Optimizing index check for normal app usage

spong · spong · commit 34dfdf0f41e7 · 2020-02-01T13:51:09.000-07:00
diff --git a/x-pack/legacy/plugins/siem/server/lib/source_status/elasticsearch_adapter.ts b/x-pack/legacy/plugins/siem/server/lib/source_status/elasticsearch_adapter.ts
@@ -15,41 +15,45 @@ export class ElasticsearchSourceStatusAdapter implements SourceStatusAdapter {
   constructor(private readonly framework: FrameworkAdapter) {}
 
   public async hasIndices(request: FrameworkRequest, indexNames: string[]) {
-    // Note: Additional check necessary for APM-specific index. For details see: https://github.com/elastic/kibana/issues/56363
-    // Only verify if APM data exists if indexNames includes `apm-*-transaction*` (default included apm index)
-    const includesApmIndex = indexNames.includes(APM_INDEX_NAME);
-    const hasApmDataReq = includesApmIndex
-      ? this.framework.callWithRequest<{}, ApmServiceNameAgg>(
-          request,
-          'search',
-          buildQuery({ defaultIndex: [APM_INDEX_NAME] })
-        )
-      : Promise.resolve(undefined);
-
-    // Remove APM index if exists, and only query if length > 0 in case it's the only index provided
-    const nonApmIndexNameArray = indexNames.filter(name => name !== APM_INDEX_NAME);
-    const indexCheckReq =
-      nonApmIndexNameArray.length > 0
+    // Intended flow to determine app-empty state is to first check siem indices (as this is a quick shard count), and
+    // if no shards exist only then perform the heavier APM query. This optimizes for normal use when siem data exists
+    try {
+      // Remove APM index if exists, and only query if length > 0 in case it's the only index provided
+      const nonApmIndexNames = indexNames.filter(name => name !== APM_INDEX_NAME);
+      const indexCheckResponse = await (nonApmIndexNames.length > 0
         ? this.framework.callWithRequest(request, 'search', {
-            index: nonApmIndexNameArray,
+            index: nonApmIndexNames,
             size: 0,
             terminate_after: 1,
             allow_no_indices: true,
           })
-        : Promise.resolve(undefined);
+        : Promise.resolve(undefined));
 
-    try {
-      const [apmResponse, indexCheckResponse] = await Promise.all([hasApmDataReq, indexCheckReq]);
-
-      return (
-        (apmResponse?.aggregations?.total_service_names?.value ?? -1) > 0 ||
-        (indexCheckResponse?._shards.total ?? -1) > 0
-      );
-    } catch (err) {
-      if (err.status === 404) {
+      if ((indexCheckResponse?._shards.total ?? -1) > 0) {
+        return true;
+      }
+
+      // Note: Additional check necessary for APM-specific index. For details see: https://github.com/elastic/kibana/issues/56363
+      // Only verify if APM data exists if indexNames includes `apm-*-transaction*` (default included apm index)
+      const includesApmIndex = indexNames.includes(APM_INDEX_NAME);
+      const hasApmDataResponse = await (includesApmIndex
+        ? this.framework.callWithRequest<{}, ApmServiceNameAgg>(
+            request,
+            'search',
+            buildQuery({ defaultIndex: [APM_INDEX_NAME] })
+          )
+        : Promise.resolve(undefined));
+
+      if ((hasApmDataResponse?.aggregations?.total_service_names?.value ?? -1) > 0) {
+        return true;
+      }
+    } catch (e) {
+      if (e.status === 404) {
         return false;
       }
-      throw err;
+      throw e;
     }
+
+    return false;
   }
 }
