[Index Management][Serverless] Add new internal Kibana API to fetch the data usage

YulNaumenko commented 2 months ago

In Serverless Security and Observability projects the users should be able to analyze how much data they are ingesting (daily/weekly/etc.) and retaining over the selected period of time. Currently Kibana Index Management page shows only the storage size per datastream at the current point of time.

The goal of the issue is to build the APIs which will help to extend the current Data Streams tab with the chart and the chart management logic referred in the UI part https://github.com/elastic/kibana/issues/192966 of the scope.

The requirements to the API:

reuse current Kibana Index Management plugin server side and ES client API to return the all available datastreams for the current user:

const getDataStreams = (client: IScopedClusterClient, name = '*') => {
return client.asCurrentUser.indices.getDataStream({
name,
expand_wildcards: 'all',
});
};

being able to fetch AutoOps API using mTLS authorization. AutoOps API definition:
```
POST /monitoring/serverless/v1/projects/{project_id}/metrics
```

Request Body: { "from": 1725433672446, "to": 1725432672446, "size": 10, "sort": "asc", "level": "datastream", "metric_types": ["storage_retained", "ingest_rate"], "allowed_indices": ["index-1", ..., "index-n"] }


Parameter | Required | Description
-- | -- | --
from | Yes | The start time of the chosen time period since the UNIX epoch
to| Yes | The end time of the chosen time period since the UNIX epoch
size | No(default: 10) | The number of indices / data streams with the biggest resource usage to return
sort | No(default: -) | The metric type (as enumerated in metric_types) by which to sort the results (from highest to lowest). Note: for certain metric types, such as the *_vcu ones, this parameter doesn’t apply.
after | No(default: -) | When paginating indices or data streams from highest to lowest resource usage, the name of the index / data stream from which the next response should start. (Also see open point regarding pagination)
level | Yes- project- datastream- index | The level at which the usage for the allowed indices should be aggregated, i.e. at project-level (if project) or broken down by index (if index) or by data stream (if datastream)
metric_types[] | Yes- storage_retained- ingest_rate- search_vcu- ingest_vcu- ml_vcu | An enumeration indicating which metric types should be returned. Depending on project types, some metric types are not available, but this allows to return only what’s strictly required by the client instead of returning all metric types all the time.
allowed_indices[] | No(default: _all) | A list of indices and/or data stream names (or name patterns) for which to get the usage history. Ideally, this parameter should contain the same list of indices as in the indices.names array returned from the Get user privileges API.

AutoOps API response format:

{ "metrics": { "storage_retained": [ { "name": "ds-1", "data": [ [ "timestamp", "size" ], ..... }, ..., ], "ingest_rate": [ { "name": "index-1", "data": [ [ "timestamp", "size" ], ..., }, ... ] } }



Depending to the query from the Kibana client side the new API should return the response to display one or multiple datastreams in the time series bar chart as hourly/daily/monthly ingest size or/and retained size.

Kibana API params:
- from - Required. The start time of the chosen time period
- to - Required. The end time of the chosen time period 
- datastreams - Optional. Filter which datastreams to include.
- usageTypes - Required. What usage types to include in the response: ingest, retained or both.
- scaleTime - hourly/daily/weekly/monthly

elasticmachine commented 2 months ago

Pinging @elastic/kibana-management (Team:Kibana Management)

consulthys commented 2 months ago

If that helps, here is the OpenAPI spec of the Serverless Project Metrics API: https://github.com/elastic/autoops-services/blob/master/monitoring/service/specs/serverless_project_metrics_api.yaml

neptunian commented 2 months ago

Hi @ashokaditya . I have a basic api contract I wanted to share with you. It doesn't take the overview metrics into consideration right now as I'd like to focus on the charts first, but feel free to add those/add placeholders how you see fit. Also feel free to change the names of things, this is just to illustrate structure.

Request

{
  "from": "2023-09-01T00:00:00Z",
  "to": "2023-09-30T23:59:59Z",
  "metricTypes": ["ingestedMax", "retainedMax"],  // Flexible to support multiple metric types
  "dataStreams": []  // Optional: If omitted or empty, return top N data streams
}

metricTypes I am assuming we are getting max values for the metrics so maybe that should be reflected in the names.
metricTypes I'll likely call one at a time, for each chart, to improve performance
I left out size because it sounds like we are going to get top N which can be hard coded on the server side. I'm not seeing a use case where I would need to specify the size.
by default the initial request, I'm going to assume, will be to get top n, therefore dataStreams will be empty, and I'll expect the N number of data streams to plot. Once the feature for the user searching and adding specific data streams happens, i'll expect those specific data streams. again size would not be needed here, it's the size of the dataStreams array if the array is not empty.

Response

{
  "charts": [
    {
      "key": "ingestedMax",
      "series": [
        {
          "streamName": "data_stream_1",
          "data": [
            { "x": 1726858530000, "y": 1000000 },
            { "x": 1726862130000, "y": 1200000 },
            { "x": 1726865730000, "y": 1100000 }
          ]
        },
        {
          "streamName": "data_stream_2",
          "data": [
            { "x": 1726858530000, "y": 950000 },
            { "x": 1726862130000, "y": 980000 },
            { "x": 1726865730000, "y": 990000 }
          ]
        }
      ]
    },
    {
      "key": "retainedMax",
      "series": [
        {
          "streamName": "data_stream_1",
          "data": [
            { "x": 1726858530000, "y": 800000 },
            { "x": 1726862130000, "y": 850000 },
            { "x": 1726865730000, "y": 870000 }
          ]
        },
        {
          "streamName": "data_stream_2",
          "data": [
            { "x": 1726858530000, "y": 700000 },
            { "x": 1726862130000, "y": 720000 },
            { "x": 1726865730000, "y": 750000 }
          ]
        }
      ]
    }
  ]
}

** Can you confirm with autoOps that the data streams could be different per chart? If we request top N data streams, I would expect they could be different based on the metric types and you would receive two separate sorted arrays.

neptunian commented 2 months ago

@ashokaditya I removed the timeInterval as it looks like the charts can figure that out based on the mix and max ranges of the time series data. I also probably don't need the yUnit right now and can assume its bytes, maybe something we'd need later but could add later.