首页 发现 帮助
注册 登录
lqb
/
elasticsearch
镜像自地址 https://gitee.com/mirrors/elasticsearch.git
1
0
派生 0
文件 工单管理 0 Wiki
目录树: 2da39f9005
分支列表 标签列表
elasticsearch
/
docs
/
reference
/
data-streams
/
downsampling-dsl.asciidoc

downsampling-dsl.asciidoc 21 KB
文件历史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565 
  1. [[downsampling-dsl]]
    2. 

  2. === Run downsampling using data stream lifecycle
    3. 

  3. ++++
    4. 

  4. <titleabbrev>Run downsampling using data stream lifecycle</titleabbrev>
    5. 

  5. ++++
    6. 

  6. 

  7. This is a simplified example that allows you to see quickly how
    8. 

  8. <<downsampling,downsampling>> works as part of a datastream lifecycle to reduce the
    9. 

  9. storage size of a sampled set of metrics. The example uses typical Kubernetes
    10. 

  10. cluster monitoring data. To test out downsampling with data stream lifecycle, follow these steps:
    11. 

  11. 

  12. . Check the <<downsampling-dsl-prereqs,prerequisites>>.
    13. 

  13. . <<downsampling-dsl-create-index-template>>.
    14. 

  14. . <<downsampling-dsl-ingest-data>>.
    15. 

  15. . <<downsampling-dsl-view-data-stream-state>>.
    16. 

  16. . <<downsampling-dsl-rollover>>.
    17. 

  17. . <<downsampling-dsl-view-results>>.
    18. 

  18. 

  19. [discrete]
    20. 

  20. [[downsampling-dsl-prereqs]]
    21. 

  21. ==== Prerequisites
    22. 

  22. 

  23. Refer to <<tsds-prereqs,time series data stream prerequisites>>.
    24. 

  24. 

  25. [discrete]
    26. 

  26. [[downsampling-dsl-create-index-template]]
    27. 

  27. ==== Create an index template with data stream lifecycle
    28. 

  28. 

  29. This creates an index template for a basic data stream. The available parameters
    30. 

  30. for an index template are described in detail in <<set-up-a-data-stream,Set up a
    31. 

  31. time series data stream>>.
    32. 

  32. 

  33. For simplicity, in the time series mapping all `time_series_metric` parameters
    34. 

  34. are set to type `gauge`, but the `counter` metric type may also be used. The
    35. 

  35. `time_series_metric` values determine the kind of statistical representations
    36. 

  36. that are used during downsampling.
    37. 

  37. 

  38. The index template includes a set of static <<time-series-dimension,time series
    39. 

  39. dimensions>>: `host`, `namespace`, `node`, and `pod`. The time series dimensions
    40. 

  40. are not changed by the downsampling process.
    41. 

  41. 

  42. To enable downsampling, this template includes a `lifecycle` section with <<data-streams-put-lifecycle-downsampling-example, downsampling>> object. `fixed_interval` parameter sets downsampling interval at which you want to aggregate the original time series data. `after` parameter specifies how much time after index was rolled over should pass before downsampling is performed.
    43. 

  43. 

  44. [source,console]
    45. 

  45. ----
    46. 

  46. PUT _index_template/datastream_template
    47. 

  47. {
    48. 

  48.   "index_patterns": [
    49. 

  49.     "datastream*"
    50. 

  50.   ],
    51. 

  51.   "data_stream": {},
    52. 

  52.   "template": {
    53. 

  53.     "lifecycle": {
    54. 

  54.       "downsampling": [
    55. 

  55.         {
    56. 

  56.           "after": "1m",
    57. 

  57.           "fixed_interval": "1h"
    58. 

  58.         }
    59. 

  59.       ]
    60. 

  60.     },
    61. 

  61.     "settings": {
    62. 

  62.       "index": {
    63. 

  63.         "mode": "time_series"
    64. 

  64.       }
    65. 

  65.     },
    66. 

  66.     "mappings": {
    67. 

  67.       "properties": {
    68. 

  68.         "@timestamp": {
    69. 

  69.           "type": "date"
    70. 

  70.         },
    71. 

  71.         "kubernetes": {
    72. 

  72.           "properties": {
    73. 

  73.             "container": {
    74. 

  74.               "properties": {
    75. 

  75.                 "cpu": {
    76. 

  76.                   "properties": {
    77. 

  77.                     "usage": {
    78. 

  78.                       "properties": {
    79. 

  79.                         "core": {
    80. 

  80.                           "properties": {
    81. 

  81.                             "ns": {
    82. 

  82.                               "type": "long"
    83. 

  83.                             }
    84. 

  84.                           }
    85. 

  85.                         },
    86. 

  86.                         "limit": {
    87. 

  87.                           "properties": {
    88. 

  88.                             "pct": {
    89. 

  89.                               "type": "float"
    90. 

  90.                             }
    91. 

  91.                           }
    92. 

  92.                         },
    93. 

  93.                         "nanocores": {
    94. 

  94.                           "type": "long",
    95. 

  95.                           "time_series_metric": "gauge"
    96. 

  96.                         },
    97. 

  97.                         "node": {
    98. 

  98.                           "properties": {
    99. 

  99.                             "pct": {
    100. 

  100.                               "type": "float"
    101. 

  101.                             }
    102. 

  102.                           }
    103. 

  103.                         }
    104. 

  104.                       }
    105. 

  105.                     }
    106. 

  106.                   }
    107. 

  107.                 },
    108. 

  108.                 "memory": {
    109. 

  109.                   "properties": {
    110. 

  110.                     "available": {
    111. 

  111.                       "properties": {
    112. 

  112.                         "bytes": {
    113. 

  113.                           "type": "long",
    114. 

  114.                           "time_series_metric": "gauge"
    115. 

  115.                         }
    116. 

  116.                       }
    117. 

  117.                     },
    118. 

  118.                     "majorpagefaults": {
    119. 

  119.                       "type": "long"
    120. 

  120.                     },
    121. 

  121.                     "pagefaults": {
    122. 

  122.                       "type": "long",
    123. 

  123.                       "time_series_metric": "gauge"
    124. 

  124.                     },
    125. 

  125.                     "rss": {
    126. 

  126.                       "properties": {
    127. 

  127.                         "bytes": {
    128. 

  128.                           "type": "long",
    129. 

  129.                           "time_series_metric": "gauge"
    130. 

  130.                         }
    131. 

  131.                       }
    132. 

  132.                     },
    133. 

  133.                     "usage": {
    134. 

  134.                       "properties": {
    135. 

  135.                         "bytes": {
    136. 

  136.                           "type": "long",
    137. 

  137.                           "time_series_metric": "gauge"
    138. 

  138.                         },
    139. 

  139.                         "limit": {
    140. 

  140.                           "properties": {
    141. 

  141.                             "pct": {
    142. 

  142.                               "type": "float"
    143. 

  143.                             }
    144. 

  144.                           }
    145. 

  145.                         },
    146. 

  146.                         "node": {
    147. 

  147.                           "properties": {
    148. 

  148.                             "pct": {
    149. 

  149.                               "type": "float"
    150. 

  150.                             }
    151. 

  151.                           }
    152. 

  152.                         }
    153. 

  153.                       }
    154. 

  154.                     },
    155. 

  155.                     "workingset": {
    156. 

  156.                       "properties": {
    157. 

  157.                         "bytes": {
    158. 

  158.                           "type": "long",
    159. 

  159.                           "time_series_metric": "gauge"
    160. 

  160.                         }
    161. 

  161.                       }
    162. 

  162.                     }
    163. 

  163.                   }
    164. 

  164.                 },
    165. 

  165.                 "name": {
    166. 

  166.                   "type": "keyword"
    167. 

  167.                 },
    168. 

  168.                 "start_time": {
    169. 

  169.                   "type": "date"
    170. 

  170.                 }
    171. 

  171.               }
    172. 

  172.             },
    173. 

  173.             "host": {
    174. 

  174.               "type": "keyword",
    175. 

  175.               "time_series_dimension": true
    176. 

  176.             },
    177. 

  177.             "namespace": {
    178. 

  178.               "type": "keyword",
    179. 

  179.               "time_series_dimension": true
    180. 

  180.             },
    181. 

  181.             "node": {
    182. 

  182.               "type": "keyword",
    183. 

  183.               "time_series_dimension": true
    184. 

  184.             },
    185. 

  185.             "pod": {
    186. 

  186.               "type": "keyword",
    187. 

  187.               "time_series_dimension": true
    188. 

  188.             }
    189. 

  189.           }
    190. 

  190.         }
    191. 

  191.       }
    192. 

  192.     }
    193. 

  193.   }
    194. 

  194. }
    195. 

  195. ----
    196. 

  196. 

  197. ////
    198. 

  198. [source,console]
    199. 

  199. ----
    200. 

  200. DELETE _index_template/*
    201. 

  201. ----
    202. 

  202. // TEST[continued]
    203. 

  203. ////
    204. 

  204. 

  205. [discrete]
    206. 

  206. [[downsampling-dsl-ingest-data]]
    207. 

  207. ==== Ingest time series data
    208. 

  208. 

  209. Use a bulk API request to automatically create your TSDS and index a set of ten
    210. 

  210. documents.
    211. 

  211. 

  212. **Important:** Before running this bulk request you need to update the
    213. 

  213. timestamps to within three to five hours after your current time. That is,
    214. 

  214. search `2022-06-21T15` and replace with your present date, and adjust the hour
    215. 

  215. to your current time plus three hours.
    216. 

  216. 

  217. [source,console]
    218. 

  218. ----
    219. 

  219. PUT /datastream/_bulk?refresh
    220. 

  220. {"create": {}}
    221. 

  221. {"@timestamp":"2022-06-21T15:49:00Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":91153,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":463314616},"usage":{"bytes":307007078,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":585236},"rss":{"bytes":102728},"pagefaults":120901,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    222. 

  222. {"create": {}}
    223. 

  223. {"@timestamp":"2022-06-21T15:45:50Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":124501,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":982546514},"usage":{"bytes":360035574,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":1339884},"rss":{"bytes":381174},"pagefaults":178473,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    224. 

  224. {"create": {}}
    225. 

  225. {"@timestamp":"2022-06-21T15:44:50Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":38907,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":862723768},"usage":{"bytes":379572388,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":431227},"rss":{"bytes":386580},"pagefaults":233166,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    226. 

  226. {"create": {}}
    227. 

  227. {"@timestamp":"2022-06-21T15:44:40Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":86706,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":567160996},"usage":{"bytes":103266017,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":1724908},"rss":{"bytes":105431},"pagefaults":233166,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    228. 

  228. {"create": {}}
    229. 

  229. {"@timestamp":"2022-06-21T15:44:00Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":150069,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":639054643},"usage":{"bytes":265142477,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":1786511},"rss":{"bytes":189235},"pagefaults":138172,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    230. 

  230. {"create": {}}
    231. 

  231. {"@timestamp":"2022-06-21T15:42:40Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":82260,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":854735585},"usage":{"bytes":309798052,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":924058},"rss":{"bytes":110838},"pagefaults":259073,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    232. 

  232. {"create": {}}
    233. 

  233. {"@timestamp":"2022-06-21T15:42:10Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":153404,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":279586406},"usage":{"bytes":214904955,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":1047265},"rss":{"bytes":91914},"pagefaults":302252,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    234. 

  234. {"create": {}}
    235. 

  235. {"@timestamp":"2022-06-21T15:40:20Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":125613,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":822782853},"usage":{"bytes":100475044,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":2109932},"rss":{"bytes":278446},"pagefaults":74843,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    236. 

  236. {"create": {}}
    237. 

  237. {"@timestamp":"2022-06-21T15:40:10Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":100046,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":567160996},"usage":{"bytes":362826547,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":1986724},"rss":{"bytes":402801},"pagefaults":296495,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    238. 

  238. {"create": {}}
    239. 

  239. {"@timestamp":"2022-06-21T15:38:30Z","kubernetes":{"host":"gke-apps-0","node":"gke-apps-0-0","pod":"gke-apps-0-0-0","container":{"cpu":{"usage":{"nanocores":40018,"core":{"ns":12828317850},"node":{"pct":2.77905e-05},"limit":{"pct":2.77905e-05}}},"memory":{"available":{"bytes":1062428344},"usage":{"bytes":265142477,"node":{"pct":0.01770037710617187},"limit":{"pct":9.923134671484496e-05}},"workingset":{"bytes":2294743},"rss":{"bytes":340623},"pagefaults":224530,"majorpagefaults":0},"start_time":"2021-03-30T07:59:06Z","name":"container-name-44"},"namespace":"namespace26"}}
    240. 

  240. 

  241. ----
    242. 

  242. // TEST[skip: timestamp values won't match an accepted range in the TSDS]
    243. 

  243. 

  244. [discrete]
    245. 

  245. [[downsampling-dsl-view-data-stream-state]]
    246. 

  246. ==== View current state of data stream
    247. 

  247. 

  248. Now that you've created and added documents to the data stream, check to confirm
    249. 

  249. the current state of the new index.
    250. 

  250. 

  251. [source,console]
    252. 

  252. ----
    253. 

  253. GET _data_stream
    254. 

  254. ----
    255. 

  255. // TEST[skip: temporal_ranges and index names won't match]
    256. 

  256. 

  257. If the data stream lifecycle policy has not yet been applied, your results will be like the
    258. 

  258. following. Note the original `index_name`: `.ds-datastream-2024.04.29-000001`.
    259. 

  259. 

  260. [source,console-result]
    261. 

  261. ----
    262. 

  262. {
    263. 

  263.   "data_streams": [
    264. 

  264.     {
    265. 

  265.       "name": "datastream",
    266. 

  266.       "timestamp_field": {
    267. 

  267.         "name": "@timestamp"
    268. 

  268.       },
    269. 

  269.       "indices": [
    270. 

  270.         {
    271. 

  271.           "index_name": ".ds-datastream-2024.04.29-000001",
    272. 

  272.           "index_uuid": "vUMNtCyXQhGdlo1BD-cGRw",
    273. 

  273.           "managed_by": "Data stream lifecycle"
    274. 

  274.         }
    275. 

  275.       ],
    276. 

  276.       "generation": 1,
    277. 

  277.       "status": "GREEN",
    278. 

  278.       "template": "datastream_template",
    279. 

  279.       "lifecycle": {
    280. 

  280.         "enabled": true,
    281. 

  281.         "downsampling": [
    282. 

  282.           {
    283. 

  283.             "after": "1m",
    284. 

  284.             "fixed_interval": "1h"
    285. 

  285.           }
    286. 

  286.         ]
    287. 

  287.       },
    288. 

  288.       "next_generation_managed_by": "Data stream lifecycle",
    289. 

  289.       "hidden": false,
    290. 

  290.       "system": false,
    291. 

  291.       "allow_custom_routing": false,
    292. 

  292.       "replicated": false,
    293. 

  293.       "rollover_on_write": false,
    294. 

  294.       "time_series": {
    295. 

  295.         "temporal_ranges": [
    296. 

  296.           {
    297. 

  297.             "start": "2024-04-29T15:55:46.000Z",
    298. 

  298.             "end": "2024-04-29T18:25:46.000Z"
    299. 

  299.           }
    300. 

  300.         ]
    301. 

  301.       }
    302. 

  302.     }
    303. 

  303.   ]
    304. 

  304. }
    305. 

  305. ----
    306. 

  306. // TEST[skip: some fields are removed for brevity]
    307. 

  307. // TEST[continued]
    308. 

  308. 

  309. Next, run a search query:
    310. 

  310. 

  311. [source,console]
    312. 

  312. ----
    313. 

  313. GET datastream/_search
    314. 

  314. ----
    315. 

  315. // TEST[skip: timestamp values won't match]
    316. 

  316. 

  317. The query returns your ten newly added documents.
    318. 

  318. 

  319. [source,console-result]
    320. 

  320. ----
    321. 

  321. {
    322. 

  322.   "took": 23,
    323. 

  323.   "timed_out": false,
    324. 

  324.   "_shards": {
    325. 

  325.     "total": 1,
    326. 

  326.     "successful": 1,
    327. 

  327.     "skipped": 0,
    328. 

  328.     "failed": 0
    329. 

  329.   },
    330. 

  330.   "hits": {
    331. 

  331.     "total": {
    332. 

  332.       "value": 10,
    333. 

  333.       "relation": "eq"
    334. 

  334.     },
    335. 

  335. ...
    336. 

  336. ----
    337. 

  337. // TEST[skip: some fields are removed for brevity]
    338. 

  338. // TEST[continued]
    339. 

  339. 

  340. [discrete]
    341. 

  341. [[downsampling-dsl-rollover]]
    342. 

  342. ==== Roll over the data stream
    343. 

  343. 

  344. Data stream lifecycle will automatically roll over data stream and perform downsampling. This step is only needed in order to see downsampling results in scope of this tutorial.
    345. 

  345. 

  346. Roll over the data stream using the <<indices-rollover-index,rollover API>>:
    347. 

  347. 

  348. [source,console]
    349. 

  349. ----
    350. 

  350. POST /datastream/_rollover/
    351. 

  351. ----
    352. 

  352. // TEST[continued]
    353. 

  353. 

  354. [discrete]
    355. 

  355. [[downsampling-dsl-view-results]]
    356. 

  356. ==== View downsampling results
    357. 

  357. 

  358. By default, data stream lifecycle actions are executed every five minutes. Downsampling takes place after the index is rolled over and the <<index-time-series-end-time, index time series end time>>
    359. 

  359. has lapsed as the source index is still expected to receive major writes until then. Index is now rolled over after previous step but its time series range end is likely still in the future. Once index time series range is in the past, re-run the `GET _data_stream` request.
    360. 

  360. 

  361. [source,console]
    362. 

  362. ----
    363. 

  363. GET _data_stream
    364. 

  364. ----
    365. 

  365. // TEST[skip: temporal_ranges and index names won't match]
    366. 

  366. 

  367. After the data stream lifecycle action was executed, original
    368. 

  368. `.ds-datastream-2024.04.29-000001` index is replaced with a new, downsampled
    369. 

  369. index, in this case `downsample-1h-.ds-datastream-2024.04.29-000001`.
    370. 

  370. 

  371. [source,console-result]
    372. 

  372. ----
    373. 

  373. {
    374. 

  374.   "data_streams": [
    375. 

  375.     {
    376. 

  376.       "name": "datastream",
    377. 

  377.       "timestamp_field": {
    378. 

  378.         "name": "@timestamp"
    379. 

  379.       },
    380. 

  380.       "indices": [
    381. 

  381.         {
    382. 

  382.           "index_name": "downsample-1h-.ds-datastream-2024.04.29-000001",
    383. 

  383.           "index_uuid": "VqXuShP4T8ODAOnWFcqitg",
    384. 

  384.           "managed_by": "Data stream lifecycle"
    385. 

  385.         },
    386. 

  386.         {
    387. 

  387.           "index_name": ".ds-datastream-2024.04.29-000002",
    388. 

  388.           "index_uuid": "8gCeSdjUSWG-o-PeEAJ0jA",
    389. 

  389.           "managed_by": "Data stream lifecycle"
    390. 

  390.         }
    391. 

  391.       ],
    392. 

  392. ...
    393. 

  393. ----
    394. 

  394. // TEST[skip: some fields are removed for brevity]
    395. 

  395. // TEST[continued]
    396. 

  396. 

  397. Run a search query on the datastream (note that when querying downsampled indices there are <<querying-downsampled-indices-notes,a few nuances to be aware of>>).
    398. 

  398. 

  399. [source,console]
    400. 

  400. ----
    401. 

  401. GET datastream/_search
    402. 

  402. ----
    403. 

  403. // TEST[continued]
    404. 

  404. 

  405. The new downsampled index contains just one document that includes the `min`,
    406. 

  406. `max`, `sum`, and `value_count` statistics based off of the original sampled
    407. 

  407. metrics.
    408. 

  408. 

  409. [source,console-result]
    410. 

  410. ----
    411. 

  411. {
    412. 

  412.   "took": 26,
    413. 

  413.   "timed_out": false,
    414. 

  414.   "_shards": {
    415. 

  415.     "total": 2,
    416. 

  416.     "successful": 2,
    417. 

  417.     "skipped": 0,
    418. 

  418.     "failed": 0
    419. 

  419.   },
    420. 

  420.   "hits": {
    421. 

  421.     "total": {
    422. 

  422.       "value": 1,
    423. 

  423.       "relation": "eq"
    424. 

  424.     },
    425. 

  425.     "max_score": 1,
    426. 

  426.     "hits": [
    427. 

  427.       {
    428. 

  428.         "_index": "downsample-1h-.ds-datastream-2024.04.29-000001",
    429. 

  429.         "_id": "0eL0wMf38sl_s5JnAAABjyrMjoA",
    430. 

  430.         "_score": 1,
    431. 

  431.         "_source": {
    432. 

  432.           "@timestamp": "2024-04-29T17:00:00.000Z",
    433. 

  433.           "_doc_count": 10,
    434. 

  434.           "kubernetes": {
    435. 

  435.             "container": {
    436. 

  436.               "cpu": {
    437. 

  437.                 "usage": {
    438. 

  438.                   "core": {
    439. 

  439.                     "ns": 12828317850
    440. 

  440.                   },
    441. 

  441.                   "limit": {
    442. 

  442.                     "pct": 0.0000277905
    443. 

  443.                   },
    444. 

  444.                   "nanocores": {
    445. 

  445.                     "min": 38907,
    446. 

  446.                     "max": 153404,
    447. 

  447.                     "sum": 992677,
    448. 

  448.                     "value_count": 10
    449. 

  449.                   },
    450. 

  450.                   "node": {
    451. 

  451.                     "pct": 0.0000277905
    452. 

  452.                   }
    453. 

  453.                 }
    454. 

  454.               },
    455. 

  455.               "memory": {
    456. 

  456.                 "available": {
    457. 

  457.                   "bytes": {
    458. 

  458.                     "min": 279586406,
    459. 

  459.                     "max": 1062428344,
    460. 

  460.                     "sum": 7101494721,
    461. 

  461.                     "value_count": 10
    462. 

  462.                   }
    463. 

  463.                 },
    464. 

  464.                 "majorpagefaults": 0,
    465. 

  465.                 "pagefaults": {
    466. 

  466.                   "min": 74843,
    467. 

  467.                   "max": 302252,
    468. 

  468.                   "sum": 2061071,
    469. 

  469.                   "value_count": 10
    470. 

  470.                 },
    471. 

  471.                 "rss": {
    472. 

  472.                   "bytes": {
    473. 

  473.                     "min": 91914,
    474. 

  474.                     "max": 402801,
    475. 

  475.                     "sum": 2389770,
    476. 

  476.                     "value_count": 10
    477. 

  477.                   }
    478. 

  478.                 },
    479. 

  479.                 "usage": {
    480. 

  480.                   "bytes": {
    481. 

  481.                     "min": 100475044,
    482. 

  482.                     "max": 379572388,
    483. 

  483.                     "sum": 2668170609,
    484. 

  484.                     "value_count": 10
    485. 

  485.                   },
    486. 

  486.                   "limit": {
    487. 

  487.                     "pct": 0.00009923134
    488. 

  488.                   },
    489. 

  489.                   "node": {
    490. 

  490.                     "pct": 0.017700378
    491. 

  491.                   }
    492. 

  492.                 },
    493. 

  493.                 "workingset": {
    494. 

  494.                   "bytes": {
    495. 

  495.                     "min": 431227,
    496. 

  496.                     "max": 2294743,
    497. 

  497.                     "sum": 14230488,
    498. 

  498.                     "value_count": 10
    499. 

  499.                   }
    500. 

  500.                 }
    501. 

  501.               },
    502. 

  502.               "name": "container-name-44",
    503. 

  503.               "start_time": "2021-03-30T07:59:06.000Z"
    504. 

  504.             },
    505. 

  505.             "host": "gke-apps-0",
    506. 

  506.             "namespace": "namespace26",
    507. 

  507.             "node": "gke-apps-0-0",
    508. 

  508.             "pod": "gke-apps-0-0-0"
    509. 

  509.           }
    510. 

  510.         }
    511. 

  511.       }
    512. 

  512.     ]
    513. 

  513.   }
    514. 

  514. }
    515. 

  515. ----
    516. 

  516. // TEST[skip: timestamp values won't match]
    517. 

  517. // TEST[continued]
    518. 

  518. 

  519. Use the <<data-stream-stats-api,data stream stats API>> to get statistics for
    520. 

  520. the data stream, including the storage size.
    521. 

  521. 

  522. [source,console]
    523. 

  523. ----
    524. 

  524. GET /_data_stream/datastream/_stats?human=true
    525. 

  525. ----
    526. 

  526. // TEST[continued]
    527. 

  527. 

  528. [source,console-result]
    529. 

  529. ----
    530. 

  530. {
    531. 

  531.   "_shards": {
    532. 

  532.     "total": 4,
    533. 

  533.     "successful": 4,
    534. 

  534.     "failed": 0
    535. 

  535.   },
    536. 

  536.   "data_stream_count": 1,
    537. 

  537.   "backing_indices": 2,
    538. 

  538.   "total_store_size": "37.3kb",
    539. 

  539.   "total_store_size_bytes": 38230,
    540. 

  540.   "data_streams": [
    541. 

  541.     {
    542. 

  542.       "data_stream": "datastream",
    543. 

  543.       "backing_indices": 2,
    544. 

  544.       "store_size": "37.3kb",
    545. 

  545.       "store_size_bytes": 38230,
    546. 

  546.       "maximum_timestamp": 1714410000000
    547. 

  547.     }
    548. 

  548.   ]
    549. 

  549. }
    550. 

  550. ----
    551. 

  551. // TEST[skip: exact size may be different]
    552. 

  552. // TEST[continued]
    553. 

  553. 

  554. This example demonstrates how downsampling works as part of a data stream lifecycle to
    555. 

  555. reduce the storage size of metrics data as it becomes less current and less
    556. 

  556. frequently queried.
    557. 

  557. 

  558. ////
    559. 

  559. [source,console]
    560. 

  560. ----
    561. 

  561. DELETE _data_stream/*
    562. 

  562. DELETE _index_template/*
    563. 

  563. ----
    564. 

  564. // TEST[continued]
    565. 

  565. ////
    566.