Open lesley-tw opened 5 months ago
Seems related, this screen need to be improve with a specific api to load the matrix.
We also had the same situation where we ran out of cpu resources for Elasticsearch
Hi @SamuelHassine, may I follow up this issue? Will OpenCTI fix this issue or any suggestions? Thank you.
Yes, will be handled by https://github.com/OpenCTI-Platform/opencti/issues/6662
Hi @SamuelHassine We are unsure if other pages have the same issue. Could you help check them? Sometimes just reading a campaign with many relationships or listing reports might also cause elasticsearch CPU issues too.
if you have issue when other screen please create a specific ticket describing it. Thanks
Prerequisites
Description
We recently upgraded from version 5.3.17 to 5.12.33 and have encountered a performance issue with the new version. For instance, when accessing the same campaign attack pattern page in the knowledge tab, the number of queries sent to Elasticsearch increases dramatically, despite using the same GraphQL query as before. Specifically, the new version triggers about 5,800 queries to Elasticsearch, causing the CPU usage to spike to 100% for just one page. In contrast, the old version only generated about 45 queries for the same page. We suspect that other pages might have similar issues, as even a reduced number of users is leading to the same CPU overload.
Environment
5.12.33
Reproducible Steps
Steps to create the smallest reproducible scenario:
In
5.3.17
show 896 attack patterns in this page
spend time
request payload
Elasticsearch query count: 45
In
5.12.33
show 896 attack patterns in this page
spend time
request payload
Elasticsearch query count: 5,873
Additional Information
In
5.3.17
:volume of data
Elasticsearch resource
In
5.12.33
:volume of data
Elasticsearch resource