Hey all,
I am using packet beat to build a network flows monitoring application, I need to find average latency rate for each flow. I wanted to ask if this is possible with current fields exported by packetbeat or If not can I please know the reason why latency per flow is not maintained by packetbeat?
I know that packetbeat does export response time time for each network transaction but, I could not find a way to group transactions by flow.
Thanks
@sohaibomr have you tried to calculate this by using Elasticsearch aggregations?
Elasticsearch aggregation is not the issue here, thing is responsetime is not stored for type:flow, it is only stored for types http, dns, tls etc. And I need to find responsetime for each unique flow_id.
Is there any field which I can use to group responsetime by flow_id?
Hi,
responsetime only makes sense in transaction protocols. It means how long takes one end (usually the "server" side of the protocol) to process the request and deliver a response.
Regarding flows, it is not possible to apply the concept of responsetime as there is no knowledge of the underlying protocol, so no transactions and no knowledge of the role played by each endpoint of the flow.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.