github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 09:48:58 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/apm/advanced-queries.asciidoc

64 lines
2.8 KiB
Text
Raw Permalink Blame History

[role="xpack"]
[[advanced-queries]]
=== Query your data
Querying your APM data is a powerful tool that can make finding bottlenecks in your code even easier.
Imagine you have a user that complains about a slow response time in a specific service.
With the query bar, you can easily filter the APM app to only display trace data for that user,
or, to only show transactions that are slower than a specified time threshold.
[float]
==== Example APM app queries
* Exclude response times slower than 2000 ms: `transaction.duration.us > 2000000`
* Filter by response status code: `context.response.status_code >= 400`
* Filter by single user ID: `context.user.id : 12`
When querying in the APM app, you're merely searching and selecting data from fields in Elasticsearch documents.
Queries entered into the query bar are also added as parameters to the URL,
so it's easy to share a specific query or view with others.
When you type, you can begin to see some of the transaction fields available for filtering:
[role="screenshot"]
image::apm/images/apm-query-bar.png[Example of the Kibana Query bar in APM app in Kibana]
TIP: Read the {kibana-ref}/kuery-query.html[Kibana Query Language Enhancements] documentation to learn more about the capabilities of the {kib} query language.
[float]
[[discover-advanced-queries]]
=== Querying in Discover
Alternatively, you can query your APM documents in {kibana-ref}/discover.html[*Discover*].
Querying documents in *Discover* works the same way as querying in the APM app,
and *Discover* supports all of the example APM app queries shown on this page.
[float]
==== Example Discover query
One example where you may want to make use of *Discover*,
is for viewing _all_ transactions for an endpoint, instead of just a sample.
TIP: Starting in v7.6, you can view ten samples per bucket in the APM app, instead of just one.
Use the APM app to find a transaction name and time bucket that you're interested in learning more about.
Then, switch to *Discover* and make a search:
["source","sh"]
-----
processor.event: "transaction" AND transaction.name: "<TRANSACTION_NAME_HERE>" and transaction.duration.us > 13000 and transaction.duration.us < 14000`
-----
In this example, we're interested in viewing all of the `APIRestController#customers` transactions
that took between 13 and 14 milliseconds. Here's what Discover returns:
[role="screenshot"]
image::apm/images/advanced-discover.png[View all transactions in bucket]
You can now explore the data until you find a specific transaction that you're interested in.
Copy that transaction's `transaction.id`, and paste it into the APM app to view the data in the context of the APM app:
[role="screenshot"]
image::apm/images/specific-transaction-search.png[View specific transaction in apm app]
[role="screenshot"]
image::apm/images/specific-transaction.png[View specific transaction in apm app]
Reference in a new issue View git blame Copy permalink