Get a number und events per minute

bitnapper · November 15, 2021, 3:31pm

Hi,

I tried to figure out how many documents come in per minute. I coulnt find anything useful in stack monitoring so I tried with kibana and failed. I built a query giving me the documents from last 90 days but I cant figure out how to divide the count by 90*24*60 and display this number in a dashboard.

GET /filebeat-*,metricbeat-*,winlogbeat-*/_count
{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-90d/d",
        "lt": "now/d"
      }
    }
  }
}

Can anyone give a hint?

Thanks.
Thorsten

Wolfram_Haussig · November 16, 2021, 11:51am

Hello Thorsten,

I think you want an aggregation:

GET /filebeat-*,metricbeat-*,winlogbeat-*/_search
{
  "aggs": {
    "last3months": {
      "date_histogram": {
        "field": "@timestamp",
        "fixed_interval": "90d"
      }
    }
  }
}

which returns:

{
  "aggregations" : {
    "last3months" : {
      "buckets" : [
        {
          "key_as_string" : "2021-07-02T00:00:00.000Z",
          "key" : 1625184000000,
          "doc_count" : 5820220
        },
        {
          "key_as_string" : "2021-09-30T00:00:00.000Z",
          "key" : 1632960000000,
          "doc_count" : 7098684
        }
      ]
    }
  }
}

Does this help?

Best regards
Wolfram

bitnapper · November 18, 2021, 2:49pm

Thank you. Its a better iplementation , so thats an improvement. Thanks. But It doesnt answer the question or I did not understand how it calculates the average amount of documents per minute.