HOWTO graph eps on kibana
Why do that¶
On a platform, you\'re always interested by how much traffic (in EPS) is there at your platform entry point. According to the platform configuration, it can be more or less complex to graph this traffic. So according to this complexity, we must choose the adequate tool to graph it.
On previous versions of Punchplatform (until Avishai), we used Grafana.
What to do¶
Analyze your data¶
Let's say your platform has LTRs and you want to graph EPS at LTRs entry points. The first thing to do is to analyze your needs, your platform and your data:
- What do you need? Graphing a global amount of EPS? An amount by host? By technology? On a single graph?
- What is the configuration of LTR's channels?
First explore your metrics with Discover menu. You will be able to see that two metrics can be used to graph EPS:
- storm.tuple.ack.count: the number of acknowledged events by topology since last topology start
- storm.tuple.ack.m1_rate: the average of acknowledged events by second by topology
Next let's take some examples, easiest to hardest.
A simple case: a single technology on a single channel¶
Suppose you only have one channel (so one technology). Then you will be able to use any Kibana tool to graph input EPS.
For example you can choose a Basic Chart visualization named Vertical Bar.
On Kibana UI, click on Visualize, + symbol, Vertical Bar, and metrics-* index-pattern (you should have something like that). Choose X-Axis > Date Histogram > ts and Y-Axis > Max > storm.tuple.ack.m1_rate.
A little bit harder: multiple channels and technologies with adequate topologies names¶
In this example we have multiple channels and topologies, processing multiple technologies. We suppose topologies names are adequate. What do we mean by that? Let's explain by representing our channels:
Two LTR channels, dedicated to two technologies: Apache and Bluecoat.
Each one has two topologies:
- Apache: ltr_in_apache, ltr_out_apache (tags.technology = apache) (tags.hostname = host1, host2)
- Bluecoat: ltr_in_bluecoat, ltr_out_bluecoat (tags.technology = bluecoat) (tags.hostname = host1, host2)
We would like to graph EPS by technology. To perform it, first execute previous steps. Then, on same visualization, click on Add sub-buckets, Split Series, Terms, tags.storm.topology_name.
Hardest: multiple channels and technologies with ambiguous topologies names¶
As previous case, we still want to graph EPS by technology. But topologies configuration is a little bit different:
- Apache: ltr_in, ltr_out (tags.technology = apache) (tags.hostname = host1, host2)
- Bluecoat: ltr_in, ltr_out (tags.technology = bluecoat) (tags.hostname = host1, host2)
- This time we cannot use storm.tuple.ack.m1_rate and split serie by tags.storm.topology_name because there is only one value for the whole set of channels (which is ltr_in).
- We could split by tags.technology only. But compute a maximum of storm.tuple.ack.m1_rate makes sense only in a topology context (and we cannot sum them), and unfortunately we have multiple ltr_in topologies running on multiple hosts (host1 and host2) for a single technology. We also cannot perform a sum of storm.tuple.ack.count because this sum also makes sens in a single topology context.
- We could split by tags.hostname only for the same reason.
Let's try to split by tags.technology and tags.hostname.
Basic Chart visualization Vertical Bar can perform multiple splitting (by using multiple terms aggregations) but its graphs it on multiple graphs, and our constraint is to graph them splitted by technology, on multiple stacked curves or histograms, on a single graph.
Visualization Visual Builder is great but it cannot perform multiple splitting (or Grouping in this context) (even using multiple metrics or pipeline aggregations).
In fact, in this situation we cannot even graph a total amount of EPS (splitting by technology or not). But another Kibana tool can help us: Timelion. This one seems pretty close to do the job: we reach to split by two criteria (technology and hostname) on the same graph using for example this configuration:
bash .es(index="metrics-*", timefield=ts, metric="avg:storm.tuple.ack.m1_rate", q="tags.storm.topology_name:ltr_in", split=tags.technology:20, split=tags.hostname:20).sum()
We also could use storm.tuple.ack.count and use derivative() function, it works, but it's sensitive to small variations and graph holes sometimes (maybe a moving average could make sense).
It's better but Timelion doesn't offer to group after expression execution (grouping or splitting is permitted on es() function only), so we cannot graph by technology.
We showed some graphs limits. Now, feel free to use one of the following workarounds:
- Filtering Kibana capabilities: produced graph show the total amount of EPS, use expression to filter one technology
- Use the Data Extractor to produce exploitable data from metrics, then graph them on Kibana.