Get the top n results when searched by count and s...

SaiDarur

Hi All,

I am trying to get the top n users who made calls to some APIs over a span of 5 minutes.

For example:
By the below query, I can see the chart which made calls for a period of time over a span of 5 minutes.

Query

timechart span=5min count(action) by applicationname

Now, I need to select the top n users (applicationname) which had high number of calls only for a span of 5 minutes.

In the below image, need the the users with sudden spikes.

SaiDarur

Thank you both. Is there any other approach to get this result? If so, please do help me on this.
Thanks

SaiDarur

Thank you both. Is there any other way where I can achieve this?

PickleRick

To get the count over a sliding window you'd need to do - as I mentioned - streamstats with time_window set to your 5 minutes. Then you can do a simple top command or something like that.

richgalloway

The timechart command has a limit option that will give you the top n results.

| timechart span=5min limit=5 count(action) by applicationname

---
If this reply helps you, Karma would be appreciated.

PickleRick

It's not that easy 😉

1. Often overlooked thing - timechart with span=something means just chopping time into span-sized slices. It does _not_ mean doing a sliding window aggregation. I suppose you can't do that other way than using streamstats.

2. limit=X with timechart gives you only X top results _overall_, not per each bin.

Get the top n results when searched by count and span

count

timechart

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update