github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity

Add enrichment event log time (#141433) (#142079)

Browse source 
* Add enrichment event log time

* fix types

* Fix test

* Add avg field

* Fix enrichments event log

* Add telemetry

* Update schema

Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 5f057ff610)

Co-authored-by: Khristinin Nikita <nikita.khristinin@elastic.co>
This commit is contained in:
Kibana Machine 2022-09-29 09:08:46 -06:00 committed by GitHub
parent 60b55b6780
commit 069c1221ad
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
30 changed files with 1406 additions and 49 deletions
Download patch file Download diff file Expand all files Collapse all files

1
x-pack/plugins/event_log/README.md
View file

@ -159,6 +159,7 @@ Below is a document in the expected structure, with descriptions of the fields:
es_search_duration_ms: "total time spent performing ES searches as measured by Elasticsearch",
total_search_duration_ms: "total time spent performing ES searches as measured by Kibana; includes network latency and time spent serializing/deserializing request/response",
total_indexing_duration_ms: "total time spent indexing documents during current rule execution cycle",
total_enrichment_duration_ms: "total time spent enriching documents during current rule execution cycle",
execution_gap_duration_s: "duration in seconds of execution gap"
}
}

3
x-pack/plugins/event_log/generated/mappings.json
View file

@ -347,6 +347,9 @@
},
"total_run_duration_ms": {
"type": "long"
},
"total_enrichment_duration_ms": {
"type": "long"
}
}
}

1
x-pack/plugins/event_log/generated/schemas.ts
View file

@ -150,6 +150,7 @@ export const EventSchema = schema.maybe(
claim_to_start_duration_ms: ecsStringOrNumber(),
prepare_rule_duration_ms: ecsStringOrNumber(),
total_run_duration_ms: ecsStringOrNumber(),
total_enrichment_duration_ms: ecsStringOrNumber(),
})
),
})

3
x-pack/plugins/event_log/scripts/mappings.js
View file

@ -130,6 +130,9 @@ exports.EcsCustomPropertyMappings = {
total_run_duration_ms: {
type: 'long',
},
total_enrichment_duration_ms: {
type: 'long',
},
},
},
},

9
x-pack/plugins/security_solution/common/detection_engine/rule_monitoring/model/execution_metrics.ts
View file

@ -12,8 +12,17 @@ export type DurationMetric = t.TypeOf<typeof DurationMetric>;
export const DurationMetric = PositiveInteger;
export type RuleExecutionMetrics = t.TypeOf<typeof RuleExecutionMetrics>;
/**
@property total_search_duration_ms - "total time spent performing ES searches as measured by Kibana;
includes network latency and time spent serializing/deserializing request/response",
@property total_indexing_duration_ms - "total time spent indexing documents during current rule execution cycle",
@property total_enrichment_duration_ms - total time spent enriching documents during current rule execution cycle
@property execution_gap_duration_s - "duration in seconds of execution gap"
*/
export const RuleExecutionMetrics = t.partial({
total_search_duration_ms: DurationMetric,
total_indexing_duration_ms: DurationMetric,
total_enrichment_duration_ms: DurationMetric,
execution_gap_duration_s: DurationMetric,
});

1
x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/logic/rule_execution_log/client_for_executors/client.ts
View file

@ -222,6 +222,7 @@ const normalizeStatusChangeArgs = (args: StatusChangeArgs): NormalizedStatusChan
? {
total_search_duration_ms: normalizeDurations(metrics.searchDurations),
total_indexing_duration_ms: normalizeDurations(metrics.indexingDurations),
total_enrichment_duration_ms: normalizeDurations(metrics.enrichmentDurations),
execution_gap_duration_s: normalizeGap(metrics.executionGap),
}
: undefined,

1
x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/logic/rule_execution_log/client_for_executors/client_interface.ts
View file

@ -115,5 +115,6 @@ export interface StatusChangeArgs {
export interface MetricsArgs {
searchDurations?: string[];
indexingDurations?: string[];
enrichmentDurations?: string[];
executionGap?: Duration;
}

3
x-pack/plugins/security_solution/server/lib/detection_engine/rule_monitoring/logic/rule_execution_log/execution_saved_object/saved_objects_type.ts
View file

@ -58,6 +58,9 @@ const ruleExecutionMappings: SavedObjectsType['mappings'] = {
total_indexing_duration_ms: {
type: 'long',
},
total_enrichment_duration_ms: {
type: 'long',
},
execution_gap_duration_s: {
type: 'long',
},

5
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts
View file

@ -343,6 +343,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
const warningMessages = result.warningMessages.concat(runResult.warningMessages);
result = {
bulkCreateTimes: result.bulkCreateTimes.concat(runResult.bulkCreateTimes),
enrichmentTimes: result.enrichmentTimes.concat(runResult.enrichmentTimes),
createdSignals,
createdSignalsCount: createdSignals.length,
errors: result.errors.concat(runResult.errors),
@ -358,6 +359,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
} else {
result = {
bulkCreateTimes: [],
enrichmentTimes: [],
createdSignals: [],
createdSignalsCount: 0,
errors: [],
@ -434,6 +436,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
metrics: {
searchDurations: result.searchAfterTimes,
indexingDurations: result.bulkCreateTimes,
enrichmentDurations: result.enrichmentTimes,
},
});
}
@ -452,6 +455,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
metrics: {
searchDurations: result.searchAfterTimes,
indexingDurations: result.bulkCreateTimes,
enrichmentDurations: result.enrichmentTimes,
},
});
}
@ -464,6 +468,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
metrics: {
searchDurations: result.searchAfterTimes,
indexingDurations: result.bulkCreateTimes,
enrichmentDurations: result.enrichmentTimes,
},
});

24
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/factories/bulk_create_factory.ts
View file

@ -21,6 +21,7 @@ import type {
export interface GenericBulkCreateResponse<T extends BaseFieldsLatest> {
success: boolean;
bulkCreateDuration: string;
enrichmentDuration: string;
createdItemsCount: number;
createdItems: Array<AlertWithCommonFieldsLatest<T> & { _id: string; _index: string }>;
errors: string[];
@ -45,6 +46,7 @@ export const bulkCreateFactory =
return {
errors: [],
success: true,
enrichmentDuration: '0',
bulkCreateDuration: '0',
createdItemsCount: 0,
createdItems: [],
@ -54,6 +56,24 @@ export const bulkCreateFactory =
const start = performance.now();
let enrichmentsTimeStart = 0;
let enrichmentsTimeFinish = 0;
let enrichAlertsWrapper: typeof enrichAlerts;
if (enrichAlerts) {
enrichAlertsWrapper = async (alerts, params) => {
enrichmentsTimeStart = performance.now();
try {
const enrichedAlerts = await enrichAlerts(alerts, params);
return enrichedAlerts;
} catch (error) {
ruleExecutionLogger.error(`Enrichments failed ${error}`);
throw error;
} finally {
enrichmentsTimeFinish = performance.now();
}
};
}
const { createdAlerts, errors, alertsWereTruncated } = await alertWithPersistence(
wrappedDocs.map((doc) => ({
_id: doc._id,
@ -62,7 +82,7 @@ export const bulkCreateFactory =
})),
refreshForBulkCreate,
maxAlerts,
enrichAlerts
enrichAlertsWrapper
);
const end = performance.now();
@ -78,6 +98,7 @@ export const bulkCreateFactory =
return {
errors: Object.keys(errors),
success: false,
enrichmentDuration: makeFloatString(enrichmentsTimeFinish - enrichmentsTimeStart),
bulkCreateDuration: makeFloatString(end - start),
createdItemsCount: createdAlerts.length,
createdItems: createdAlerts,
@ -88,6 +109,7 @@ export const bulkCreateFactory =
errors: [],
success: true,
bulkCreateDuration: makeFloatString(end - start),
enrichmentDuration: makeFloatString(enrichmentsTimeFinish - enrichmentsTimeStart),
createdItemsCount: createdAlerts.length,
createdItems: createdAlerts,
alertsWereTruncated,

1
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/types.ts
View file

@ -42,6 +42,7 @@ import type { IRuleExecutionLogForExecutors, IRuleExecutionLogService } from '..
export interface SecurityAlertTypeReturnValue<TState extends RuleTypeState> {
bulkCreateTimes: string[];
enrichmentTimes: string[];
createdSignalsCount: number;
createdSignals: unknown[];
errors: string[];

1
x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/utils/index.ts
View file

@ -10,6 +10,7 @@ import type { SecurityAlertTypeReturnValue } from '../types';
export const createResultObject = <TState extends RuleTypeState>(state: TState) => {
const result: SecurityAlertTypeReturnValue<TState> = {
enrichmentTimes: [],
bulkCreateTimes: [],
createdSignalsCount: 0,
createdSignals: [],

1
x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/create_threat_signals.ts
View file

@ -65,6 +65,7 @@ export const createThreatSignals = async ({
let results: SearchAfterAndBulkCreateReturnType = {
success: true,
warning: false,
enrichmentTimes: [],
bulkCreateTimes: [],
searchAfterTimes: [],
lastLookBackDate: null,

38
x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.test.ts
View file

@ -55,6 +55,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -67,6 +68,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -83,6 +85,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -95,6 +98,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -111,6 +115,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -123,6 +128,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -139,6 +145,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -151,6 +158,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -162,6 +170,7 @@ describe('utils', () => {
expect.objectContaining({
searchAfterTimes: ['60'],
bulkCreateTimes: ['50'],
enrichmentTimes: ['6'],
})
);
});
@ -172,6 +181,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -184,6 +194,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -296,6 +307,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -307,6 +319,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['30'], // max value from existingResult.searchAfterTimes
bulkCreateTimes: ['25'], // max value from existingResult.bulkCreateTimes
enrichmentTimes: ['3'], // max value from existingResult.enrichmentTimes
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -323,6 +336,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -334,6 +348,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: [],
bulkCreateTimes: [],
enrichmentTimes: [],
lastLookBackDate: undefined,
createdSignalsCount: 0,
createdSignals: [],
@ -345,6 +360,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['30'], // max value from existingResult.searchAfterTimes
bulkCreateTimes: ['25'], // max value from existingResult.bulkCreateTimes
enrichmentTimes: ['3'], // max value from existingResult.enrichmentTimes
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -362,6 +378,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'], // max is 30
bulkCreateTimes: ['5', '15', '25'], // max is 25
enrichmentTimes: ['1', '2', '3'], // max is 3
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -373,6 +390,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 5,
createdSignals: Array(5).fill(sampleSignalHit()),
@ -384,6 +402,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['40', '5', '15'],
bulkCreateTimes: ['50', '5', '15'],
enrichmentTimes: ['4', '2', '3'],
lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'),
createdSignalsCount: 8,
createdSignals: Array(8).fill(sampleSignalHit()),
@ -396,6 +415,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['70'], // max value between newResult1 and newResult2 + max array value of existingResult (40 + 30 = 70)
bulkCreateTimes: ['75'], // max value between newResult1 and newResult2 + max array value of existingResult (50 + 25 = 75)
enrichmentTimes: ['7'], // max value between newResult1 and newResult2 + max array value of existingResult (4 + 3 = 7)
lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'), // max lastLookBackDate
createdSignalsCount: 16, // all the signals counted together (8 + 5 + 3)
createdSignals: Array(16).fill(sampleSignalHit()),
@ -413,6 +433,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'], // max is 30
bulkCreateTimes: ['5', '15', '25'], // max is 25
enrichmentTimes: ['1', '2', '3'], // max is 3
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -424,6 +445,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 5,
createdSignals: Array(5).fill(sampleSignalHit()),
@ -435,6 +457,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['40', '5', '15'],
bulkCreateTimes: ['50', '5', '15'],
enrichmentTimes: ['5', '2', '3'],
lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'),
createdSignalsCount: 8,
createdSignals: Array(8).fill(sampleSignalHit()),
@ -447,6 +470,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['70'], // max value between newResult1 and newResult2 + max array value of existingResult (40 + 30 = 70)
bulkCreateTimes: ['75'], // max value between newResult1 and newResult2 + max array value of existingResult (50 + 25 = 75)
enrichmentTimes: ['8'], // max value between newResult1 and newResult2 + max array value of existingResult (50 + 3 = 8)
lastLookBackDate: new Date('2020-09-16T04:34:32.390Z'), // max lastLookBackDate
createdSignalsCount: 16, // all the signals counted together (8 + 5 + 3)
createdSignals: Array(16).fill(sampleSignalHit()),
@ -464,6 +488,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'], // max is 30
bulkCreateTimes: ['5', '15', '25'], // max is 25
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -475,6 +500,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 5,
createdSignals: Array(5).fill(sampleSignalHit()),
@ -486,6 +512,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['40', '5', '15'],
bulkCreateTimes: ['50', '5', '15'],
enrichmentTimes: ['5', '2', '3'],
lastLookBackDate: null,
createdSignalsCount: 8,
createdSignals: Array(8).fill(sampleSignalHit()),
@ -498,6 +525,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['70'], // max value between newResult1 and newResult2 + max array value of existingResult (40 + 30 = 70)
bulkCreateTimes: ['75'], // max value between newResult1 and newResult2 + max array value of existingResult (50 + 25 = 75)
enrichmentTimes: ['8'], // max value between newResult1 and newResult2 + max array value of existingResult (5 + 3 = 8)
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'), // max lastLookBackDate
createdSignalsCount: 16, // all the signals counted together (8 + 5 + 3)
createdSignals: Array(16).fill(sampleSignalHit()),
@ -515,6 +543,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -527,6 +556,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['5', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -543,6 +573,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -555,6 +586,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -571,6 +603,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -583,6 +616,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -599,6 +633,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -611,6 +646,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -632,6 +668,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: undefined,
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
@ -644,6 +681,7 @@ describe('utils', () => {
warning: false,
searchAfterTimes: ['10', '20', '30'],
bulkCreateTimes: ['5', '15', '25'],
enrichmentTimes: ['1', '2', '3'],
lastLookBackDate: new Date('2020-09-16T03:34:32.390Z'),
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),

4
x-pack/plugins/security_solution/server/lib/detection_engine/signals/threat_mapping/utils.ts
View file

@ -70,6 +70,7 @@ export const combineResults = (
): SearchAfterAndBulkCreateReturnType => ({
success: currentResult.success === false ? false : newResult.success,
warning: currentResult.warning || newResult.warning,
enrichmentTimes: calculateAdditiveMax(currentResult.enrichmentTimes, newResult.enrichmentTimes),
bulkCreateTimes: calculateAdditiveMax(currentResult.bulkCreateTimes, newResult.bulkCreateTimes),
searchAfterTimes: calculateAdditiveMax(
currentResult.searchAfterTimes,
@ -94,6 +95,7 @@ export const combineConcurrentResults = (
const maxedNewResult = newResult.reduce(
(accum, item) => {
const maxSearchAfterTime = calculateMax(accum.searchAfterTimes, item.searchAfterTimes);
const maxEnrichmentTimes = calculateMax(accum.enrichmentTimes, item.enrichmentTimes);
const maxBulkCreateTimes = calculateMax(accum.bulkCreateTimes, item.bulkCreateTimes);
const lastLookBackDate = calculateMaxLookBack(accum.lastLookBackDate, item.lastLookBackDate);
return {
@ -101,6 +103,7 @@ export const combineConcurrentResults = (
warning: accum.warning || item.warning,
searchAfterTimes: [maxSearchAfterTime],
bulkCreateTimes: [maxBulkCreateTimes],
enrichmentTimes: [maxEnrichmentTimes],
lastLookBackDate,
createdSignalsCount: accum.createdSignalsCount + item.createdSignalsCount,
createdSignals: [...accum.createdSignals, ...item.createdSignals],
@ -113,6 +116,7 @@ export const combineConcurrentResults = (
warning: false,
searchAfterTimes: [],
bulkCreateTimes: [],
enrichmentTimes: [],
lastLookBackDate: undefined,
createdSignalsCount: 0,
createdSignals: [],

1
x-pack/plugins/security_solution/server/lib/detection_engine/signals/types.ts
View file

@ -286,6 +286,7 @@ export interface SearchAfterAndBulkCreateReturnType {
success: boolean;
warning: boolean;
searchAfterTimes: string[];
enrichmentTimes: string[];
bulkCreateTimes: string[];
lastLookBackDate: Date | null | undefined;
createdSignalsCount: number;

13
x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.test.ts
View file

@ -953,6 +953,7 @@ describe('utils', () => {
});
const expected: SearchAfterAndBulkCreateReturnType = {
bulkCreateTimes: [],
enrichmentTimes: [],
createdSignalsCount: 0,
createdSignals: [],
errors: [],
@ -973,6 +974,7 @@ describe('utils', () => {
});
const expected: SearchAfterAndBulkCreateReturnType = {
bulkCreateTimes: [],
enrichmentTimes: [],
createdSignalsCount: 0,
createdSignals: [],
errors: [],
@ -1291,6 +1293,7 @@ describe('utils', () => {
const searchAfterReturnType = createSearchAfterReturnType();
const expected: SearchAfterAndBulkCreateReturnType = {
bulkCreateTimes: [],
enrichmentTimes: [],
createdSignalsCount: 0,
createdSignals: [],
errors: [],
@ -1306,6 +1309,7 @@ describe('utils', () => {
test('createSearchAfterReturnType can override all values', () => {
const searchAfterReturnType = createSearchAfterReturnType({
bulkCreateTimes: ['123'],
enrichmentTimes: [],
createdSignalsCount: 5,
createdSignals: Array(5).fill(sampleSignalHit()),
errors: ['error 1'],
@ -1317,6 +1321,7 @@ describe('utils', () => {
});
const expected: SearchAfterAndBulkCreateReturnType = {
bulkCreateTimes: ['123'],
enrichmentTimes: [],
createdSignalsCount: 5,
createdSignals: Array(5).fill(sampleSignalHit()),
errors: ['error 1'],
@ -1337,6 +1342,7 @@ describe('utils', () => {
});
const expected: SearchAfterAndBulkCreateReturnType = {
bulkCreateTimes: [],
enrichmentTimes: [],
createdSignalsCount: 5,
createdSignals: Array(5).fill(sampleSignalHit()),
errors: ['error 1'],
@ -1355,6 +1361,7 @@ describe('utils', () => {
const merged = mergeReturns([createSearchAfterReturnType(), createSearchAfterReturnType()]);
const expected: SearchAfterAndBulkCreateReturnType = {
bulkCreateTimes: [],
enrichmentTimes: [],
createdSignalsCount: 0,
createdSignals: [],
errors: [],
@ -1411,6 +1418,7 @@ describe('utils', () => {
const merged = mergeReturns([
createSearchAfterReturnType({
bulkCreateTimes: ['123'],
enrichmentTimes: [],
createdSignalsCount: 3,
createdSignals: Array(3).fill(sampleSignalHit()),
errors: ['error 1', 'error 2'],
@ -1421,6 +1429,7 @@ describe('utils', () => {
}),
createSearchAfterReturnType({
bulkCreateTimes: ['456'],
enrichmentTimes: [],
createdSignalsCount: 2,
createdSignals: Array(2).fill(sampleSignalHit()),
errors: ['error 3'],
@ -1433,6 +1442,7 @@ describe('utils', () => {
]);
const expected: SearchAfterAndBulkCreateReturnType = {
bulkCreateTimes: ['123', '456'], // concatenates the prev and next together
enrichmentTimes: [],
createdSignalsCount: 5, // Adds the 3 and 2 together
createdSignals: Array(5).fill(sampleSignalHit()),
errors: ['error 1', 'error 2', 'error 3'], // concatenates the prev and next together
@ -1452,6 +1462,7 @@ describe('utils', () => {
const next: GenericBulkCreateResponse<BaseFieldsLatest> = {
success: false,
bulkCreateDuration: '100',
enrichmentDuration: '0',
createdItemsCount: 1,
createdItems: [],
errors: ['new error'],
@ -1469,6 +1480,7 @@ describe('utils', () => {
const next: GenericBulkCreateResponse<BaseFieldsLatest> = {
success: true,
bulkCreateDuration: '0',
enrichmentDuration: '0',
createdItemsCount: 0,
createdItems: [],
errors: ['error 1'],
@ -1484,6 +1496,7 @@ describe('utils', () => {
const next: GenericBulkCreateResponse<BaseFieldsLatest> = {
success: true,
bulkCreateDuration: '0',
enrichmentDuration: '0',
createdItemsCount: 0,
createdItems: [],
errors: ['error 2'],

7
x-pack/plugins/security_solution/server/lib/detection_engine/signals/utils.ts
View file

@ -649,6 +649,7 @@ export const createSearchAfterReturnType = ({
success,
warning,
searchAfterTimes,
enrichmentTimes,
bulkCreateTimes,
lastLookBackDate,
createdSignalsCount,
@ -659,6 +660,7 @@ export const createSearchAfterReturnType = ({
success?: boolean | undefined;
warning?: boolean;
searchAfterTimes?: string[] | undefined;
enrichmentTimes?: string[] | undefined;
bulkCreateTimes?: string[] | undefined;
lastLookBackDate?: Date | undefined;
createdSignalsCount?: number | undefined;
@ -670,6 +672,7 @@ export const createSearchAfterReturnType = ({
success: success ?? true,
warning: warning ?? false,
searchAfterTimes: searchAfterTimes ?? [],
enrichmentTimes: enrichmentTimes ?? [],
bulkCreateTimes: bulkCreateTimes ?? [],
lastLookBackDate: lastLookBackDate ?? null,
createdSignalsCount: createdSignalsCount ?? 0,
@ -715,6 +718,7 @@ export const addToSearchAfterReturn = ({
current.createdSignalsCount += next.createdItemsCount;
current.createdSignals.push(...next.createdItems);
current.bulkCreateTimes.push(next.bulkCreateDuration);
current.enrichmentTimes.push(next.enrichmentDuration);
current.errors = [...new Set([...current.errors, ...next.errors])];
};
@ -727,6 +731,7 @@ export const mergeReturns = (
warning: existingWarning,
searchAfterTimes: existingSearchAfterTimes,
bulkCreateTimes: existingBulkCreateTimes,
enrichmentTimes: existingEnrichmentTimes,
lastLookBackDate: existingLastLookBackDate,
createdSignalsCount: existingCreatedSignalsCount,
createdSignals: existingCreatedSignals,
@ -738,6 +743,7 @@ export const mergeReturns = (
success: newSuccess,
warning: newWarning,
searchAfterTimes: newSearchAfterTimes,
enrichmentTimes: newEnrichmentTimes,
bulkCreateTimes: newBulkCreateTimes,
lastLookBackDate: newLastLookBackDate,
createdSignalsCount: newCreatedSignalsCount,
@ -750,6 +756,7 @@ export const mergeReturns = (
success: existingSuccess && newSuccess,
warning: existingWarning || newWarning,
searchAfterTimes: [...existingSearchAfterTimes, ...newSearchAfterTimes],
enrichmentTimes: [...existingEnrichmentTimes, ...newEnrichmentTimes],
bulkCreateTimes: [...existingBulkCreateTimes, ...newBulkCreateTimes],
lastLookBackDate: newLastLookBackDate ?? existingLastLookBackDate,
createdSignalsCount: existingCreatedSignalsCount + newCreatedSignalsCount,

252
x-pack/plugins/security_solution/server/usage/collector.ts
View file

@ -414,6 +414,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -500,6 +514,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -586,6 +614,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -672,6 +714,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -758,6 +814,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -844,6 +914,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -946,6 +1030,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1032,6 +1130,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1118,6 +1230,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1204,6 +1330,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1290,6 +1430,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1376,6 +1530,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1478,6 +1646,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1564,6 +1746,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1650,6 +1846,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1736,6 +1946,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1822,6 +2046,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',
@ -1908,6 +2146,20 @@ export const registerCollector: RegisterCollector = ({
_meta: { description: 'The min duration' },
},
},
enrichment_duration: {
max: {
type: 'float',
_meta: { description: 'The max duration' },
},
avg: {
type: 'float',
_meta: { description: 'The avg duration' },
},
min: {
type: 'float',
_meta: { description: 'The min duration' },
},
},
gap_duration: {
max: {
type: 'float',

1
x-pack/plugins/security_solution/server/usage/detections/rules/get_initial_usage.ts
View file

@ -144,6 +144,7 @@ export const getInitialSingleEventMetric = (): SingleEventMetric => ({
succeeded: 0,
index_duration: getInitialMaxAvgMin(),
search_duration: getInitialMaxAvgMin(),
enrichment_duration: getInitialMaxAvgMin(),
gap_duration: getInitialMaxAvgMin(),
gap_count: 0,
});

414
x-pack/plugins/security_solution/server/usage/detections/rules/get_metrics.mocks.ts
View file

@ -155,6 +155,15 @@ export const getEventLogAllRules = (): SearchResponse<never, EventLogTypeStatusA
maxGapDuration: {
value: 5651,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.savedQueryRule': {
doc_count: 0,
@ -188,6 +197,15 @@ export const getEventLogAllRules = (): SearchResponse<never, EventLogTypeStatusA
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.eqlRule': {
doc_count: 0,
@ -221,6 +239,15 @@ export const getEventLogAllRules = (): SearchResponse<never, EventLogTypeStatusA
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.thresholdRule': {
doc_count: 0,
@ -254,6 +281,15 @@ export const getEventLogAllRules = (): SearchResponse<never, EventLogTypeStatusA
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.mlRule': {
doc_count: 0,
@ -287,6 +323,15 @@ export const getEventLogAllRules = (): SearchResponse<never, EventLogTypeStatusA
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.indicatorRule': {
doc_count: 0,
@ -320,6 +365,15 @@ export const getEventLogAllRules = (): SearchResponse<never, EventLogTypeStatusA
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
},
eventActionStatusChange: {
@ -570,6 +624,15 @@ export const getEmptyEventLogAllRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.savedQueryRule': {
doc_count: 0,
@ -603,6 +666,15 @@ export const getEmptyEventLogAllRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.eqlRule': {
doc_count: 0,
@ -636,6 +708,15 @@ export const getEmptyEventLogAllRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.thresholdRule': {
doc_count: 0,
@ -669,6 +750,15 @@ export const getEmptyEventLogAllRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.mlRule': {
doc_count: 0,
@ -702,6 +792,15 @@ export const getEmptyEventLogAllRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.indicatorRule': {
doc_count: 0,
@ -735,6 +834,15 @@ export const getEmptyEventLogAllRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
},
eventActionStatusChange: {
@ -951,6 +1059,15 @@ export const getEventLogElasticRules = (): SearchResponse<never, EventLogTypeSta
maxGapDuration: {
value: 5474,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.savedQueryRule': {
doc_count: 0,
@ -984,6 +1101,15 @@ export const getEventLogElasticRules = (): SearchResponse<never, EventLogTypeSta
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.eqlRule': {
doc_count: 0,
@ -1017,6 +1143,15 @@ export const getEventLogElasticRules = (): SearchResponse<never, EventLogTypeSta
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.thresholdRule': {
doc_count: 0,
@ -1050,6 +1185,15 @@ export const getEventLogElasticRules = (): SearchResponse<never, EventLogTypeSta
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.mlRule': {
doc_count: 0,
@ -1083,6 +1227,15 @@ export const getEventLogElasticRules = (): SearchResponse<never, EventLogTypeSta
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.indicatorRule': {
doc_count: 0,
@ -1116,6 +1269,15 @@ export const getEventLogElasticRules = (): SearchResponse<never, EventLogTypeSta
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
},
eventActionStatusChange: {
@ -1354,6 +1516,15 @@ export const getEmptyEventLogElasticRules = (): SearchResponse<never, EventLogTy
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.savedQueryRule': {
doc_count: 0,
@ -1387,6 +1558,15 @@ export const getEmptyEventLogElasticRules = (): SearchResponse<never, EventLogTy
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.eqlRule': {
doc_count: 0,
@ -1420,6 +1600,15 @@ export const getEmptyEventLogElasticRules = (): SearchResponse<never, EventLogTy
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.thresholdRule': {
doc_count: 0,
@ -1453,6 +1642,15 @@ export const getEmptyEventLogElasticRules = (): SearchResponse<never, EventLogTy
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.mlRule': {
doc_count: 0,
@ -1486,6 +1684,15 @@ export const getEmptyEventLogElasticRules = (): SearchResponse<never, EventLogTy
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.indicatorRule': {
doc_count: 0,
@ -1519,6 +1726,15 @@ export const getEmptyEventLogElasticRules = (): SearchResponse<never, EventLogTy
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
},
eventActionStatusChange: {
@ -1735,6 +1951,15 @@ export const getElasticLogCustomRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: 5651,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.savedQueryRule': {
doc_count: 0,
@ -1768,6 +1993,15 @@ export const getElasticLogCustomRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.eqlRule': {
doc_count: 0,
@ -1801,6 +2035,15 @@ export const getElasticLogCustomRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.thresholdRule': {
doc_count: 0,
@ -1834,6 +2077,15 @@ export const getElasticLogCustomRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.mlRule': {
doc_count: 0,
@ -1867,6 +2119,15 @@ export const getElasticLogCustomRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
'siem.indicatorRule': {
doc_count: 0,
@ -1900,6 +2161,15 @@ export const getElasticLogCustomRules = (): SearchResponse<never, EventLogTypeSt
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: 0,
},
maxTotalEnrichmentDuration: {
value: 0,
},
avgTotalEnrichmentDuration: {
value: 0,
},
},
},
eventActionStatusChange: {
@ -2130,6 +2400,15 @@ export const getEmptyElasticLogCustomRules = (): SearchResponse<never, EventLogT
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.savedQueryRule': {
doc_count: 0,
@ -2163,6 +2442,15 @@ export const getEmptyElasticLogCustomRules = (): SearchResponse<never, EventLogT
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.eqlRule': {
doc_count: 0,
@ -2196,6 +2484,15 @@ export const getEmptyElasticLogCustomRules = (): SearchResponse<never, EventLogT
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.thresholdRule': {
doc_count: 0,
@ -2229,6 +2526,15 @@ export const getEmptyElasticLogCustomRules = (): SearchResponse<never, EventLogT
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.mlRule': {
doc_count: 0,
@ -2262,6 +2568,15 @@ export const getEmptyElasticLogCustomRules = (): SearchResponse<never, EventLogT
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
'siem.indicatorRule': {
doc_count: 0,
@ -2295,6 +2610,15 @@ export const getEmptyElasticLogCustomRules = (): SearchResponse<never, EventLogT
maxGapDuration: {
value: null,
},
minTotalEnrichmentDuration: {
value: null,
},
maxTotalEnrichmentDuration: {
value: null,
},
avgTotalEnrichmentDuration: {
value: null,
},
},
},
eventActionStatusChange: {
@ -2483,6 +2807,11 @@ export const getEventLogAllRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
threat_match: {
@ -2506,6 +2835,11 @@ export const getEventLogAllRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
machine_learning: {
@ -2529,6 +2863,11 @@ export const getEventLogAllRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
query: {
@ -2594,6 +2933,11 @@ export const getEventLogAllRulesResult = (): SingleEventLogStatusMetric => ({
avg: 4246.375,
min: 2811,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 6,
},
saved_query: {
@ -2617,6 +2961,11 @@ export const getEventLogAllRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
threshold: {
@ -2640,6 +2989,11 @@ export const getEventLogAllRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
total: {
@ -2676,6 +3030,11 @@ export const getEventLogElasticRulesResult = (): SingleEventLogStatusMetric => (
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
threat_match: {
@ -2699,6 +3058,11 @@ export const getEventLogElasticRulesResult = (): SingleEventLogStatusMetric => (
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
machine_learning: {
@ -2722,6 +3086,11 @@ export const getEventLogElasticRulesResult = (): SingleEventLogStatusMetric => (
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
query: {
@ -2772,6 +3141,11 @@ export const getEventLogElasticRulesResult = (): SingleEventLogStatusMetric => (
avg: 4141.75,
min: 2811,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 4,
},
saved_query: {
@ -2795,6 +3169,11 @@ export const getEventLogElasticRulesResult = (): SingleEventLogStatusMetric => (
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
threshold: {
@ -2818,6 +3197,11 @@ export const getEventLogElasticRulesResult = (): SingleEventLogStatusMetric => (
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
total: {
@ -2854,6 +3238,11 @@ export const getEventLogCustomRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
threat_match: {
@ -2877,6 +3266,11 @@ export const getEventLogCustomRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
machine_learning: {
@ -2900,6 +3294,11 @@ export const getEventLogCustomRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
query: {
@ -2940,6 +3339,11 @@ export const getEventLogCustomRulesResult = (): SingleEventLogStatusMetric => ({
avg: 4351,
min: 3051,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 2,
},
saved_query: {
@ -2963,6 +3367,11 @@ export const getEventLogCustomRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
threshold: {
@ -2986,6 +3395,11 @@ export const getEventLogCustomRulesResult = (): SingleEventLogStatusMetric => ({
avg: 0,
min: 0,
},
enrichment_duration: {
max: 0,
avg: 0,
min: 0,
},
gap_count: 0,
},
total: {

1
x-pack/plugins/security_solution/server/usage/detections/rules/types.ts
View file

@ -85,6 +85,7 @@ export interface SingleEventMetric {
succeeded: number;
index_duration: MaxAvgMin;
search_duration: MaxAvgMin;
enrichment_duration: MaxAvgMin;
gap_duration: MaxAvgMin;
gap_count: number;
}

15
x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_agg_by_rule_type_metrics.test.ts
View file

@ -68,6 +68,21 @@ describe('get_event_log_agg_by_rule_type_metrics', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
});
});

15
x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_agg_by_rule_type_metrics.ts
View file

@ -74,6 +74,21 @@ export const getEventLogAggByRuleTypeMetrics = (
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
};
};

60
x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_agg_by_rule_types_metrics.test.ts
View file

@ -74,6 +74,21 @@ describe('get_event_log_agg_by_rule_types_metrics', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
});
@ -139,6 +154,21 @@ describe('get_event_log_agg_by_rule_types_metrics', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
});
@ -204,6 +234,21 @@ describe('get_event_log_agg_by_rule_types_metrics', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
'siem.indicatorRule': {
@ -263,6 +308,21 @@ describe('get_event_log_agg_by_rule_types_metrics', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
});

60
x-pack/plugins/security_solution/server/usage/queries/utils/get_event_log_agg_by_statuses.test.ts
View file

@ -137,6 +137,21 @@ describe('get_event_log_agg_by_statuses', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
},
@ -246,6 +261,21 @@ describe('get_event_log_agg_by_statuses', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
},
@ -418,6 +448,21 @@ describe('get_event_log_agg_by_statuses', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
'siem.thresholdRule': {
@ -477,6 +522,21 @@ describe('get_event_log_agg_by_statuses', () => {
field: 'kibana.alert.rule.execution.metrics.total_search_duration_ms',
},
},
maxTotalEnrichmentDuration: {
max: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
minTotalEnrichmentDuration: {
min: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
avgTotalEnrichmentDuration: {
avg: {
field: 'kibana.alert.rule.execution.metrics.total_enrichment_duration_ms',
},
},
},
},
},

14
x-pack/plugins/security_solution/server/usage/queries/utils/transform_single_rule_metric.test.ts
View file

@ -85,6 +85,15 @@ describe('transform_single_rule_metric', () => {
minTotalSearchDuration: {
value: 12,
},
minTotalEnrichmentDuration: {
value: 4,
},
maxTotalEnrichmentDuration: {
value: 2,
},
avgTotalEnrichmentDuration: {
value: 12,
},
},
});
@ -131,6 +140,11 @@ describe('transform_single_rule_metric', () => {
avg: 2,
min: 9,
},
enrichment_duration: {
max: 2,
avg: 12,
min: 4,
},
gap_count: 4,
});
});

5
x-pack/plugins/security_solution/server/usage/queries/utils/transform_single_rule_metric.ts
View file

@ -52,6 +52,11 @@ export const transformSingleRuleMetric = ({
avg: singleMetric.avgTotalSearchDuration.value ?? 0.0,
min: singleMetric.minTotalSearchDuration.value ?? 0.0,
},
enrichment_duration: {
max: singleMetric?.maxTotalEnrichmentDuration?.value ?? 0.0,
avg: singleMetric?.avgTotalEnrichmentDuration?.value ?? 0.0,
min: singleMetric?.minTotalEnrichmentDuration?.value ?? 0.0,
},
gap_duration: {
max: singleMetric.maxGapDuration.value ?? 0.0,
avg: singleMetric.avgGapDuration.value ?? 0.0,

9
x-pack/plugins/security_solution/server/usage/types.ts
View file

@ -121,6 +121,15 @@ export interface SingleExecutionMetricAgg {
minTotalSearchDuration: {
value: number | null;
};
maxTotalEnrichmentDuration: {
value: number | null;
};
avgTotalEnrichmentDuration: {
value: number | null;
};
minTotalEnrichmentDuration: {
value: number | null;
};
}
export interface EventLogTypeStatusAggs {

492
x-pack/plugins/telemetry_collection_xpack/schema/xpack_plugins.json
View file

@ -4644,6 +4644,18 @@
"properties": {
"all": {
"properties": {
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
},
"assignees": {
"properties": {
"total": {
@ -4657,18 +4669,6 @@
}
}
},
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
},
"status": {
"properties": {
"open": {
@ -4720,6 +4720,18 @@
},
"sec": {
"properties": {
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
},
"assignees": {
"properties": {
"total": {
@ -4732,23 +4744,23 @@
"type": "long"
}
}
},
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
}
}
},
"obs": {
"properties": {
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
},
"assignees": {
"properties": {
"total": {
@ -4761,23 +4773,23 @@
"type": "long"
}
}
},
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
}
}
},
"main": {
"properties": {
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
},
"assignees": {
"properties": {
"total": {
@ -4790,18 +4802,6 @@
"type": "long"
}
}
},
"total": {
"type": "long"
},
"monthly": {
"type": "long"
},
"weekly": {
"type": "long"
},
"daily": {
"type": "long"
}
}
}
@ -10029,6 +10029,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -10161,6 +10183,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -10293,6 +10337,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -10425,6 +10491,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -10557,6 +10645,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -10689,6 +10799,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -10847,6 +10979,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -10979,6 +11133,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -11111,6 +11287,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -11243,6 +11441,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -11375,6 +11595,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -11507,6 +11749,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -11665,6 +11929,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -11797,6 +12083,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -11929,6 +12237,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -12061,6 +12391,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -12193,6 +12545,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {
@ -12325,6 +12699,28 @@
}
}
},
"enrichment_duration": {
"properties": {
"max": {
"type": "float",
"_meta": {
"description": "The max duration"
}
},
"avg": {
"type": "float",
"_meta": {
"description": "The avg duration"
}
},
"min": {
"type": "float",
"_meta": {
"description": "The min duration"
}
}
}
},
"gap_duration": {
"properties": {
"max": {