Hi,
I've got a problem with the visualization of a line in an histogram:
The histogram is counting the events in a logfile.
I set autorefresh to 1 minute.
Interval is set to 1 minute.
Now I often see a big drop at the current timestamp.
If I refresh some seconds later I see the count increasing.
What can I do to prevent this false error from occurring in our dashboard?
I checked, systemtime from log producing server and logserver are synchronized.
Is it possible to ignore the events from now - 1 minute? How do I create that filter?
OK, then I am one minute behind, but that's acceptable for me.
Thanks, Andreas
Ignore last Minute?
-
_asp_
- Posts: 91
- Joined: Mon May 23, 2016 4:30 am
Ignore last Minute?
You do not have the required permissions to view the files attached to this post.
-
hsmith
- Agent Smith
- Posts: 3539
- Joined: Thu Jul 30, 2015 11:09 am
- Location: 127.0.0.1
Re: Ignore last Minute?
I don't think it's an error as much as it is intended functionality. You have not yet received logs for that timeperiod, or they have not been parsed yet. The graph is accurate. You can specify a timeperiod, but it is not going to do anything like
From X
To Y -1m
The graph might be deceptive, but the information should be accurate.
If you search for something such as "logstash replace @timestamp" on Google, there are a lot of results with people doing a lot of different things to replace the timestamp field. Take a look and see if anything are appropriate for what you're doing.
From X
To Y -1m
The graph might be deceptive, but the information should be accurate.
If you search for something such as "logstash replace @timestamp" on Google, there are a lot of results with people doing a lot of different things to replace the timestamp field. Take a look and see if anything are appropriate for what you're doing.
Former Nagios Employee.
me.
me.