Customizable active lists analytics

You can use Active lists widgets to get the necessary analytics based on SQL queries sent to the active lists. Depending on the selected value of the graph type, two or three parameter tabs are available:

• —this tab is used to define the widget type and to compose the search for the analytics.
• —this tab is used to configure the chart scale. This tab is available only for Bar chart types of graphs (see below).
• —this tab is used to configure the widget analytics display.

The following parameters are available for the tab:

• Graph—this drop-down list is used to select widget graph type. Available options:
  • Pie chart
  • Bar chart
  • Counter
  • Table
• Tenant—drop-down list for selecting the tenant whose data will be used to display analytics. The As layout setting is used by default.
• Correlator—name of the correlator service whose active list should be queried for analytics.
• Active list—name of the active list that should be searched.

  The same resource of an active list can be used by different correlator services. However, a separate entity of the active list is created for each correlator. Therefore, the contents of the active lists used by different correlators differ even if the active lists have the same names and IDs.

• SQL query field—here you can enter a search query that is equivalent to searching events using SQL syntax.

  In contrast to an event search, the FROM parameter must match the value of `records` in search queries through active lists.

  The service fields _key (the field with the keys of the active list records) and _count (the number of times this record has been added to the active list), and custom fields are available for queries.

  Examples:

  • SELECT count(_key) AS metric, Status AS value FROM `records` GROUP BY value ORDER BY metric DESC LIMIT 250—Query for a pie chart that returns the number of keys of the active list (count aggregation based on the _key field) and all options for values of the custom field Status. The widget displays a pie chart with the total number of records in the active list, divided proportionally by the number of possible values for the Status field.
  • SELECT Name, Status, _count AS Number FROM `records` WHERE Description ILIKE '%ftp%' ORDER BY Name DESC LIMIT 250—Query for the table that returns the values of the Name and Status custom fields and the _count service field for those active list records in which the value of the Description custom field matches the query ILIKE '%ftp%'. The widget displays a table with the Status, Name, and Number columns.

  If a date and time conversion function is used in an SQL query (for example, fromUnixTimestamp64Milli) and the field being processed does not contain a date and time, an error will be displayed in the widget. To avoid this, use functions that can handle a null value. Example: SELECT _key, fromUnixTimestamp64Milli(toInt64OrNull(DateTime)) as Date FROM `records` LIMIT 250.

The following parameters are available for the tab:

• The Y-min and Y-max fields are used to define the scale of the Y-axis. The Decimals field on the left is used to set the rounding parameter for the Y-axis values.
• The X-min and X-max fields are used to define the scale of the X-axis. The Decimals field on the right is used to control rounding of the X-axis values.

  Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

The following parameters are available for the tab:

• Name—the field for the name of the widget. Must contain from 1 to 128 Unicode characters.
• Description—the field for the widget description. You can add up to 512 Unicode characters describing the widget.
• Color—the drop-down list to select the color in which the information is displayed:
  • default—use your browser's default font color.
  • green
  • red
  • blue
  • yellow
• Horizontal—turn on this toggle switch if you want to use horizontal histogram instead of vertical. This toggle switch is turned off by default.

  When this option is enabled, when a widget displays a large amount of data, the horizontal scrolling will not be available and data will be fit into the widget window. If there is a lot of data to display, it is recommended to increase the widget size.

• Show legend—turn off this toggle switch if you don't want the widget to display the legend for the widget analytics. This toggle switch is turned on by default.
• Show nulls in legend—turn on this toggle switch if you want the legend for the widget analytics to include parameters with zero values. This toggle switch is turned off by default.
• Decimals—the field to enter the number of decimals to which the displayed value must be rounded off.

Page top