We have logging with user data for the requests each use does. We have created some averages and dashboards with this data but the search is very slow, we are looking to do some trends so time range is 30+ days, if our summary index storage is small this could go out longer. I currently have a lookup table doing a weekly mean, std dev, and a few other calcs; but we want the option to look into one day also, so we are looking to implement a summary index.
At this time I would not have any true stat calculations in my summary index. I feel they would come after the fact since I cant do a 7,30, 90 day average in one stats command; if this is possible that would be best I assume.
| table client,host,_time, component, operation, user, response_time
My thought was to have this summary index based on the table which will get us less data (but no calculations), and then implement the stat commands necessary. Is there a better way to go about this task? Ideally we want some stat calculations as I mentioned, mean, std dev but we want to trend it over time; so a few time intervals would be good. Is this the best way to handle this or would there be a better scenario? I have a request that the rendering times be fast as possible since the dashboards are interactive.
... View more