I am currently trying to create a monitoring visualization for API services that encounter an error for a certain a threshold and time. (I.E : API A encountered 100 errors for the last 2 minutes, API B encountered B encountered 50 errors for the last 5 minutes)
Will it be possible to use the @timestamp field of the document for the filtering query? For example : (API A : @timestamp - 2m) and for (API B : @timestamp - 5m) and then the threshold.
Added scenario:
Let's say my visualization is monitoring all the API services for the past 1 hour. And an API has a threshold of 50 errors and 5 minutes.
If the intervals are different for each application you'll probably want to have a different chart for each application that uses that interval.
Then you create a Date Histogram chart with the interval as the one you want to count the errors for. Use a metric Count aggregation and a filter for the field that you're using to determine if it's an error.
If you also want a threshold line, that isn't a feature in Kibana yet, but can be emulated with a scripted field, on a field that just says "return x" where X is the threshold you want, 100 in your example for API A
Then on the same chart as before add another metric, for Avg on the scripted field (this will always show that value of the scripted field).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.