Lab 6 - Filter Time Series using advanced query mode
Getting into Advanced Query Mode
For Labs 6-10, you are going to use the advanced query mode in the Metrics panel. To do this, on each query you want to switch to advanced query mode, click on the three dots in a vertical line at the far right of the query line and select Advanced Mode as shown below.
Once you have switched to Advanced Mode, your query display will look like this and you can type in your metric or log query directly. This is what your interface should look like:
Creating Filter Time Series and other operators
When you want to filter metrics, you can use a mathematical expression in your query to combine aggregate functions, comparison and boolean operators, and numerical values to help limit your search to the data you need.
You can use the following metrics operators to filter a time series:
-
topk - take the top X time series
-
bottomk - take the bottom X time series
-
filter - take a specific math function of a time series (max, min, avg, sum)
For this lab we will use the filter operator to look at the CPU_Sys metrics associated with our device.
1- You can identify the metrics available by using the inline search ahead next to Metric
2 - First, we will select CPU_Sys as the Metric
Using the filter operator you can reduce down your time series.
For example:
_contentType= HostMetrics _sourceCategory = hostmetrics/<your_name> metric=CPU_Sys | filter min > 0 and max < 5
Please note that depending on your host thresholds for your filter may vary .
This helps you focus on areas of interest in your metrics data, and remove the additional “noise” of less important data. For example, to see only those CPU metrics where the average over the query time range is greater than 95:
metric=CPU_Sys | filter avg > 95
