Search hosts view generates too broad database queries
The Hosts tab in Mentat corresponding to the Search hosts view leads to a database query that is too broad and wastes system resources (and takes too long to execute).
The view allows to display results for a single IP address, yet it generates a DB query such as:
SELECT * FROM events AS "_mentatq(83_eaedjv)_" INNER JOIN events_json USING(id) WHERE "detecttime" >= '2020-12-29T12:00:00+00:00'::timestamptz AND "detecttime" <= '2021-01-05T12:00:00+00:00'::timestamptzThe scope of the query could be decreased, from at least two angles:
- The returned data set could be filtered to only contain events related to the IP queried.
- Returning all metadata columns JOINed by the JSON document is redundant, most of the data is read, formatted and transferred, but not processed afterwards.
Activity
assigned to @Jan_Mach
By Radko Krkoš on 2024-12-26T14:07:08
changed milestone to %Backlog
assigned to @radko_krkos and unassigned @Jan_Mach
By Radko Krkoš on 2024-12-26T14:22:19
Based on videocall, this is a (somewhat) deprecated feature, it will be configured to only be accessible by admins and its role taken over by the
Timelinefeature. One day, this might be revisited and the implementation improved, if distinct (fromTimeline) use cases are found.By Radko Krkoš on 2021-01-12T07:16:28
unassigned @radko_krkos
By Radko Krkoš on 2024-12-26T14:22:20
added S-Deferred label and removed S-New label
added S-Closed label and removed S-Deferred label
