Versions Compared

Old Version 6

changes.mady.by.user Borja Moro Moreno

Saved on

compared with

New Version 7

changes.mady.by.user Borja Moro Moreno

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rw ui steps macro
Rw step

Select the Group icon in the search window toolbar and the Operations over columns window appears with the Group tab selected.

Rw step

Choose the required Grouping method:

Non-time-based

Select this option to get all the possible combinations of the columns added as arguments over the selected time range.

In the Partial results section that appears, choose Yes if you want to fetch the events from the server grouped in temporal chunks. This option is only available if Server mode is disabled in your search.

Info

How Partial results work

When Server mode is activated, as the server is the one that solves the entire grouping, the Partial results selection is disabled.

However, when Server mode is disabled, users will be able to fetch the events from the server as a whole (Partial results = No) or grouped in temporal chunks and then reaggregated in the browser (Partial results = Yes). The server period corresponding to those temporal chunks is calculated according the following algorithm:

Algorithm rules:

  • The server periodis based onthe query date interval.

  • The server periodmust be less than the query date interval.

  • The server periodmust be one of the options available in the grouping dropdown list.

Algorithm process

First, the algorithm checks the data variability expected. Then:

  • If a lot of variability is expected, the objective will be 3 server periods. For that purpose, the algorithm divides the interval by 3 and rounds up. For example, if date interval is 17m, we will have 17m / 3 = 5,67m that rounded up to the nearest available period will be 10m.

  • If not a lot of variability is expected, the objective will be 10 server periods. For that purpose, the algorithm divides the interval by 10 and rounds up. For example, if date interval is 17m, we will have 17m / 10 = 1,7m that rounded up to the nearest available period will be 2m.

In the following example, we have grouped the data using the Server and OperatingSystem columns as arguments to get all the possible combinations of operating systems and servers.

Image Modified
Note

Be aware that, if activated, the real-time data flow will stop with this grouping option. You will get a warning message and the time will be automatically set to the current date.

Time-based

Include a time period when you group data in order to facilitate data analysis. Select the period you want to group by in the Every field.

Note that the more columns you add as arguments in a temporal grouping, the less information you will extract, since the result will look more and more like the original table.

Rw step

Choose the required Arguments for the grouping. Click Add argument and select the required table columns to be included in the grouping.

Rw step

Click Group. The result will be a row for each unique combination of arguments and time period. After grouping the data, you can repeat these steps to continue applying groups as many times as necessary. 

...