28 Nov 2024 09:00 PM
Hello,
Hello, everyone! I need help creating a DQL query to extract the exact date and time of a record within a timeframe. In the example from the image, I would like to apply a filter for values >= 890k (but it could be any value in the filter) and capture the corresponding timestamp. In the attached screenshot, the record would be at 04:36. Currently, I’m using the following DQL as a starting point:
timeseries count = max(dt.service.request.count, rollup: sum)
Can someone guide me on how to adjust the query to meet this requirement?
Thank you!
Douglas Penteado
Solved! Go to Solution.
29 Nov 2024 08:57 AM
On my environment it looks like this:
and the query to get timestamps of datapoints above certain thresholds (1800 in my example) can look like this:
timeseries count = max(dt.service.request.count, rollup: sum), timestamp=start()
| fieldsAdd d=record(count=count[], timestamp=timestamp[])
| fieldsAdd d = arrayRemoveNulls( iCollectArray( if(d[][count]>1800, d[] )))
| expand d
| fields timestamp=d[timestamp], count=d[count]
Iterative expressions are very useful for array processing (in this case filtering).
Also to get this task done you need to know timestamp for each datapoint. For this start() or end() special timeseries. are needed
02 Dec 2024 06:24 PM
that's it, thank you