#openobserve-cloud

Discrepancy in Histogram Counts on OpenObserve

TLDR rito reported incorrect counts on the OpenObserve histogram. Hengfei explained this might be due to batch ingestion or lack of '_timestamp'; the former makes the server ingest logs rapidly while the latter causes high volume in a small time range. rito acknowledged the advice.

5mo

Join the chat

Jun 30, 2023 (5 months ago)

Photo of md5-a462bbe4adef925469661ad5969086c5

rito

06:18 AM

I sent the access logs of my server to OpenObserve. It is well remembered. Excellent. 👍
However, the counts on the histogram may not be correct. It does not match the log count. This is not a critical issue for me, but I will report it.

Image 1 for I sent the access logs of my server to OpenObserve. It is well remembered. Excellent. :+1:
However, the counts on the histogram may not be correct. It does not match the log count. This is not a critical issue for me, but I will report it.

Photo of md5-c30bb074b7d997d2cd6e689678b65dc1

Hengfei

06:19 AM

How do you think it is wrong?

rito

06:21 AM

It looks like accesses are spiking, but they are not actually spiking. Also, the log count is not this high.

Hengfei

06:25 AM

if you use fluent-bit or vector, those tools have cache and batch ingestion. when you suddenly connect to OpenObserve it will ingest everything as quickly, after ingesting everything in the cache, you can see the speed reduce to almost same as your log produce speed.

06:27

Hengfei

06:27 AM

And if you don't provide _timestamp yourself, we will use the ingest time as _timetamp, it will looks like your screenshot, in a small time range, it has high volume, but after minutes it reduced.

rito

06:29 AM

I did not write down the usage. I am sending logs using http requests.

Thanks for the info I will try sending it with _timestamp.

OpenObserve

OpenObserve is an open-source, petabyte-scale observability platform for the cloud native realm, offering a 10x cost reduction and 140x less storage use compared to competitors like Elasticsearch or Splunk. Built in Rust for exceptional performance, it offers comprehensive features like logs, metrics, traces, dashboards, and more | Knowledge Base powered by Struct.AI

Indexed 406 threads (74% resolved)

Join Our Community

Similar Threads

High Memory Usage Issue in OpenObserve 0.5.1

Chris reported high memory usage with OpenObserve 0.5.1 when making specific queries, causing out of memory errors. Hengfei suggested attempting without conditions. Chris will raise an official issue regarding the problem.

4mo

Query and Issue with Disparity in Stream Stats and Disk Usage

Karan shared a query and noted a disparity in stream stats and disk usage. After troubleshooting, Hengfei identified a bug and advised on stats refresh. Ashish confirmed that the disk size was the accurate measure and they would investigate the stats calculation.

1mo

OpenObserve issues with FluentBit and Dashboard

Alejandro experienced issues with FluentBit losing connection with OpenObserve and discarding logs, and an error when saving a chart on the OpenObserve dashboard. Prabhat could not identify the cause of record loss. However, potential solutions were suggested to save the dashboard with a string-type filter instead of integer one.

2mo