Explore
Explore provides you with the ability to view and troubleshoot key metrics and entities of your infrastructure stack. You can drill down to any layers of your infrastructure hierarchy and view granular-level data. You perform the majority of infrastructure monitoring operations in Explore.
Grouping controls how entities are organized in Explore. Grouping is fully customizable by logical layers, such as
containers, Kubernetes clusters, and services.
Metrics Explorer
Sysdig Monitor automatically discovers your stack and presents pre-built views in Metric Explorer. Use Metrics Explorer for advanced metric exploration.
By leveraging the core functionalities (grouping, scope tree, metrics, and graphing) of Explore and interactive metric and label filtering, Metrics Explorer provides you the ability to:
Discover and explore metrics available for a given scope and build infrastructure views quickly.
Graph multiple metrics simultaneously for correlation. For example, CPU usage vs CPU limits.
View ungrouped queries by default, showing the individual time series for a metric.
View metrics that are logically categorized with a metric namespace prefix.
View metrics at high resolution. For example, a 1-hour view now shows data at 10-seconds resolution instead of 1 minute.
The Out of the Box groupings, coupled with the ability for you to define your own, offers an intuitive and context-aware way to drill-down metrics. For example:
Clusters & Namespaces will build a tree with: Cluster Name > Namespace > Deployment > Pod Name > Container Image
Hosts & Containers will build a tree with: Hostname > Container ID
Nodes will build a tree with: Cluster Name > Node Name > Pod Name > Container ID
PromQL Query Explorer
Use the PromQL Query Explorer to build and run your PromQL queries. It’s the perfect starting point for investigations if you are familiar with PromQL.
By leveraging the power provided by the PromQL language, PromQL Query Explorer offers the following:
- Craft complex PromQL queries. For users, this translates into an enhanced Prometheus-like query experience.
- Query metrics leveraging all PromQL functions and operators.
- Write up to 5 distinct queries and visualize them as a Timechart.
- Explore PromQL labels and values in a table-like view.
- Identify common PromQL labels across queries, which is useful for aggregations if you choose to combine several metrics in a single query.
PromQL Library
To ease the learning curve of PromQL, Sysdig provides a set of curated examples, called PromQL Library. It helps users perform complex queries against metrics with one click and get insight into their infrastructure problems which was not previously possible with Sysdig querying. For example, identify containers > 90% limit and counting pods per namespace.
You have the following categories currently in the PromQL Library:
- Kubernetes
- Infrastructure
- Troubleshooting
- PromQL 101
1 - Using Explore
This topic outlines how to use the Explore interface to drill-down metrics, run promQL queries, build infrastructure views, and troubleshoot your cloud-native environment.
1.1 - Using Metrics Explorer
This topic helps you familiarize with Metrics Explorer.
You’ll find Metrics Explorer on the Explore slider menu on the Sysdig Monitor UI. Click Explore to display the slider.
Filter Infrastructure & Metrics
You can drill down the infrastructure stack and get insight into the numerous metrics available to you at each level of your stack. These displays can be found by selecting a top-level infrastructure object, then using the scope filtering for relevant infrastructure objects and metrics filtering for desired metrics.
Sysdig Monitor displays only the metrics and dashboards that are relevant to the selected infrastructure object.
| Steps | Preview |
|---|
On the Metrics Explorer tab, open the infrastructure filtering menu and select the infrastructure object you want to explore. (demo-kube-gke in the example) | 
|
Navigate to Filter metrics and search or select the desired metric. (memory_bytes in the example).
The metric will instantly be presented as a timechart. The scope of the metric, when viewed via the scope filtering menu, is set to the infrastructure object that you have currently selected. | 
|
| Multiple queries can be added either via the Metric list of by clicking on Add Query. | 
|
Switch Groupings
To switch between available groupings follow the steps outlined below.
| Step | |
|---|
| On the Metrics Explorer tab, click the My Groupings drop-down menu, and select the desired grouping from the drop-down list | 
|
Learn More
To take the exploration further, you can:
1.2 - Using PromQL Query Explorer
Use the PromQL Query Explorer to run PromQL queries and build infrastructure views.
You’ll find PromQL Query on the Explore slider menu on the Sysdig Monitor UI. To access it, click Explore > PromQL Query.
Query with PromQL
The PromQL field supports manually building PromQL queries. You can
enter simple or complex PromQL queries and build dashboards and
create alerts. The PromQL Query Explorer allows running up to 5 queries
simultaneously.
Explore metrics and labels available in your infrastructure
For example, calculate the number of bytes received in a selected host:
sysdig_host_net_total_bytes{host_mac="0a:e2:e8:b4:6c:1a"}
Calculate the number of bytes received in all the hosts except one:
sysdig_host_net_total_bytes{host_mac!="0a:a3:4b:3e:db:a2"}
Compare current data with historical data:
sysdig_host_net_total_bytes offset 7d
For example, calculate the rate of incoming bytes and convert it to bits:
rate(sysdig_host_net_total_bytes[5m]) * 8
Build complex PromQL queries
For example, return summary ingress traffic across all the network interfaces grouped by instances
sum(rate(sysdig_host_net_total_bytes[5m])) by (container_id)
Label Filtering
| Steps | Preview |
|---|
Label filtering to automatically identify common labels between queries for vector matching. In the given example, you can see that A and B queries have 8 labels in common as highlighted in the [A∩B] section. | 
|
| Filter by using the relational operators available in the time series table. Simply click the operator for it to be automatically applied to the queries. Run the queries again to visualize the metrics. | 
|
| Explore labels, view documentation, and perform filtering by using rational operators from the label selector. | 
|
Time Navigation
To learn how to use the Time Navigation, see Time Navigation.
Toggle Query Results
| Steps | Preview |
|---|
| Click the respective query buttons, for example, A or B, to show or hide query results. | 
|
Learn More
To take the exploration further, users can:
1.3 - Using PromQL Library
PromQL Library includes a set of curated examples to help you get started with PromQL.
Using the examples, you can also perform complex queries against your metrics with one click and get insight into your infrastructure problems which was not previously possible with Sysdig querying.
You’ll find PromQL Library on the Explore slider menu on the Sysdig Monitor UI. To access it, click Explore > PromQL Library.
Use PromQL Library
Click Try me to open PromQL Query Explore. A visualization corresponding to the query will be displayed.
See PromQL Query Explorer for more information.
To copy a query, click the copy icon next to the query.
Filter PromQL Queries
Automatic tag filtering identifies common tags in the given examples.
You can use the following to filter queries:
Visual label filtering: Simply click the desired color-coded label
to filter queries based on tags.
Text search: Use the Text Search bar on the top-left navigation
pane.
Label search: Use the Label drop-down list on the top-left
navigation pane.
Filter using categories: Use the All Categories checkboxes.
1.4 - Manage Groupings
Groupings are hierarchical organizations of labels, allowing you to organize your infrastructure views on the Explore UI in a logical hierarchy.
An example grouping is shown below:
The example above groups the infrastructure into four levels. This
results in a tree view in the Groupings Editor with four levels, with
rows for each infrastructure object applicable to each level.
As each label is selected, Sysdig Monitor automatically filters out
labels for the next selection that no longer fit the hierarchy, to
ensure that only logical groupings are created.
Sysdig Monitor automatically organizes all the configured groupings that
are inapplicable to the current infrastructure under Inapplicable
Groupings.
Using Groupings Editor
You can perform the following operations using the Groupings Editor:
Search existing groupings
Create a new grouping
Edit an existing grouping
Rename a groupings
Share a grouping with the active team
Search for a Grouping
Do one of the following:
From Explore, click the Groupings drop-down. Search for
the desired grouping.
Either select the desired grouping, or search for it by scrolling down the list or by using the search bar, and then select it.
Click Manage Groupings and open the Groupings Editor.
Either select the desired grouping, or search for it by scrolling down the list or by using the search bar, and then select it.
Create a New Grouping
In the Explore tab, click the Groupings drop-down, then
click Manage Groupings.
Open the Groupings Editor.
Click Add.
The New Groupings page is displayed.
Enter the following information:
Groupings Name: Set an appropriate name to identify the
grouping that you are creating.
Shared with Team: Select if you want to share the grouping
with the active team that you are part of.
Hierarchy: Determine the hierarchical representation of the
grouping by choosing a top-level label and subsequent ones.
Repeat adding the labels until there are no further layers
available in the infrastructure label hierarchy.
You can search for the label by entering the first few
characters in the Select label drop-down or scrolling down.
As you add labels, the preview displays associated components in
your infrastructure.
Check the preview to ensure that the label selection is correct.
Click Save&Apply.
Rename a Grouping
Renaming is allowed only for groupings that are owned by you. To rename
a shared grouping, create a copy of it and edit the name.
On Explore, click the Groupings drill-down. Search for the desired
grouping.
Click the Edit button next to the grouping.
Open the Groupings Editor.
Select the desired grouping.
You can either scroll down the list or use the search bar.
Click Edit.
The edit window is displayed on the screen.
Specify the new grouping name, then click Save& Apply to save
the changes.
Share a Grouping with Your Active Team
Custom groupings are owned by you, and therefore you can share them with
all the members of your active team. To share a default grouping, create
a custom grouping and use the Shared with Team option in the
Grouping Editor.
Click the Groupings drill-down and click Manage Groupings.
The Grouping Editor screen appears.
Highlight the relevant grouping and click Edit.
Click Shared with Team.
Click Save &Apply to save the changes.
To share a default grouping, create a custom grouping and then use the
Shared with Team option in the Grouping Editor.
2 - Explore (Legacy)
This section helps you navigate the Legacy Explore in the Sysdig Monitor UI.
This feature is now deprecated. See the Explore documentation to learn about the latest Explore functionalities.
Switch Groupings
Sysdig Monitor detects and collects the metrics associated with your
infrastructure once the agent is deployed in your environment. Use the
Explore UI to search, group, and troubleshoot your infrastructure
components.
To switch between available data sources:
On the Explore tab, click the My Groupings drop-down menu:
Select the desired grouping from the drop-down list.
Groupings Editor
The Groupings Editor helps you create and manage your infrastructure
groupings.
Sysdig Monitor users can drill down into the infrastructure by using the
numerous dashboards and metrics available for display in the Explore UI.
These displays can be found by selecting an infrastructure object, and
opening the drill-down menu.
Sysdig Monitor only displays the metrics and dashboards that are
relevant to the selected infrastructure object.
Metrics
Sysdig Monitor users can view specific metrics for an infrastructure
object by navigating the drill-down menu:
On the Explore tab, open the drill-down menu.
Navigate to Search Metrics and Dashboard.
Select the desired metrics.
The metric will now be presented on the Explore UI, until the user
navigates away from it.
The scope of the metric, when viewed via the drill-down menu, is set
to the infrastructure object that you have selected.
Troubleshooting Views
The drill-down menu displays all the default dashboard
templates relevant to the
selected infrastructure object. These Troubleshooting Views are
broken into the following sections:
The scope of the Troubleshooting View, when viewed via the drill-down
menu, is set to the infrastructure object that you have selected from
the drill-down.
To navigate to the Troubleshooting Views:
On the Explore tab, select an infrastructure object.
Open the drill-down menu and select the desired infrastructure
element
Navigate to Search Metrics and Dashboard.
Select the desired troubleshooting view.
The selected dashboard will now be presented on the screen, until
you navigate away from it.
Pin and Unpin the Drill-Down Menu
On the Explore tab, select an infrastructure object.
Open the drill-down menu.
Click Pin Menu to pin the menu to the Explore tab.
To unpin the menu, click Unpin Menu at the bottom of the menu.
