[Extensions] Migrates Start/Stop Historical Analysis for single-entity and multi-entity detectors

[joshpalis]

Description

Migrates the following actions to enable starting and stopping historical analysis for single/multi entity detectors :

• ForwardADTaskAction
• ADBAtchAnomalyResultAction
• ADCAncelTaskAction

Removes all instances of the hashring and directs all request back to the local node (extension node), and replaces all internal aggregation/bucket/metrics classes with their corresponding Parsed classes due to the use of the SDKRestClient

The following logs show historical anomaly detection of data generated by the AD DataGeneration script using the following configuration : python3 generate-cosine-data-multi-entity.py -ep localhost -i server_log --shards 5 -t 10 --no-security -nh 5 -np 5 --ingestion-frequency 10 --points 30000

We can retrieve the start and end times for historical detection by retrieving the earliest and latest entries like so, and converting the @timestamp value from ISO8601 format to UNIX epoch milliseconds :

For earliest entry :

curl -X POST "localhost:9200/server_log/_search?pretty" -H "Content-Type:application/json" --data '{"size":1,"sort":{"@timestamp":"asc"},"query":{"match_all":{}}}'
{
  "took" : 69,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 10000,
      "relation" : "gte"
    },
    "max_score" : null,
    "hits" : [
      {
        "_index" : "server_log",
        "_id" : "PdZGv4cBLtGCQAK4NLHX",
        "_score" : null,
        "_source" : {
          "@timestamp" : "2023-04-24T20:34:21",
          "cpuTime" : 115.25987369529331,
          "jvmGcTime" : 149.04160499531923,
          "host" : "host1",
          "process" : "process1"
        },
        "sort" : [
          1682368461000
        ]
      }
    ]
  }
}

For latest entry : 

curl -X POST "localhost:9200/server_log/_search?pretty" -H "Content-Type:application/json" --data '{"size":1,"sort":{"@timestamp":"desc"},"query":{"match_all":{}}}'
{
  "took" : 26,
  "timed_out" : false,
  "_shards" : {
    "total" : 5,
    "successful" : 5,
    "skipped" : 0,
    "failed" : 0
  },
  "hits" : {
    "total" : {
      "value" : 10000,
      "relation" : "gte"
    },
    "max_score" : null,
    "hits" : [
      {
        "_index" : "server_log",
        "_id" : "ftpGv4cBLtGCQAK4S-GX",
        "_score" : null,
        "_source" : {
          "@timestamp" : "2023-04-28T07:54:11",
          "cpuTime" : 82.0659880832001,
          "jvmGcTime" : 204.80779428542255,
          "host" : "host4",
          "process" : "process3"
        },
        "sort" : [
          1682668451000
        ]
      }
    ]
  }
}

Logs for starting single-entity historical detection

20:57:49.909 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskManager - Current total used task slots is 0, total detector assigned task slots is 0 when start historical analysis for detector r1hbv4cB4r_m1FsnD9XU
20:57:49.909 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskManager - Current available task slots is 10 for historical analysis of detector r1hbv4cB4r_m1FsnD9XU
20:57:49.909 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskManager - Will assign 1 task slots to run historical analysis for detector r1hbv4cB4r_m1FsnD9XU
20:57:49.909 [httpclient-dispatch-1] DEBUG org.opensearch.ad.task.ADTaskManager - coordinating node is : ad-extension-1 for detector: r1hbv4cB4r_m1FsnD9XU
....
....
20:58:06.977 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - RCF total updates 1994 for task sFhbv4cB4r_m1Fsn2NUX
20:58:06.978 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - Init progress: 1.0, taskState:RUNNING, task id: sFhbv4cB4r_m1Fsn2NUX
20:58:11.978 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - task id: sFhbv4cB4r_m1Fsn2NUX, start next piece start from 1682504040000 to 1682564040000, interval 60000
20:58:11.979 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - Task progress: 0.42016807, task id:sFhbv4cB4r_m1Fsn2NUX, detector id:r1hbv4cB4r_m1FsnD9XU
20:58:12.020 [httpclient-dispatch-1] DEBUG org.opensearch.ad.feature.SearchFeatureDao - Batch query for detector r1hbv4cB4r_m1FsnD9XU: {"size":0,"query":{"bool":{"must":[{"range":{"@timestamp":{"from":1682504040000,"to":1682564040000,"include_lower":true,"include_upper":false,"format":"epoch_millis","boost":1.0}}},{"match_all":{"boost":1.0}}],"adjust_pure_negative":true,"boost":1.0}},"aggregations":{"feature_aggs":{"composite":{"size":10000,"sources":[{"date_histogram":{"date_histogram":{"field":"@timestamp","missing_bucket":false,"order":"asc","fixed_interval":"60s"}}}]},"aggregations":{"VQ5av4cByGQituyj50di":{"avg":{"field":"jvmGcTime"}}}}}} 
20:58:12.080 [httpclient-dispatch-2] DEBUG org.opensearch.ad.feature.SearchFeatureDao - Feature aggregation result size 1
20:58:12.082 [httpclient-dispatch-2] DEBUG org.opensearch.ad.feature.FeatureManager - features size: 1000
....
....
20:58:22.991 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - RCF total updates 4754 for task sFhbv4cB4r_m1Fsn2NUX
20:58:22.991 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - Init progress: 1.0, taskState:RUNNING, task id: sFhbv4cB4r_m1Fsn2NUX
20:58:22.991 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] INFO  org.opensearch.ad.task.ADBatchTaskRunner - AD task finished for detector r1hbv4cB4r_m1FsnD9XU, task id: sFhbv4cB4r_m1Fsn2NUX
20:58:22.991 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskCacheManager - Remove batch task from cache, task id: sFhbv4cB4r_m1Fsn2NUX
20:58:23.036 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskManager - Forward AD task to coordinating node, task id: sFhbv4cB4r_m1Fsn2NUX, action: CLEAN_CACHE
20:58:23.037 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.transport.ForwardADTaskTransportAction - Received CLEAN_CACHE action for detector r1hbv4cB4r_m1FsnD9XU, taskId: sFhbv4cB4r_m1Fsn2NUX, historical: true
20:58:23.037 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] INFO  org.opensearch.ad.task.ADTaskCacheManager - Removed detector from AD task coordinating node cache, detectorId: r1hbv4cB4r_m1FsnD9XU
20:58:23.077 [httpclient-dispatch-2] DEBUG org.opensearch.ad.task.ADTaskManager - Updated AD task successfully: OK, task id: sFhbv4cB4r_m1Fsn2NUX

Logs for starting multi-entity historical detection (Historical HCAD)

20:37:16.795 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskCacheManager - add detector in running detector cache, detectorId: 6-JHv4cBLtGCQAK48SIh, taskId: 7eJIv4cBLtGCQAK43yI7
20:37:16.859 [httpclient-dispatch-2] INFO  org.opensearch.ad.task.ADTaskManager - AD task 7eJIv4cBLtGCQAK43yI7 of detector 6-JHv4cBLtGCQAK48SIh dispatched to local node ad-extension-1
20:37:16.859 [httpclient-dispatch-2] DEBUG org.opensearch.ad.task.ADTaskCacheManager - Set task slots of detector 6-JHv4cBLtGCQAK48SIh as 10
20:37:16.860 [httpclient-dispatch-2] DEBUG org.opensearch.ad.task.ADTaskManager - Release checking task slot semaphore on lead node for detector 6-JHv4cBLtGCQAK48SIh
20:37:16.860 [opensearch[ad-extension][generic][T#4]] INFO  org.opensearch.ad.rest.RestAnomalyDetectorJobAction - Recieved Response : {"_id":"7eJIv4cBLtGCQAK43yI7","_version":1,"_seq_no":0,"_primary_term":1}
20:37:16.860 [opensearch[ad-extension][generic][T#4]] INFO  org.opensearch.sdk.handlers.ExtensionsRestRequestHandler - Sending extension response to OpenSearch: OK
20:37:16.924 [httpclient-dispatch-2] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - adjusted date range: start: 1682382840000, end: 1682668440000, taskId: 7eJIv4cBLtGCQAK43yI7
20:37:16.925 [httpclient-dispatch-2] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - start to search top entities at 1682541436925, data start time: 1682382840000, data end time: 1682668440000, interval: 60000
....
....
20:37:48.440 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - RCF total updates 1994 for task 8eJJv4cBLtGCQAK4OCL1
20:37:48.440 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - Init progress: 1.0, taskState:RUNNING, task id: 8eJJv4cBLtGCQAK4OCL1
20:37:48.517 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - RCF total updates 1994 for task 8uJJv4cBLtGCQAK4OSJm
20:37:48.517 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADBatchTaskRunner - Init progress: 1.0, taskState:RUNNING, task id: 8uJJv4cBLtGCQAK4OSJm
....
....
20:38:05.412 [httpclient-dispatch-2] DEBUG org.opensearch.ad.task.ADTaskManager - Updated AD task successfully: OK, taskId: 7eJIv4cBLtGCQAK43yI7
20:38:05.412 [httpclient-dispatch-1] DEBUG org.opensearch.ad.task.ADTaskManager - Updated AD task successfully: OK, task id: 8eJJv4cBLtGCQAK4OCL1
20:38:05.427 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskManager - Forward AD task to coordinating node, task id: 8uJJv4cBLtGCQAK4OSJm, action: NEXT_ENTITY
20:38:05.427 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.transport.ForwardADTaskTransportAction - Received NEXT_ENTITY action for detector 6-JHv4cBLtGCQAK48SIh, task 8uJJv4cBLtGCQAK4OSJm
20:38:05.427 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskCacheManager - Remove entity from running entities cache: process0: true
20:38:05.427 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskCacheManager - Set task slots of detector 6-JHv4cBLtGCQAK48SIh as 0
20:38:05.427 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] INFO  org.opensearch.ad.transport.ForwardADTaskTransportAction - Historical HC detector done, will remove from cache, detector id:6-JHv4cBLtGCQAK48SIh
20:38:05.428 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskManager - AD task forwarded to coordinating node, task id 8uJJv4cBLtGCQAK4OSJm
20:38:05.443 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskManager - AD task forwarded to coordinating node, task id 8uJJv4cBLtGCQAK4OSJm
20:38:05.460 [httpclient-dispatch-4] DEBUG org.opensearch.ad.task.ADTaskManager - Updated AD task successfully: OK, task id: 8uJJv4cBLtGCQAK4OSJm
20:38:05.465 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskManager - number of finished entity tasks: 5, for detector 6-JHv4cBLtGCQAK48SIh
20:38:05.524 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskManager - Historical HC detector done with state: FINISHED. Remove from cache, detector id:6-JHv4cBLtGCQAK48SIh
20:38:05.525 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskCacheManager - Removed detector from AD task coordinating node cache, detectorId: 6-JHv4cBLtGCQAK48SIh

Logs for stopping historical detection

21:34:28.651 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskManager - Forward AD task to coordinating node, task id: De99v4cB-CkL4EYTMyco, action: CANCEL
21:34:28.651 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.transport.ForwardADTaskTransportAction - Received CANCEL action for detector B-98v4cB-CkL4EYTYCdy
21:34:28.651 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskCacheManager - Remove entity from running entities cache: process0: false
21:34:28.653 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskManager - AD task forwarded to coordinating node, task id De99v4cB-CkL4EYTMyco
21:34:28.653 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] DEBUG org.opensearch.ad.task.ADTaskManager - AD task forwarded to coordinating node, task id De99v4cB-CkL4EYTMyco
21:34:28.654 [opensearch[ad-extension][ad-batch-task-threadpool][T#1]] INFO  org.opensearch.ad.task.ADTaskManager - AD task cancelled, taskId: De99v4cB-CkL4EYTMyco, detectorId: B-98v4cB-CkL4EYTYCdy
21:34:28.718 [httpclient-dispatch-2] DEBUG org.opensearch.ad.task.ADTaskManager - Updated AD task successfully: OK, task id: C-99v4cB-CkL4EYTMicZ
21:34:28.733 [httpclient-dispatch-4] DEBUG org.opensearch.ad.task.ADTaskManager - Updated AD task successfully: OK, task id: De99v4cB-CkL4EYTMyco
21:34:28.733 [httpclient-dispatch-5] DEBUG org.opensearch.ad.task.ADTaskManager - Updated AD task successfully: OK, task id: DO99v4cB-CkL4EYTMieX
21:34:28.756 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskManager - Historical HC detector done with state: STOPPED. Remove from cache, detector id:B-98v4cB-CkL4EYTYCdy
21:34:28.760 [httpclient-dispatch-1] INFO  org.opensearch.ad.task.ADTaskCacheManager - Removed detector from AD task coordinating node cache, detectorId: B-98v4cB-CkL4EYTYCdy

Issues Resolved

Completes : opensearch-project/opensearch-sdk-java#383

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[dbwiddis]

LGTM, a comment and question.

[dbwiddis]

This works, but I'm wondering if we couldn't leverage the route handlers to do this first conditional.

You could have a handleStartRequest and handleStopRequest; both delegating to this prepareRequest() method with an argument defining whether it's a start.

[joshpalis]

This is a good idea, ill make this change

[dbwiddis]

It doesn't look like the previous version conditioned on it being a start job or having content. For my own education, why is it necessary for us to add that in the conditional (vs. handling these conditions in theregisterJobDetails() method itself?)

[joshpalis]

I can add these checks in the registerJobDetails method. Previously it was not necessary to check if the request was a start job request or if the request had content. Now that we've enabled historical analysis, it is necessary to prevent these routes from registering job details with Job Scheduler as only real time analysis needs to trigger this registration.

[owaiskazi19]

Overall looks good. Let's not remove the hashring code but comment it to not lose track while working on multi node support.

[owaiskazi19]

Can we see how OpenSearch is testing parsed aggregation classes?

[joshpalis]

sure Ill spend some time today to explore how to test parsed aggregation classes

[codecov-commenter]

Codecov Report

❌ Patch coverage is 1.58730% with 124 lines in your changes missing coverage. Please review.
✅ Project coverage is 34.96%. Comparing base (cf70e72) to head (423bf7c).
⚠️ Report is 23 commits behind head on feature/extensions.

Files with missing lines	Patch %	Lines
...ain/java/org/opensearch/ad/task/ADTaskManager.java	0.00%	54 Missing ⚠️
...ensearch/ad/rest/RestAnomalyDetectorJobAction.java	0.00%	22 Missing ⚠️
...java/org/opensearch/ad/task/ADBatchTaskRunner.java	0.00%	20 Missing ⚠️
...ansport/handler/AnomalyResultBulkIndexHandler.java	0.00%	16 Missing ⚠️
...arch/ad/transport/ADCancelTaskTransportAction.java	0.00%	5 Missing ⚠️
...a/org/opensearch/ad/feature/AbstractRetriever.java	0.00%	4 Missing ⚠️
...transport/ADBatchAnomalyResultTransportAction.java	0.00%	2 Missing ⚠️
...va/org/opensearch/ad/feature/SearchFeatureDao.java	0.00%	1 Missing ⚠️

❌ Your project status has failed because the head coverage (34.96%) is below the target coverage (70.00%). You can increase the head coverage or adjust the target coverage.

Additional details and impacted files

@@                   Coverage Diff                    @@
##             feature/extensions     #880      +/-   ##
========================================================
+ Coverage                 34.94%   34.96%   +0.01%     
+ Complexity                 1895     1887       -8     
========================================================
  Files                       300      300              
  Lines                     17915    17843      -72     
  Branches                   1869     1862       -7     
========================================================
- Hits                       6261     6238      -23     
+ Misses                    11201    11156      -45     
+ Partials                    453      449       -4     

Flag	Coverage Δ
plugin	34.96% <1.58%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
...va/org/opensearch/ad/AnomalyDetectorExtension.java	0.00% <ø> (ø)
...rch/ad/transport/ForwardADTaskTransportAction.java	78.81% <100.00%> (ø)
...va/org/opensearch/ad/feature/SearchFeatureDao.java	4.41% <0.00%> (-0.30%)	⬇️
...transport/ADBatchAnomalyResultTransportAction.java	0.00% <0.00%> (ø)
...a/org/opensearch/ad/feature/AbstractRetriever.java	2.85% <0.00%> (-45.72%)	⬇️
...arch/ad/transport/ADCancelTaskTransportAction.java	0.00% <0.00%> (ø)
...ansport/handler/AnomalyResultBulkIndexHandler.java	0.00% <0.00%> (ø)
...java/org/opensearch/ad/task/ADBatchTaskRunner.java	0.00% <0.00%> (ø)
...ensearch/ad/rest/RestAnomalyDetectorJobAction.java	0.00% <0.00%> (ø)
...ain/java/org/opensearch/ad/task/ADTaskManager.java	0.07% <0.00%> (+<0.01%)	⬆️

... and 2 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[vibrantvarun]

@owaiskazi19 @joshpalis shouldn't we document these changes?

[joshpalis]

sure I can add this to the migration documentation