Sumo Logic

Work with Metrics Visualizations

This topic describes actions you can perform with metrics queries and visualization. See the following topics for additional information:

Name your visualization

To assign a name to a visualization, hover over the tab, click the dotted icon, and select Rename. Enter a new name and click Rename.


Add additional visualizations

You can create up to 16 visualizations on the Metrics page. To add a new visualization, click + in the tab bar and select Metrics (in the classic UI, select Metrics and click + in the tab bar). The settings on all the tabs are automatically saved and persist if you leave the Metrics page or log out of the Sumo Logic session.

If you have 16 tabs and create a new visualization, it replaces the visualization on the current tab.

Display selected queries

By default, all queries (up to six) are displayed in the chart area on the Metrics page. To hide a query from the chart without deleting it, click the icon to the left of the query. The icon becomes faded.


Display selected data

By default, the chart area displays all of the individual time series that match your queries. Click the Legend tab in the lower area of the page to see a list of all the time series. 

Each time series is presented in the chart with a separate color. The legend shows the line color and style for each time series and the tags that are included in the series. Click an entry in the Time Series column to show the full description.

Click the visibility icons to show or hide individual time series. 

The legend also indicates which query (A, B, C, or D) was used to visualize each time series.


Specify the chart type

Open the Settings tab to specify the appearance of the charts in the visualization area. These settings apply to all time series in the current visualization. 


You can select either of these options:

  • Line chart (default).  Displays the data in line charts. You can select the line width (1px default).
  • Area chart. Displays the data in area charts. Specify the line width for the area boundary and whether to display the area charts as stacked (default),
  • or as a percentage of the total (summed values at each time).

Specify the Y axes

Each chart has a primary Y axis on the left and can also have secondary Y axis on the right. Open the Settings tab to name the axes and specify the type of scale and range. 

  • Enter a name for one or both axes.
  • Select linear or logarithmic scale (default is linear).
  • Enter minimum and maximum values to display. By default, Sumo determines a range based on the data. 

The name you give to the left (primary) axis is displayed in the chart area as soon as you enter a value. The right axis is shown only if you associate it with a query (see next section).


Associate queries with Y axes

To associate a query with a Y axis, open the Query tab and click the Gear icon to the right of a query. An area opens for you to select a line type and axis position.


Select Right Axis or Left Axis. If the axis label is not already shown on the chart, it is displayed as soon as you make your selection.

Any queries that are not associated with the right axis are automatically associated with the left axis.


Modify line styles

Open the Query tab and click the Gear icon on the right of a query. An area opens for you to select a line type (dotted, dashed, solid). The line type is changed immediately in the visualization when you make a selection.


Focus on a time series in a visualization

You can focus on a particular time series in a visualization by clicking the line chart for the series. The focus changes to that chart, and the other time series in the visualization are hidden. If outlier bands are enabled, the band for that chart displays.  Click the background or outlier band area to remove the focus and hide the band.  

This capability is supported only for line charts

Select a color palette

You can specify the color palette for your visualization at the time series, query, and chart level. Settings at the query level overwrite settings at the chart level, and settings at the time series level overwrite settings at the query and chart levels.

  • Time series level. Open the Legend tab and click the Gear icon to the right of a time series. Select a palette from the Color Palette menu. To specify a hex value, scroll click Custom Color, and enter a value (example: #29A1E6).
  • Query level. Open the Query tab and click the Gear icon to the right of a query. Select a palette from the Color Palette menu.
  • Chart level. Open the Settings tab. Select a palette from the Color Palette menu under Chart.

Display details for individual values

Hover over a location in the chart area to see the details for an individual reading. The following information is displayed:

  • The number at the top of the details pop-up is the value on the chart (430,859 in the following figure).
  • A date and timestamp are included.
  • The tags that are included in the visualization are listed.


Add custom labels to time series

The default label for each metrics time series is a comma-separated list of the dimensions included in the query. The resulting labels can be lengthy and inconvenient to scan.

To shorten the labels and make them more meaningful in your metrics visualizations and dashboards, you can apply a naming convention for time series labels on a per-query basis. The labels can include text and also parameters that are enclosed in double curly braces.


Consider the metrics visualization shown in the following figure. It includes two queries.

The first query displays the average of user CPU activity over a set of source hosts.
metric=CPU_User _sourceHost=*cq*split* | avg 

The second query averages the same information per source host.
metric=CPU_User _sourceHost=*cq*split* | avg by _sourceHost

The default labels for the query as shown in the hover details provide useful information, but might not be informative enough for what you want to highlight.  

For example, suppose you want to emphasize that the first query is a baseline against which you’re comparing behavior for individual source hosts. You can relabel the queries accordingly. 

Click the gear icon to the right of each query and add the label in the Series Label field. You can include text and variables enclosed in double curly brackets.  Press Return to implement the change.

For this example, we’ll apply the labels shown in the figures.

The first query label indicates the baseline.

The second query label is a variable for the source host (with the variable name enclosed in double curly brackets).


The hover details now show the assigned labels.
For the baseline query, only the 'Baseline' text displayed.

For the query by source host, only the source host is displayed.

The assigned label must be unique for each time series. If you create a custom label such that more than one time series would have the same label, an error message is displayed, and the label isn’t applied. 

You can see what custom labels have been defined by opening the Legend tab. If there is a custom label, it is presented to the right of the default time series label.


Change the time range

You can specify a time range (for the X axis) relative to the current time, or specify a custom time range. To set time ranges, click the time area near the top of the page.

metrics time relative.png

The current time range is displayed, along with the following options to set the time:

  • Relative. Select an interval relative to the current time. The display is updated as soon as you make a selection.
  • Custom. Click a date to select it as the start date, then move your cursor to the desired end date and click to select it.  The date settings shown below the calendar are updated. You can scroll to navigate between months or click to go to a specific month. 
    To specify the time, highlight the portion of the time value you want to change, and modify the entry.metrics time custom.png
  • Recent. If you have specified any relative or custom time ranges during your current login session, they are available for selection under Recent.

Adjust the quantization level

When you’re visualizing metrics data, the time axis is fundamental to understanding your data.

  • Multiple time series (lines on the chart) should line up in a way that makes it easy to understand and compare behavior (for example, at 10:25AM server1 had 95% CPU usage and server2 had 50% CPU usage).
  • As you change the time scale, the granularity of the data points should change accordingly (for example, 1 second resolution for a metric over 30 days doesn’t make sense).

This capability is called quantization. The quantization interval aligns your time series data to common intervals on the time axis (for example every one minute) to optimize the visualization and performance.

For each metrics visualization, Sumo automatically determines a quantization interval over which the metrics data is aggregated to create individual data points. 

If you have a quantization interval that you prefer to use, for example, if you want to keep track of the number of new logins per minute or per hour, you can select your own target interval. You can adjust the interval for any metrics visualization from one second to one day using the quantization menu at the top of the visualization.

When you select a target quantization, Sumo sets the actual quantization interval to be as close to the target as possible. If it is not possible to set the actual interval to the targeted interval (typically because too many data points would be produced to reasonably show on the chart), a message is displayed, letting you know that Sumo has set the interval to be as close as possible to your target.

quantization menu.png

Decide how to handle missing data

The fill missing control allows you to specify how to handle gaps in your time series data. 
By default, Sumo interpolates the missing data; however in some cases, another solution may be preferable. 
The following options are available to fill missing metrics data:

  • Interpolation: This is the default option, in which successive values are connected by a line.
  • Empty: With this option, a gap in the time series data is represented by an actual gap in the visualization. For example, if your visualization includes an interval during which your systems were down for planned maintenance, you might want your visualization to make it clear that there was no data to report during that interval. 
  • Fixed: This option assigns a particular value in the interval with missing data. For example, if you are counting the number of logins, a gap in the data might mean that no logins occurred during that time. You can select Fixed and assign 0 as the value to indicate that no login activity occurred.
  • Last: This option is appropriate if your data involves infrequent observations and you want to retain the value of an observation until the next observation is recorded. For example, if you are collecting temperature data from a sensor as part of an Internet of things (IOT) application, you might want your visualization to continue to report the last temperature measurement until a new measurement comes in.

To select the fill missing method, Open the Query tab and click the Gear icon to the right of a query. Click Fill Missing Data Method and select one of the options described above. If you select Fixed, enter a value for the missing data.

metrics-fill missing.png

Refresh the display

In most cases, the visualization updates automatically with new data and to reflect changes in settings. To refresh the display on demand, click the metricsvis04.png icon in the upper right corner of the page, and select Refresh Query.