Use timecluster Command to
Plot a Time Series
You can group similar time series values using the
timecluster command after the link command. Clustering
is useful when there are large number of time series to analyze, or you want to identify
different behaviors in your time series values.
Topics:
In the following example, timecluster is used after link to get representative
samples of OCI Integration Activity Stream Logs. You can hover the mouse on any
data point to get additional details about the cluster:
Duration != null and 'Log Source' = 'OCI Integration Activity Stream Logs'
| eval 'Duration (ms)' = unit(Duration, ms)
| link Identifier, Instance, Action
| stats unique(Integration) as Integration
| timecluster name = 'Similar Integrations' avg('Duration (ms)') as 'Time Taken' by Integration, Action
Viewing Individual Clusters using Filters: Click Chart Options and click Filters to enable and view the filters. Select each cluster ID to view the details for that cluster.
Understanding How Link timecluster Works
Clustering looks at each time series that has similar shape and values. Following are some of the characteristics used to cluster the time series:
-
Peaks and Valleys in the time series: Time series with similar peaks and valleys tend to be clustered together.
-
Values at each point: Even if two time series have similar spikes, they can still fall into different clusters, if the values are far apart.
Each cluster gets the following properties that are displayed in the console:
| Property | Description |
|---|---|
| Cluster ID | A unique ID for the cluster |
| Cluster Members | Number of time series in this cluster |
| Minimum Value | Lowest value for this cluster for the selected interval |
| Maximum Value | Highest value for this cluster for the selected interval |
| Value | Value of the specified stats
function for this cluster, for the selected interval
|
| Percentage | Percentage of groups represented by the number members in this cluster |
| Cluster Samples | Few samples of the cluster.
Note: There can be more values than what is displayed in the sample, since these are only samples that show similar behavior. |
timecluster has similar syntax and options as the
timestats command. For understanding the syntax and the
configuration options for the time series charts, see Understanding the Link timestats Syntax and Configuration Options for the Time Series Charts.
For an example use case of plotting a time series using
timecluster, see Time Series Clustering.