We currently have an EQL query that is able to calculate PQ usage percentage.
However now we have a new requirement. If there is a sudden increase in the "PQ Size - growth" by let say 10% in 30 mins. we need it to be aware.
I assume I can use any of the fields below. but how do i construct my query. Or is there a better approach? Any pointers or advice would be appreciated.
logstash.pipeline.total.flow.queue_persisted_growth_bytes.current
logstash.pipeline.total.flow.queue_persisted_growth_bytes.last_1_minute
logstash.pipeline.total.flow.queue_persisted_growth_events.current
logstash.pipeline.total.flow.queue_persisted_growth_events.last_1_minute
thanks