This the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

Metrics Explorer

Use the Metrics Explorer for advanced metric exploration and querying. In addition to the core functionalities (grouping, scope tree, metrics, and graphing) of Explore, Metrics Explorer provides you the ability to:

  • Graph multiple metrics simultaneously for correlation. For example, CPU usage vs CPU limits.
  • View ungrouped queries by default, showing the individual time series for a metric.
  • View context-specific metrics for a selected a scope. You no longer see no data for a selected metric.
  • View metrics that are logically categorized with metric namespace prefix.
  • Display metrics at high resolution. For example a 1-hour view now shows data at 10-seconds resolution instead of 1 minute.

About the Metrics Explorer UI

The main components of the Metrics Explorer UI are widgets, time navigation, dashboard, and time series panel.

You’ll find Metrics Explorer on the Explore slider menu on the Sysdig Monitor UI. Click Explore to display the slider.

Use Metrics Explorer

This section helps you drill down into your infrastructure stack for troubleshooting views and create alerts and dashboard by using Metrics Explorer.

Switch Groupings

Sysdig Monitor detects and collects the metrics associated with your infrastructure once the agent is deployed in your environment. Use the Explore UI to search, group, and troubleshoot your infrastructure components.

To switch between available data sources:

  1. On the Metrics Explorer tab, click the My Groupings drop-down menu:

  2. Select the desired grouping from the drop-down list.

Groupings Editor

The Groupings Editor helps you create and manage your infrastructure groupings.

Filter Infrastructure (Scope Filtering)

You can drill down the infrastructure stack and get insight into the numerous metrics available to you at each level of your stack. These displays can be found by selecting a top-level infrastructure object, then using the scope filtering for relevant infrastructure objects and metrics filtering for desired metrics.

Sysdig Monitor displays only the metrics and dashboards that are relevant to the selected infrastructure object.

Metrics

You can view specific metrics for an infrastructure object by navigating the scope filtering and metrics filtering menus:

  1. On the Metrics Explorer tab, open the scope filtering menu.

  2. Select the infrastructure object you want to explore.

  3. Navigate to Filter metrics.

  4. Click the desired metrics.

    The metric will instantly be presented on the form query and on the dashboard. The scope of the metric, when viewed via the scope filtering menu, is set to the infrastructure object that you have selected.

  5. Optionally, click Add Query, then click a metric to add additional queries.

    You can do all the operations, such as setting Time Aggregation, Show Top 50 and Bottom 50 time series, Group Rollup, Segmentation, and Unit of Value Returned by Query, as you use form query. See Building a Form-Based Query for more information.

Create an Alert

  1. Build a form query as described in Metrics.

  2. Click Create Alert.

    If you have built multiple queries, you will be prompted to choose a single metric to be alerted on.

  3. Select the metric you want to create an alert for.

  4. Click Create Alert. The New Metric Alert page will be displayed.

    The group aggregation will be set to the default one for an alert that is created from a query with group aggregation set to none.

  5. Complete creating the alert as described in Metric Alerts.

Create a Dashboard Panel

  1. Build a form query as described in Metrics.

  2. Click Create dashboard panel.

  3. Select an existing dashboard or create a new dashboard by typing in a name.

  4. Click Copy and Open. The newly created dashboard will be displayed.

    The group aggregation will be set to the default one for a dashboard that is created from a query with group aggregation set to none.

  5. Optionally, continue with other operations as described in Managing Panels.

1 - Groupings Editor

Groupings are hierarchical organizations of labels, allowing you to organize your infrastructure views on the Explore UI in a logical hierarchy.

An example grouping is shown below:

The example above groups the infrastructure into four levels. This results in a tree view in the Groupings Editor with four levels, with rows for each infrastructure object applicable to each level.

As each label is selected, Sysdig Monitor automatically filters out labels for the next selection that no longer fit the hierarchy, to ensure that only logical groupings are created.

Sysdig Monitor automatically organizes all the configured groupings that are inapplicable to the current infrastructure under Inapplicable Groupings.

Manage Groupings

You can perform the following operations using the Groupings Editor:

  • Search existing groupings

  • Create a new grouping

  • Edit an existing grouping

  • Rename a groupings

  • Share a grouping with the active team

Search for a Grouping

  1. Do one of the following:

    • From Explore, click the Groupings drop-down. Search for the desired grouping.

      Either select the desired grouping, or search for it by scrolling down the list or by using the search bar, and then select it.

    • Click Manage Groupings and open the Groupings Editor.

      Either select the desired grouping, or search for it by scrolling down the list or by using the search bar, and then select it.

Create a New Grouping

  1. In the Explore tab, click the Groupings drop-down, then click Manage Groupings.

  2. Open the Groupings Editor.

  3. Click Add.

    The New Groupings page is displayed.

  4. Enter the following information:

    • Groupings Name: Set an appropriate name to identify the grouping that you are creating.

    • Shared with Team: Select if you want to share the grouping with the active team that you are part of.

    • Hierarchy: Determine the hierarchical representation of the grouping by choosing a top-level label and subsequent ones. Repeat adding the labels until there are no further layers available in the infrastructure label hierarchy.

      You can search for the label by entering the first few characters in the Select label drop-down or scrolling down. As you add labels, the preview displays associated components in your infrastructure.

  5. Check the preview to ensure that the label selection is correct.

  6. Click Save&Apply.

Rename a Grouping

Renaming is allowed only for groupings that are owned by you. To rename a shared grouping, create a copy of it and edit the name.

  1. On Explore, click the Groupings drill-down. Search for the desired grouping.

  2. Click the Edit button next to the grouping.

  3. Open the Groupings Editor.

  4. Select the desired grouping. You can either scroll down the list or use the search bar.

  5. Click Edit.

    The edit window is displayed on the screen.

  6. Specify the new grouping name, then click Save& Apply to save the changes.

Share a Grouping with Your Active Team

Custom groupings are owned by you, and therefore you can share them with all the members of your active team. To share a default grouping, create a custom grouping and use the Shared with Team option in the Grouping Editor.

  1. Click the Groupings drill-down and click Manage Groupings.

    The Grouping Editor screen appears.

  2. Highlight the relevant grouping and click Edit.

  3. Click Shared with Team.

  4. Click Save &Apply to save the changes.

To share a default grouping, create a custom grouping and then use the Shared with Team option in the Grouping Editor.

2 - Time Windows

By default, Sysdig Monitor displays information in Live mode. This means that dashboards, panels, and the Explore views will be automatically updated with new data as time passes, and will display the most recent data available for the configured time window.

By default, time navigation will enter Live mode with an hour time window.

The time window navigation bar provides users with quick links to common time windows, as well as the ability to configure a custom time period in order to review historical data.

As shown in the image above, the navigation bar provides a number of pieces of information:

  • The state of the data (Live or Past).

  • The current time window.

  • The configured timezone.

In addition, the navigation bar provides:

  • Quick links for common time windows

    • Metrics Explorer: five minute, ten minutes, one hour, six hours, twelve hours, one day, and two weeks.
    • Explore: ten seconds, five minute, ten minutes, one hour, six hours, one day, and two weeks.

  • A custom time window configuration option.

  • A pause/play button to exit Live mode and freeze the data to a time window, and to return to Live mode.

  • Step back/forward buttons to jump through a frozen time window to review historical data.

  • Zoom in/out buttons to increase/decrease the time window (note applicable to Metrics Explorer)

Configure a Custom Time Period

The Time Navigation drop-down panel can be used to configure a specific time range. To configure a manual range:

Metrics Explorer

  1. On the Metrics Explorer tab, click the custom panel the time navigation bar.

  2. Configure the start and end points, and click Save to save the changes.

Some limitations apply to custom time windows. Refer to Time Window Limitations for more information.

Explore

  1. On the Explore tab, click CUSTOM on the time navigation bar.

  2. Configure the start and end points, and click Adjust time to save the changes.

Some limitations apply to custom time windows. Refer to Time Window Limitations for more information.

Time Window Limitations

Some time window configurations may not be available in certain situations. In these instances, a modification to the time window is automatically applied, and a warning notification will be displayed:

There are two main reasons for a time window being unavailable. Both relate to data granularity and specificity:

  • The time window specifies the granularity of data that has expired and is no longer available. For example, a time window specifying a one-hour time range from six months ago would not be available, resulting in the time window being modified to a time range of at least one day.

  • The time window specifies a granularity of data that is too high given the size of the window, as a graph can only handle a certain number of data points. For example, a multi-hour time range would contain too many datapoints at one-minute granularity, and would automatically be modified to 10-minute granularity.

3 - Explore Workflows

While every user has unique needs from Sysdig Monitor, there are three main workflows that you can follow when building out the interface and monitoring your infrastructure.

Workflow One

This workflow assumes that an alert has not been triggered yet.

Start with Explore , identify a problem area, then drill-down into the data. This workflow is the most basic approach, as it begins with a user monitoring the overall infrastructure, rather than with a specific alert notification. The workflow tends to follow the following steps:

  1. Organize the infrastructure with groupings.

  2. Define key signals with alerts and dashboards to detect a problem.

  3. Identify a problem area, and drill down into the data using dashboards, metrics, and by adjusting groupings and scope as necessary.

Workflow Two

Start with an event notification, and begin troubleshooting. This workflow begins with an already configured alert and event being triggered. Unlike workflow one, this workflow assumes that pre-determined data boundaries have already been set:

  1. Explore the event by adjusting time windows, scope, and segmentation.

  2. Identify the exact area of concern within the infrastructure.

  3. Drill down into the data to troubleshoot the issue.

Workflow Three

Customize default dashboard panels to troubleshoot a potential issue. This workflow assumes that an issue has been identified within one of the default dashboards, but alerts have not been set up for the problem area.

  1. Copy the displayed panel to a new dashboard.

  2. Create an alert based on the dashboard panel.

  3. Configure a Sysdig Capture on demand.