How to show difference (increase/decrease) between today and yesterday for each host

Hi,

I'm tring to show hard drive space usage increase for each host, I mean, the top 5 hosts that has the highest increase of space usage.

Here's what I did:

.es(index='collectd-', metric='sum:lunused', q='server:?ds').subtract(.es(index='collectd-', metric='sum:lunused', q='server:?ds', offset=-1d))

It shows an aggregation of consumption of hard drive space usage, each day.

However, I would like to show the TOP 5 of space increase for each host, I tried this:

.es(index='collectd-', metric='sum:lunused', q='server:?ds', split='host:5').subtract(.es(index='collectd-', metric='sum:lunused', q='server:?ds', offset=-1d, split='host:5'))

However, I'm getting this error:

Timelion: Error: in cell #5: argument must be a seriesList with a single series

So, I tried this:

.es(index='collectd-', metric='sum:lunused', q='server:?ds', split='host:5').subtract(.es(index='collectd-', metric='sum:lunused', q='server:?ds', offset=-1d)

But, the numbers aren't meaningful.

How can I show the top 5 hosts that has the highest increase of space usage?

Thank you!

Hey Joey,

After speaking with one of our resident Timelion experts, I learned that in order for Elasticsearch to compute top 5 hosts that have the highest increase in disk usage, we'd need a pipeline aggregation, and bucket aggregations can't be sorted by pipelines. Pipelines are computed on the coordinating node after the aggregation phase, and Elasticsearch can't do multi-phase search/aggregation yet. So, to answer your question, neither Timelion nor Elasticsearch can do what you're asking for.... yet.

Sorry, hope this helps!

CJ

Hi,

Thank you for your reply.

So I guess that the partial workaround is to add a new field, a daily percent increase in Logstash.

Thank you!

Thanks for posting a workaround, Joey!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.