-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Security Solution] Fixes multi-line diff algorithm performance in the upgrade/_review
endpoint
#199388
Conversation
Pinging @elastic/security-detections-response (Team:Detections and Resp) |
Pinging @elastic/security-solution (Team: SecuritySolution) |
Pinging @elastic/security-detection-rule-management (Team:Detection Rule Management) |
..._engine/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.ts
Outdated
Show resolved
Hide resolved
...ne/prebuilt_rules/logic/diff/calculation/algorithms/multi_line_string_diff_algorithm.test.ts
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I tested the fix locally, no performance issues spotted 👍
I also checked the behavior of the merger. Changing the separator to a newline character doesn't seem to affect its output in any way. I tested several outcomes, both with and without conflicts, and the results looked good.
@elasticmachine merge upstream |
Pushed a new commit with some refactoring of the tests which includes:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Closely reviewed the changes and refactored the tests a bit to improve readability. This test coverage looks pretty solid to me and I also trust the manual testing done by @xcrzx, so I'll skip it.
Thank you @dplumlee, let's merge if/when it passes CI 🚀
Starting backport for target branches: 8.16, 8.x |
💚 Build Succeeded
Metrics [docs]
History
cc @dplumlee |
…e `upgrade/_review` endpoint (elastic#199388) **Fixes elastic#199290 ## Summary The current multi-line string algorithm uses a very inefficient regex to split and analyze string fields, and exponentially increases in time complexity when the strings are long. This PR substitutes a much simpler comparison regex for far better efficiency as shown in the table below. ### Performance between different regex options using sample prebuilt rule setup guide string | | `/(\S+\|\s+)/g` (original) | `/(\s+)/g` | `/(\n)/g` | `/(\r\n\|\n\|\r)/g` | |-----------------------|---------------|----------|---------|-------------------| | Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` | | FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` | | FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | | ### Performance between different regex options using intentionally long strings (25k characters) | | `/(\S+\|\s+)/g` | `/(\r\n\|\n\|\r)/g` | |----------------------|-----------------------|---------------------| | Unit test speed | `1049414ms` (17 min) | `58ms` | | FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` | ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Georgii Gorbachev <[email protected]> (cherry picked from commit 4f6d357)
…e `upgrade/_review` endpoint (elastic#199388) **Fixes elastic#199290 ## Summary The current multi-line string algorithm uses a very inefficient regex to split and analyze string fields, and exponentially increases in time complexity when the strings are long. This PR substitutes a much simpler comparison regex for far better efficiency as shown in the table below. ### Performance between different regex options using sample prebuilt rule setup guide string | | `/(\S+\|\s+)/g` (original) | `/(\s+)/g` | `/(\n)/g` | `/(\r\n\|\n\|\r)/g` | |-----------------------|---------------|----------|---------|-------------------| | Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` | | FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` | | FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | | ### Performance between different regex options using intentionally long strings (25k characters) | | `/(\S+\|\s+)/g` | `/(\r\n\|\n\|\r)/g` | |----------------------|-----------------------|---------------------| | Unit test speed | `1049414ms` (17 min) | `58ms` | | FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` | ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Georgii Gorbachev <[email protected]> (cherry picked from commit 4f6d357)
💚 All backports created successfully
Note: Successful backport PRs will be merged automatically after passing CI. Questions ?Please refer to the Backport tool documentation |
… in the `upgrade/_review` endpoint (#199388) (#200096) # Backport This will backport the following commits from `main` to `8.x`: - [[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)](#199388) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-13T20:59:15Z","message":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)\n\n**Fixes https://github.com/elastic/kibana/issues/199290**\r\n\r\n## Summary\r\n\r\nThe current multi-line string algorithm uses a very inefficient regex to\r\nsplit and analyze string fields, and exponentially increases in time\r\ncomplexity when the strings are long. This PR substitutes a much simpler\r\ncomparison regex for far better efficiency as shown in the table below.\r\n\r\n### Performance between different regex options using sample prebuilt\r\nrule setup guide string\r\n\r\n| | `/(\\S+\\|\\s+)/g` (original) | `/(\\s+)/g` | `/(\\n)/g` |\r\n`/(\\r\\n\\|\\n\\|\\r)/g` |\r\n\r\n|-----------------------|---------------|----------|---------|-------------------|\r\n| Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` |\r\n| FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` |\r\n| FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | |\r\n\r\n\r\n### Performance between different regex options using intentionally long\r\nstrings (25k characters)\r\n\r\n| | `/(\\S+\\|\\s+)/g` | `/(\\r\\n\\|\\n\\|\\r)/g` |\r\n|----------------------|-----------------------|---------------------|\r\n| Unit test speed | `1049414ms` (17 min) | `58ms` |\r\n| FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` |\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"4f6d3570c59d30951368f601b2b59ab3b7a1ae4c","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:critical","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0","v8.16.1"],"title":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint","number":199388,"url":"https://github.com/elastic/kibana/pull/199388","mergeCommit":{"message":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)\n\n**Fixes https://github.com/elastic/kibana/issues/199290**\r\n\r\n## Summary\r\n\r\nThe current multi-line string algorithm uses a very inefficient regex to\r\nsplit and analyze string fields, and exponentially increases in time\r\ncomplexity when the strings are long. This PR substitutes a much simpler\r\ncomparison regex for far better efficiency as shown in the table below.\r\n\r\n### Performance between different regex options using sample prebuilt\r\nrule setup guide string\r\n\r\n| | `/(\\S+\\|\\s+)/g` (original) | `/(\\s+)/g` | `/(\\n)/g` |\r\n`/(\\r\\n\\|\\n\\|\\r)/g` |\r\n\r\n|-----------------------|---------------|----------|---------|-------------------|\r\n| Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` |\r\n| FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` |\r\n| FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | |\r\n\r\n\r\n### Performance between different regex options using intentionally long\r\nstrings (25k characters)\r\n\r\n| | `/(\\S+\\|\\s+)/g` | `/(\\r\\n\\|\\n\\|\\r)/g` |\r\n|----------------------|-----------------------|---------------------|\r\n| Unit test speed | `1049414ms` (17 min) | `58ms` |\r\n| FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` |\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"4f6d3570c59d30951368f601b2b59ab3b7a1ae4c"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199388","number":199388,"mergeCommit":{"message":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)\n\n**Fixes https://github.com/elastic/kibana/issues/199290**\r\n\r\n## Summary\r\n\r\nThe current multi-line string algorithm uses a very inefficient regex to\r\nsplit and analyze string fields, and exponentially increases in time\r\ncomplexity when the strings are long. This PR substitutes a much simpler\r\ncomparison regex for far better efficiency as shown in the table below.\r\n\r\n### Performance between different regex options using sample prebuilt\r\nrule setup guide string\r\n\r\n| | `/(\\S+\\|\\s+)/g` (original) | `/(\\s+)/g` | `/(\\n)/g` |\r\n`/(\\r\\n\\|\\n\\|\\r)/g` |\r\n\r\n|-----------------------|---------------|----------|---------|-------------------|\r\n| Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` |\r\n| FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` |\r\n| FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | |\r\n\r\n\r\n### Performance between different regex options using intentionally long\r\nstrings (25k characters)\r\n\r\n| | `/(\\S+\\|\\s+)/g` | `/(\\r\\n\\|\\n\\|\\r)/g` |\r\n|----------------------|-----------------------|---------------------|\r\n| Unit test speed | `1049414ms` (17 min) | `58ms` |\r\n| FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` |\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"4f6d3570c59d30951368f601b2b59ab3b7a1ae4c"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]>
…e in the `upgrade/_review` endpoint (#199388) (#200095) # Backport This will backport the following commits from `main` to `8.16`: - [[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)](#199388) <!--- Backport version: 9.4.3 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Davis Plumlee","email":"[email protected]"},"sourceCommit":{"committedDate":"2024-11-13T20:59:15Z","message":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)\n\n**Fixes https://github.com/elastic/kibana/issues/199290**\r\n\r\n## Summary\r\n\r\nThe current multi-line string algorithm uses a very inefficient regex to\r\nsplit and analyze string fields, and exponentially increases in time\r\ncomplexity when the strings are long. This PR substitutes a much simpler\r\ncomparison regex for far better efficiency as shown in the table below.\r\n\r\n### Performance between different regex options using sample prebuilt\r\nrule setup guide string\r\n\r\n| | `/(\\S+\\|\\s+)/g` (original) | `/(\\s+)/g` | `/(\\n)/g` |\r\n`/(\\r\\n\\|\\n\\|\\r)/g` |\r\n\r\n|-----------------------|---------------|----------|---------|-------------------|\r\n| Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` |\r\n| FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` |\r\n| FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | |\r\n\r\n\r\n### Performance between different regex options using intentionally long\r\nstrings (25k characters)\r\n\r\n| | `/(\\S+\\|\\s+)/g` | `/(\\r\\n\\|\\n\\|\\r)/g` |\r\n|----------------------|-----------------------|---------------------|\r\n| Unit test speed | `1049414ms` (17 min) | `58ms` |\r\n| FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` |\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"4f6d3570c59d30951368f601b2b59ab3b7a1ae4c","branchLabelMapping":{"^v9.0.0$":"main","^v8.17.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["bug","release_note:skip","impact:critical","v9.0.0","Team:Detections and Resp","Team: SecuritySolution","Team:Detection Rule Management","Feature:Prebuilt Detection Rules","backport:version","v8.17.0","v8.16.1"],"title":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint","number":199388,"url":"https://github.com/elastic/kibana/pull/199388","mergeCommit":{"message":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)\n\n**Fixes https://github.com/elastic/kibana/issues/199290**\r\n\r\n## Summary\r\n\r\nThe current multi-line string algorithm uses a very inefficient regex to\r\nsplit and analyze string fields, and exponentially increases in time\r\ncomplexity when the strings are long. This PR substitutes a much simpler\r\ncomparison regex for far better efficiency as shown in the table below.\r\n\r\n### Performance between different regex options using sample prebuilt\r\nrule setup guide string\r\n\r\n| | `/(\\S+\\|\\s+)/g` (original) | `/(\\s+)/g` | `/(\\n)/g` |\r\n`/(\\r\\n\\|\\n\\|\\r)/g` |\r\n\r\n|-----------------------|---------------|----------|---------|-------------------|\r\n| Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` |\r\n| FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` |\r\n| FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | |\r\n\r\n\r\n### Performance between different regex options using intentionally long\r\nstrings (25k characters)\r\n\r\n| | `/(\\S+\\|\\s+)/g` | `/(\\r\\n\\|\\n\\|\\r)/g` |\r\n|----------------------|-----------------------|---------------------|\r\n| Unit test speed | `1049414ms` (17 min) | `58ms` |\r\n| FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` |\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"4f6d3570c59d30951368f601b2b59ab3b7a1ae4c"}},"sourceBranch":"main","suggestedTargetBranches":["8.x","8.16"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/199388","number":199388,"mergeCommit":{"message":"[Security Solution] Fixes multi-line diff algorithm performance in the `upgrade/_review` endpoint (#199388)\n\n**Fixes https://github.com/elastic/kibana/issues/199290**\r\n\r\n## Summary\r\n\r\nThe current multi-line string algorithm uses a very inefficient regex to\r\nsplit and analyze string fields, and exponentially increases in time\r\ncomplexity when the strings are long. This PR substitutes a much simpler\r\ncomparison regex for far better efficiency as shown in the table below.\r\n\r\n### Performance between different regex options using sample prebuilt\r\nrule setup guide string\r\n\r\n| | `/(\\S+\\|\\s+)/g` (original) | `/(\\s+)/g` | `/(\\n)/g` |\r\n`/(\\r\\n\\|\\n\\|\\r)/g` |\r\n\r\n|-----------------------|---------------|----------|---------|-------------------|\r\n| Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` |\r\n| FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` |\r\n| FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | |\r\n\r\n\r\n### Performance between different regex options using intentionally long\r\nstrings (25k characters)\r\n\r\n| | `/(\\S+\\|\\s+)/g` | `/(\\r\\n\\|\\n\\|\\r)/g` |\r\n|----------------------|-----------------------|---------------------|\r\n| Unit test speed | `1049414ms` (17 min) | `58ms` |\r\n| FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` |\r\n\r\n### Checklist\r\n\r\nDelete any items that are not applicable to this PR.\r\n\r\n- [x] [Unit or functional\r\ntests](https://www.elastic.co/guide/en/kibana/master/development-tests.html)\r\nwere updated or added to match the most common scenarios\r\n- [ ] [Flaky Test\r\nRunner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was\r\nused on any tests changed\r\n\r\n\r\n### For maintainers\r\n\r\n- [ ] This was checked for breaking API changes and was [labeled\r\nappropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels)\r\n- [ ] This will appear in the **Release Notes** and follow the\r\n[guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process)\r\n\r\n---------\r\n\r\nCo-authored-by: Elastic Machine <[email protected]>\r\nCo-authored-by: Georgii Gorbachev <[email protected]>","sha":"4f6d3570c59d30951368f601b2b59ab3b7a1ae4c"}},{"branch":"8.x","label":"v8.17.0","branchLabelMappingKey":"^v8.17.0$","isSourceBranch":false,"state":"NOT_CREATED"},{"branch":"8.16","label":"v8.16.1","branchLabelMappingKey":"^v(\\d+).(\\d+).\\d+$","isSourceBranch":false,"state":"NOT_CREATED"}]}] BACKPORT--> Co-authored-by: Davis Plumlee <[email protected]>
…e `upgrade/_review` endpoint (elastic#199388) **Fixes elastic#199290 ## Summary The current multi-line string algorithm uses a very inefficient regex to split and analyze string fields, and exponentially increases in time complexity when the strings are long. This PR substitutes a much simpler comparison regex for far better efficiency as shown in the table below. ### Performance between different regex options using sample prebuilt rule setup guide string | | `/(\S+\|\s+)/g` (original) | `/(\s+)/g` | `/(\n)/g` | `/(\r\n\|\n\|\r)/g` | |-----------------------|---------------|----------|---------|-------------------| | Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` | | FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` | | FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | | ### Performance between different regex options using intentionally long strings (25k characters) | | `/(\S+\|\s+)/g` | `/(\r\n\|\n\|\r)/g` | |----------------------|-----------------------|---------------------| | Unit test speed | `1049414ms` (17 min) | `58ms` | | FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` | ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Georgii Gorbachev <[email protected]>
…e `upgrade/_review` endpoint (elastic#199388) **Fixes elastic#199290 ## Summary The current multi-line string algorithm uses a very inefficient regex to split and analyze string fields, and exponentially increases in time complexity when the strings are long. This PR substitutes a much simpler comparison regex for far better efficiency as shown in the table below. ### Performance between different regex options using sample prebuilt rule setup guide string | | `/(\S+\|\s+)/g` (original) | `/(\s+)/g` | `/(\n)/g` | `/(\r\n\|\n\|\r)/g` | |-----------------------|---------------|----------|---------|-------------------| | Unit test speed | `986ms` | `96ms` | `1ms` | `2ms` | | FTR test with 1 rule | `3.0s` | `2.8s` | `2.0s` | `2.0s` | | FTR test with 5 rules | `11.6s` | `6.8s` | `6.1s` | | ### Performance between different regex options using intentionally long strings (25k characters) | | `/(\S+\|\s+)/g` | `/(\r\n\|\n\|\r)/g` | |----------------------|-----------------------|---------------------| | Unit test speed | `1049414ms` (17 min) | `58ms` | | FTR test with 1 rule | `>360000ms` (Timeout) | `2.1 s` | ### Checklist Delete any items that are not applicable to this PR. - [x] [Unit or functional tests](https://www.elastic.co/guide/en/kibana/master/development-tests.html) were updated or added to match the most common scenarios - [ ] [Flaky Test Runner](https://ci-stats.kibana.dev/trigger_flaky_test_runner/1) was used on any tests changed ### For maintainers - [ ] This was checked for breaking API changes and was [labeled appropriately](https://www.elastic.co/guide/en/kibana/master/contributing.html#_add_your_labels) - [ ] This will appear in the **Release Notes** and follow the [guidelines](https://www.elastic.co/guide/en/kibana/master/contributing.html#kibana-release-notes-process) --------- Co-authored-by: Elastic Machine <[email protected]> Co-authored-by: Georgii Gorbachev <[email protected]>
…tic#201019) **Fixes: elastic#201014 **Related to:** elastic#199388 ## Summary This PR increases the threshold (time limit) value for the test by 2x from 500 ms to 1000 ms. Hope it should be enough to eliminate flakiness on CI. (cherry picked from commit c9e7820)
…tic#201019) **Fixes: elastic#201014 **Related to:** elastic#199388 ## Summary This PR increases the threshold (time limit) value for the test by 2x from 500 ms to 1000 ms. Hope it should be enough to eliminate flakiness on CI. (cherry picked from commit c9e7820)
…tic#201019) **Fixes: elastic#201014 **Related to:** elastic#199388 ## Summary This PR increases the threshold (time limit) value for the test by 2x from 500 ms to 1000 ms. Hope it should be enough to eliminate flakiness on CI.
…tic#201019) **Fixes: elastic#201014 **Related to:** elastic#199388 ## Summary This PR increases the threshold (time limit) value for the test by 2x from 500 ms to 1000 ms. Hope it should be enough to eliminate flakiness on CI.
…tic#201019) **Fixes: elastic#201014 **Related to:** elastic#199388 ## Summary This PR increases the threshold (time limit) value for the test by 2x from 500 ms to 1000 ms. Hope it should be enough to eliminate flakiness on CI.
Fixes #199290
Summary
The current multi-line string algorithm uses a very inefficient regex to split and analyze string fields, and exponentially increases in time complexity when the strings are long. This PR substitutes a much simpler comparison regex for far better efficiency as shown in the table below.
Performance between different regex options using sample prebuilt rule setup guide string
/(\S+|\s+)/g
(original)/(\s+)/g
/(\n)/g
/(\r\n|\n|\r)/g
986ms
96ms
1ms
2ms
3.0s
2.8s
2.0s
2.0s
11.6s
6.8s
6.1s
Performance between different regex options using intentionally long strings (25k characters)
/(\S+|\s+)/g
/(\r\n|\n|\r)/g
1049414ms
(17 min)58ms
>360000ms
(Timeout)2.1 s
Checklist
Delete any items that are not applicable to this PR.
For maintainers