-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Response Ops][Alerting] Investigate refactoring ExecutionHandler
class that schedules actions during rule execution
#182181
Comments
Pinging @elastic/response-ops (Team:ResponseOps) |
ExecutionHandler
class that schedules actions during rule execution
The Within the First for-loop (within the
Second for-loop (within the
Finally, the execution handler bulk enqueues the formatted actions. Because we have 3 different types of actions being handled in the same class, it can be difficult to follow the logic when trying to determine, for example, what happens when a system action is scheduled. You would need to dig into the first for-loop, find the code where it's testing for system action and see what happens, then jump back to the second for-loop, find the code where it's testing for system action and see what happens. Here is how we could refactor this
We should make sure enforce some sort of ordering between the Another optimization that might be good to make is to consolidate all of the summary queries required for all the actions to ensure we're not performing duplicate queries. Currently, each action is considered separately from any others and a summary query is performed for each if required. If multiple actions use the same alert filter or don't use any alert filter, we could cache the query results for reuse instead of running the same query repeatedly.
This refactor could be done in a few stages: Stage 1
Stage 2
Stage 3 (optional)
|
Closing the research issue as the followup issues are created. |
The alerting execution handler makes the determination of which if any actions to trigger for a rule run. In recent months, we've added summary actions and system actions to the class so the logic for when an action is triggered and what type of action is confusing and hard to follow. We should investigate how we can refactor this code to make clearer what is going on.
The text was updated successfully, but these errors were encountered: