Hi @Jesselastic
What version Elasticsearch?
What / how are you collecting data? elastic Agent Metricbeat etc?
Which exact fields?
and
What exactly are you trying to calculate?
Example with Elastic Agent
Quick Query Bar Filter
data_stream.dataset : "system.diskio" and agent.name : "stephenb-metrics-test-es1" and metricset.name : "diskio"
X - Axis Date Histogram
Y-Axis : counter_rate(max(system.diskio.io.time))
IMPORTANT: Breakdown by system.diskio.io.name to 20 or so because there is more than 1 disk name... if you do not do this your results will .... not... work....
You can collapse by SUM if you want the total or none if you want to see each disk... ... This is know as a series aggregation ... This is in the breakdown ... now this will sum up all the individual counter rates by system.diskio.name the different for the total sum.
Now you get a single like that is the SUM of all the indvidual disk ios
Here is the Mappings for Elastic Agent ...
So what exactly do you want?
"system": {
"properties": {
"diskio": {
"properties": {
"io": {
"properties": {
"ops": {
"type": "long"
},
"time": {
"type": "long",
"time_series_metric": "counter"
}
}
},
"name": {
"type": "keyword",
"time_series_dimension": true
},
"read": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"unit": "byte"
},
"time_series_metric": "counter"
},
"count": {
"type": "long",
"time_series_metric": "counter"
},
"time": {
"type": "long",
"time_series_metric": "counter"
}
}
},
"serial_number": {
"type": "keyword",
"ignore_above": 1024
},
"write": {
"properties": {
"bytes": {
"type": "long",
"meta": {
"unit": "byte"
},
"time_series_metric": "counter"
},
"count": {
"type": "long",
"time_series_metric": "counter"
},
"time": {
"type": "long",
"time_series_metric": "counter"
}
}
}
}
}
}
}
}
}
Here is is a Lens
X Axis :
