This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Appending makeTimeSeries

Go to solution
wmisenhe
Observer

‎30 Oct 2024 02:30 PM

I have a query used to show open/resolved problems with a makeTimeseries. I would like to have a comparison of the same information, just a week ago, for trending reasons. Would there be a way to do this? Switching to timeseries? Timeseries has a shift command that may be useful

 

fetch dt.davis.problems
| filter isnotnull(display_id)
| filter isFalseOrNull(dt.davis.is_duplicate)
| dedup display_id
| makeTimeseries
count = count(),
spread: timeframe(from: event.start, to: coalesce(event.end, now())),
by:{event.status}, interval:1h

| sort event.status desc

Labels:
0 Kudos
Reply
4 REPLIES 4

Go to solution
p_devulapalli
Leader

‎31 Oct 2024 12:30 AM

Hi @wmisenhe , try the dt.davis.problems.snapshots if you are after a longer trend analysis of problems , here is an example 

 

fetch dt.davis.problems.snapshots, from:now() - 14d
| filter isnotnull(display_id)
| filter isFalseOrNull(dt.davis.is_duplicate)
| dedup display_id
| fieldsAdd day = bin(timestamp, 24h)
| summarize by:{day, event.status}, count = count()

 

 

Phani Devulapalli
Reply

Go to solution
Fin_Ubels
Dynatrace Champion
Dynatrace Champion

‎31 Oct 2024 01:21 AM

Hey @wmisenhe 

You can append a new query of the same data but with a different timeframe. Then within that appended query you can override the timeframe to be the one from the original query. This will allow you to layer 2 timeseries of different timeframes on top of each other. The last thing to do is to change the graph settings to use the timeframes from the data and not the queries as seen below.

Fin_Ubels_0-1730337653956.png

fetch dt.davis.problems
| filter isnotnull(display_id)
| filter isFalseOrNull(dt.davis.is_duplicate)
| dedup display_id
| makeTimeseries
count = count(),
spread: timeframe(from: event.start, to: coalesce(event.end, now())),
interval:1h
| append [
  fetch dt.davis.problems, from:now()-60d, to:now()-30d
  | filter isnotnull(display_id)
  | filter isFalseOrNull(dt.davis.is_duplicate)
  | dedup display_id
  | makeTimeseries
  countPrev = count(),
  spread: timeframe(from: event.start, to: coalesce(event.end, now())),
  interval:1h
  | fieldsAdd timeframe = timeframe(from:now()-30d, to:now())
]

 Hope this helps!

Reply

Go to solution
m3tomlins
Helper

‎07 May 2025 09:22 PM

Sorry to resurrect an old solution - but I'm curious why we don't just have a "shift:" parameter on makeTimeSeries command in DQL?
😊

Dynatrace AllStar | Community Champion | @m3tomlins | @performacology | Dynatracer at FreedomPay
Reply

Go to solution
Fin_Ubels
Dynatrace Champion
Dynatrace Champion
In response to m3tomlins

‎08 May 2025 12:41 AM

I'm not 100% sure but I imagine it is because with the timeseries command you are fetching new records so at that point you can manipulate the timeframe fully and so we can shift. Whereas with makeTimeseries you are turning already fetched records into a timeseries, so the timeframe has already been set at the point where you made your initial fetch.

If I fetch logs between 5am and 6am then my logs will look something like:

timestamp: 2025/05/08 0500, content: some log
timestamp: 2025/05/08 0530, content: some log
timestamp: 2025/05/08 0600, content: some log

Now if I run makeTimeseries using these fetched logs, the timeframe is set by the above logs. Yes you can change that timeframe in the makeTimeseries command but if the logs don't fall within, then we're making a timeseries on nothing. I can't really think of a scenario where I'd want shift within makeTimeseries but if you have one I'd be interested in hearing it!

0 Kudos
Reply
Ask a question

Featured Posts