I'm trying to create an aggregate of an index that contains queueing metrics. Each document will contain, the queue name, enqueue rate, dequeue rate and some other values.
I created an aggregate query for the enqueue rate
POST /logstash-activemq-2017.07.31/_search?size=0
{
"aggs" : {
"aggs_60m" : {
"date_histogram": {
"field": "@timestamp",
"interval": "60m"
},
"aggs" : {
"enqueue_rate" : {
"stats" : { "field": "enqueue" }
}
}
}
}
}
This aggregates all queues together and not per queue. What I would like to is to create an aggregate that is.
60 minute stats of Enqueue Rate by Queue.
I'm at a loss on how to nest the, By Queue, into my query.
Thanks for the help,
Tim
Nest your date_histogram aggregation inside a terms aggregation on the queue name field. For example, if that field is called name, this request should give you what you want:
the name field needs to be mapped as type keyword. If you haven't explicitly mapped your fields, you should have a .keyword multi-field that you could use like this: "field": "name.keyword"
because of the "size": 100 you will only get the 100 most common queues (the queues for which there are the most documents). You can change the size parameter if you want to see more or less queues.
the queues will be ranked by popularity (how common they are - based on the doc_count). If you want, you can order the results differently.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.