Closed xcrzx closed 2 years ago
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-solution (Team: SecuritySolution)
In order to fully understand the performance issues being suffered by Customer Zero, and to develop an automated way to detect regressions, I would like to consider including the instrumentation of sourcerer APIs as part of this work. Let's talk more.
Where is this data from? An internal collection cluster?
Where is this data from? An internal collection cluster?
@lizozom This is from my local Kibana. You can enable APM integration by setting elastic.apm.active: true
in Kibana config to send performance metrics to any APM server you want.
Epic: https://github.com/elastic/kibana/issues/130971
Overview
Currently, with enabled APM integration, we collect too little data to assess the performance of Security Solution. Here are a couple of examples:
Route change transactions
User interaction transactions
On those screens, it's hard to find the information I'm currently interested in. For example, if I work on a task affecting the Rule Management page, it would be helpful to isolate only that page and investigate possible performance issues in isolation.
We could improve frontend code instrumentation to visualize code paths similar to what we've done to rule executors: https://github.com/elastic/kibana/pull/117672. Custom frontend spans or transactions we can add to measure performance indicators:
Other opportunities
Next steps