Skip to main content
Sumo Logic

Lab 6 - Filter Time Series

  1. Last updated
  2. Save as PDF
This lab teaches you to filter and aggregate to limit your search to the data you need.

When you want to filter metrics, you can use a mathematical expression in your query to combine aggregate functions, comparison and boolean operators, and numerical values to help limit your search to the data you need.

You can use the following metrics operators to filter a time series:

  • topk -  take the top X time series

  • bottomk - take the bottom X  time series

  • filter - take a specific math function of a time series (max, min, avg, sum)

For this lab we will use the filter operator.

1- You can identify the metrics available by using the inline help after typing

metric=

metricsvalue.png

2 - Using the filter operator you can reduce down your time series. For example:

_contentType= HostMetrics _sourceCategory = hostmetrics/<your_name> metric=CPU_Sys | filter min > 20 and max < 50

Please note that depending on your host thresholds for your filter may vary .

step2.png

This helps you focus on areas of interest in your metrics data, and remove the additional “noise” of less important data. For example, to see only those CPU metrics where the average over the query time range is greater than 95:

metric=CPU_Sys | filter avg > 95

step2b.png