Where would you find events per second? I'd like stats on the sources, and the total collection, on a daily basis.

Follow

Robert Abuhoff

• December 12, 2016 17:52

0

• 

  Caleb Fogleman

  • December 23, 2016 15:24

  Hi Robert, To find this data, for the past 24 hours, I would use the following query: *| timeslice 1s| count by _timeslice, _collector| avg(_count) as eps by _collector| sort by eps Of course, you can swap _collector out for _source, _sourceCategory, etc., depending on how you'd like your breakdown. If you run this query over 24 hours, it should provide results almost immediately, then refine them as the query continues to execute. I hope this helps! Caleb F.

  0

  Comment actions Permalink

Please sign in to leave a comment.