cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

DQL TimeSeries

Gib80
Contributor

Hi All,

I have created a timeseries DQL for a dashboard and I have got so far and I'm now stuck.  It produces a line chart for me, but I need the CountofRecords to be one value per 30 min interval (see attached image).  

timeseries interval:30m, Requests = sum(log.application),by: {event.original, application}
| parse event.original, """LD '@mt":' LD:mt ',' """
| filter matchesPhrase(application, "API")
| filter matchesPhrase(mt, "Get request received")
| fieldsAdd CountofRecords=arraymovingSum(Requests, 30)

 

Any help would be appreciated.

2 REPLIES 2

sinisa_zubic
Dynatrace Champion
Dynatrace Champion

Hi @Gib80 

How about this query: 

timeseries interval:30m, Requests = sum(log.application),by: {event.original, application}, filter: matchesPhrase(application, "API")
| parse event.original, """LD '@mt":' LD:mt ',' """
| filter matchesPhrase(mt, "Get request received")
| summarize 
    CountofRecords = sum(Requests[])
    interval = takeAny(interval),
    timeframe = takeAny(timeframe)
| fieldsAdd CountofRecordsMoving=arraymovingSum(CountofRecords, 30)

 

I am not sure why you are using the arrayMovingSum function

 

Best,
Sini

Perfect, that worked brilliantly! Thank you.

Featured Posts