Open banderror opened 1 year ago
Related to: https://github.com/elastic/kibana/issues/137428
In the _rule_management_filters endpoint, we fetch aggregated information needed for filters on the Rule Management page.
_rule_management_filters
In order to fetch how many prebuilt and custom rules we have, we run two search requests in parallel:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts#L34-L52
We could do it using a single aggregation request similar to how it is done for fetching aggregated tags in the same endpoint:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/read_tags.ts#L19-L35
We could go further and combine aggs for fetching aggregated tags and the number of rules into a single call to rulesClient.aggregate(), optimizing this endpoint to making only one call to Elasticsearch.
rulesClient.aggregate()
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-solution (Team: SecuritySolution)
Related to: https://github.com/elastic/kibana/issues/137428
Summary
In the
_rule_management_filters
endpoint, we fetch aggregated information needed for filters on the Rule Management page.In order to fetch how many prebuilt and custom rules we have, we run two search requests in parallel:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/rules/filters/route.ts#L34-L52
We could do it using a single aggregation request similar to how it is done for fetching aggregated tags in the same endpoint:
https://github.com/banderror/kibana/blob/bf22a48a91f55d4d72961da074ede02118b318c7/x-pack/plugins/security_solution/server/lib/detection_engine/rule_management/api/tags/read_tags/read_tags.ts#L19-L35
We could go further and combine aggs for fetching aggregated tags and the number of rules into a single call to
rulesClient.aggregate()
, optimizing this endpoint to making only one call to Elasticsearch.