Elasticsearchquery~30 mins

Application performance monitoring in Elasticsearch - Mini Project: Build & Apply

Choose your learning style9 modes available

Learn Why Deep Visual Try Challenge Project Recall Time

Application Performance Monitoring with Elasticsearch

📖 Scenario: You are a DevOps engineer responsible for monitoring the performance of a web application. You want to collect and analyze response times of different API endpoints to identify slow requests.

🎯 Goal: Build a simple Elasticsearch query to filter and aggregate API response times for performance monitoring.

📋 What You'll Learn

Create an Elasticsearch index mapping for API response data

Add a filter to select only requests with response time greater than a threshold

Aggregate average response time per API endpoint

Display the aggregation results

💡 Why This Matters

🌍 Real World

Monitoring API response times helps detect performance issues early and improve user experience.

💼 Career

DevOps engineers use Elasticsearch queries and aggregations to analyze logs and metrics for application performance monitoring.

Progress0 / 4 steps

Create the Elasticsearch index mapping

Create an Elasticsearch index mapping called api_performance with fields: endpoint as keyword and response_time_ms as integer.

Elasticsearch

# Define the index mapping for api_performance
# Your code here

Need a hint?

Use the PUT method to create the index with the specified mapping.

Add a filter for slow requests

Write an Elasticsearch query that filters documents in api_performance where response_time_ms is greater than 200 milliseconds.

Elasticsearch

PUT /api_performance
{
  "mappings": {
    "properties": {
      "endpoint": { "type": "keyword" },
      "response_time_ms": { "type": "integer" }
    }
  }
}

# Add a query filter for response_time_ms > 200
# Your code here

Need a hint?

Use a range query to filter documents where response_time_ms is greater than 200.

Aggregate average response time per endpoint

Extend the query to include an aggregation named avg_response_time that calculates the average response_time_ms grouped by endpoint.

Elasticsearch

PUT /api_performance
{
  "mappings": {
    "properties": {
      "endpoint": { "type": "keyword" },
      "response_time_ms": { "type": "integer" }
    }
  }
}

GET /api_performance/_search
{
  "query": {
    "range": {
      "response_time_ms": {
        "gt": 200
      }
    }
  },
  "aggs": {
    "avg_response_time": {
      "terms": {
        "field": "endpoint"
      },
      "aggs": {
        "average_time": {
          "avg": {
            "field": "response_time_ms"
          }
        }
      }
    }
  }
}

# Your code here

Need a hint?

Use a terms aggregation on endpoint and nest an avg aggregation on response_time_ms.

Display the aggregation results

Run the query and write the expected output format showing average response times per endpoint as JSON.

Elasticsearch

PUT /api_performance
{
  "mappings": {
    "properties": {
      "endpoint": { "type": "keyword" },
      "response_time_ms": { "type": "integer" }
    }
  }
}

GET /api_performance/_search
{
  "query": {
    "range": {
      "response_time_ms": {
        "gt": 200
      }
    }
  },
  "aggs": {
    "avg_response_time": {
      "terms": {
        "field": "endpoint"
      },
      "aggs": {
        "average_time": {
          "avg": {
            "field": "response_time_ms"
          }
        }
      }
    }
  }
}

# Print the aggregation buckets with endpoint and average_time.value
# Your code here

Need a hint?

The output shows buckets with each endpoint and its average response time value.