cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Hourly load distribution graph

Red
Observer

Hello community,

I'm in the process of transferring dashboards from Splunk Cloud to Dynatrace (I'm getting the same data into a dedicated bucket).
I try to count the number of events per hour and per entity, in order to get an idea of ​​the hourly load over one or more days (for example knowing if a type of event often occurs at the same times). So I made a simple graph that can show me this:

Red_0-1738573140626.png

But I have a problem: I would like this graph to start at the 00:00 page and end at 23:00. time page and displays the number of events per entity each hour. But he must also know how to adapt if it takes several days. I'll give you examples of what I did on Splunk, maybe it's clearer (example on 24 hours of data and example on 7 days of data):

24 hours

Red_0-1738578593418.png

7 days :

Red_1-1738578647703.png

 

My order is as follows:

fetch events
| filter source == "OnCall" and alertType == "CRITICAL"
| filterOut in(routingKey, array("dynatrace_event", "mpb-dynatrace_event"))
| fieldsAdd  routingKey = if(routingKey == "dynatrace_2", "Dynatrace", else:if(routingKey == "servicepilot_prod", "ServicePilot", else:if(routingKey == "control-m", "Control-M", else:if(routingKey == "dynatrace_mfe", "Dynatrace MFE", else:if(routingKey == "control-m_mfe", "Control-M MFE", else:if(routingKey == "dynatrace_amm", "Dynatrace AMM", else:if(routingKey == "control-m_z-os", "Control-M Z/OS", else:if(routingKey == "mpb-control-m", "Control-M MPB", else:if(routingKey == "mpb-dynatrace_problem", "Dynatrace MPB", else:if(routingKey == "dynatrace_f02", "Dynatrace F02", else:routingKey))))))))))
| dedup incidentNumber

| makeTimeseries count(), by: {routingKey}, interval:1h


I tried another approach that allows me to see what I'm looking for in table form but I can't convert it to a graph:

Red_2-1738578745165.png

 


Do you have any idea how to do this (if it's possible)?

Sincerely,

Red

 

3 REPLIES 3

krzysztof_hoja
Dynatrace Champion
Dynatrace Champion

You solution is good in term of data - the problem is that chart requires timestamp datatype to correctly render x-axis. You can convert hour of the day into timestamp e.g. of today using duration() function and beginning of today (midnight) as a day start.

 

Bu it is also possible by following manipulation of timestamp and using makeTimeseries:

fetch bizevents, from: -7d
| fieldsAdd timestamp = timestamp - timestamp@d + @d
| makeTimeseries cnt=count(),from: @d, to: @d+1d, interval:1h

 

This way I map each timestamp from past week into today. I used recently introduced time alignment operator: https://docs.dynatrace.com/docs/discover-dynatrace/references/dynatrace-query-language/operators#tim... but it also possible to get similar effect using bin() function.

As we want to chars timeframe different they "analysis timeframe", "Data" needs to selected as a input for x-axis. This setting as well as result is visible on screenshot below:

 

krzysztof_hoja_0-1738589374188.png

 

Hello @krzysztof_hoja,

Thank you for your help, I didn't know this method of handling timestamps. So, it's on track and in the notebook, it displays exactly as I wanted:

Red_2-1738595587155.png

 

All I have to do now is find out how to do the same thing for the dashboard because there, it's not blocked on a time slot (display problem I imagine):

Red_3-1738595624489.png

 

Thanks again for your help.

Sincerely,

Red

 

krzysztof_hoja
Dynatrace Champion
Dynatrace Champion

Dashboards have exactly the same setting, just located in different place: go to Visual -> (when Line/Area/Bar chary is selected) -> X-Axis

 

krzysztof_hoja_1-1738607008288.png

 

Featured Posts