Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Raw event 검색 성능 개선 #540

Open
syncpark opened this issue Sep 14, 2023 · 0 comments
Open

Raw event 검색 성능 개선 #540

syncpark opened this issue Sep 14, 2023 · 0 comments

Comments

@syncpark
Copy link
Contributor

syncpark commented Sep 14, 2023
edited
Loading

Issue

It takes 12 seconds to search events with 2 filtering option like orig_addr and orig_port in 200 million HTTP events.
It's required to improve the search performance.

Idea

Make new query for faster search.

Current filtering options are:

  • Time range
  • Source
  • Protocol
  • Original/response address range
  • Original/response port range

Try to make Index table with key like following:

  • Type 1: SOURCE + ORIG_ADDR + ORIG_PORT + RESP_ADDR + RESP_PORT + TIME
    • TIME: YYYYMMDDHH
    • ORIG_ADDR, RESP_ADDR: u32(IPv4) or u128(IPv6)
    • ORIG_PORT, RESP_PORT: u16
  • Type 2: SOURCE + IP_ADDR + PORT + TIME
    • IP_ADDR: ORIG_ADDR or RESP_ADDR
    • PORT: ORIG_PORT or RESP_PORT

This index table have key values of other Protocol database.

Benefit

  • Search performance can be improved.

Defeat

  • Current pagination could be impossible for this query.
  • The burden increases when saving.
kimhanbeom added a commit that referenced this issue Oct 13, 2023
@kimhanbeom
Improve filtering performance
17dd570 
- Create an index table for network events.
- Index table reference when filtering addr/port in the network event graphql api.

Close: #540
@syncpark syncpark changed the title Improve raw event filtering performance Raw event 검색 성능 개선 May 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@syncpark