Hi -
I try to monitor 5 nodes logstash ingress rate with:
.es(index='logstash-metrics', q='message:ls-index1', metric=max:events.rate_1m),.es(index='logstash-metrics', q='message:ls-index2', metric=max:events.rate_1m)
Each logstash node ingress rate is different but the line chart not changed, seems the query statement (q='message:ls-index1') is not working on timelion.
Any idea?
I think you might need single quotes around your metric value e.g. 'max:events.rate_1m'
Not sure if that's the issue though. Have you tested the same query in Discover? Query terms are analyzed, so I suspect your ls-index# terms are getting broken into ls and index# terms, and the ls is matching all docs.
Yes, ls-index terms are broken in to ls and index# in Timelion query, but in Discover
message:"ls-index1"
will not broken in to ls and index.
Ty
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.