Hi ,

I have a scripted input in my app which is polling data every 60 minutes. This data brings a particular field writeIOps for 8 different volumes per controller from a storage product. I am looking to create a timechart to show sum of all writeIOps per controller so I need to do sum of all writeIOps for 8 volumes at a time and plot that sample on the chart. Basically the goal is to see at any point in time what was the total writeIOps for a particular controller and that data can come when i add writeIOps from all 8 volumes.

Query looks like following

Index=A host="998048d1-831d-4a92-836a-7a4893524925" | timechart sum(writeIOps) AS writes by controllerLabel

But it looks like this data changes depending on the time frame you use in your dashboard. For example, we are calling a particular REST end point every 60 seconds and it is giving us writeIOps fields for 8 volumes (1 event per volume) per controller in a single sample at time T1. We are expecting to aggregate writeIOPs fields for only 8 volumes and plot that value on a time chart for that time T1. But the above query does not do that. Query will apply the search condition on all data that came in a given timeframe and do aggregation and plot a single value on a timechart. If a user is looking at 5 minutes span, the REST endpoint must have been called 5 times and we should have total 40 events per controller. Above query will do sum of writeIOps field from 40 events and plot a single value. How should I fix my query so that it is aggregating values from a single sample( 8 events only) rather then all events in the time frame?

Thanks