Hi
I am looking for some help and not sure if I am doing it right or if it's possible so here I go on my problem.
I am monitoring a switch interfaces with netconf/python and storing the values into ES. Then using timelion to show the bandwidth for the interfaces. See below the query has been shorted to make this easier.
fields:
nc_name = GigabitEthernet1/0/11
nc_in-octets = integer type long
nc_admin-status: UP or DOWN
more fields in the doc than this.
Query
.es(index=nc_interface_stats-*,metric=avg:nc_in-octets,q='_exists_:nc_in-octets AND nc_admin-status:UP AND nc_port-speed : "SPEED_1GB"',timefield=@timestamp,split=nc_name.keyword:3).derivative()
This works well until I try and put in threshold when the value is great then some value in the graph for that interface that crossed the threshold.
.es(index=nc_interface_stats-*,metric=avg:nc_in-octets,q='_exists_:nc_in-octets AND nc_admin-status:UP AND nc_port-speed : "SPEED_1GB"',timefield=@timestamp,split=nc_name.keyword:3).derivative(), .es(index=nc_interface_stats-*,metric=avg:nc_in-octets,q='_exists_:nc_in-octets AND nc_admin-status:UP AND nc_port-speed : "SPEED_1GB"',timefield=@timestamp,split=nc_name.keyword:3).derivative().if(gt,40000000,.es(index=nc_interface_stats-*,metric=avg:nc_in-octets,q='_exists_:nc_in-octets AND nc_admin-status:UP AND nc_port-speed : "SPEED_1GB"',timefield=@timestamp,split=nc_name.keyword:3).derivative(),null).color(color=yellow)
What I get is threshold value showed on the split first interface for all the interfaces in the split. I hope the screenshots are better at showing what I mean than me.
I got this one working but now not sure it is or I am lucky that the first interfaces in the split is then one crossing the threshold.
