ResponceTime data discrepancy in packetbeats records

5uraj · October 9, 2015, 1:57pm

We are monitoring nginx traffic using packetbeats we are getting lots of information which is helping in figuring out what are the bottle necks in our applications but the response time to serve a request is different in nginx logs and in packetbeats data on elasticsearch/Kibana.

I am not sure whether responsetime can be trusted in this case but profiling totally depends on application response time which is always higher in packetbeats data as compare to nginx logs.

Please let us know how exactly this responsetime being computed in http or any other protocol and how can we solve this problem.

Thanks,
Suraj

steffens · October 9, 2015, 3:15pm

You have some sample response times? What's the exact difference?

Response times are compute by the packet receive time differences. If an http request or response is split into multiple packets, the time of last packet the message is contained is used.

The packet timestamps are generated by the sniffer module, e.g. the linux kernel if the af_packet module is used.

Is packetbeat running on same machine nginx is running on? Is nginx used as proxy? You only measure response time on server?

Topic		Replies	Views
Http responsetime unrealistic results Beats packetbeat	17	3713	July 5, 2017
Why response time for packetbeat memcache protocol is always zero Beats packetbeat	5	1277	July 5, 2017
Upstream Response Time Beats packetbeat	4	853	March 23, 2017
Packetbeat recording high responce time for connections Beats packetbeat	4	394	October 6, 2022
Packetbeat capturing responsetime and sending it to Logstash Beats packetbeat	3	448	December 2, 2020

ResponceTime data discrepancy in packetbeats records

Related topics