This is a feature request. Please provide a mechanism to indicate that an event is the first one to exceed the before/after threshold, or the last one to not exceed the threshold, for its key each period. For example, suppose there was a stream of events
event 1: key=foo
event 2: key=bar
event 3: key=foo
event 4: key=bar
event 5: key=foo
event 6: key=bar
event 7: key=foo
event 8: key=foo
event 9: key=foo
that were fed into a throttle plugin within a single period with before_count => 3 and after_count => 5. The result would be:
event 1: key=foo (throttled)
event 2: key=bar (throttled)
event 3: key=foo (throttled, last for its key)
event 4: key=bar (throttled, last for its key)
event 5: key=foo (not throttled, first for its key)
event 6: key=bar (not throttled, first for its key)
event 7: key=foo (not throttled, last for its key)
event 8: key=foo (throttled, first for its key)
event 9: key=foo (throttled)
Currently, there is no way to distinguish these first/last events from other throttled or not throttled events. The goal of this feature request is to provide an indication to downstream systems (e.g. ElasticSearch/Kibana) that throttling is taking place.
As a concrete example, consider the case of rate limiting events to 10 per minute and dropping those that exceed the rate. Currently, someone looking in Kibana who sees 10 events in a minute won't know if those were all of the events that occurred, or if more events occurred but the excess events were throttled and dropped. By tagging that 10th (or 11th) message, it can be made more apparent that throttling occurred.
This is a feature request. Please provide a mechanism to indicate that an event is the first one to exceed the before/after threshold, or the last one to not exceed the threshold, for its key each period. For example, suppose there was a stream of events
that were fed into a
throttleplugin within a single period withbefore_count => 3andafter_count => 5. The result would be:Currently, there is no way to distinguish these first/last events from other throttled or not throttled events. The goal of this feature request is to provide an indication to downstream systems (e.g. ElasticSearch/Kibana) that throttling is taking place.
As a concrete example, consider the case of rate limiting events to 10 per minute and dropping those that exceed the rate. Currently, someone looking in Kibana who sees 10 events in a minute won't know if those were all of the events that occurred, or if more events occurred but the excess events were throttled and dropped. By tagging that 10th (or 11th) message, it can be made more apparent that throttling occurred.