Influxdb: non_negative_derivative and group by sizing causing large spikes

Hey, I guess here is the same problem:

I have the reporters that reports stats into influxdb once a minute. This is typical counter metrics that constantly grows.

What I'm try to achieve is to get a rate of request per minute. Here is my QUERY:

SELECT non_negative_derivative(sum("run-count"), 1m) FROM "com.codahale.metrics.servlet.AbstractInstrumentedFilter.requests" WHERE time > now() - 10m GROUP BY time(1m) fill(none)

• non_negative_derivative - to omit negative couter differences during node resets.

And here is what I get doing three requests with a ~15-20 sec delay between each of them:

> SELECT non_negative_derivative(sum("run-count"), 1m) FROM "com.codahale.metrics.servlet.AbstractInstrumentedFilter.requests" WHERE time > now() - 10m GROUP BY time(1m) fill(none)
name: com.codahale.metrics.servlet.AbstractInstrumentedFilter.requests
----------------------------------------------------------------------
time                    non_negative_derivative
1460405880000000000     101864
1460405940000000000     137
1460406000000000000     130
1460406060000000000     137
1460406120000000000     139
1460406180000000000     122
1460406240000000000     143
1460406300000000000     146
1460406360000000000     161

> SELECT non_negative_derivative(sum("run-count"), 1m) FROM "com.codahale.metrics.servlet.AbstractInstrumentedFilter.requests" WHERE time > now() - 10m GROUP BY time(1m) fill(none)
name: com.codahale.metrics.servlet.AbstractInstrumentedFilter.requests
----------------------------------------------------------------------
time                    non_negative_derivative
1460405880000000000     209000
1460405940000000000     137
1460406000000000000     130
1460406060000000000     137
1460406120000000000     139
1460406180000000000     122
1460406240000000000     143
1460406300000000000     146
1460406360000000000     161

> SELECT non_negative_derivative(sum("run-count"), 1m) FROM "com.codahale.metrics.servlet.AbstractInstrumentedFilter.requests" WHERE time > now() - 10m GROUP BY time(1m) fill(none)
name: com.codahale.metrics.servlet.AbstractInstrumentedFilter.requests
----------------------------------------------------------------------
time                    non_negative_derivative
1460405940000000000     137
1460406000000000000     130
1460406060000000000     137
1460406120000000000     139
1460406180000000000     122
1460406240000000000     143
1460406300000000000     146
1460406360000000000     161
1460406420000000000     130

Actually what I expected to get is the last results section, where the first value is more or less the sane as others. First and second sections had a huge numbers in the top. I assume each time every node reports it's data to influxdb the top number changes. Each minute this scenario repeats again.

Influxdb 0.12.1

Is this related to #4852 ?

@jwestboston: you are right, it is.

This is a duplicate of #3247 and will be fixed for aggregate queries in 0.13. Please try it out on master to confirm that this works properly. If it doesn't, please reopen this ticket with any information to help fix it.

Thanks!

@jsternberg I see the same behavior in InfluxDB 0.13.0~n201605020800. I don't have any additional information to help fix it other than what I wrote in my original post.

This seems to have been fixed for _continuous_ queries in the 0.13 series but not for direct/"raw" queries. The relevant comment is here.

On further searching, this is possible dupe of #5943.

For what it's worth I'm experiencing this on 0.13 with a direct/"raw" query for GPFS performance metrics (instead of Lustre). If there's something I can do to help fix this, please let me know.

Still happens on 1.0 👎

@hgfischer +1

Are there plans to fix this? I have to add offset 1 to all queries doing non_negative_derivative(sum("value"), 10s) to not get the spike as the first value.

We are hitting this, too. It's frustrating; we have hundreds of graphs of rates (non_negative_derivative), and this bug is rendering them fairly useless. Can we get a sense of whether this will be fixed?

In case it's helpful, my work around has been to create continuous queries to pre-calculate derivatives and then my grafana queries access the "rate" series instead of the "raw" series.

I have same problem.
@panzerdev , thanks for the offset idea.

Same here. We're collecting nginx total request count as well as network total bytes transmitted stats. Because the first bar in a grouped query is smaller than the others, there's a huge spike in the beginning most of the time.

I have same problem. Setting offset 1 and the time of group by Is greater than 20 can solve it.
thanks the offset idea @panzerdev

I've been looking over this problem as a user, and it doesn't appear that this is an actual bug. What's happening is that when you set upper/lower bounds on the time range using TIME() plus or minus some interval, and that time range doesn't 100% align with the buckets in your GROUP BY interval, SUM() ends up summing less points into the first and last buckets than you expect -- this is actually the case regardless of whether derivatives are involved. As a result, both the first and last data points being differenced are smaller than expected. When you use DERIVATIVE(), this manifests as a huge jump between that first bucket value, based on incomplete data, and the second bucket value, based on complete data (and vice versa at the end). As a result, you start the series with an enormous positive spike and end it with an enormous negative one.

To get the results we want, what we really need is a way to normalize the time boundaries on the query so they align with the bucket width. This is probably a task best left to Grafana or another dashboard.

From a UX perspective, this could conceivably be solved in InfluxDB if TIME() could be rounded up or down to an arbitrary interval, so a query writer could align the start and end of the window to match the bucketing interval specified in GROUP BY.

We are experiencing the same issue and many thanks @panzerdev for the offset idea.

We have the same issue and it is very annoying especially when working with Grafana.
https://github.com/grafana/grafana/issues/9361

Hitting this issue as well in InfluxDB 1.2.4. non_negative_derivative with sum() as an aggregator creates a huge spike at the beginning of the graph and makes the rest of the chart unreadable. Based on @jgoldschrafe's comment above, it seems like this might be related to #5943 and/or #6878 .

We also see this issue with many graphs

I am seeing this as well on several graphs - very difficult to read graphs when a spike occurs.

Do we have any updates on this issue? I see the same spikes with many of my graphs when using non_negative_derivative and group by.

A lot of useful information here! my today's workaround for this is to apply specific time range in Grafana. Usually the auto interval for longer time ranges is 5 minutes. Then to ensure time range does not cross the intervals we use /h to round it to whole hours. Unfortunately it means also that from 7:00:01 to 8:00:00 the latest data you see is from 6:59:59 and it could be a serious issue for some of you.

From: now-2d/h
To: now-1h-1s/h

It would be cool to have in Grafana sth like /5m or /$__interval.

I managed to get rid of those spikes by using percentile(95) selector instead of mean() aggregation. So if this makes sense for your data you can use this workaround.

this cheat works for me

Are there plans to fix this? I have to add offset 1 to all queries doing non_negative_derivative(sum("value"), 10s) to not get the spike as the first value.

@panzerdev How you added offset? Can you provide some sample query? Thanks

@hardiksondagar There you go

 SELECT non_negative_derivative(sum("value"), 1s) AS "qps" FROM "jetty.responses2xx" WHERE 
"cluster" = 'uluru-api' AND $timeFilter GROUP BY time(1m), "cluster" offset 1

Still seeing the issue. Spikes at start and end of graphs are still visible when doing a group by on time.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Still present and still problematic

Yes. It is still present and is still very problematic.
This issue happens to be open for more than 3 years now.

Regards,
Lohit

On Jul 25, 2019, 2:20 PM -0500, Cameron Hall notifications@github.com, wrote:

Still present and still problematic
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Still present and still problematic

Hello,

Facing the same situation, at Transatel we decided to solve it by making an HTTP proxy to handle this: Transatel/cleanflux.

We've been using it for 2 whole years, both from Grafana and various scripts (including Jupyter notebooks).

For now, it is quite declarative (retention policies have to be redeclared in proxy configuration) but this solution is pretty robust and transparent for the client.

In addition, it also solves issues #5961 (and dup #8010) and #7198.

Thank you.

I have been waiting on a solution to this forever.
I will give it a try.

Regards,
Lohit
On Jan 15, 2020, 6:53 AM -0600, perf notifications@github.com, wrote:

Hello,
Facing the same situation, at Transatel we decided to solve it by making an HTTP proxy to handle this: Transatel/cleanflux.
We've been using it for 2 whole years, both from Grafana and various scripts (including Jupyter notebooks).
For now, it is quite declarative (retention policies have o be redeclared in proxy configuration) but this solution is pretty robust and transparent for the client.
In addition, it also solves issues #5961 and #7198.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.