Created
December 20, 2013 11:30
-
-
Save alexbrasetvik/8053573 to your computer and use it in GitHub Desktop.
Simple examples of aggregations on CPU metrics.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Sample data points. | |
| # These could e.g. be metrics reported by collectd to logstash. | |
| host: app1 | |
| cpu: 87.0 | |
| --- | |
| host: app1 | |
| cpu: 1.23 | |
| --- | |
| host: app2 | |
| cpu: 45.0 | |
| --- | |
| host: app2 | |
| cpu: 51.2 | |
| --- | |
| host: db1 | |
| cpu: 12.0 | |
| --- | |
| host: db1 | |
| cpu: 25.1 | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| export ELASTICSEARCH_ENDPOINT="http://localhost:9200" | |
| # Create indexes | |
| curl -XPUT "$ELASTICSEARCH_ENDPOINT/play" -d '{ | |
| "settings": { | |
| "analysis": {} | |
| }, | |
| "mappings": {} | |
| }' | |
| # Index documents | |
| curl -XPOST "$ELASTICSEARCH_ENDPOINT/_bulk?refresh=true" -d ' | |
| {"index":{"_index":"play","_type":"type"}} | |
| {"host":"app1","cpu":87} | |
| {"index":{"_index":"play","_type":"type"}} | |
| {"host":"app1","cpu":1.23} | |
| {"index":{"_index":"play","_type":"type"}} | |
| {"host":"app2","cpu":45} | |
| {"index":{"_index":"play","_type":"type"}} | |
| {"host":"app2","cpu":51.2} | |
| {"index":{"_index":"play","_type":"type"}} | |
| {"host":"db1","cpu":12} | |
| {"index":{"_index":"play","_type":"type"}} | |
| {"host":"db1","cpu":25.1} | |
| ' | |
| # Do searches | |
| curl -XPOST "$ELASTICSEARCH_ENDPOINT/_search?pretty" -d ' | |
| { | |
| "aggregations": { | |
| "hosts": { | |
| "terms": { | |
| "field": "host", | |
| "order": { | |
| "cpu.variance": "desc" | |
| } | |
| }, | |
| "aggs": { | |
| "cpu": { | |
| "extended_stats": { | |
| "field": "cpu" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "size": 0 | |
| } | |
| ' | |
| curl -XPOST "$ELASTICSEARCH_ENDPOINT/_search?pretty" -d ' | |
| { | |
| "aggregations": { | |
| "hosts": { | |
| "terms": { | |
| "field": "host", | |
| "order": { | |
| "cpu_avg": "asc" | |
| } | |
| }, | |
| "aggs": { | |
| "cpu_avg": { | |
| "avg": { | |
| "field": "cpu" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "size": 0 | |
| } | |
| ' | |
| curl -XPOST "$ELASTICSEARCH_ENDPOINT/_search?pretty" -d ' | |
| { | |
| "query": { | |
| "filtered": { | |
| "filter": { | |
| "prefix": { | |
| "host": "app" | |
| } | |
| } | |
| } | |
| }, | |
| "aggregations": { | |
| "hosts": { | |
| "terms": { | |
| "field": "host", | |
| "order": { | |
| "cpu_avg": "desc" | |
| } | |
| }, | |
| "aggs": { | |
| "cpu_avg": { | |
| "avg": { | |
| "field": "cpu" | |
| } | |
| } | |
| } | |
| } | |
| }, | |
| "size": 0 | |
| } | |
| ' | |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Auto generated by Found's Play-tool at 2013-12-20T12:30:42+01:00 | |
| version: 0 | |
| title: CPU metric aggregations | |
| description: Simple examples of aggregations on CPU metrics. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Which servers have the highest variance in CPU utilization? | |
| aggregations: | |
| hosts: | |
| terms: | |
| field: host | |
| order: | |
| cpu.variance: desc | |
| aggs: | |
| cpu: | |
| extended_stats: | |
| field: cpu | |
| size: 0 # We just care about the aggregations | |
| --- | |
| # Which servers are bored? | |
| aggregations: | |
| hosts: | |
| terms: | |
| field: host | |
| order: | |
| cpu_avg: asc | |
| aggs: | |
| cpu_avg: | |
| avg: | |
| field: cpu | |
| size: 0 | |
| --- | |
| # You can of course combine it with a query! | |
| # Find app servers ordered by how busy they are: | |
| query: | |
| filtered: | |
| filter: | |
| prefix: | |
| host: app | |
| aggregations: | |
| hosts: | |
| terms: | |
| field: host | |
| order: | |
| cpu_avg: desc | |
| aggs: | |
| cpu_avg: | |
| avg: | |
| field: cpu | |
| size: 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment