Store max value of a metric in a week in elasticsearch

Hello!

I am currently collecting the metrics of certain services and I am interested in storing the maximum value of a week. I know how to do it with the tsvb visualization but I don't know how to store it in the elastic docs. is there any way to do it ? via scripted field or logstash ? It would be of great help

Thanks in advance!

If you can read that value from Elasticsearch using Kibana, then isn't it already stored in a document in Elasticsearch?

It's not clear what else you are trying to do sorry.

I am trying to get the maximum and minimum value of a metric in a week. I am trying to run this query via logstash but it just creates a lot of empty records.

  {
  "size" : 0,
  "query" : {
    "bool" : {
      "must" : [
        {
          "term" : {
            "Metric-Type.keyword" : {
              "value" : "avg-host-cpu-load",
              "boost" : 1.0
            }
          }
        },
        {
          "range": {
            "@timestamp": {
              "format": "strict_date_optional_time",
              "gte": "now-7d",
              "lte": "now"
            }
          }
        }
      ],
      "adjust_pure_negative" : true,
      "boost" : 1.0
    }
  },
  "_source" : false,
  "aggregations" : {
    "groupby" : {
      "filters" : {
        "filters" : [
          {
            "match_all" : {
              "boost" : 1.0
            }
          }
        ],
        "other_bucket" : false,
        "other_bucket_key" : "_other_"
      },
      "aggregations" : {
        "ca3b8a9e" : {
          "stats" : {
            "field" : "ValueMetric"
          }
        }
      }
    }
  }
}

Then I tried to execute this curl in many different ways, but in all of them it gives syntax errors.

input {
  exec {
    command => "curl xxxx  -XPOST https://yyyyyy:9200/_sql -H 'Content-Type: application/json' -d'
{
  \"query\":\" SELECT MIN(ValueMetric) as MinValueMetric , MAX(ValueMetric) as MaxValueMetric   FROM \"i-service-metric\" WHERE \"Metric-Type\"= 'service-response-time' AND \"@timestamp\" >= NOW() - INTERVAL 7 DAY\"

}'
"
    interval => 30
  }
}

as I can't get any way, I wanted to know if there is any other way to do this.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.