search

elastic / kibana

Your window into the Elastic Stack
https://www.elastic.co/products/kibana
Other
19.77k stars 8.17k forks source link

[ML] Creating an ML related detection rule in Security with the recognizer API times out #123632

Open qn895 opened 2 years ago

qn895 commented 2 years ago

Kibana version: 7.16.2

Elasticsearch version:

Server OS version:

Browser version:

Browser OS version:

Original install method (e.g. download page, yum, from source, etc.):

Describe the bug: Hitting the api/ml/modules/recognize occasionally gives 502 error with the following issue EOF, backend closed connection.

Steps to reproduce:

  1. Go to Security app, create a new detection rule with Machine Learning
  2. If the index pattern/data view set in Security's advanced setting contains a remote cluster index that takes a long time to search, there will be an error popping up Security job fetch failure

Also, currently there's no way to modify what indices are used in an ML rule directly in the Security UI. The only option is through Advanced settings.

Expected behavior: Jobs and rules are created successfully.

Screenshots (if relevant):

Errors in browser console (if relevant):

Provide logs and/or server output (if relevant):

Any additional context:

elasticmachine commented 2 years ago

Pinging @elastic/ml-ui (:ml)

elasticmachine commented 1 year ago

Pinging @elastic/security-solution (Team: SecuritySolution)