Hello, I am trying to visualize the network input and output data rates that are received using the system module of metricbeat - for multiple hosts - in kibana. I am using the predefined TSVB visualization of metricbeat and added host.name.keywork to the "group by" list but unfortunately nothing happens and there is only one (aggregated) line instead of 3 separate lines - one for each available host.
I think this is a bug, isn't it?
Hi @schmittberger Not sure it is a bug...
It looks like you did not run metricbeat setup correctly or at all OR you sent to a different index etc.
I can tell that by the names of the fields that you are showing with the .keyword extension that happens when the proper templates (schema) are not installed.
So lets back up a bit...
metricbeat setup?Also it looks like you modified that a bit for the input only
And Finally that is a series agg so by definition you will not see each host nor network name... so even if everything is correct... because a series agg of type SUM sums which Sums up all the individual values within a series (network / host etc) it provides an overall sum only!
Example 1 number the total sum of the 5 network interfaces for example.. not showing each interface.
From the docs here
Series Agg
Applies a function to all of the Group by series to reduce the values to a single number. This function must always be the last metric in the series. For example, if the Time Series visualization shows 10 series, the sum Series Agg calculates the sum of all 10 bars and outputs a single Y value per X value. This is often confused with the overall sum function, which outputs a single Y value per unique series.
If you want to see it broken down by network name and / or host take out the series agg SUM and you will see the individual.
The intent of the graph is to show the TOTAL bytes in / out across ALL interfaces for a single host. this is mean to only look at a single host at a time... but when you come in the editor there is no filter / KQL for a single host so it is actually look at all host (yes confusing... but you have to think about the data and how it comes... X Host by Y network Interfaces) so if you want to play with this you should do a KQL to filter on a host you are looking for OR do not do a series agg and group by terms that you want.
So once you get the metricbeat setup stuff done... come and tell us what you are trying to do and we can help you with the viz.
Hi @stephenb, thanks for the reply. The hint about the series agg SUM did it for me - thank you. I thought it was needed in combination with the derivative to show correct values but after taking it out the graph now shows all hosts and devices with correct rates.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.