Document toolboxDocument toolbox

Build a query in the search window

The search window toolbar includes quick access to all these groups of operations for data querying. 

Operations over columns window

The Operations Over Columns window opens when you select one of the operations above mentioned. This is where you define the required function and select the arguments needed for your query.

The Create Column and Aggregate tabs contain the same fields. Both types of operations create a new column to contain the results of the selected operation performed on the selected argument(s), or columns. For example, the capture below shows an aggregation that will add a new column called HTTP requests and will contain the count of grouped values in the userAgent column. For more info, check the dedicated articles Create columns and Aggregate data.

Note that you must group your data before performing an aggregation operation.

The Create Column tab includes buttons to filter the list of operations according to their case sensitivity. Some operations have a case-sensitive and case insensitive version, so you can use these buttons to show only the version you need. For more info, check the dedicated article Create columns.

The Filter and Filter Or tabs contain several fields and options. Using Filter and Filter Or does not add a column; but rather the results of the selected operation performed on the selected argument(s) will be the inclusion or exclusion of rows from the query data. For example, the capture below shows a filter that will exclude (negated) records that contain a value in the method column that is less than or equal to 150. For more info, check the dedicated articles Filter and Filter Or.


Just like the Create column tab, the Filter tab includes buttons to show only case insensitive or case insensitivity versions of those operations that have both options.

The Group tab contains a selector where you can choose the time period by which you want to group your data. Furthermore, you can also select No time-based grouping if you don't want to group by time. In the capture below we are grouping the data in the uri and method columns every 15 minutes. For more info, check the dedicated article Group data.

In most of the tabs, you need to select an Operation from the drop-down list, then click New Argument to activate the field where you identify the necessary arguments. These two fields are interdependent. That is to say, the system will automatically validate or reject certain arguments based on the operation you have selected. Similarly, the system will identify valid operations in green and invalid operations in orange based on any arguments you have selected. For example, the capture below shows that for the selected argument eventdate, the operations that can be performed on that type of field are in green, while the invalid operations are shown in orange.

Each operation requires a specific number or type of argument(s). In some cases, you can also enter free text as an argument by selecting this icon .

For more information about an operation's requirements, click the info icon next to the Operation field as shown below.

This operation has only one format, but some others accept different combinations, which are always indicated in the information section (e.g. the Rounding (round) operation has two different formats: round(arg_1) → result and round(arg_1, arg_2) → result). You can also check the number of arguments needed (in this case two) and the required format of the data you link to each argument (string, integer, float...).

Hints

  • If you have too many or insufficient arguments, the system will automatically send you a warning message.

   

  • If you haven't chosen the proper arguments, the system will automatically notify you.