Aggregate Operators in Dashboard Panels

Follow
Avatar
dominic.nero
  • Edited

When performing a single log query, I can load up the top 10 HTTP response times using the following query:

... HTTP Parse ...
| number(response_time)
| top 10 response_time by url
| sort by response_time desc, url asc

When using that query in a dashboard panel, I get "Queries in Dashboards must contain an aggregate operator.".  Looking at the available aggregate operators, I can use count to add that query to the dashboard panel:

... HTTP Parse ...
| number(response_time)
| top 10 response_time by url
| count by response_time, url
| sort by response_time desc, url asc
| fields - _count

Why does the panel require an aggregate operator, even though I'm limiting to 10 results? Unless I'm missing something here, it seems unnecessary to use any aggregate operator for this panel query. Could you provide details as to why the aggregate operator is required?

Is there a better alternative than using the count unneeded aggregate operator to receive the same results as the first code block?

1

Comments

1 comment

Sort by Date Votes
  • Official comment
    Avatar
    Jorge Silva

    Hello Dominic,

    Queries must have an aggregate operator in order to be added to a Dashboard, there is no other way around this. Your workaround for your query is the correct way to do this. Even when count is not needed to see the results you are looking for, you must still use it, or any other aggregate operator, if you want the query to be added to a Dashboard.

    Jorge

    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post