This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Active Problems by "Etapa" (Tags in the service method)

RPbiaggio
Helper

‎20 Mar 2025 03:16 PM

Guys, I need your help to understand the viability of a query.

Today I have tags defined in my service methods. What I would like to do is have a view in HoneyComb showing the total number of problems for a given query. Is this possible to do? I honestly can't think of a way to do this. The problem is actually showing only the three flows via the tag that I have. I understand that first I need to define that Flow A has steps B, C and D and then show the data, but honestly I can't make this idea happen. Has anyone done this? Do you know if it's possible to do it via DQL?

I'm going to put a query that I use today to show all events, including the tags I mentioned.

 

fetch events
| filter event.kind == "DAVIS_PROBLEM"
| fieldsAdd fetch.problems.duplicate = dt.davis.is_duplicate
| fieldsAdd fetch.problems.status = event.status
| fieldsAdd fetch.problems.start = event.start
| fieldsAdd fetch.problems.end = event.end
| fieldsAdd fetch.problems.duration = resolved_problem_duration
| fieldsAdd fetch.problems.evento.name = event.name
| sort timestamp desc
| fieldsAdd fetch.problems.tags = entity_tags
| expand fetch.problems.tags
| parse fetch.problems.tags, """ "Jornada:" DATA:Jornada """
| parse fetch.problems.tags, """ "Canal:" DATA:Canal """
| parse fetch.problems.tags, """ "Etapa:" DATA:Etapa """
| parse fetch.problems.tags, """ "Fluxo:" DATA:Fluxo """
| parse fetch.problems.tags, """ "Tipo:" DATA:Tipo """

//==================
| lookup [fetch events],sourceField:dt.davis.event_ids,lookupField:event.id,fields:{event.id,endpoint.name,dt.entity.service.name,event.description,dt.query}
| expand affected_entity_ids
| expand endpoint.name
//==================
| lookup [fetch dt.entity.service_method], sourceField:affected_entity_ids, lookupField:belongs_to[dt.entity.service]
//| filter isNull(id)
//==================
| lookup [fetch dt.entity.service_method], sourceField:lookup.id, lookupField:id, fields:{tags}
| fieldsAdd fetch.service.method.tags = tags
| expand fetch.service.method.tags
| parse fetch.service.method.tags, """ "Canal:" DATA:CanalMethod """
| parse fetch.service.method.tags, """ "Etapa:" DATA:EtapaMethod """
| parse fetch.service.method.tags, """ "Fluxo:" DATA:FluxoMethod """
| parse fetch.service.method.tags, """ "Tipo:" DATA:TipoMethod """

| fieldsAdd fetch.tags.canal.all = if(isNotNull(Canal),Canal,else:if(isNotNull(CanalMethod),CanalMethod))
| fieldsAdd fetch.tags.fluxo.all = if(isNotNull(Fluxo),Fluxo,else:if(isNotNull(FluxoMethod),FluxoMethod))
| fieldsAdd fetch.tags.etapa.all = if(isNotNull(Etapa),Etapa,else:if(isNotNull(EtapaMethod),EtapaMethod))
| fieldsAdd fetch.tags.tipo.all = if(isNotNull(Tipo),Tipo,else:if(isNotNull(TipoMethod),TipoMethod))

| fieldsAdd IDLookup = affected_entity_ids
| expand affected_entity_ids
| expand root_cause_entity_id
| lookup [fetch dt.entity.service], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.services"
| lookup [fetch dt.entity.process_group_instance], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.pgi"
| lookup [fetch dt.entity.application], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.applications"
| lookup [fetch dt.entity.mobile_application], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.mobile"
| lookup [fetch dt.entity.custom_application], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.customapplication"
| lookup [fetch dt.entity.cloud_application], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.cloudapplication"
| lookup [fetch dt.entity.synthetic_test], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.synthetictest"
| lookup [fetch dt.entity.http_check], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.httpcheck"
| lookup [fetch dt.entity.kubernetes_cluster], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.kubernetescluster"
| lookup [fetch dt.entity.host], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.hosts"
| lookup [fetch dt.entity.custom_device], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.customdevices"
| lookup [fetch dt.entity.hypervisor], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.hypervisor"
| lookup [fetch dt.entity.environment], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.environment"
| lookup [fetch dt.entity.azure_event_hub], sourceField:affected_entity_ids, lookupField: id, prefix:"lookup.affected.entity.azure_event_hub"

| summarize
  {
    Timestamp = takeFirst(timestamp),
    Inicio = takeFirst(fetch.problems.start),
    Fim = takeFirst(fetch.problems.end),
    Duration = takeFirst(fetch.problems.duration),
    Duplicado = takeFirst(fetch.problems.duplicate),
    EventIDs = takeFirst(dt.davis.event_ids),
    Status = takeFirst(fetch.problems.status),
    Evento = takeFirst(fetch.problems.evento.name),
    EntityIDs = collectDistinct(affected_entity_ids),
    Endpoint = collectDistinct(endpoint.name),
    ServiceName = collectDistinct(dt.entity.service.name),
    EntityName = collectDistinct(lookup.entity.name),
    MethodID = collectDistinct(lookup.id),
    Types = takeFirst(affected_entity_types),
    Canal = collectDistinct(fetch.tags.canal.all),    
    Fluxo = collectDistinct(fetch.tags.fluxo.all),
    Etapa = collectDistinct(fetch.tags.etapa.all),
    Tipo = collectDistinct(fetch.tags.tipo.all),
    affectedServices = collectDistinct(lookup.affected.entity.servicesentity.name),
    affectedPGI = collectDistinct(lookup.affected.entity.pgientity.name),
    affectedApplications = collectDistinct(lookup.affected.entity.applicationsentity.name),
    affectedMobile = collectDistinct(lookup.affected.entity.mobileentity.name),
    affectedEventHub = collectDistinct(lookup.affected.entity.azure_event_hubentity.name),
    affectedCustomApplication = collectDistinct(lookup.affected.entity.customapplicationentity.name),
    affectedCloudApplication = collectDistinct(lookup.affected.entity.cloudapplicationentity.name),
    affectedSyntheticTest = collectDistinct(lookup.affected.entity.synthetictestentity.name),
    affectedEntityZone = takeFirst(affected_entity.management_zones.names),
    affectedHttpCheck = collectDistinct(lookup.affected.entity.httpcheckentity.name),
    affectedKubernetesCluster = collectDistinct(lookup.affected.entity.kubernetesclusterentity.name),
    affectedHosts = collectDistinct(lookup.affected.entity.hostsentity.name),
    affectedCustomDevices = collectDistinct(lookup.affected.entity.customdevicesentity.name),
    affectedHypervisor = collectDistinct(lookup.affected.entity.hypervisorentity.name),
    affectedEnvironment = collectDistinct(lookup.affected.entity.environmententity.name)

  },by:{display_id}

| fieldsAdd currentTime = toTimestamp(now())

| fields 
    Status = if((Status == "ACTIVE"),"💢 OPEN",else:if((Status == "CLOSED")," CLOSED")),
    Duplicado,
    Problem = display_id,
    Inicio = Inicio,
    Fim = if((Status == "ACTIVE"),"In Progress",else:if((Status == "CLOSED"),Fim)),
    `Duração` = if((Status == "CLOSED"),Duration,else:if((Status == "ACTIVE"), toLong(currentTime-Inicio)/60000000000)),
    Evento = Evento,
    `Entidade Afetada` = arrayRemoveNulls(arrayConcat(affectedEventHub,affectedApplications,affectedMobile,affectedCustomApplication,affectedCloudApplication,affectedSyntheticTest,affectedHttpCheck,affectedServices,affectedPGI,affectedKubernetesCluster,affectedHosts,affectedHypervisor,affectedCustomDevices,affectedEnvironment)),
    Endpoint = arrayRemoveNulls(EntityName),
    Canal = arrayRemoveNulls(Canal),
    Fluxo = arrayRemoveNulls(Fluxo),
    Etapa = arrayRemoveNulls(Etapa),
    Tipo = arrayRemoveNulls(Tipo)

| fieldsAdd TotalEndpoint = arraySize(Endpoint),TotalFluxo = arraySize(Fluxo),TotalEtapa = arraySize(Etapa),TotalCanal = arraySize(Canal),TotalTipo = arraySize(Tipo)
| fieldsAdd Canal = if((TotalCanal == 0),"Não Identificado", else:Canal)
| fieldsAdd Fluxo = if((TotalFluxo == 0),"Não Identificado", else:Fluxo)
| fieldsAdd Etapa = if((TotalEtapa == 0),"Não Identificado", else:Etapa)
| fieldsAdd Tipo = if((TotalTipo == 0),"Não Identificado", else:Tipo)
| fieldsAdd Endpoint = if((TotalEndpoint == 0),"Não se Aplica", else:Endpoint)

| filter matchesPhrase(Etapa,"Consultar/Pesquisar")        
| filter Status == "💢 OPEN"

| filter Duplicado == false
| summarize ProblemCount = countDistinct(Problem)
Labels:
0 Kudos
Reply
1 REPLY 1

RPbiaggio
Helper

‎20 Mar 2025 05:17 PM

I've included an example of what I need to do. In this case, the idea is that all flows appear on the tile, even if there is no open issue. So all the steps would be green and if an alert were to open, red. But I can't think of a way to do this, to make them all visible, even without an open issue.

 

With closed problems

RPbiaggio_0-1742490827809.png
No open problems

RPbiaggio_1-1742491057438.png

 

 

0 Kudos
Reply
Ask a question

Featured Posts