Logs time series view

Using the Logs Time Series interface

The Time Series interface has the following information and affordances:

Events list
Logs Time Series

  1. Filters help you to narrow the search results.

    Logs filters

    To show filters, expand the filters: click the show filters (Show filters) icon in the top left corner of the page.

    To hide the filters, click the hide filters (Hide filters) icon in the top right corner of the filter panel.

  2. The Search logs searchbar enables you to find logs by any attribute value, facet, label, and so on.

    The searchbar works with the Query Builder.

    Logs Query Builder

    Follow these steps to specify the first query, a:

    1. Aggregation

      In the show (Show) clause of the query, select from the drop-down either show all logs (default), show all fingerprints, or one of the log attributes or labels.

      • The aggregate for show all logs and show all fingerprints is count of (count of).

      • The aggregate for string and text attributes and labels is count unique of (count unique of).

      • The default aggregate for numerical values and durations is avg.

        Note that you can change this aggregation to sum, min, max, stddev, stdvar, first, or last.

    2. Grouping

      In the by (by) clause of the query, select from the drop-down the attribute or attributes for grouping query results.

    3. Limit

      In the limit to (limit to) clause of the query, complete these steps: * Use the first drop-down to specify if you want to examine the top (default) or bottom results. * Use the second drop-down to specify the number of results.

    4. Step size

      In the roll up every (roll up every) clause of the query, specify the size of the time bucket for aggregating query results.

      Depending on the overall interval, the drop-down shows a different automatic rollup period, and several longer options.

    5. Function

      Click Sigma (Sigma) to add a formula to apply to the results of the query.

  3. To add a query, click Add Query button (Add Query).

  4. To add a formula, click Add Formula button (Add Formula).

  5. By default, we useSwitch on the FuseQL Search toggle to search using the FuseQL language.

  6. Overall interval. The default is Last 5 minutes. Click the drop-down to use the time picker and select the appropriate time interval.

    Time picker

  7. Refresh display: click Refresh (Refresh) to update the display.

  8. To add a query, click Add Query button (Add Query).

    When you specify the first filter, you define the first query. Kloudfuse identifies it as query a (a) in the interface. You can add additional queries, b (b) and others, to your analysis.

  9. To add a formula, click Add Formula button (Add Formula).

  10. View type selector enables you to specify the search view by selecting one of the following modes:

  11. Select the Use FuseQL toggle to turn on the default Kloudfuse FuseQL.

  12. Select the Combine all queries into one chart to combine all queries and formulas on the same graph. Deselect the option to have them appear on different (smaller) graphs.

    See Combine queries and Separate queries.

  13. Click the selector for the chart type, and choose one of the options from the drop-down:

    Choose chart type

    • Line has the normal, thick, and thin option.

    • Bar has the "stacked" option.

    • Area has the stacked option.

    • Points, which has no additional display options.

  14. Click Create alert (Create alert) to create a Log alert based on the query or queries here.

  15. Click Export (Export) icon to add the chart as a panel of a new or existing dashboard.

  16. Click Explore metric (Explore Metric) icon to expand the chart to full size.

  17. The Chart that represents the time series of the logs over the specified duration.

    If you specify groupings in the by clause of the query, the chart plots the groupings that results from the first grouping item.

  18. Click a component of the Chart legend to isolate and show only these values on the chart.

Combine query charts

To combine separate charts, click to select the Combine all queries into one chart option.

Separate Query Charts

When you combine 2 or more queries on the same chart, it is relatively easy to see their relationship.

However, because the two metrics often have significantly different value ranges on the Y axis, it may be difficult to see the detail. By separating the queries into their individual charts, you vertically "expand" the axis, making it easier to visualize patterns and trends.

To separate a graph into its constituent queries, click the Combine all queries into one chart option to deselect it. The interface displays the two charts side-by-side.