Aggregates on Triaged Errors

This guide assume you are familiar with Triaged Errors. If not, please review how to view Triaging Errors and Sankey Analysis.

Introduction to Aggregations

Aggregation allows you to express data in a summary form for statistical analysis purpose or other such purposes. You can select any route signature in the Sankey Chart for a triaged error to perform analysis on that node.

For example, if you would like to learn what is the post popular User-Agent for a 500 Server Error, you can select the error node and perform a terms aggregation on User-Agent. Another example is below where a date histogram is created based on the request.time and with these metrics plotted on it: event count and average duration of the API calls in each buckets.

example date histogram

To start, when you click an error node on on the Sankey Chart, an list of events for that node will appear below, you can then select the segment option to start the aggregation process.

aggregations segmentation

Important: Filter the events using the date range (on top right corner of a page or Filter Events section) for which you want to the perform aggregation. If you could not find any events for the node, it might be a case that you are filtering the data on different date range.

The Date Range filters are found on top of the page

select date range

and inside the filters panel.

filter date range

You could perform following aggregations:

Single Metrics

This aggregation will perform min, max, average, statistics, count or distinct metrics on the field. For example, this aggregation would help if you would like to learn the minimum response time across all the events.

single metrics

Terms

This aggregation will create buckets for the requested field based on the number of bucket you have specified.

Terms is similar to GROUP BY in SQL Universe.

Number of bucket will divide you data into groups. So, 10 buckets will divide the data into 10 groups. Note, this is a maximum number of buckets. If number of unique of values is less than the maximum number of buckets requested, then the returned buckets will corresponds to the number of unique values.

single terms

Numeric Histogram

Please Note: numeric histogram is available for numeric fields.

This aggregation will create a histogram for the requested numeric data based on the number of bucket and interval (distance between two bucket) you have specified.

Please note that you could also specify the range (lower bound - upper bound) of the histogram by filtering on the field and providing the range.

For example - if you would like to perform an aggregation on durationMs field for all the values greater than/equal to 50 but less than/equal to 500 with an interval of 100, then the histogram lower bound will be 50.

By default, if no range is specified, the histogram will have lower bound of 0.

normal_histogram.png

Date Histogram

This aggregation will create a date histogram for the request.time field based on the number of buckets you have specified.

Please note that you could also specify the range (lower bound - upper bound) of the date histogram by filtering on the field and providing the range.

For example - if you would like to perform an aggregation on request.time field for all the values greater than/equal to last week but less than today, then the histogram lower bound will be last week.

By default, if no upper bound is specified, the histogram will have a upper bound of the current time.

date_histogram.png

Two level Terms

This aggregation would create nested buckets based on the requested fields.

For example, if you would like to learn for each request.verb value (like GET, POST or more) what is the request.route value. This would result into GET bucket with Route A, 2 times and Route B, 3 times and POST bucket with Route A, 5 times.

two_level_terms.png

Two level Terms with multiple single Metrics

This aggregation would create multiple buckets as mentioned in the Two level Terms section above. But you could go one level deeper by having multiple single metrics aggregation for each bucket.

For example, if you would like to learn for each request.verb value (like GET, POST or more) what is the request.route value and for each request.route value what is the average duration time and min request.time. This would result into POST bucket with Route A, 5 times and average duration time of 100ms and minimum request.time is 2018-05-01T07:39:21.093.

two_level_terms_with_metrics.png

Optionally, you could apply the filters on other fields anytime from here also:

filter_fields_agg_combine.png

Possible combination of Aggregations:

  • Single Metrics
  • Single Terms
  • Normal Histogram
  • Date Histogram
  • Two level Terms
  • Two level terms with multiple single metrics
  • Terms with Normal/Date Histogram
  • Terms with Normal/Date Histogram with multiple single Metrics

If you start with or have Histogram or Terms which is denoted by (*), a chart will be plotted, along with the metrics for each of the segment. Also, you could request for multiple aggregations at a same time.

Updated: