New to ELK, got things up and running. Here is my set up.
Our MQ monitoring tool writes data to Oracle database every 10 minutes with a cumulative statistics information.
I have set up log stash to pull data from oracle and put it in elastic search. I have looked at different forums and product guide but i am finding it rather hard to figure out how to set up vizsualization.
on x axis i want a timeline maybe hourly between two dates and grouped by queue names and on Y axis i want total no of puts for that hour...monitoring tool writes to database every 10 minutes so i am OK with every 10 mini graph as well. How can i accomplish this?
Is it safe to assume that interval_start is a datetime representing the "start" of the time period which no_of_puts and the other information is relevant for, where-as interval_end is the datetime representing the end of the time period? If so, we'll have to pick one of these to use when creating the visualization to use with the date histogram aggregation. Since we're talking about 10 minute intervals, there's the possibility that one of the documents in ES spans multiple date histogram buckets, so the visualization is potentially slightly skewed. The only way around this is to reduce the time-span which these documents cover, to get more accurate results. The following example uses the interval_start as the basis for the date histogram aggregation:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
