Hi,
I'm collecting network traffic and I need to find the maximum bytes per second value over a certain span of time. The visualization doesn't matter but for now I'm using this timelion query.
$query='location:12345678', .es($query,metric='sum:out_bytes').mvavg(1m).scale_interval(1s),
$query='location:12345678', .es($query,metric='sum:out_bytes').mvavg(1m).scale_interval(1s).aggregate(max)
The problem with this query is that the result is incorrect over longer spans of time. E.g. if I pick the last 24 hours it might show 1Mbps but if I pick last 7 days it will go down to 500Kbps as the max value.
I think this is because the limited amount of buckets, so spikes get filtered out. Is there a way to get the absolute max bps value over a certain amount of time? It doesn't have to be timelion.