Alerting when search time is long over a period - data values

Karthik_Ramachandran · February 22, 2018, 1:07am

Dear All/Xpack team

I'm trying to use .monitoring-es-6-... indice to alert when search time averages more than X seconds over a period.

I'm seeing entries of below kind in two places (indices_stats, index_stats), whereas index_stats provide this information at individual index level.

          "search": {
            "query_total": 134265,
            "query_time_in_millis": 34231
          },

Regardless, I'm trying to understand the definition of this values against the context of search time over period.
I read the documentation "https://www.elastic.co/guide/en/elasticsearch/guide/current/_monitoring_individual_nodes.html", which gives info that the numbers should be used to average out the time spent, but want to validate that I read correct for .monitoring indice data as well.

Also, would like to know what these values represent viz. it is for the lifetime of indice (or) for a period.

Thanks for clarification.

BTW: I should add "thanks", and got some clue on finding document over period using below example

Karthik_Ramachandran · February 22, 2018, 11:27pm

Add: If query_total represent the value , then if I do query_total/query_time_in_millis, it won't represent the recent state accurately.

Still trying to find a way to determine how to compute my average response time in last X minutes
Any help/definition on .monitoring-es-6.... data is appreciated.

Karthik_Ramachandran · February 23, 2018, 1:42am

Found a way using Min and max values for the time range

system · March 23, 2018, 1:42am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.