Hi everyone,
At our company we use ELK to store transaction data for a short period, mostly for monitoring.
Instead of just seeing the actual values, we want to see the actual values VS some threshold.
We're planning to recalculate the threshold every 1 hour, and the events we're measuring are coming in every several seconds. Once a threshold has been calculated, it should be used until the next time the threshold is calculated.
All thresholds from all times will be stored in ElasticSearch.
We would like aggregate the data we're monitoring in 15m intervals, so the threshold should be the same for approx 4 time intervals.
My problem is that I don't see how to display a threshold over several time intervals when what I have in ES is one document with that threshold and the point in time when it was calculated.
Thank you,
Assaf