...
| Info |
|---|
Tip You don't need to transform your search window queries if you use the My last search queries and My favorite search queries boxes in the Data menu of the Activeboards area. They will be automatically transformed into the required format and will be added as aggregation tasks when required. |
Aggregation operations
...
Addition, sum, plus / Concatenation (add, +) operations
When you use this operation in the Data Search to create a new field, you can add as many arguments as needed (where applicable), however, the number of arguments is limited to two when used in Activeboards.
As a workaround, you can perform subsequent maximum adding operations until you have obtained the maximum of added all the arguments you need.
Search window | Activeboards |
|---|---|
Syntax: Create field: |
|
Query example:
|
|
| Syntax: Create field: |
|
|
|
|
|
|
|
Query example:
|
|
|
|
|
|
Related articles: Maximum (max)
Minimum (min) operations
When you use this operation in the Data Search to create a new field, you can add as many arguments as needed, however, the number of arguments is limited to two when used in Activeboards.
As a workaround, you can perform subsequent minimum operations until you have obtained the minimum of all the arguments you need.Addition, sum, plus / Concatenation (add, +)
Comparison operations
Operations inside the detection group that imply comparing elements (such as equal, greater than, less than, etc.) are slightly adjusted in queries used from the search window to Activeboards or vice versa. On a general basis, both constructions work fine in both areas but each area has one of them as the default. This can create confusion because of the automatic transformations that are carried out in several processes when bringing queries from one place to the other. Here you have the preferred syntax for each of them, both to filter and create field:
Search window | Activeboards |
|---|---|
Syntax: Create field: |
Query example:
|
|
|
| Syntax: Create field: |
|
Query example:
|
|
|
|
|
|
|
|
Related articles: Minimum (min)
Arithmetic operations
...
Maximum (max) operations → create field
When you use this operation in the Data Search to create a new field, you can add as many arguments as needed (where applicable), however, the number of arguments is limited to two when used in Activeboards.
As a workaround, you can perform subsequent adding maximum operations until you have added obtained the maximum of all the arguments you need.
Search window | Activeboards |
|---|---|
Syntax: Create field: |
|
Query example:
|
|
| Syntax: Create field: |
|
|
|
|
|
|
|
Query example:
|
|
|
|
|
|
Related articles: Addition, sum, plus / Concatenation (add, +)
...
Minimum (min) operations → create field
When you use this operation in the Data Search to create a new field, you can add as many arguments as needed, however, the number of arguments is limited to two when used in Activeboards.
As a workaround, you can perform subsequent multiplication minimum operations until you have multiplied obtained the minimum of all the arguments you need.
Search window | Activeboards |
|---|---|
Syntax: Create field: |
|
Query example:
|
|
| Syntax: Create field: |
|
|
|
|
|
|
|
Query example:
|
|
|
|
|
|
Related articles: Multiplication, product (mul, *)
Array operation
When you have fields that contain sets of values as opposed to single values, this operation transforms its data type into an array to be later used to invoke one of the values inside the set. This operation can be used both to create field and as a filter. When used to create a field, the value invoked will be inserted in the new field while as a filter it will be used as filtering criteria.
This operation is not supported in the search window so you will not be able to bring queries from one are to the other. To use this operation outside Activeboards, you need to use the query API.
...
Search window
...
Activeboards
...
Not supported
...
Syntax:
Create field: select array(field) [valuePosition] as fieldName
Filter: where field operator array(field) [valuePosition]
Query example:
| Code Block |
|---|
query (from demo.ecommerce.data
group every 1h by method, statusCode
select collectdistinct(timeTaken) as DisTimeTaken
select array(DisTimeTaken) [1] as Array2Time
where statusCode >= array(DisTimeTaken) [1]) |
Related articles: Query API
Collect distinct operation
This operation will return the set of distinct values for the specified field when grouping events. This operation is not supported in the search window so you need to be careful when using queries from one area to the other. If you want to use it outside Activeboards you can do so with the query API.
...
Search window
...
Activeboards
...
Not supported
...
Syntax:
select collectdistinct(field) as fieldName
Query Example:
| Code Block |
|---|
query (from demo.ecommerce.data
group every 5m by method, statusCodeselect
collectdistinct(bytesTransferred) as distinctBytesTransferred) |
Related articles: Query API
Global syntax
Whilst you don't have to add anything in search window queries, Activeboard queries must be enclosed between brackets, with the word "query" added before. Queries from the search window will be automatically transformed when used in Activeboards, however, trying to use an Activeboard query in the search window will return an error.
...
Search window
...
Activeboards
...
Syntax:
from tag1.tag2.tag3.tag4
Query example:
| Code Block |
|---|
from demo.ecommerce.data |
...
Syntax:
query(from tag1.tag2.tag3.tag4)
Query example:
| Code Block |
|---|
query(from demo.ecommerce.data) |
Lookup operations
Queries to use lookup operations present some particularities that make them incompatible when used from the search window to Activeboards or vice versa. The use of symbols is different and the domain name is required in one of them.
...
Search window
...
Activeboards
Syntax:
select `lu/lookupName/lookupfield`(field) as newfieldName
...
| Code Block |
|---|
from demo.ecommerce.data
select `lu/IP_list/StreetAddress`(clientIpAddress) as `IP street address` |
...
Syntax:
select lu("lookupName", "lookupfield", field) as newfieldName
Query example:
| Code Block |
|---|
query(from demo.ecommerce.data
select lu("IP_list", "StreetAddress", clientIpAddress) as `IP street address`) |
Related article: Data enrichment
Mlevalmodel operation
Mlevalmodel operation is not supported in search window. Use this operation in Activeboards when you want to work with models you uploaded in Model Management.
Search window | Activeboards | ||||
|---|---|---|---|---|---|
| Query examples:
Example:
|
Refer article: Model Management
Order operations
...
Multiplication, product (mul, *) operations
When you use this operation in the Data Search, you can add as many arguments as needed, however, the number of arguments is limited to two when used in Activeboards.
As a workaround, you can perform subsequent multiplication operations until you have multiplied all the arguments you need.
Search window | Activeboards |
|---|---|
Syntax: Create field: |
Filter:
where field operator "value"/field
Query example:
|
| Syntax: Create field: |
|
Filter:
where operator(field, "value"/field)Query example:
| Code Block |
|---|
query(from demo.ecommerce.data
where eq(method, "POST")select ge(timeTaken, bytesTransferred)) |
Related articles: Order group
Subqueries
Subqueries are not supported in the search window yet so you need to be careful when using queries from one area to the other because you will not be able to reproduce subqueries. If you want to use subqueries out of Activeboards, your only option so far is to use the query API.
Search window
Activeboards
Not supported
Syntax:
Create field:select (from tag1.tag2.tag3.tag4) as fieldNameFilter:
where field in (from tag1.tag2.tag3.tag4)
Query example:
|
|
|
|
| Code Block |
|---|
query (from demo.ecommerce.data
where statusCode in
(from demo.ecommerce.data
where statusCode = "404"
where now()- 5m < eventdate < now()
group every - by statusCode)
select method, statusCode, eventdate) |
...
|
Related articles: Multiplication, product (mul, *)