Get a number und events per minute

Elastic Stack Elasticsearch
1

Hi,

I tried to figure out how many documents come in per minute. I coulnt find anything useful in stack monitoring so I tried with kibana and failed. I built a query giving me the documents from last 90 days but I cant figure out how to divide the count by 90*24*60 and display this number in a dashboard.

GET /filebeat-*,metricbeat-*,winlogbeat-*/_count
{
  "query": {
    "range": {
      "@timestamp": {
        "gte": "now-90d/d",
        "lt": "now/d"
      }
    }
  }
}

Can anyone give a hint?

Thanks.
Thorsten

2

Hello Thorsten,

I think you want an aggregation:

GET /filebeat-*,metricbeat-*,winlogbeat-*/_search
{
  "aggs": {
    "last3months": {
      "date_histogram": {
        "field": "@timestamp",
        "fixed_interval": "90d"
      }
    }
  }
}

which returns:

{
  "aggregations" : {
    "last3months" : {
      "buckets" : [
        {
          "key_as_string" : "2021-07-02T00:00:00.000Z",
          "key" : 1625184000000,
          "doc_count" : 5820220
        },
        {
          "key_as_string" : "2021-09-30T00:00:00.000Z",
          "key" : 1632960000000,
          "doc_count" : 7098684
        }
      ]
    }
  }
}

Does this help?

Best regards
Wolfram

3

Thank you. Its a better iplementation , so thats an improvement. Thanks. But It doesnt answer the question or I did not understand how it calculates the average amount of documents per minute.

4

Hi @bitnapper Do you know you can do this simply with a lens visualization?

Just Go To Lens, Pick your Index Pattern and do Horizontal Axis Timestamp and Vertical Count of Records

Screen Shot 2021-11-19 at 7.52.48 AM
Screen Shot 2021-11-19 at 7.52.48 AM1920×1263 115 KB

Then jus go under Advanced and Normalize By Unit.

Screen Shot 2021-11-19 at 7.53.04 AM
Screen Shot 2021-11-19 at 7.53.04 AM1566×1780 235 KB

Screen Shot 2021-11-19 at 7.53.18 AM
Screen Shot 2021-11-19 at 7.53.18 AM1166×1068 125 KB

And there you have it!

Screen Shot 2021-11-19 at 7.57.21 AM
Screen Shot 2021-11-19 at 7.57.21 AM1920×1119 104 KB

You can turn it into a table too!

Screen Shot 2021-11-19 at 7.58.15 AM
Screen Shot 2021-11-19 at 7.58.15 AM1920×1218 117 KB

1 Like
5

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.