Searching for Metrics

In this article you will learn how to search for metrics. These search functionalities apply to all sections of our platform, including alerts, anomalies, dashboards and the metrics section. This article includes:

How Search Works

  • You can build a search expression by combining multiple tokens, each of which may be in property-based or raw search format.
  • As you start typing the filter in the expression node, the search engine auto-completes the expression with matching keys and corresponding values. Several options are automatically presented for keys and values.
  • If matching properties are not found for a token, the engine automatically adds the ‘search:’ prefix and builds a raw search token. 
  • If the user accepts the token by pressing the ENTER key, the search engine also lists relevant property values for selection. 
  • An example of a completed search filter might look like “search:1234, host:web01, region:us…”
  • Property-based search and raw search, can be combined in any search for metrics.
  • Autocomplete shows a partial list of names or values. If you do not see the properties or values that you need, first narrow the metrics using another token to form an expression subset.
  • Boolean operators are only valid within a property value or raw search and not between properties. See the examples below. 

Search Metrics

  1. From the main Navigation Panel, click Metric Explorer.
    metric-explorer.png
  2. In the Display Panel to the right, select a sorting option from the Sort by dropdown menu [Alphanumeric/ Highest Average/Highest Current/Highest Max/Lowest Average/Lowest Current/Lowest Min/Most Deviant]. 

    The sort order is for preview purposes only, and is computed over the time range specified, except when saving to the Dashboard.

  3. Select the number of metrics to be shown in the graph. Up to 50 metrics can be displayed in a graph. If there are more than 50 metrics returned in an expression, clicking on the expression shows the full list in the legend below the chart. 
  4. To include composite metrics, select the Show Composites option switch (click the More options icon above the expression node, as shown below). By default, composite metrics are excluded from Advanced Search metrics.

    metrics-show-composites.png 

Search By Origin

Metrics originating from Data Streams, Alerts and Composite Metrics can be included in metric expressions. To search for metrics by their origin:

  1. Click in the expression node box.
  2. Click STREAMS if you want to select a specific stream.
    OR
    Enter @ and start typing to search for the relevant stream, alert, or composite.
    metrics-search-stream.png
  3. To continue refining the metric expression, select properties or property-value pairs.

Note: To view the originating stream summary of a specific metric, in the metrics legend hover over the metric for which you want to see the details.

Property-based Search

A property-based search looks at metrics that consist of specific combinations of key and value. The search value can be built out of composite expressions or partial values.

  • Supports:
    • Wildcards (*)
    • Boolean operators – AND, OR, NOT or minus sign (-)
    • Search format: property_key:value.

To perform property-based search:

  1. Click in the expression node box. A dropdown list of measures, dimensions and streams (All values) opens.

    metrics-search.png
  2. In the list, select a property and then a value, such as All(*), a specific value, or a logical expression: 

    metrics-search-properties.png
    Selecting from the list completes the entry.

Raw Search

A raw search is a free-form search that looks at metrics that contain the typed characters anywhere in either the property name or the value.

  • Supports:
    • Wildcards (*)
    • Boolean operators – AND, OR, NOT or minus sign (-)

To perform a raw search

  1. In the expression node box, start typing the value. The dropdown list shows all values which contain the typed characters:

    metrics-search-raw.png
  2. If you choose a token (property-value pair) from the list, it is entered in the expression node as-is. 
  3. If you choose just a property from the list, it is entered in the expression node followed by a colon (:) indicating that a value for the property is expected next.

Examples  
“NOT (b* OR c*)” becomes “search: NOT (b* OR c*)” after pressing ENTER.