Mirrors/marcredhat-siem-toolkit-patched
1
0
Fork 0
mirror of https://github.com/marcredhat/SIEM-toolkit-patched synced 2026-06-08 12:33:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Ingest Dashboard timeout causing failed to fetch

Browse Source 
- daily-volume: run per-day PowerQueries in parallel with asyncio.gather
  instead of sequentially with sleeps — 3 days now completes in ~16s vs 140s+
- Default view changed from 7d to 3d; day buttons updated to [3, 5, 7]
- igLoad: fire daily-volume and top-sources simultaneously with Promise.allSettled
  so both panels load in parallel rather than one after the other
- Each panel shows "Querying data lake…" spinner while loading
- Each panel renders independently — one failure doesn't block the other

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Mick
2026-05-19 11:53:37 -04:00
parent 2e55e21a77
commit 735e364b71
2 changed files with 38 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/routers/ingest.py
+14 -12
View File
@@ -39,24 +39,26 @@ async def get_by_event_type(days: int = Query(7, ge=1, le=90)):
@router.get("/daily-volume")
async def get_daily_volume(days: int = Query(7, ge=1, le=14)):
"""Total event count per day."""
async def get_daily_volume(days: int = Query(5, ge=1, le=7)):
"""Total event count per day — queries run in parallel."""
import asyncio
results = []
now = datetime.utcnow()
points = min(days, 7)
for i in range(points):
day_from = (datetime.utcnow() - timedelta(days=i + 1)).strftime("%Y-%m-%dT00:00:00.000Z")
day_to = (datetime.utcnow() - timedelta(days=i)).strftime("%Y-%m-%dT00:00:00.000Z")
label = (datetime.utcnow() - timedelta(days=i + 1)).strftime("%Y-%m-%d")
async def _fetch_day(i: int) -> dict:
day_from = (now - timedelta(days=i + 1)).strftime("%Y-%m-%dT00:00:00.000Z")
day_to = (now - timedelta(days=i)).strftime("%Y-%m-%dT00:00:00.000Z")
label = (now - timedelta(days=i + 1)).strftime("%Y-%m-%d")
try:
result = await s1_client.run_powerquery("| group total=count()", day_from, day_to)
events_list = result.get("events") if isinstance(result, dict) else []
count = events_list[0].get("total", 0) if isinstance(events_list, list) and events_list else 0
events_list = result.get("events", []) if isinstance(result, dict) else []
count = events_list[0].get("total", 0) if events_list else 0
except Exception:
count = 0
results.append({"date": label, "events": count})
if i < points - 1:
await asyncio.sleep(3)
return {"date": label, "events": count}
results = await asyncio.gather(*[_fetch_day(i) for i in range(points)])
return list(reversed(results))