[Response Ops][Alerting] Optimize querying for summary alerts in ExecutionHandler
#186535
Labels
Feature:Alerting
Team:ResponseOps
Label for the ResponseOps team (formerly the Cases and Alerting teams)
technical debt
Improvement of the software architecture and operational architecture
Comments
ymao1
added
Feature:Alerting
technical debt
|
Pinging @elastic/response-ops (Team:ResponseOps) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
More details in #182181
Blocked on #186533 and #186534
Investigate optimizing getting summary queries during action scheduling so that we're not performing duplicate queries and instead caching the query results so they can be reused. If we're getting all the queries up front, we could also look into doing an msearch to perform all the queries at once.
Currently, each action is considered separately from any others and a summary query is performed for each if required. If multiple actions use the same alert filter or don't use any alert filter, we could cache the query results for reuse instead of running the same query repeatedly.
The text was updated successfully, but these errors were encountered: