How to visualize throughput drops only?

Elastic Stack Kibana
1

Hi all,

I want to create a visualization, which shows us the occurrence of drops in our incoming message workflow.

Our application is writing a metrics log, which is showing us how many messages are incoming per second.

image
image.png1442×852 40.4 KB

I would like to detect the red marked drop. I would not like to get see the the positive spikes, because they are not the issue what i am looking for.

What is the best way to do so?

We are using basic license. So machine learning, etc. is not an option.

Target is to see, how often this issue occurred within the last month for example.
I need to detect issues, wich may be only 1 or 2 minutes long.
Our metric data is written once a minute.
Desired output is a bar graph and a table which lists all occurrences of the issue.

So when kibana is increasing the time range of a bucket, this might be problematic.

The workaround option I have in mind would be, fire a script against ES which calculates the difference of m1(now) - m1(now-1min). If result is negative, insert into ES, where I can visualize and list it.

But it would be nice to find a solution inside of kibana without the need of external jobs.

Thanks, Andreas

2

For smoothing the output derivative gives me the half of it:

image
image.png1491×844 45.1 KB

yes, it detects the drops, but also it sees drops after the spike of incoming messages after 7:00. Because this drop is only a consequence of the spike, I would not like to see this.

3

You might be able to achieve something close to what you want with the Time Series Visual Builder visualization. Here's an example where I'm highlighting all instances where my current CPU utilization average drops below the moving average, which helps smooth out some of those spikes. It's probably not exactly what you want, and you won't be able to get a table out of this, but maybe it's close.

24%20PM
24%20PM1133×1319 108 KB

The workaround option I have in mind would be, fire a script against ES which calculates the difference of m1(now) - m1(now-1min). If result is negative, insert into ES, where I can visualize and list it.

You could do exactly this calculation in realtime in Timelion, however it wouldn't deal with the issue of spikes in the data creating false positives for drops.