2020
## Summary This PR resolves #56363 found in `7.6 BC4`, where configuring a cloud instance with an APM node would circumvent our FTUE checks and would show the Overview Page when no data is present. As detailed in the above issue, this resolves the problem by performing a similar check as to what APM performs to determine their `empty data` state. As can be observed in the gifs below, this check adds additional latency to the full-app flicker, which is not ideal... Perhaps we can tweak the query further to improve this? #### Deployment w/o APM node:  #### Deployment w/ APM node:  ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Feb 4, 2020
* master: (42 commits) Move kuery_autocomplete ⇒ NP (elastic#56607) [ML] Functional tests - stabilize job row and analytics result view assertions (elastic#56595) [Discover] Inline angular directives only used in this plugin (elastic#56119) [Discover] Migrate get_sort.js test from mocha to TypeScript (elastic#56011) [SIEM] Enable flow_target_select_connected unit tests (elastic#55618) Start consuming np logging config (elastic#56480) [SIEM] Add eslint-plugin-react-perf (elastic#55960) Mention changed SAML ACS endpoint URL in breaking changes doc. (elastic#56613) Add `getServerInfo` API to http setup contract (elastic#56636) Updates Monitoring alert Jest snapshots Kibana property config migrations (elastic#55937) Vislib replacement toggle (elastic#56439) [Uptime] Add unit tests for QueryContext time calculation (elastic#56671) [SIEM][Detection Engine] Critical blocker, fixes pre-packaged rule miscounts Upgrade EUI to v18.3.0 (elastic#56228) [Maps] Fix server log (elastic#56679) [SIEM] Fixes FTUE when APM node is present (elastic#56574) [Reporting/FieldFormats] expose `setFieldFormats` and call from ReportingPlugin.start (elastic#56563) Update EMS API urls for production (elastic#56657) Ability to delete alerts even when AAD is out of sync (elastic#56543) ...
cauemarcondes
pushed a commit
to cauemarcondes/kibana
that referenced
this pull request
Feb 5, 2020
## Summary This PR resolves elastic#56363 found in `7.6 BC4`, where configuring a cloud instance with an APM node would circumvent our FTUE checks and would show the Overview Page when no data is present. As detailed in the above issue, this resolves the problem by performing a similar check as to what APM performs to determine their `empty data` state. As can be observed in the gifs below, this check adds additional latency to the full-app flicker, which is not ideal... Perhaps we can tweak the query further to improve this? #### Deployment w/o APM node:  #### Deployment w/ APM node:  ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
majagrubic
pushed a commit
to majagrubic/kibana
that referenced
this pull request
Feb 10, 2020
## Summary This PR resolves elastic#56363 found in `7.6 BC4`, where configuring a cloud instance with an APM node would circumvent our FTUE checks and would show the Overview Page when no data is present. As detailed in the above issue, this resolves the problem by performing a similar check as to what APM performs to determine their `empty data` state. As can be observed in the gifs below, this check adds additional latency to the full-app flicker, which is not ideal... Perhaps we can tweak the query further to improve this? #### Deployment w/o APM node:  #### Deployment w/ APM node:  ### Checklist Use ~~strikethroughs~~ to remove checklist items you don't feel are applicable to this PR. - [ ] ~This was checked for cross-browser compatibility, [including a check against IE11](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility)~ - [ ] ~Any text added follows [EUI's writing guidelines](https://elastic.github.io/eui/#/guidelines/writing), uses sentence case text and includes [i18n support](https://github.com/elastic/kibana/blob/master/packages/kbn-i18n/README.md)~ - [ ] ~[Documentation](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#writing-documentation) was added for features that require explanation or tutorials~ - [ ] ~[Unit or functional tests](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#cross-browser-compatibility) were updated or added to match the most common scenarios~ - [ ] ~This was checked for [keyboard-only and screenreader accessibility](https://developer.mozilla.org/en-US/docs/Learn/Tools_and_testing/Cross_browser_testing/Accessibility#Accessibility_testing_checklist)~ ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process) - [ ] This includes a feature addition or change that requires a release note and was [labeled appropriately](https://github.com/elastic/kibana/blob/master/CONTRIBUTING.md#release-notes-process)
|
SIEM/Security dashboard appears one second or so before the "Add Data" splash page. Adding the Slack thread link here for reference on further discussion. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR resolves #56363 found in
7.6 BC4, where configuring a cloud instance with an APM node would circumvent our FTUE checks and would show the Overview Page when no data is present.As detailed in the above issue, this resolves the problem by performing a similar check as to what APM performs to determine their
empty datastate.As can be observed in the gifs below, this check adds additional latency to the full-app flicker, which is not ideal... Perhaps we can tweak the query further to improve this?
Deployment w/o APM node:
Deployment w/ APM node:
Checklist
Use
strikethroughsto remove checklist items you don't feel are applicable to this PR.This was checked for cross-browser compatibility, including a check against IE11Any text added follows EUI's writing guidelines, uses sentence case text and includes i18n supportDocumentation was added for features that require explanation or tutorialsUnit or functional tests were updated or added to match the most common scenariosThis was checked for keyboard-only and screenreader accessibilityFor maintainers