Sometime around ES 7.3 or 7.4 a fix was applied that stopped DLS caching in Fixed Bitsets from growing out of control for large DLS deployments (https://github.com/elastic/elasticsearch/commit/bb130f554e8908be2d8fbb9bb1185cffed9d5255). Since this fix was deployed, and even in version 7.7, Fixed Bitsets never grows to over a couple hundred KB. This is for a deployment with thousands of users, hundreds of terrabytes, all of which is managed by DLS. I even tried raising xpack.security.dls.bitset.cache.size to a couple gigabytes and fixed bitsets never grows beyond a couple hundred KB. I do notice a negative performance difference for users who are forced to use DLS and ones who are not.
Is DLS caching broken? Or is the caching no longer residing in fixed bitsets? If it's no longer in fixed bitsets, how can we check the current amount of the DLS caching is in use for tuning purposes?
Thanks for your help!