[jira] [Commented] (METRON-1829) Large Error Message Causes Slow Search Performance

["ASF GitHub Bot (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/METRON-1829?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16652218#comment-16652218 ] 

ASF GitHub Bot commented on METRON-1829:
----------------------------------------

GitHub user merrimanr opened a pull request:

    https://github.com/apache/metron/pull/1239

    METRON-1829: Large Error Message Causes Slow Search Performance

    ## Contributor Comments
    When a failure happens in the BulkWriterComponent, all pending messages in a batch are combined into a single error message.  This results in a single large objects being written to ES and causes performance problems.  This PR attempts to solve this issue by instead creating separate error messages for each message in the batch. 
    
    ### Testing
    This has been tested and verified in full dev:
    
    1. Spin up full dev and verify data is being indexed into ES
    2. Stop HDFS in Ambari.  This will cause a failure in the BulkWriterComponent.  By default the batch size for OOTB sensors is set to 5.
    3. After HDFS has stopped, verify that documents are being written to an ES error index
    4. Retrieve a single document from the ES error index.  There should only be a single `raw_message` field.  Subsequent documents in ES should also only contain a single `raw_message` field.  Before there would have been 5 `raw_message_*` fields in a single document.
    5.  Verify error documents are displayed properly in Kibana.
    
    ## Pull Request Checklist
    
    Thank you for submitting a contribution to Apache Metron.  
    Please refer to our [Development Guidelines](https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=61332235) for the complete guide to follow for contributions.  
    Please refer also to our [Build Verification Guidelines](https://cwiki.apache.org/confluence/display/METRON/Verifying+Builds?show-miniview) for complete smoke testing guides.  
    
    
    In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following:
    
    ### For all changes:
    - [x] Is there a JIRA ticket associated with this PR? If not one needs to be created at [Metron Jira](https://issues.apache.org/jira/browse/METRON/?selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel).
    - [x] Does your PR title start with METRON-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
    - [x] Has your PR been rebased against the latest commit within the target branch (typically master)?
    
    
    ### For code changes:
    - [x] Have you included steps to reproduce the behavior or problem that is being changed or addressed?
    - [x] Have you included steps or a guide to how the change may be verified and tested manually?
    - [x] Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:
      ```
      mvn -q clean integration-test install && dev-utilities/build-utils/verify_licenses.sh 
      ```
    
    - [x] Have you written or updated unit tests and or integration tests to verify your changes?
    - [x] If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under [ASF 2.0](http://www.apache.org/legal/resolved.html#category-a)?
    - [x] Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?
    
    ### For documentation related changes:
    - [x] Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via `site-book/target/site/index.html`:
    
      ```
      cd site-book
      mvn site
      ```
    
    #### Note:
    Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
    It is also recommended that [travis-ci](https://travis-ci.org) is set up for your personal repository such that your branches are built there before submitting a pull request.


You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/merrimanr/incubator-metron METRON-1829

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/metron/pull/1239.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #1239
    
----
commit d674d9afbf7f5a230737dbcfe4ab10a70106f4ed
Author: merrimanr <me...@...>
Date:   2018-10-15T20:46:31Z

    initial commit

----


> Large Error Message Causes Slow Search Performance
> --------------------------------------------------
>
>                 Key: METRON-1829
>                 URL: https://issues.apache.org/jira/browse/METRON-1829
>             Project: Metron
>          Issue Type: Bug
>            Reporter: Ryan Merriman
>            Priority: Major
>
> Errors that occur during batch writes in the index topologies (batch and RA) are written to Elasticsearch as a single, large error message, with a field for each failed message. For example, if the batch size is 5000, a single error message will be created with 5000 fields `raw_message_0`, `raw_message_1`, .., `raw_message_4999`. With such large messages, searching the error index in Elasticsearch is excessively slow.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)