Hi All!!
Need some help/guidance really! we've just got our ELK stack running - hosted in the cloud which has removed the need for the heavy cost of hosting internally out of our data centre.
I want to set-up an alert which will be when a certain request_path has a response_time over 2 seconds - this needs to be 1% or more requests of the total count in the last 10 minutes.
Hope that makes sense and hopefully is pretty simple to do.
thanks !
Kieron
Hey,
without sharing the watch or the data model, this is going to be pretty hard, even to properly understand the use-case.
Check out the percentile ranks aggregation to get the percentile of requests above two seconds. This aggregation could be inside of a terms agg, that aggregates on the request_path (note that this may create many buckets if you have many request paths, so this is something you need to try out).
Play around with these aggregations, and see if there is search query that can show you the needed data. If that is the case, it is probably pretty easy to build a watch around it.
--Alex
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.