Hello,
I want to access previous index document using painless script to compute value difference between document for my visualization.
I want to count network utilization using data forwarded via logstash snmp.
Is It even possible?
UP..
Ok I did that with timelion I did not knew that this exist.
.es(index=network-devices*,
timefield=@timestamp,
metric=max:cisco.device.system.interface.ifInOctets,split=cisco.device.system.interface.ifName.keyword:150)
.derivative().divide(.es(index=network-devices*,
timefield=@timestamp,
metric=max:cisco.device.system.interface.ifSpeed))
.label("[$1] IN", "^.* > cisco.device.system.interface.ifName.keyword:(\S+) > .*").multiply(1)
.if(lt,0.0001,null),
.es(index=network-devices*,
timefield=@timestamp,
metric=max:cisco.device.system.interface.ifOutOctets,split=cisco.device.system.interface.ifName.keyword:150)
.derivative().divide(.es(index=network-devices*,
timefield=@timestamp,
metric=max:cisco.device.system.interface.ifSpeed))
.multiply(1).label("[$1] OUT", "^.* > cisco.device.system.interface.ifName.keyword:(\S+) > .*")
.if(lt,0.0001,null)This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.