Log analytics extend the log search page with log aggregation and split capabilities for troubleshooting and monitoring. You can access the analytics page from any log explorer view by clicking on the “Analytics” icon next to the search query bar.
You can control:
From an analytics visualization, you can, additionally:
Save a log analytics view with the “Save As” button. You can load your teammates’ saved views from the “Saved Views” tab.
Use the query to control what’s displayed in your Log Analytics:
Select the aggregation function for the Measure you want to graph:
Choose to display either the X top or bottom values according to the selected measure.
Choose the Timesteps graph. Changing the global timeframe changes the list of available Timesteps values.
Select a Log Analytics visualization type using the graph selector:
You have additional display options for timeseries:
Noteworthy facts about stacking:
The following timeseries Log Analytics shows: The evolution of the top 5 URL Paths according to the number of unique Client IPs over the last month.
The following Top List Log Analytics shows: The evolution of the top 5 URL Paths according to the number of unique Client IPs over the last month.
Visualize the top values from a facet according to a chosen measure (the first measure you choose in the list), and display the value of additional measures for elements appearing in this top. Update search query or drill through logs corresponding to either dimension.
The following Table Log Analytics shows: The evolution of the top Status Codes according to their Throughput, along with the number of unique Client IP and over the last 15 minutes.
Select or click on a section of the graph to either zoom in the graph or see the list of logs corresponding to your selection:
Datadog computes an aggregation (whether it is a mean, a sum, a percentile, etc.) by using the set of logs included in the targeted time frame.
Let’s illustrate this on a fictive bar timeline where each bar represents a time interval. In this example, Datadog creates one aggregation for each of the time intervals for the entire set of logs. Note that log events are not necessarily uniformly time-distributed, so you can not necessarily create aggregations for the same amount of logs.
In the following example, each dot represents one log event. The X-axis is the timestamp of the log, and the Y-axis is the value of a duration attribute borne by logs. The timeseries displays a maximum-aggregation. Datadog displays a timeline with a rollout parameter; for example, there are 4 bars for the whole time frame.