Open xcrzx opened 2 weeks ago
Pinging @elastic/fleet (Team:Fleet)
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management)
Pinging @elastic/security-detections-response (Team:Detections and Resp)
Pinging @elastic/security-solution (Team: SecuritySolution)
@xcrzx - I wonder if we could introduce another option aside from force
(which causes Fleet to uninstall all previous assets before installing new ones) that would allow Fleet to skip the initial deletion of old assets and just run the bulk import operation as an optimization here.
@xcrzx - I wonder if we could introduce another option aside from
force
(which causes Fleet to uninstall all previous assets before installing new ones) that would allow Fleet to skip the initial deletion of old assets and just run the bulk import operation as an optimization here.
Yes, incremental installation might help for our use case. I'm not sure how SO import handles conflicts when writing new assets, but if we can instruct it to ignore existing saved objects or filter them before passing them to the import function, that should work.
Epic: https://github.com/elastic/kibana/issues/174168
Summary
We've seen a number of incidents with OOMs when installing the
security_detection_engine
Fleet package that contains a significant number of prebuilt rules (> 5000 in Serverless or > 15000 locally).We need to find and mitigate all memory bottlenecks during package installation to unblock the release of the prebuilt rule customization epic.