I am using timelion to plot the number of connection sessions in our VPN infrastructure. To do so, I have a cumulative sum of the difference between connection and disconnection events. The time interval is set to 1h.
.es(q='kind.keyword: CISE_Passed_Authentications', index = "logstash-iselog*", timefield = "@timestamp", metric="count").subtract(.es(q='kind.keyword : CISE_RADIUS_Accounting', index = "logstash-iselog*", timefield="@timestamp", metric="count")).cusum().label('Remote Sessions')
This shows a sort of waving plot going up and down. So far, so good.
I would like now to show a weekly trend on those sessions, specifically: doing another cumulative sum, so:
.es(q='kind.keyword: CISE_Passed_Authentications', index = "logstash-iselog*", timefield = "@timestamp", metric="count").subtract(.es(q='kind.keyword : CISE_RADIUS_Accounting', index = "logstash-iselog*", timefield="@timestamp", metric="count")).cusum().cusum().label('Cumulated Sessions')
and then do a derivative on the 'Cumulated Sessions' on a week-based sampling. So, keep from the 'Cumulated Sessions' plot just one data point per week, and do the derivative on those retained points. Or do some sort of chaining cusum() and derivative() but on distinct time intervals. Either way, I don't see how/if this can be done.
Many thanks in advance