DSL Query For CPU Load (MetricBeat Data)

prakash1243 · January 9, 2017, 5:49am

Hi-
Am trying to create a DSL query to fetch the CPU load of a server from my Elastic search engine.
Could someone please help me in creating a query for this.

PS: I will execute this query using the Elasticsearch gem in the API level (with out logging to the Kibana).

Thanks in advance for your help.

Regards,
Prakash

warkolm · January 9, 2017, 6:35am

What do you have so far?

prakash1243 · January 9, 2017, 6:40am

Thanks for your reply, @warkolm.

This is what I could write it so far:

GET metricbeat-2017.01.09/metricsets/_search?q=cpu
{
"size":1
}

This is the response, I've got:

{
"took": 1,
"timed_out": false,
"_shards": {
"total": 5,
"successful": 5,
"failed": 0
},
"hits": {
"total": 184,
"max_score": 5.304149,
"hits": [
{
"_index": "metricbeat-2017.01.09",
"_type": "metricsets",
"_id": "AVmBoCrbVRlweE2aySFN",
"_score": 5.304149,
"_source": {
"@timestamp": "2017-01-09T05:07:54.525Z",
"beat": {
"hostname": "AAEINBLR03199L",
"name": "AAEINBLR03199L",
"version": "5.1.1"
},
"metricset": {
"module": "system",
"name": "cpu",
"rtt": 0
},
"system": {
"cpu": {
"idle": {
"pct": 0.9062
},
"iowait": {
"pct": 0
},
"irq": {
"pct": 0
},
"nice": {
"pct": 0
},
"softirq": {
"pct": 0
},
"steal": {
"pct": 0
},
"system": {
"pct": 0.0362
},
"user": {
"pct": 0.0576
}
}
},
"type": "metricsets"
}
}
]
}
}

I just have a couple of questions:

-> Is my query got the latest record from Elastic Search engine?
-> How do I navigate it to the lower nodes like the highlighted above in the query itself.

Please correct me, if am wrong anywhere.

Thanks !

prakash1243 · January 12, 2017, 4:42am

Hi @warkolm-
Could you please help me out here. Thanks!

warkolm · January 12, 2017, 5:36am

I don't know, you'd have to query and compare? It might be easiest to just take something from the last 5 seconds and live with the delay.

Navigate? In the response?

prakash1243 · January 12, 2017, 5:54am

Yes @warkolm , Navigate in the Response.

Could you please let me know, how do I execute this query in the Ruby Client.

GET metricbeat-2017.01.09/metricsets/_search?q=cpu
{
"size":1
}

warkolm · January 12, 2017, 6:36am

I don't know what that means.

prakash1243 · January 18, 2017, 6:20am

Hi @warkolm:

I have this query :

GET /_search
{
"query": {
"dis_max": {
"queries": [
{ "match": { "index": "metricbeat-2017.01.18" }},
{ "match": { "type": "metricsets" }},
{ "match": { "beat.hostname": "HPPP-140-01" }}
]
}

}
}

When I execute this, I get the below output:

{
"_index": "metricbeat-2017.01.16",
"_type": "metricsets",
"_id": "AVmkYc7mU2H8SwTt6SMr",
"_score": 0.000011355958,
"_source": {
"@timestamp": "2017-01-16T00:00:06.089Z",
"beat": {
"hostname": "HPPP-140-01",
"name": "HPPP-140-01",
"version": "5.1.1"
},
"metricset": {
"module": "system",
"name": "cpu",
"rtt": 0
},
"system": {
"cpu": {
"idle": {
"pct": 0.9547
},
"iowait": {
"pct": 0
},
"irq": {
"pct": 0
},
"nice": {
"pct": 0
},
"softirq": {
"pct": 0
},
"steal": {
"pct": 0
},
"system": {
"pct": 0.0101
},
"user": {
"pct": 0.0352
}
}
},

I'd like to how how do I get the system.cpu.idle.pct value from the above output. Please let me know if am unclear.

And how do I get the content in a field at the DSL level. Please let me know. Thanks !

prakash1243 · January 20, 2017, 5:35am

Hi @warkolm:

Could you please let me know, if am still unclear. Thanks !

system · February 17, 2017, 5:35am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.