github-mirrors/kibana
1
0
Fork 0
mirror of https://github.com/elastic/kibana.git synced 2025-04-24 01:38:56 -04:00
Code Issues Projects Releases Packages Wiki Activity
kibana/docs/apm/advanced-queries.asciidoc
EamonnTP f15d01b937
[DOCS] Update APM filter and query content (#94446) 
* Update filter and query content

* Edits following review

* Minor edit
2021-03-18 12:53:51 +00:00

85 lines
3.9 KiB
Text
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

[role="xpack"]
[[advanced-queries]]
=== Query your data
Querying your APM data is an essential tool that can make finding bottlenecks in your code even more straightforward.
Using the query bar, a powerful data query feature, you can pass advanced queries on your data
to filter on specific pieces of information youre interested in.
The query bar comes with a handy autocomplete that helps find the fields and even provides suggestions to the data they include.
You can select the query bar and hit the down arrow on your keyboard to begin scanning recommendations.
[float]
[[apm-app-advanced-queries]]
=== Querying in the APM app
When querying in the APM app, youre merely searching and selecting data from fields in {es} documents. Queries entered
into the query bar are also added as parameters to the URL, so its easy to share a specific query or view with others.
When you type, you can begin to see some of the transaction fields available for filtering:
[role="screenshot"]
image::apm/images/apm-query-bar.png[Example of the Kibana Query bar in APM app in Kibana]
[TIP]
=====
To learn more about the {kib} query language capabilities, see the {kibana-ref}/kuery-query.html[Kibana Query Language Enhancements] documentation.
=====
[float]
[[apm-app-queries]]
==== APM app queries
APM queries can be handy for removing noise from your data in the <<services,Services>>, <<transactions,Transactions>>,
<<errors,Errors>>, <<metrics,Metrics>>, and <<traces,Traces>> views.
For example, in the *Services* view, you can quickly view a list of all the instrumented services running on your production
environment: `service.environment : production`. Or filter the list by including the APM agent's name and the host its running on:
`service.environment : "production" and agent.name : "java" and host.name : "prod-server1"`.
On the *Traces* view, you might want to view failed transaction results from any of your running containers:
`transaction.result :"FAILURE" and container.id : *`.
On the *Transactions* view, you may want to list only the slower transactions than a specified time threshold: `transaction.duration.us > 2000000`.
Or filter the list by including the service version and the Kubernetes pod it's running on:
`transaction.duration.us > 2000000 and service.version : "7.12.0" and kubernetes.pod.name : "pod-5468b47f57-pqk2m"`.
[float]
[[discover-advanced-queries]]
=== Querying in Discover
Alternatively, you can query your APM documents in {kibana-ref}/discover.html[*Discover*].
Querying documents in *Discover* works the same way as queries in the APM app,
and *Discover* supports all of the example APM app queries shown on this page.
[float]
[[discover-queries]]
==== Discover queries
One example where you may want to make use of *Discover*,
is to view _all_ transactions for an endpoint instead of just a sample.
TIP: Starting in v7.6, you can view ten samples per bucket in the APM app, instead of just one.
Use the APM app to find a transaction name and time bucket that you're interested in learning more about.
Then, switch to *Discover* and make a search:
["source","sh"]
-----
processor.event: "transaction" AND transaction.name: "<TRANSACTION_NAME_HERE>" and transaction.duration.us > 13000 and transaction.duration.us < 14000`
-----
In this example, we're interested in viewing all of the `APIRestController#customers` transactions
that took between 13 and 14 milliseconds. Here's what Discover returns:
[role="screenshot"]
image::apm/images/advanced-discover.png[View all transactions in bucket]
You can now explore the data until you find a specific transaction that you're interested in.
Copy that transaction's `transaction.id`, and paste it into the APM app to view the data in the context of the APM app:
[role="screenshot"]
image::apm/images/specific-transaction-search.png[View specific transaction in apm app]
[role="screenshot"]
image::apm/images/specific-transaction.png[View specific transaction in apm app]
Reference in a new issue View git blame Copy permalink