Skip to main content
Sumo Logic

Lab 5 - Joined Metrics Queries

  1. Last updated
  2. Save as PDF
This lab teaches you how to join different metrics series to create third series using math operators.
When working with Metrics in Sumo you can perform basic math operations  (+, -, *, /) on query results. Math expressions support the same set of functions as the eval operator so you can use sin, cos, abs, log, round, ceil, floor, tan, exp, sqrt, min, and max.
For example, if you are ingesting network information, you could use metrics queries and math operations to chart the net difference of incoming and outgoing network traffic.   

Chart of your rate of traffic using join

  1. Open a new Metrics window

  2. In the first row, define the incoming traffic as the result of rate and sum (to simplify the data). This will become our variable #A, please notice you do not need to declare #A as a variable, just Enter the following:

    Metric Net_InBytes, Operators: rate, sum
    Note to add an operator to a query select the grey plus sign clipboard_e5c4176b0be51542107928945ca9aaf3d.pngclipboard_e660b2fa5506145d92e4c08ea4c749115.png

  3. By virtue of adding this query to the first line, we can refer back to it as #A. Any query on the second line can be referenced as #B and so on.

  4. To create a second row, click on the + icon (Add Query) on the far right of Line #A. A second row will be created. define the outgoing traffic as the result of rate and sum (to simplify the data). This will become our variable #B, please notice you do not need to declare #B as a variable. Enter:

    Metric Net_OutBytes, Operators: rate sum
    clipboard_e0d134998979345fd015aea418e70f3d0.png

  5.  Next we need to subtract row #A from #B. To do so we will create a third row, by clicking on the +icon (Add Query) on the far right of Line #B. This will become our variable #C.

    Screen Shot 2020-09-23 at 9.04.13 AM.png

  6.  Now we want to utilize Advanced Mode to enter the query that will subtract row #A from row #B. To enable Advanced Mode for Row #C, go to the far right and click on the details icon (3 vertical dots) and select Advanced Mode.
    NOTE: we will discuss the difference between Basic and Advance query mode when we finish this lab. 

  7. Once Advanced Mode is enabled for Row #C, enter: 
    #B - #A
    Screen Shot 2020-09-23 at 9.09.18 AM.png
    NOTE: The query is case-sensitive, it should be #B-#A not #b-#a.

  8. Finally hide the A and B rows, so that your visualization only shows the difference. To do, so click on #A and #B

    Screen Shot 2020-09-23 at 9.13.21 AM.png

    Terrific - You now have a basic line chart of your rate of traffic over time.

Basic Query vs Advanced Query

In the basic query mode, you have a very simple interface where you can select values from drop down list boxes as shown below: 
clipboard_edb93656a13cdc4b77f74f73d828f9b3d.png

In basic query mode, it is very simple to select the the metric and the filters from the drop down lists and you can add an math operator by clicking on the clipboard_edf96301f74b3d5d444ca8bde449b5b10.png.  

In the Advanced Query mode, you will need to know the query that you want to create.  This was the method we used for our earlier metrics product, but some customers wanted a simpler interface, which helped us develop the Basic Query mode.   Here is an example of the Advanced Query mode, you will get a chance to develop in the Advanced query mode in the upcoming labs. 
clipboard_e36d834bf9f5b3f851cd23418ebaca902.png