Search hosts view generates too broad database queries
Hosts tab in Mentat corresponding to the
Search hosts view leads to a database query that is too broad and wastes system resources (and takes too long to execute).
The view allows to display results for a single IP address, yet it generates a DB query such as:
SELECT * FROM events AS "_mentatq(83_eaedjv)_" INNER JOIN events_json USING(id) WHERE "detecttime" >= '2020-12-29T12:00:00+00:00'::timestamptz AND "detecttime" <= '2021-01-05T12:00:00+00:00'::timestamptz
The scope of the query could be decreased, from at least two angles:
1. The returned data set could be filtered to only contain events related to the IP queried.
2. Returning all metadata columns JOINed by the JSON document is redundant, most of the data is read, formatted and transferred, but not processed afterwards.
Updated by Radko Krkoš 7 months ago
- Status changed from New to Deferred
- Assignee deleted (
- To be discussed changed from Yes to No
Based on videocall, this is a (somewhat) deprecated feature, it will be configured to only be accessible by admins and its role taken over by the
Timeline feature. One day, this might be revisited and the implementation improved, if distinct (from
Timeline) use cases are found.