Feedback AutoOps for On-Prem Cluster

Elastic Stack Monitoring
1

Dear All,

We are using AutoOps for our on-prem cluster for about 5 months now (we connect AutoOps as soon as we heard of it at the end of october).

After the first few hickups trying to install it, the installation was smooth and we already had a few situations that AutoOps saved us. For that alone, a big thank you from us! :folded_hands:

That being said, I think there is plenty of improvement (or maybe I am just not using AutoOps correctly) so here is my personal wishlist for the future.

Attention: This list is long - you have been warned...

Recommendations

While I know that the recommendations cannot fit all situations, I think that some recommendations shouldn't be made:

  • Events recommend that we should optimize system templates, e.g. Template .siem-signals-default can be optimized
  • Many shards in the cluster are empty recommends to delete indexes - even if they are the active write index for an alias
  • Some data nodes do not contain any shards recommends to enable shard allocation - even if the affected node is a frozen node

Handling multiple Clusters

Either the documentation for on-prem clusters could use some improvement or the UI:

We connected 2 clusters (our current production and our future production system) to AutoOps and now see both under "Connected Clusters":

image
image563×260 3.46 KB

But in the AutoOps UI, we only see a single cluster and we always need to change the page to switch between clusters:

image
image306×177 4.02 KB

Is it expected that I only see a single cluster here? Should I have onboarded the clusters differently?

Template Optimizer Overview

  1. troublesome template selection

It is fine if I use an Alert-Link to switch to the Template Optimizer, but when going directly to the UI the template selection is difficult:

image
image549×413 12.5 KB

  • I cannot just select the template name, I need to expand it and select one of the dates below. Improvement: allow selecting just the template name and just use the latest date in this case
  • it is unclear what the date means: last seen? created? last changed?
  • when a template is selected, the template selection field doesn't show the name - it shows the date

image

  1. It's hard to get a list of templates to optimize
  • The Cluster->Open Events only shows 5 templates at a time and i have to load the next 5 templates X times
  • The Template Optimizer shows all templates, but I don't see which can be optimized and which are already in a good state

Shard Overview

  1. In the Shards Overview, the low values while the high values are dark. This causes a readability problem because the contrast is not that good:

image

  1. It would be a great addition to also show the phase for each index shown (or even allow filtering?). This could be used for questions like:
  • if the index is still in warm phase but has a low search rate - maybe we could move it to frozen earlier?
  • if the index is in frozen but has a high search rate - maybe we should keep it in warm for longer?
  1. Allow to search a timespan instead of a single second

Right now, the shards seem to show a snapshot of a single second? This doesn't make sense to me, as this could wildly change every second.

image
image652×468 14.7 KB

Instead, I would like to be able to select a timeframe and then get the average values for it.

Nodes Overview

  1. The UI doesn't really make it clear that I can click the titles to expand them. I thought at first that they are empty:

image
image472×380 7.82 KB

Instead, you could use the same logic as for the events to show that the user can expand/collapse an entry:

image
image472×380 7.82 KB

image
image1370×347 33.6 KB

Best regards
Wolfram

2 Likes
2

I'm sure that @val will be more than happy to read. :wink:

3

You beat me to it @dadoonet :slight_smile:

Thank you so much @Wolfram_Haussig for providing such an extensive feedback. Give us some time to unpack all of this and we'll get back to you, some of what you reported is already in the works :wink:

Recommendations

100%
Note that we're about to make a big overhaul on all the insights, stay tuned...

Is it expected that I only see a single cluster here? Should I have onboarded the clusters differently?

Could it be that you connected both clusters in two different regions?

4

Could it be that you connected both clusters in two different regions?

Yes, you are right. :person_bowing: I didn't see that and I could have sworn that I onboarded them both to eu-central-1, but one is eu-west-1.

Maybe it's possible to configure a default region so that we don't have to select the region every time? Or maybe list how many clusters are connected already in that region, like:

  • eu-central-1 (1)
  • eu-west-1 (0)

Then I would immediately see that I am selecting the wrong region...

Is it possible to migrate an AutoOps cluster to another region?

5

Thank you @Wolfram_Haussig for sharing this feedback. I would like to provide an update on how we are addressing these points:

Cluster Region Selection

We offer users the flexibility to choose the most suitable region for storing their metrics. Currently, the AutoOps view is per-region, but we have plans to introduce a multi-region view in the future. To assist further, we will look how to improve the visibility of the region for already connected clusters to make region selection clearer for new setups.

As a quick resolution, I recommend reinstalling the Elastic Agent for the correct region. Uninstall the agent, go through the installation wizard, select the desired region, and use the specific installation command provided with the new (AUTOOPS_OTEL_URL value).

Template Optimizer

We are currently redesigning the AutoOps UI, including the Template Optimizer page. The navigation will be completely updated, making it much easier to search by template name, view suggestions, and access change history. We expect this to be GA (Genearl availability) by the end of April.

Shards View

This page is also undergoing UI changes as part of the redesign.
Regarding your feedback:

- Contrast: We have improved the text contrast to resolve readability issues.

  • Filter by Index: Users can currently select up to 10 indices and pin them to the top of the table, regardless of the selected time range.

  • Timespan Search: We will investigate allowing searches across a timespan instead of a single second.

Nodes View

- Expandable Titles: We are addressing the lack of visual sign for clickable titles in the redesign scheduled for April.

1 Like