Hi,
We’re gradually renewing and implementing new things in our ecosystem, and since we were already using Elasticsearch, Filebeat and Kibana, we decided to give Metricbeat a go.
During my trials with 5 hosts using metricbeat to send data to Elasticsearch, I made a dashboard and everything looked good.
But when we decided to roll out Metricbeat to all the hosts, I noticed that the graphs wouldn’t show more then 10 hostnames, I immediately noticed the “Top 10” in Group by. So I set that to 20, and figured it was a small oversight on my end.
However, that query never finished. So after some trial and error, I’ve made these discoveries:
- If the amount of hostnames returned from a query is more than 10, it will never finish, if the time range is more then 15 minutes.
- This means that if less then 10 is returned, it will finish in seconds, even if time range is set to 7 days.
- The same query that would give me more then 10 hostnames, finishes in Kibana in about 10 seconds.
Am I missing something? Anyone that can point me in the right direction?