General trace

Data generated prior to the migration to the new Analytics will remain available for up to 90 days starting from their generation. You can access the previous interface from the Analytics main screen.

With General trace, you can explore large amounts of data and exam them closely. You can choose the time intervals for your queries and save your searches. The results can be used to create visualizations for more clear comprehension.

Basic call information (traces index) is kept for up to 90 days.
Complete information such as headers, body and trace steps (Calls index) is kept for up to 7 days or according to your contracted plan.

Looking at the graphs and documents details, you may find answers to questions like: what were the most recent events? Which process is taking longer?

general trace

The General trace screen has four main parts:

  • A The horizontal bar, located at the top of the screen, hosts the area destined to perform searches;

  • B The vertical bar, located on the left side of the screen, displays a field list and a drop-down menu with the index pattern used;

  • C The central area is intended for the display of search results.

  • D The menu located in the upper right corner of the screen is specific to this General trace screen.

The index patterns Metrics and Calls, from previous versions, have been replaced and updated, respectively. See the fields mapping for the Calls and Traces indexes.


See how to access General Trace in the video below:




[A] Search bar

Query

You can retrieve a saved search expression by clicking on image:save.png [disket symbolizing the act of saving the search]. The same icon is used to save the current expression.

The search can be performed using Lucene or DQL (OpenSearch Dashboard Query Language). Click Lucene or DQL to select which syntax you prefer to use.

syntax options

As examples of accepted search terms: keywords, key values, conjunctions AND, OR, NOT, etc.

For example, the query below retrieves all status codes between 400 and 499 with php extension:

status:[400 TO 499] AND extension:PHP
Select Lucene or DQL and use the corresponding syntax. For a query written in Lucene to be interpreted correctly, Lucene must be selected. The same is true for DQL.

Time range

To set a time range, click image of a calendar. The default is set at 15 minutes.

Select one of the options:

  • Quick select: set a time range by determining a numerical value and selecting which range (last or next) and time unit (seconds, minutes, hours, days, weeks, months or years).
    quick select

  • Commonly used: select from commonly used options such as Today, Last 15 minutes, etc.

  • Recently used: Use recently selected ranges.

  • Refresh every: Specify the refresh frequency in seconds, minutes, or hours.

Another option is to determine specific start and end values. To do this, click Show dates. Then select Absolute, Relative or Now and provide the corresponding information.

show date

See more details about the search bar and filter creation in the video below:




[B] Sidebar

Index pattern

The index pattern defines which indexes you want to analyze, that is, from which indexes the data will be retrieved.

It is common to store data in different indexes. In General Trace, the data is stored in two indexes:

Trace Index

It provides basic call information, which is kept for up to 90 days.

Calls Index

In addition to basic call information, it also contains data from trace headers and payload (request and response body, if any). This information is kept for a maximum of 7 days or as per the contracted storage plan.

To create queries or charts using information from the trace’s headers or its payload, use the Calls Index.
Please note that the data retention period is shorter in the Calls index. See the table below.


Data Retention

Index Pattern

Retention Period

Calls

7 days or according to the contracted storage plan (up to 100 GB by default)

Traces

90 days

List of fields

This list displays all fields that appear in your search result.

You may search for a specific field by typing its name in Search field names.

By clicking the field name in the list, you can see the most common values ​​for that field.

To add a field to the search result, click the plus sign inside a blue circle that you see when positioning the cursor over the field.

See more details about the sidebar fields in the following video.



For users who have upgraded from version 4.12.x.x or earlier to the current version: see the mapping of the fields that have changed.



[C] Search Result

At the top of the search result display area there is a histogram, which displays data ingestion over time.

The histogram visually summarizes the data, making it easy to compare results. You can explore the chart to see more details.

Just below the histogram you will find the documents. By default, they are ordered from newest to oldest. You can change this ordering by clicking the column header: word time as shown as the title for the time column

To see more details, click the arrow to the left of the date, as shown below. All the fields and values ​​will be displayed.

animation showing how to expand document details

With the document expanded, go to the Table tab and hover the cursor over any field. The following options will be displayed:

field options

  • image of a magnifying glass with a plus sign Filter for value: adds the value of that field as search filter;

  • image of a magnifying glass with a minus sign Filter out value: removes the value from the search filter;

  • image of a column with a list Toggle column in a table: toggles the column of results, including that field as a column;

  • image of a column with a list and a plus sign inside a blue circle Filter for field present: adds the field to the search filter.

Similarly, you can add or remove a date from the search result by clicking the options that appear when hovering the cursor on the desired date:

options to add or remove date from search

See more details about the organization and filters for your query results in the following video.


video::[OsxFBY5ISrE, width = 854, height = 480, alt="video about the results"]



[D] Actions menu

In the upper right corner of the screen, the following actions are available:

  • New: performs a new search;

  • Save: saves the search;

  • Open: manages saved searches. Here you can delete or export searches. See details below;

  • Share: shares a search result;

  • Inspect: displays details of the search performed, such as the elapsed time to run the search.

To share the search result as an object, first save that search. You must have access to view the shared result.

By clicking on Open in the actions menu, you have access to the Manage searches button. This option allows you to manage searches that you have saved in General Trace, Visualize and Dashboards.

Follow the steps below to delete a saved search:

  1. Click Open, in the actions menu, located in the upper right corner of the screen.

  2. Click the Manage searches button in the lower right corner of the screen.

  3. Find the search you want to delete. Find the name in the list or use the search bar.

  4. Select the search. Once the search is selected, the Delete button is enabled and you can delete the search.

  5. Click Delete button to confirm.

animation showing steps to delete a saved search

Follow the steps below to delete a saved search:

  1. Click Open, in the actions menu, located in the upper right corner of the screen.

  2. Click the Manage searches button in the lower right corner of the screen.

  3. Find the search you want to export. Find the name in the list or use the search bar.

  4. Select search. Once the search is selected, the Export button is enabled so you can export the search.

  5. To include related objects, select the "Include related objects" option.

  6. Click the Export button, select the folder where you want to store the search and click to save.

See more details about the menu in the following video:


Thanks for your feedback!
EDIT
How useful was this article to you?