Changes log level from info to debug from user complaints about logs filling up (#116518) (#116799)

## Summary Changes detections log level from info to debug within the detection engine. Users have been complaining about their log files filling up in excessive size from when they have noisy rules or if they have a large amount of rules enabled. Co-authored-by: Frank Hassanabad <frank.hassanabad@elastic.co>
2021-10-30 00:04:56 -04:00 · 2021-10-30 00:04:56 -04:00 · 59ce3c0cd0
commit 59ce3c0cd0
parent cfb6b80aea
3 changed files with 5 additions and 7 deletions
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/rule_types/create_security_rule_type_wrapper.ts
@ -302,7 +302,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
                  ?.kibana_siem_app_url,
              });

-              logger.info(
+              logger.debug(
                buildRuleMessage(`Found ${createdSignalsCount} signals for notification.`)
              );

@ -353,8 +353,7 @@ export const createSecurityRuleTypeWrapper: CreateSecurityRuleTypeWrapper =
              });
            }

-            // adding this log line so we can get some information from cloud
-            logger.info(
+            logger.debug(
              buildRuleMessage(
                `[+] Finished indexing ${createdSignalsCount} ${
                  !isEmpty(tuples)
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/executors/ml.ts
@ -104,7 +104,7 @@ export const mlExecutor = async ({

  const anomalyCount = filteredAnomalyResults.hits.hits.length;
  if (anomalyCount) {
-    logger.info(buildRuleMessage(`Found ${anomalyCount} signals from ML anomalies.`));
+    logger.debug(buildRuleMessage(`Found ${anomalyCount} signals from ML anomalies.`));
  }
  const { success, errors, bulkCreateDuration, createdItemsCount, createdItems } =
    await bulkCreateMlSignals({
--- a/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
+++ b/x-pack/plugins/security_solution/server/lib/detection_engine/signals/signal_rule_alert_type.ts
@ -426,7 +426,7 @@ export const signalRulesAlertType = ({
                ?.kibana_siem_app_url,
            });

-            logger.info(
+            logger.debug(
              buildRuleMessage(`Found ${result.createdSignalsCount} signals for notification.`)
            );

@ -478,8 +478,7 @@ export const signalRulesAlertType = ({
            });
          }

-          // adding this log line so we can get some information from cloud
-          logger.info(
+          logger.debug(
            buildRuleMessage(
              `[+] Finished indexing ${result.createdSignalsCount}  ${
                !isEmpty(tuples)