jtnagashima/RESULTS.md

## graphitefunction.py
# This requires 'pyes'
# The function goes in webapp/graphite/render/functions.py
# Don't forget to update the SeriesFunctions dict to include it.

import pyes
def logstashHits(requestContext, query):
  conn = pyes.ES("localhost:9200")

  start = requestContext["startTime"].isoformat()
  end = requestContext["endTime"].isoformat()

  boundedquery = "@timestamp:[%s TO %s] AND %s" % (start, end, query)
  q = pyes.StringQuery(boundedquery).search()
  q.facet.facets.append(pyes.facets.DateHistogramFacet('date_facet',
    field='@timestamp',
#    interval='second'))
    interval='minute'))
  results = conn.search(query=q)

# set interval
  interval=60
# interval=1
  start_timestamp = int(time.mktime(requestContext["startTime"].timetuple()))
  end_timestamp = int(time.mktime(requestContext["endTime"].timetuple()))
  time_range = (end_timestamp-start_timestamp)/interval

  values=[0]*time_range

  for facet in results.facets.date_facet.entries:
    appear_time = (facet['time']/1000)
    values[(appear_time-start_timestamp)/interval] = facet['count']

# debug
  logfile = open("/tmp/x", "a")
  logfile.write("q: %s\n" % boundedquery)
  logfile.write("entries: %r\n" % results.facets.date_facet.entries)
  logfile.write("start Time: %r\n" % requestContext["startTime"])
  logfile.write("start timestamp %s\n" % start_timestamp)
  logfile.write("end Time: %r\n" % requestContext["endTime"])
  logfile.write("end timestamp %s\n" % end_timestamp)
  logfile.write("timerange %s\n" % time_range)
  logfile.write("values: %s\n" % values)
  logfile.close()


  return [TimeSeries(query,
            time.mktime(requestContext["startTime"].timetuple()),
            time.mktime(requestContext["endTime"].timetuple()),
            interval, values)]


## RESULTS.md

      
    Raw
  

              RESULTS.md
            
          
    logstash queries graphed with graphite.

My version of function logstashHits() for graphite.
Original: https://gist.github.com/jordansissel/3760225
My fix is needed if you have values = 0 between start and end time.
E.g: nginx access log, and for certain period of time there aren't any request:

should be:
	# This requires 'pyes'
	# The function goes in webapp/graphite/render/functions.py
	# Don't forget to update the SeriesFunctions dict to include it.

	import pyes
	def logstashHits(requestContext, query):
	conn = pyes.ES("localhost:9200")

	start = requestContext["startTime"].isoformat()
	end = requestContext["endTime"].isoformat()

	boundedquery = "@timestamp:[%s TO %s] AND %s" % (start, end, query)
	q = pyes.StringQuery(boundedquery).search()
	q.facet.facets.append(pyes.facets.DateHistogramFacet('date_facet',
	field='@timestamp',
	# interval='second'))
	interval='minute'))
	results = conn.search(query=q)

	# set interval
	interval=60
	# interval=1
	start_timestamp = int(time.mktime(requestContext["startTime"].timetuple()))
	end_timestamp = int(time.mktime(requestContext["endTime"].timetuple()))
	time_range = (end_timestamp-start_timestamp)/interval

	values=[0]*time_range

	for facet in results.facets.date_facet.entries:
	appear_time = (facet['time']/1000)
	values[(appear_time-start_timestamp)/interval] = facet['count']

	# debug
	logfile = open("/tmp/x", "a")
	logfile.write("q: %s\n" % boundedquery)
	logfile.write("entries: %r\n" % results.facets.date_facet.entries)
	logfile.write("start Time: %r\n" % requestContext["startTime"])
	logfile.write("start timestamp %s\n" % start_timestamp)
	logfile.write("end Time: %r\n" % requestContext["endTime"])
	logfile.write("end timestamp %s\n" % end_timestamp)
	logfile.write("timerange %s\n" % time_range)
	logfile.write("values: %s\n" % values)
	logfile.close()


	return [TimeSeries(query,
	time.mktime(requestContext["startTime"].timetuple()),
	time.mktime(requestContext["endTime"].timetuple()),
	interval, values)]