Document toolboxDocument toolbox

Group data

Owned by Sarah Bigault (Deactivated)
Last updated: Apr 28, 2021 by Juan Tomás Alonso Nieto (Unlicensed)
3 min read

Events in a data table can easily be grouped to facilitate analysis. The result of grouping is a data table presenting all the different row value combinations of the grouped columns. Grouping is also required in order to subsequently apply aggregation operations to the data.

  1. Select the Group icon in the query window toolbar and the Operations Over Columns window appears with the Group option selected.

  2. Choose the time period you want to use to group the events and the arguments you want to use to define the groups.
  3. Select Group by. The result will be a row for each unique combination of arguments and time period. After grouping the data, you can repeat these steps to continue applying groups as many times as necessary. 

Grouping types

There are two different types of grouping:

  • No time-based - Select No time-based grouping at the bottom of the Every field to get all the possible combinations of the columns added as arguments. In the following example, we have grouped the data using the Server and OperatingSystem columns as arguments to get all the possible combinations of operating systems and servers.

    Be aware that the real-time data flow might interfere with this grouping option. Make sure you turn off the real-time data flow when grouping with a no time-based option, otherwise, it might not return any events.

  • Temporal - You can include a time period when you group data in order to facilitate data analysis. Select the period you want to group by in the Every field. As in the no time-based option, you will get the unique combinations of values but in this case, every n minutes. For example, if you select 5 minutes, the table will load the possible combinations of values in the columns specified in every 5-minute window (if you grouped your data at 8:00, you will get values at 8:05, 8:10, 8:15...).

Note that the more columns you add as arguments in a temporal grouping, the less information you will extract since the result will look more and more like the original table. 

Grouping time periods

In Devo, groupings use two different time periods to group the data. After grouping the data, you will see two different tabs in the applied search operations bar, each one indicating one of the grouping period types:

  • Server grouping period - The first tab is the grouping period asked to the server. When you select a large period for your grouping, the server is requested to download a smaller interval, and is then recalculated to show the period you chose. 
  • Client grouping period - The second tab is the grouping period used by your browser and is the actual period you indicated in the grouping. Modifying this period does not request data to the server again, but only recalculates the groups locally. 

For example, if you group data by three hours, Devo automatically sets the server grouping period to 30 minutes. Then, data is recalculated and grouped every three hours, which is the period you indicated in the query window.

To edit the period of a grouping, you can either click the pencil icon in the second tab of the grouping or click the gear icon of the toolbar and select Operations → Change client period.