Track Event Size Within a Repository

Calculate the event size and report the relative size statistics for each event using eventSize() function

Query

logscale
eventSize(as=eventSize)
|timeChart(function=[max(eventSize),percentile(field=eventSize,percentiles=[50,75,90,99])])

Introduction

The eventSize() function is used to search for events depending on the internal disk storage usages. The function augments the event data with the event size information.

This query shows how statistical information about events can first be determined, and then converted into a graph that shows the relative sizes.

Step-by-Step

  1. Starting with the source repository events.

  2. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0["Expression"] 1[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 0 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    eventSize(as=eventSize)

    Extracts the information about the size of each individual event using the eventSize() function.

  3. flowchart LR; %%{init: {"flowchart": {"defaultRenderer": "elk"}} }%% repo{{Events}} 0["Expression"] 1[/Filter/] result{{Result Set}} repo --> 0 0 --> 1 1 --> result style 1 fill:#ff0000,stroke-width:4px,stroke:#000;
    logscale
    |timeChart(function=[max(eventSize),percentile(field=eventSize,percentiles=[50,75,90,99])])

    Calculates the percentile() for the eventSize field and determines which filesize is above 50%,75%, and 90,99% of the overall event set, then finds the maximum size for the specified field over a set of events, and displays the returned results in a timechart.

  4. Event Result set.

Summary and Results

The query is used to show how statistical information about events can first be determined, and then converted into a graph that shows the relative sizes.