Response Time

Detect how many events have a certain level of response time over time.

Sample input data. Here is sample input dataset for this scenario: 

{"timestamp": "2025-08-11T09:15:23Z", "responseTime": 0.8, "endpoint": "/api/users", "status": 200, "client": "mobile-app"}
{"timestamp": "2025-08-11T09:15:24Z", "responseTime": 3.2, "endpoint": "/api/products", "status": 200, "client": "web-app"}
{"timestamp": "2025-08-11T09:15:25Z", "responseTime": 7.5, "endpoint": "/api/orders", "status": 200, "client": "mobile-app"}
{"timestamp": "2025-08-11T09:15:26Z", "responseTime": 25.3, "endpoint": "/api/reports", "status": 200, "client": "web-app"}
{"timestamp": "2025-08-11T09:15:27Z", "responseTime": 82.1, "endpoint": "/api/analytics", "status": 200, "client": "dashboard"}
{"timestamp": "2025-08-11T09:15:28Z", "responseTime": 150.6, "endpoint": "/api/export", "status": 200, "client": "web-app"}
{"timestamp": "2025-08-11T09:15:29Z", "responseTime": 0.5, "endpoint": "/api/status", "status": 200, "client": "mobile-app"}
{"timestamp": "2025-08-11T09:15:30Z", "responseTime": 4.8, "endpoint": "/api/search", "status": 200, "client": "web-app"}
{"timestamp": "2025-08-11T09:15:31Z", "responseTime": 9.9, "endpoint": "/api/auth", "status": 200, "client": "mobile-app"}
{"timestamp": "2025-08-11T09:15:32Z", "responseTime": 120.3, "endpoint": "/api/backup", "status": 200, "client": "system"}

Query. To create this heat map, use the following query:

logscale
case{
responseTime < 1
| responseBin := "< 1"
| responseBinNumber := 1;
responseTime < 5
| responseBin := "< 5"
| responseBinNumber := 2;
responseTime < 10
| responseBin := "< 10"
| responseBinNumber := 3;
responseTime < 50
| responseBin := "< 50"
| responseBinNumber := 4 ;
responseTime < 100
| responseBin := "< 100"
| responseBinNumber := 5;
*
| responseBin := ">= 100"
| responseBinNumber := 6;
}
| bucket(field=[responseBin, responseBinNumber])
| sort(responseBinNumber, limit=1000)
| drop(responseBinNumber)

The query first bins the response time and then computes an aggregated result using the bucket() function with the binned response time as the specified field. Finally, the query sorts the result by responseBinNumber such that the Y-axis of the map will be sorted.