I have this query in sumo:
_sourceCategory=my_product
| timeslice 1h
| count by _timeslice
In my aggregates list I have a 1h difference between the data:
but in my graph I have a 15 mins segment like this:
So my question is: where does this 15 min segments come from?
Every search result includes a histogram that shows the number of results over time -- this is what your screenshot shows.
The actual results of your query will be shown below that, in the Messages/Aggregates area. Choose the Bar Chart visualisation to see the search results with your hour timeslice.
https://help.sumologic.com/Search/Search-Query-Language/Search-Operators/timeslice
Related
In my logs I am printing out "total_time:1.2334" (for example).
I am able to grab the time values with Splunk by using rex: | rex "total_time:(?<time>.*)" |
I want to display each total_time on a time chart (as either a line or a bar graph). However, when I try something like
| timechart values(time) it only shows a few of my data points (for example, only 3 columns are shown in the chart while there are 16 events).
Does anyone how I can display total_time best with the time on the Y axis and the occurrences on the X axis? Thanks.
The values() function displays the unique settings of the 'time' field, which means you'll see fewer than 16 columns if the same value of total_time appears more than once. Try using | timechart count by time.
I am using data collected from two different instruments which have different resolution because of the sampling rate of each instrument. For a specific time, one of the sets have >10k entries while the other has ~2.5k. They however capture data over the same time interval, and I want to plot them on top of each other even though they have different resolution in data. The minimum and maximum x of both sets are the same however one of them have more entries.
Simplified it could look like this:
1st set from instrument with higher sampling rate:
time(s) value
0.0 10
0.2 11
0.4 12
0.6 13
0.8 14
... ..
100 50
2nd set from instrument with lower sampling rate:
time(s) value
0 100
1 120
2 125
3 128
4 130
. ...
100 430
They are measuring different things, but I would like to display them in the same plot. How can I accomplish this?
I found the mistake.. I was trying to plot both datasets using the time data from the first instrument. Of course they need to be plotted with their respective time data and I put the first time data in the second plot by mistake..
Right now, I see there are quick ways to get things like Sum/Avg/Max/Etc. for two or more rows or columns when building a table in GoodData.
quick total options
I am building a little table that shows last week and the week prior, and I'm trying to show the delta between them.
So if the first column is 100 and the second is 50, I want '-50'
If the first column is 25 and the second is 100, i want '75'
Is there an easy way to do this?
Let’s consider, that the first column contains result of calculating of metric #1 and the second column contains result of calculating of metric #2, you can simply create a metric #3, which would be defined as the (metric #1 - metric #2) or vice versa.
I have a data set where you have a Document Property that Selects "items", each "item" has a particular "usage days". I want to calculate an output of "Moving Average" for 1 or more selected items. the data for the moving average lives under a column named "usage days".
How do I calculate this taking into account the "selected date of my choice" and the rolling average number of days of my choice.
Do you have particular ideas of how I can perform the calculation i.e. in a calculated column or a text field?
Car/ Trip / Start Date/ End Date / Days on trip
1 AB123 / 2 / 6/07/2013
1 AB234 / 29/07/2013 / 6/09/2013 / 42
1 AB345 /6/09/2013 /28/09/2013 /22
1 AB456 /29/09/2013 /21/10/2013 /23
2 AB567 / 26/10/2013 / 12/11/2013 / 22
2 AB678 /12/11/2013 /8/12/2013 /26
[The rows above have an example of the problem (sorry couldn't paste an image because im new), I want to calculate the %usage of the Car and or cars for a selected range of time e.g (Select date range JUlY to AUGUST then (#of days on trip for car 1and 2)/#on days in that period)/2*100]
As phiver said, it is still difficult to see what you expect as a result... but I think I have something that might work. First, I slightly altered the dataset you provided, like so:
car trip startDate endDate daysOnTrip
1 AB123 7/6/2013 7/29/2013 23
1 AB234 7/29/2013 9/6/2013 42
1 AB345 9/6/2013 9/28/2013 22
1 AB456 9/29/2013 10/21/2013 23
2 AB567 10/26/2013 11/12/2013 22
2 AB678 11/12/2013 12/8/2013 26
I then added 2 document properties, "DateRangeFirst" and "DateRangeLast", to allow the user to select beginning and ending dates. Next I made input box property controls for each of the aforementioned document properties in a text area so the user can alter the date range. I then added a datatable visualization with a "Limit data using expression:" of "[startDate] >= Date(${DateRangeFirst}) and [endDate]<= Date(${DateRangeLast})" so we could see the trips selected. Finally, to get the average you appear to be looking for, a barchart set to % of total (daysOnTrip) / car with the same data limiting expression as above. The below screenshot should have everything you need to reproduce my results. I hope this gives you what you need.
NOTE: With this method if you select a date in the middle of a trip, an entire row and all of the days on that trip will be ignored.
This is a pig latin question. My data has 3 fields as follows:
usrid time distance
020204 09:23:45 350.1103
020204 09:29:48 350.1522
222292 14:01:34 1.992134
I want to delete a line, if there is another line with the same usrid, such that the time gap between the 2 lines is less than 10 minutes. For example line 2 must be deleted, because line 1 has the same usrid and the time gap between the 2 is only ~6 minutes.
Please refer to this,
Pig de-duplicate events occuring within 1 minute of each other
The same requirement. Sliding time window. Possible solution/suggestion is there in the question