Bird
Raised Fist0

You want to monitor the average response time for your app but only for transactions with errors. Which Elasticsearch query snippet correctly filters and calculates this?

hard📝 Best Practice Q15 of Q15
Elasticsearch - ELK Stack Integration
You want to monitor the average response time for your app but only for transactions with errors. Which Elasticsearch query snippet correctly filters and calculates this?
A{ "size": 0, "query": { "term": { "error.id": "" } }, "aggs": { "avg_response_time": { "avg": { "field": "transaction.duration.us" } } } }
B{ "size": 0, "query": { "exists": { "field": "error.id" } }, "aggs": { "avg_response_time": { "avg": { "field": "transaction.duration.us" } } } }
C{ "size": 0, "query": { "match_all": {} }, "aggs": { "avg_response_time": { "avg": { "field": "transaction.duration.us" } } } }
D{ "size": 0, "query": { "term": { "transaction.status": "success" } }, "aggs": { "avg_response_time": { "avg": { "field": "transaction.duration.us" } } } }
Step-by-Step Solution
Solution:

  1. Step 1: Identify filter for transactions with errors

    Transactions with errors have a non-empty "error.id" field, so we use "exists" query on "error.id".

  2. Step 2: Confirm aggregation on filtered data

    The aggregation calculates average response time only on filtered documents, which is correct.

  3. Final Answer:

    { "size": 0, "query": { "exists": { "field": "error.id" } }, "aggs": { "avg_response_time": { "avg": { "field": "transaction.duration.us" } } } } -> Option B

  4. Quick Check:

    Filter errors with exists + avg aggregation = { "size": 0, "query": { "exists": { "field": "error.id" } }, "aggs": { "avg_response_time": { "avg": { "field": "transaction.duration.us" } } } } [OK]
Quick Trick: Use exists query to filter error transactions [OK]
Common Mistakes:
MISTAKES
  • Using empty term query instead of exists
  • Calculating average without filtering errors
  • Filtering for success instead of errors

Want More Practice?

15+ quiz questions · All difficulty levels · Free

Free Signup - Practice All Questions
More Elasticsearch Quizzes
Advanced Patterns - Why advanced patterns solve production needs - Quiz 13medium Cluster Management - Node roles (master, data, ingest) - Quiz 3easy Cluster Management - Snapshot and restore - Quiz 2easy Performance and Scaling - Why performance tuning handles growth - Quiz 13medium Performance and Scaling - Hot-warm-cold architecture - Quiz 4medium Performance and Scaling - Bulk indexing optimization - Quiz 5medium Security - Authentication basics - Quiz 9hard Security - API key management - Quiz 15hard Security - Field and document level security - Quiz 7medium Security - Audit logging - Quiz 12easy