I'm working on a strategy for rolling up APM data. Specifically, things like detailed errors, transactions, spans are not much use after some period of time. However, simplified data like requests per minute, and transaction duration can be interesting for us over a long time.
What do I need to do to only maintain these metrics? In one sense, what I want is for the Transaction Duration and Requests per minute charts in APM to work for all-time. It's fine if I need to rebuild those charts to also include historical data but that's my end goal.
Hello @jkaoiadjmdna! This is not super straight-forward right now. We are working on various initiatives to make this easier in the future. Right now, I can think of two options:
You only need transaction events for the Transaction Duration and Requests/Transactions per minute to work. If you want to save storage, you could drop fields from (older) transaction events. This could be done via a processor. You'd at least need service.name, service.environment, transaction.name, transaction.type, parent.id, processor.event, and @timestamp. Depending on your needs, some other fields might be needed as well. You could delete spans, errors, and metrics with ILM.
If you are willing to rebuild charts outside of the APM app, for instance by using Visualize, you could try to leverage Elasticsearch transforms. In this case, you'd need to group by the aforementioned fields (except for parent.id), and add a value_count and sum aggregation. You can then use a weighted_average aggregation to get the transaction duration, and a rate aggregation to get the transactions per minute.
In the next release, 7.10, we are also shipping an experimental feature that reduces storage cost of transaction duration data significantly. We are currently working on documentation for APM Server. You'd also need to enable it in Kibana by setting xpack.apm.searchAggregatedTransactions to "always" in your Kibana configuration.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.