Hi Team
We are running two jobs of anomaly detection where for one job we are using 10 min of bucket span and for second one we are using 1 hour bucket span. Query delay is same for both jobs i.e. default value.
For both jobs i was getting data latency warning so i changed for one job to look the difference.
Is there any relation between bucket span and Query Delay ?
Hello @Aniket_Pant ,
The primary motivation for query delay is to handle delayed data.
To figure out the correct query delay value for your anomaly jobs, do the following:
date_histogram aggregation for the last 24 hours, using the bucket_span value as fixed_interval.doc_counts of the results for the same time intervals.doc_countss for the overlapping histogram buckets no longer change, this gives you the effective query_delay parameter.Alternatively, if both event time and ingest time for your data are available, you can look at the difference between those to figure out the correct query delay value.
You can also calculate ingest lag as described in this article. This will indicate the query delay you need to set.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.