Lab 16 - Identify Rate of Change
Similar to logs, metrics have the usual operators (min, max, sum, count, avg). However, oftentimes, what you want to measure is change.
-
In a new Metrics tab, add a query to search for a count of packets received in the last 60 minutes.
type=packets_received metric=count
-
To find the difference between one data point and the next, edit your query to show the delta.
type=packets_received metric=count | delta
-
However, to find the rate of change, in this case, packets received per second, edit your query to:
type=packets_received metric=count | rate
With this last query, you're able to determine if the rate at which packets are being received is increasing gradually or spiking quickly. Identifying an outlier on a rate of change is a better indicator of an impending problem.
