Hi Tim, Thanks for the help, it's really useful
I'm sorry that I didn't explain the issue very well intially.
The issue is that actual rates calculated seem to be incorrect. ( whilst yes, the shape is the same )...
MRTG tells me that max rate in the above graphs was less than 800Mbits/s - which seems reasonable and accurate to me for a 5min average, whilst when i do the calculation with Kibana, I see a peak just less than 40,000,000,000 ( which is far larger than the possible rate can be, especially if the units are Bytes/s).
I attach the request, which I hope shows how the values are being calculated
{
"aggs": {
"2": {
"date_histogram": {
"field": "@timestamp",
"interval": "10m",
"time_zone": "Europe/London",
"min_doc_count": 0
},
"aggs": {
"3": {
"derivative": {
"buckets_path": "3-metric"
}
},
"4": {
"derivative": {
"buckets_path": "4-metric"
}
},
"3-metric": {
"max": {
"field": "rx"
}
},
"4-metric": {
"max": {
"field": "tx"
}
}
}
}
},
"size": 0,
"_source": {
"excludes": []
},
"stored_fields": [
"*"
],
"script_fields": {},
"docvalue_fields": [
{
"field": "@timestamp",
"format": "date_time"
},
{
"field": "received_at",
"format": "date_time"
}
],
"query": {
"bool": {
"must": [
{
"range": {
"@timestamp": {
"gte": 1548021602416,
"lte": 1548151202416,
"format": "epoch_millis"
}
}
},
{
"match_phrase": {
"type": {
"query": "collectd"
}
}
},
{
"match_phrase": {
"type_instance": {
"query": "trafficport-channel1"
}
}
},
{
"match_phrase": {
"host": {
"query": "tango1"
}
}
}
],
"filter": [
{
"match_all": {}
},
{
"match_all": {}
}
],
"should": [],
"must_not": []
}
}
}