524851 - Page for a signature should suggest more refined searches based on correlations

Status: RESOLVED FIXED

(Socorro :: General, task)

Description

[Jesse Ruderman]

When I click a signature from the topcrash list, I'd like to be presented with a list of correlations.  Currently, that information is available (thanks to bug 521917) but scattered; I have to look in a different place for each possible type of correlation, which doesn't match my workflow.

Clicking on a correlation should search for matching crash reports.  Ideally, it would also show correlations within the restricted search (e.g. is it still correlated with the presence of an extension even just on single-core machines?).

This requires Socorro to be able to support more types of searches (e.g. bug 524847) and remember or compute correlations.

Comment 1

[Jesse Ruderman]

The correlations I'm interested in are mostly the ones dbaron's script does:

* operating systems (versions)
* extensions (versions)
* modules (versions, checksums)
* whether or not the computer has multiple CPU cores

I think the same drill-down UI would work well for callers, as well (bug 512910).

Comment 2

[Jesse Ruderman]

See also bug 543605, for showing some of these correlations in the topcrash report.

Comment 3

[chris hofmann]

these other correlations have also been useful in figuring out crashes for some signatures, or when to hunt deeper durning the analysis

-- correlations to firefox version
    show which versions have higher, lower, or no reports of a signature
    e.g. where does the bug exist, and on which branches isn't it present.

    might also link to an improved build date regression range finder tool once a strong correlation is established to a release/development branch
    --when did the signature first appear?
    --when was it last seen?
    (this could be dug out of jst's reports. http://people.mozilla.com/~jst/new-crashes/Firefox/latest/ )


-- time related correlations
    show how closely the signature is related to a startup crash...
      --for crashes received in the last 24/48 hours what pct. of crashes
        for the signature happened inside and uptime of 30, 60, & 90 seconds.
        also show median and average uptime for the sample.

    show daily frequency of reports for the last N days.
      --is it an "explosive" crash that is trending upwards?
      --is it trending downwards (fixed)?
      --is it a "steady" number of crashes per day?
      

    show particular hours where the number of reports might be compressed as a possible indication that its the same person firing away a bunch of reports


    show some metrics on the concentration of URLs associated with the crash.
      all from the same domian? or spread across many reflecting general browsing.  (its hard for us to show URLs, but metrics around the URLs might be useful)

for bonus points do user comment analysis
     what pct. of users mentioned interesting words or phrases in comments..
      XX% -- "[always crashes when I] open a .pdf"
      XX% -- "googletalk plugin"

Comment 4

[Michael Morgan [:morgamic]]

Ozten picked this up in 1.5.  Some things were done, but others not.  He'll take a look when he gets back.

Comment 5

[Laura Thomson :laura]

Improved correlation data will be tackled in 2.x

Comment 6

[Laura Thomson :laura]

A lot of this is in the signature summary, now deployed (bug 642336).  The rest I think is covered by the correlation report refactor (642325).  Closing in favor of those.

Comment 7

[Jesse Ruderman]

Having correlation lists is an improvement, but they don't have drill-down links yet.

Comment 9

[Matt Brandt [:mbrandt]]

Bumping to QA verified duplicate

Comment 10

[Jesse Ruderman]

I'm worried this will get lost if it's marked as a dup of a metabug.

Comment 11

[Lonnen :lonnen]

re-resolving this based on signature summary.

There are a few other lines of inquiry into identifying signal within a pile of crashes, especially around improving signature generation. I don't see value in keeping this specific issue open any longer.