test-alert-load-kbn v2.9.0

kbn-alert-load: command-line utility for doing kibana alerting load tests

Modified for use with detection rules

usage

kbn-alert-load <args> <options>

or from local env

./kbn-alert-load <args> <options>

TBD; run kbn-alert-load with no parameters for help.

install pre-reqs

• install Node.js - the current version Kibana uses
• have an account set up at https://cloud.elastic.co or equivalent
• create an API key at the cloud site for use with ecctl
• install ecctl - https://www.elastic.co/guide/en/ecctl/current/ecctl-installing.html
• create an initial config for ecctl with ecctl init, providing your API key
  • When running against Cloud it is possible to run into provisioning limitations on cluster size
  • Staging can be used by updating ~/.ecctl/config.json

    {
      "host": "https://api.staging.foundit.no",
      "api_key": $API_KEY,
      "region": "gcp-us-central1",
      "output": "text",
      "timeout": 30000000000,
      "insecure": true
    }

install

npm install -g kbn-alert-load

run via npx without installing

npx kbn-alert-load <args> <opts>

running test suites

List the available test suites

kbn-alert-load ls

Specify the test suite with run

kbn-alert-load run create-indicator-rules

Specify the length of the test suite with -M for minutes. By default the length of the test is 10 minutes.

kbn-alert-load run -M 30 create-indicator-rules

When running a test suite the against the staging ESS it may take more time for the staging cloud to provision enough backend resources to run the test than the timeout to wait for the deployment to be healthy. In the case this happens cleanup to the existing deployments and try again:

kbn-alert-load rmdall

Different tests by rule types

By default kbn-alert-load run tests for alerts rule. But it is also possible to run tests with security detection Indicator match rule by specifying --type='im'

kbn-alert-load.js run im-test --type='im' 

Running against an existing deployment

By default kbn-alert-load create deployment for each scenario in suite.scenarios. But it possible to run you test again existing deployment.

1. Run just one specific scenarios from suite (by deafult run the first one)

   kbn-alert-load run im-test --type='im' -e ESURL -k KBURL -s 3   

2. Run all scenarios from a suite in sequience mode

   kbn-alert-load.js runSequence im-test --type='im'  -r 'report-im.html' -o 'yourFolderReport' -e ESURL -k KBURL

Specifying new test suites

Test suites are defined under suites.js

change log

2.1.0 - 2021-07-14

• updated to work with the latest ecctl v1.4.0
• changed RAM size calculation to match closest available values per region
• various other small updates
• pull request: https://github.com/pmuellr/kbn-alert-load/pull/5

1.x.x - ????-??-??

• add lsd, rmd, and rmdall commands
• print existing deployments at begin and end of run command

1.0.0 - 2020-10-29

• initial release