[Synthetics] Honor searchExcludedDataTiers advanced setting in SyntheticsEsClient#273418
Merged
mgiota merged 7 commits intoJun 18, 2026
Merged
Conversation
Synthetics searched the full `synthetics-*` wildcard with no data-tier filter, so queries fanned out to every backing index across hot/warm/ frozen tiers. On clusters with long frozen retention this drove high latency (slow screenshots/history) and search thread pool rejections. `SyntheticsEsClient` now reads the `observability:searchExcludedDataTiers` advanced setting (already honored by APM and Infrastructure) and injects a `must_not _tier` filter into every search/msearch/count. The setting defaults to `[]`, so behavior is unchanged unless an operator opts in. Alerting rule executors (status, TLS) now pass their `uiSettingsClient` through so their queries are covered too. Addresses elastic#273086 Co-authored-by: Cursor <cursoragent@cursor.com>
shahzad31
added
release_note:enhancement
Synthetics
Team:actionable-obs
github-actions
Bot
added
the
author:actionable-obs
|
Pinging @elastic/actionable-obs-team (Team:actionable-obs) |
mgiota
approved these changes
Jun 16, 2026
mgiota
left a comment
mgiota
left a comment
Contributor
There was a problem hiding this comment.
LGTM! Nicely scoped fix — follows the existing APM/Infra pattern for searchExcludedDataTiers, defaults to no behavior change ([]), and centralizing it in SyntheticsEsClient means every UI route and the wired-up rule executors are covered without touching call sites. Tests cover the new search/msearch/count paths plus the helper.
Thanks for tracking the @timestamp lower bounds and the fetchMonitorRecentPings default as follow-ups in #273086.
mgiota
reviewed
Jun 16, 2026
| }); | ||
| }); | ||
|
|
||
| describe('excluded data tiers', () => { |
Contributor
There was a problem hiding this comment.
nit: search has both the tiers configured and no tiers excluded cases in the new describe('excluded data tiers') block, but msearch and count only cover the "configured" path.
The pre-existing tests for those methods do exercise the unmodified-request path, but only via the uiSettingsClient short-circuit in getExcludedDataTiers() (no client provided).
What's not covered for msearch/count is the case where the client is provided and returns [] — i.e. the falsy branch of the if (excludedDataTiers.length) guard inside each method. Worth two small symmetric tests for completeness. Pure nit, non-blocking.
Contributor
There was a problem hiding this comment.
it('does not modify msearch requests when no tiers are excluded', async () => {
esClient.msearch.mockResolvedValueOnce({
body: { responses: [{}] },
} as unknown as MsearchResponse);
const { client, uiSettings } = createClientWithExcludedTiers([]);
await client.msearch([{ query: matchAll }]);
expect(uiSettings.get).toHaveBeenCalledWith('observability:searchExcludedDataTiers');
expect(esClient.msearch).toHaveBeenCalledWith(
{
searches: [
{ index: 'synthetics-*', ignore_unavailable: true },
{ query: matchAll },
],
},
{ meta: true }
);
});
it('does not modify the count query when no tiers are excluded', async () => {
const { client, uiSettings } = createClientWithExcludedTiers([]);
await client.count({ query: matchAll });
expect(uiSettings.get).toHaveBeenCalledWith('observability:searchExcludedDataTiers');
expect(esClient.count).toHaveBeenCalledWith(
{ index: 'synthetics-*', ignore_unavailable: true, query: matchAll },
{ meta: true, context: { loggingOptions: { loggerName: 'synthetics' } } }
);
});
Contributor
Author
There was a problem hiding this comment.
Good call — added the two symmetric tests (msearch + count with the client provided but the setting returning [], so the falsy branch of the excludedDataTiers.length guard is covered) in 198f655.
shahzad31
added
the
backport:all-open
Cover the falsy branch of the excluded-tiers guard for msearch and count (client provided, setting returns []), addressing review feedback. Co-authored-by: Cursor <cursoragent@cursor.com>
2 tasks
Client-side queries issued via the data plugin's search service (useEsSearch / useReduxEsSearch -> /internal/search) bypassed SyntheticsEsClient and therefore the observability:searchExcludedDataTiers exclusion added server-side. Mirror that behavior on the browser: a new applyExcludedDataTiersToParams helper injects the must_not _tier filter, applied once in the redux executeEsQueryAPI thunk (covers useReduxEsSearch) and via a new useSyntheticsEsSearch wrapper (replaces direct useEsSearch usages). The setting defaults to [], so behavior is unchanged unless an operator opts in. Co-authored-by: Cursor <cursoragent@cursor.com>
The client bundle cannot import the deep subpath @kbn/observability-plugin/common/ui_settings_keys. Re-export searchExcludedDataTiers from @kbn/observability-plugin/common (matching enableInspectEsQueries) and import the key from the package index in both the client helper and the server client. Co-authored-by: Cursor <cursoragent@cursor.com>
These overview CCS index-pattern changes were accidentally swept into the previous commit via `git add -A` and are unrelated to searchExcludedDataTiers. Co-authored-by: Cursor <cursoragent@cursor.com>
Contributor
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
History
|
Contributor
|
Starting backport for target branches: 8.19, 9.3, 9.4 https://github.com/elastic/kibana/actions/runs/27790679644 |
Contributor
💔 All backports failed
Manual backportTo create the backport manually run: Questions ?Please refer to the Backport tool documentation |
mbondyra
added a commit
to mbondyra/kibana
that referenced
this pull request
Jun 19, 2026
…g_generation * commit '408590635258efac66c7e71983ea92560ea41ac9': (199 commits) [Cases] Legacy templates migration PR 1/2 - SO changes (elastic#270179) [Failed Test Investigator] Skip reference links, exit early on deleted tests (elastic#273970) Remove sample data hooks from Scout release tests (elastic#273768) [Alerting v2] Remove rule form schema translation layer and delete dead GUI form code (elastic#273991) feat(stack-monitoring): replace title props and wrap EuiButtonIcon with EuiToolTip (elastic#271512) [Scout][FTR migration] Prefer default Cloud-compatible roles over custom roles (elastic#273744) [One Workflow] Unskip flaky jest tests (elastic#271143) extend codeql dos exclusions (elastic#274085) [Cases] Global fields in field library (elastic#269962) [UII] Optimize enrollment key and revision reconciliation during Fleet setup (elastic#272604) [Scout] Update test config manifests (elastic#274092) [Alerting v2] Create an advanced setting to toggle the alerting v2 feature (elastic#272365) Splitting tests on findings onboarding (elastic#270638) [Synthetics] [CCS] Add "View on remote cluster" callout to monitor details page (elastic#273629) [Synthetics] [CCS] Disable header actions on details page for remote monitors (elastic#273602) Update dependency diff to v9 (main) (elastic#265874) [Synthetics] Honor searchExcludedDataTiers advanced setting in SyntheticsEsClient (elastic#273418) Update docker.elastic.co/wolfi/chainguard-base-fips:latest Docker digest to 278de96 (main) (elastic#274027) Fix keyboard access for scrollable command output panel in Response Console (elastic#272707) Update docker.elastic.co/wolfi/chainguard-base:latest Docker digest to ce1e3ed (main) (elastic#274028) ...
kibanamachine
added
the
backport missing
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
2 tasks
Contributor
|
Friendly reminder: Looks like this PR hasn’t been backported yet. |
flash1293
pushed a commit
to flash1293/kibana
that referenced
this pull request
Jun 23, 2026
…ticsEsClient (elastic#273418) ## Summary Addresses elastic#273086 (fix #1 — the single choke point). Synthetics issued every Elasticsearch query against the broad `synthetics-*` wildcard with only `ignore_unavailable: true` — no data-tier filter. As a result, queries fanned out to **all** backing indices across hot/warm/**frozen** tiers. On clusters with long frozen retention (e.g. `hot: 3d / warm: 4d / frozen: 365d`) this caused high latency (slow screenshots and history) and contributed to cluster-wide **search thread pool rejections**, because frozen searchable-snapshot shards are slow and deliberately throttled. This PR makes `SyntheticsEsClient` honor the existing `observability:searchExcludedDataTiers` advanced setting — the same mechanism already used by **APM** and **Infrastructure**. When configured, a `must_not { terms: { _tier: [...] } }` filter is injected into every `search` / `msearch` / `count`, so excluded tiers (e.g. `data_frozen`) are skipped. ### What changed - `SyntheticsEsClient` reads `observability:searchExcludedDataTiers` (cached per instance) and wraps each query via a new exported `applyExcludedDataTiersToQuery` helper, reusing the shared `excludeTiersQuery` util from `@kbn/observability-utils-common`. - The client now also accepts a plain `IUiSettingsClient` (`uiSettingsClient` option) in addition to the route-handler `uiSettings` context, so alerting rule executors can resolve the setting. - Wired the **status** and **TLS** rule executors (and the inspect-TLS route) to pass their `uiSettingsClient`, so alerting queries are covered too. - Updated the advanced-setting description to list Synthetics among the affected apps. ### Behavior / risk - The setting defaults to `[]`, so **behavior is unchanged unless an operator opts in** — no functional change for existing deployments. - All Synthetics UI queries flow through `SyntheticsEsClient` via the route wrapper (which already passes `uiSettings`), so screenshots, history, latest-ping, and overview queries are all covered with no call-site changes. ### Follow-ups (tracked in elastic#273086, not in this PR) - Add `@timestamp` lower bounds to the time-less queries (screenshots/steps/network events, latest-ping hooks, `get_last_successful_check`). - Drop the residual 30-day default in `fetchMonitorRecentPings`. ## Testing - `node scripts/jest x-pack/solutions/observability/plugins/synthetics/server/lib.test.ts` — added unit tests for `search`/`msearch`/`count` exclusion and the `applyExcludedDataTiersToQuery` helper. - Status + TLS rule executor jest suites pass unchanged. - Manual: set **Stack Management → Advanced Settings → Excluded data tiers from search** to `data_frozen` and confirm Synthetics search requests include the `must_not _tier` filter (visible via the inspector / `observability:enableInspectEsQueries`). ### Checklist - [x] Unit tests updated - [x] Type-check passes for the synthetics project - [x] ESLint + i18n checks pass ### Release note Synthetics now respects the `observability:searchExcludedDataTiers` advanced setting, allowing operators to exclude slow data tiers (such as `data_frozen`) from Synthetics searches to reduce latency and search thread pool pressure. --------- Co-authored-by: Cursor <cursoragent@cursor.com> Co-authored-by: kibanamachine <42973632+kibanamachine@users.noreply.github.com>
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
1 similar comment
Contributor
|
Looks like this PR has backport PRs but they still haven't been merged. Please merge them ASAP to keep the branches relatively in sync. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Addresses #273086 (fix #1 — the single choke point).
Synthetics issued every Elasticsearch query against the broad
synthetics-*wildcard with onlyignore_unavailable: true— no data-tier filter. As a result, queries fanned out to all backing indices across hot/warm/frozen tiers. On clusters with long frozen retention (e.g.hot: 3d / warm: 4d / frozen: 365d) this caused high latency (slow screenshots and history) and contributed to cluster-wide search thread pool rejections, because frozen searchable-snapshot shards are slow and deliberately throttled.This PR makes
SyntheticsEsClienthonor the existingobservability:searchExcludedDataTiersadvanced setting — the same mechanism already used by APM and Infrastructure. When configured, amust_not { terms: { _tier: [...] } }filter is injected into everysearch/msearch/count, so excluded tiers (e.g.data_frozen) are skipped.What changed
SyntheticsEsClientreadsobservability:searchExcludedDataTiers(cached per instance) and wraps each query via a new exportedapplyExcludedDataTiersToQueryhelper, reusing the sharedexcludeTiersQueryutil from@kbn/observability-utils-common.IUiSettingsClient(uiSettingsClientoption) in addition to the route-handleruiSettingscontext, so alerting rule executors can resolve the setting.uiSettingsClient, so alerting queries are covered too.Behavior / risk
[], so behavior is unchanged unless an operator opts in — no functional change for existing deployments.SyntheticsEsClientvia the route wrapper (which already passesuiSettings), so screenshots, history, latest-ping, and overview queries are all covered with no call-site changes.Follow-ups (tracked in #273086, not in this PR)
@timestamplower bounds to the time-less queries (screenshots/steps/network events, latest-ping hooks,get_last_successful_check).fetchMonitorRecentPings.Testing
node scripts/jest x-pack/solutions/observability/plugins/synthetics/server/lib.test.ts— added unit tests forsearch/msearch/countexclusion and theapplyExcludedDataTiersToQueryhelper.data_frozenand confirm Synthetics search requests include themust_not _tierfilter (visible via the inspector /observability:enableInspectEsQueries).Checklist
Release note
Synthetics now respects the
observability:searchExcludedDataTiersadvanced setting, allowing operators to exclude slow data tiers (such asdata_frozen) from Synthetics searches to reduce latency and search thread pool pressure.