Skip to main content
Sumo Logic

Filter Time Series

Filter your time series in queries to refine your visualizations to just the data you want to see.

When you want to filter metrics, you can use a mathematical expression in your query to combine aggregate functions, comparison and boolean operators, and numerical values to help limit your search to the data you need.

You can use the following metrics operators to filter your time series:

  • topk -  take the top X time series

  • bottomk - take the bottom X  time series

  • filter - take a function of a time series (min, max, avg, count, sum, pct(n), latest), or filter based on how many times the values of individual data points of a time series meet a value condition over a particular duration

And with these filters you can reduce down your time series. For example:

  • metric=cpu | filter min > 20 and max < 50

  • dep=prod metric=cpu_system | topk (10, max /avg * 2)

This helps you focus on areas of interest in your metrics data, and remove the additional “noise” of less important data. For example, to see only those CPU metrics where the average over the query time range is greater than 95:

metric=cpu | filter avg > 95

Or, to see the top three values for your RequestCount metric:

namespace=AWS/ApplicationELB  metric=RequestCount LoadBalancer=* Region=* _source=* _collector=* | avg by LoadBalancer,Region | topk (3,max)


Or, to see the top 3 values for RequestCount divided by double the average, to identify spikes in RequestCount:

namespace=AWS/ApplicationELB  metric=RequestCount LoadBalancer=* Region=* _source=* _collector=* | avg by LoadBalancer,Region | topk (3,max/avg*2)


As you start to do more complex queries with filters,  you can combine simple aggregators and filter operators. For example both uses of max and min are valid in this equation, but it gets difficult to distinguish the math functions from the filters on the times series:

_sourceCategory=mysources | topk(5, max(max, min(min, max)))

The filters are in red, the math functions are in blue.