Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Ignore last Minute?

https://support.nagios.com/forum/viewtopic.php?t=38957

Page 1 of 1

Ignore last Minute?

Posted: Mon Jun 20, 2016 8:41 am
by _asp_
Hi,

I've got a problem with the visualization of a line in an histogram:

The histogram is counting the events in a logfile.
I set autorefresh to 1 minute.
Interval is set to 1 minute.

Now I often see a big drop at the current timestamp.
drop.JPG

If I refresh some seconds later I see the count increasing.
increase.JPG
What can I do to prevent this false error from occurring in our dashboard?
I checked, systemtime from log producing server and logserver are synchronized.

Is it possible to ignore the events from now - 1 minute? How do I create that filter?
OK, then I am one minute behind, but that's acceptable for me.

Thanks, Andreas

Re: Ignore last Minute?

Posted: Mon Jun 20, 2016 1:15 pm
by hsmith
I don't think it's an error as much as it is intended functionality. You have not yet received logs for that timeperiod, or they have not been parsed yet. The graph is accurate. You can specify a timeperiod, but it is not going to do anything like

From X

To Y -1m

The graph might be deceptive, but the information should be accurate.

If you search for something such as "logstash replace @timestamp" on Google, there are a lot of results with people doing a lot of different things to replace the timestamp field. Take a look and see if anything are appropriate for what you're doing.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited