Skip to content

[DOCS] Detection engine/cold tier data - 7.11#487

Merged
jmikell821 merged 3 commits intomasterfrom
detections-ov-7.11
Feb 9, 2021
Merged

[DOCS] Detection engine/cold tier data - 7.11#487
jmikell821 merged 3 commits intomasterfrom
detections-ov-7.11

Conversation

@jmikell821
Copy link
Contributor

@jmikell821 jmikell821 commented Feb 1, 2021
edited
Loading

Addresses #446.

Preview link.

@jmikell821
Copy link
Contributor Author

jmikell821 commented Feb 1, 2021

@oatkiller @MikePaquette is there anything else I need to add here?

@MikePaquette
Copy link
Contributor

MikePaquette commented Feb 2, 2021

Thanks @jmikell821 this is looking good.

If detection rules run with data stored in this tier, it likely will impact performance and speed.

This sentence could be clarified - are we providing more information the the cases that are supported, or are we saying what will happen if they run cold tier on unsupported indices?

@jmikell821
Copy link
Contributor Author

jmikell821 commented Feb 2, 2021

Thanks @jmikell821 this is looking good.

If detection rules run with data stored in this tier, it likely will impact performance and speed.

This sentence could be clarified - are we providing more information the the cases that are supported, or are we saying what will happen if they run cold tier on unsupported indices?

Hi @MikePaquette -- I'm not sure what else would happen beyond a sluggish performance if they ran cold tier on unsupported indices -- I suppose there could be a potential bug of the rule not executing but I don't want to assume. @oatkiller can you provide some more context please to Mike's question?

@MikePaquette
Copy link
Contributor

MikePaquette commented Feb 8, 2021
edited
Loading

If detection rules run with data stored in this tier, it likely will impact performance and speed.

@jmikell821 sorry my previous comment was not very clear. I am asking that we tighten up that sentence because it is not clear to the reader what was meant by run with data stored in this tier. The reader may wonder how does run with data stored in this tier relate to the two lists you just gave me above?

Suggestion 1): delete the sentence. (We've already said what's supported and what's not supported, do we need to elaborate?)
Suggestion 2): modify sentence as: "Using cold tier data for unsupported indices may result in detection rule timeouts and overall performance degradation."

@MikePaquette
Copy link
Contributor

MikePaquette commented Feb 8, 2021

One more suggestion @jmikell821, since this notice and topic is not strictly limited to the operation of the detection engine, can we either move it to or replicate it in the Elastic Security system requirements section?

image

oatkiller
oatkiller approved these changes Feb 8, 2021
View reviewed changes
Copy link
Contributor

@oatkiller oatkiller left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

@jmikell821 jmikell821 merged commit b3513b5 into master Feb 9, 2021
jmikell821 added a commit to jmikell821/security-docs that referenced this pull request Feb 9, 2021
@jmikell821
[DOCS] Detection engine/cold tier data - 7.11 (elastic#487)
03507f5
@jmikell821 jmikell821 mentioned this pull request Feb 9, 2021
Merged
jmikell821 added a commit to jmikell821/security-docs that referenced this pull request Feb 9, 2021
@jmikell821
[DOCS] Detection engine/cold tier data - 7.11 (elastic#487)
3ec3d35
This was referenced Feb 9, 2021
Merged
Closed
jmikell821 added a commit that referenced this pull request Feb 9, 2021
@jmikell821
[DOCS] Detection engine/cold tier data - 7.11 (#487) (#505)
ae474da
jmikell821 added a commit that referenced this pull request Feb 9, 2021
@jmikell821
[DOCS] Detection engine/cold tier data - 7.11 (#487) (#506)
5bd1a3c
@jmikell821 jmikell821 deleted the detections-ov-7.11 branch August 10, 2021 14:23
@stefnestor stefnestor mentioned this pull request Jul 15, 2024
Merged
This was referenced Aug 9, 2024
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@peluja1012 peluja1012 Awaiting requested review from peluja1012

@MikePaquette MikePaquette Awaiting requested review from MikePaquette

1 more reviewer

@oatkiller oatkiller oatkiller approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jmikell821 @MikePaquette @oatkiller