I have a metric type data that I get every 10s from the EMS Server and one of the properties is: inbound message count. It's a total inbound message count for the EMS server. What I'd like to achieve is to create a metric that will show me how many messages came to EMS, so for example, at 12:00 Elastic gets inMessageCount=1000 and at 13:00 it gets inMessageCount=2000. How to create a metric that will count the difference (2000-1000)? That should be based on time range set in dashboard.
Hi, you can use TSVB for that and apply the Counter Rate aggregation. This basically applies in sequence: a max aggregation over the current date histogram (getting the last counter value), then apply a derivative to get the difference between that value and the previous bucket. If the counter resets at a specific number, the "counter rate" applies also the positive only function seeing a huge negative dip in the rate.
The mechanism is also described here: Visualizing observability with Kibana: Event rates and rate of change in TSVB | Elastic Blog
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.