# Custom trends NQL examples

## Keeping track of execution crashes

Track the daily number of execution crashes.

**Custom trend definition**

{% code overflow="wrap" lineNumbers="true" %}

```
devices
| include execution.crashes past 1d
| compute nb_crashes = number_of_crashes.sum()
| list nb_crashes , hardware.manufacturer
```

{% endcode %}

**Custom trend data retrieval**

You can use the above trend definition, to create the following dashboard:

<figure><img src="/files/VASDzEWdFeOuj3E18vrq" alt=""><figcaption></figcaption></figure>

1. Compute the number of devices with crashes and the total number of devices.

   <pre data-overflow="wrap" data-line-numbers><code>custom_trend.#execution_crashes.snapshots during past 90d
   | summarize devices_with_crashes = device.countif(nb_crashes > 0), device_count = device.count()
   </code></pre>
2. Observe daily changes of the total number of crashes over the last 90 days.

   <pre data-overflow="wrap" data-line-numbers><code>custom_trend.#execution_crashes.snapshots during past 90d
   | summarize number_of_crashes_ = nb_crashes.sum() by 1d
   </code></pre>
3. Observe the total number of crashes per device platform. Include only devices with at least one crash.

   <pre data-overflow="wrap" data-line-numbers><code>custom_trend.#execution_crashes.snapshots during past 90d
   | where nb_crashes > 0
   | summarize number_of_crashes_ = nb_crashes.sum() by context.device_platform
   | sort number_of_crashes_ desc
   </code></pre>
4. Observe the total number of crashes, and the number of devices with crashes per device hardware manufacturer.

   <pre data-overflow="wrap" data-line-numbers><code>custom_trend.#execution_crashes.snapshots during past 90d
   | where hardware_manufacturer != "VMWare"
   | where hardware_manufacturer != null
   | summarize number_of_crashes_ = nb_crashes.sum(), number_of_devices_ = device.count() by hardware_manufacturer
   | sort number_of_crashes_ desc
   </code></pre>

## Monitoring Windows 11 migration

Track the ratio of devices with Windows 11 over time.

**Custom trend definition**

{% code overflow="wrap" lineNumbers="true" %}

```
devices
| where operating_system.platform == windows
| list operating_system.name, hardware.type
```

{% endcode %}

**Custom trend data retrieval**

{% code overflow="wrap" lineNumbers="true" %}

```
custom_trend.#windows_migration.snapshots during past 300d
| where hardware_type !in [virtual, null]
| summarize ratio_with_windows_11 = countif(operating_system_name == "*windows 11*")/count() by 1d
```

{% endcode %}

## Monitoring boot duration

Track the average boot durations for each device, to monitor the effect of implementing leaner configurations.

**Custom trend definition**

{% code overflow="wrap" lineNumbers="true" %}

```
devices during past 1d
| include device_performance.boots during past 1d
| compute boot_duration = duration.avg()
| list boot_duration, hardware.type
```

{% endcode %}

**Custom trend data retrieval**

{% code overflow="wrap" lineNumbers="true" %}

```
custom_trend.#boot_duration.snapshots during past 90d
| where (context.device_platform == "Windows" and hardware_type == laptop)
| summarize boot_duration_avg = boot_duration.avg() by 1d
```

{% endcode %}

## Monitoring devices with application crashes on startup

Track the daily number of devices that had at least one application crash on the application startup.

**Custom trend definition**

{% code overflow="wrap" lineNumbers="true" %}

```
devices during past 1d
| include execution.crashes during past 1d
| where crash_on_start == true
| compute crash_on_start_count = count()
| list crash_on_start_count
```

{% endcode %}

**Custom trend data retrieval**

{% code overflow="wrap" lineNumbers="true" %}

```
custom_trend.#crashes_on_start.snapshots during past 300d
| where crash_on_start_count > 0
| summarize devices_with_app_crashes_at_start = count() by 1d
```

{% endcode %}

## Monitoring CPU usage of different binary versions

Track the average CPU usage of application broken down by its versions.

**Custom trend definition**

{% code overflow="wrap" lineNumbers="true" %}

```
devices
| include execution.events during past 1d
| where binary.name == "zoom.exe"
| compute CPU_usage_ratio = ((cpu_time.sum()) * (100)) / ((execution_duration.sum()) * (number_of_logical_processors.max())), last_version = binary.version.last()
| list CPU_usage_ratio, last_version
```

{% endcode %}

**Custom trend data retrieval**

{% code overflow="wrap" lineNumbers="true" %}

```
custom_trend.#zoom_cpu_usage_ratio.snapshots during past 300d
| summarize c1 = CPU_usage_ratio.avg() by 1d, last_version
```

{% endcode %}


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.nexthink.com/platform/user-guide/administration/content-management/custom-trends-management/custom-trends-nql-examples.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.