Live Dashboards NQL examples
This list of NQL query examples is designed to help you create Live Dashboards widgets. Go through the queries below and pick the one most similar to the widget you would like to create and the information that you want to display. Copy the query and adjust it to your use case.
KPI widget
Examples
Display the total web application errors during the last 7 days.
web.errors during past 7d
| summarize total_errors = number_of_errors.sum() Display the ratio of backend page load duration during the last 7 days.
web.page_views during past 7d
| summarize
backend_dur_ratio = page_load_time.backend.sum() /
page_load_time.overall.sum()Display the estimated savings from remote action remediation in USD.
remote_action.executions during past 30d
| where status == success
| where purpose == remediation
| summarize amt_saved = (number_of_executions.sum()) * (20)
| list amt_saved.as(format = currency,code = usd)Line chart
NQL structure
<event table> <time_duration>
...
summarize <kpi1>, <kpi2>, ... by <time_duration_granularity>
(list <time>, <kpi1>, <kpi2>, ...)Examples
Display average daily backend page load duration, client page load duration, and network duration over the last 7 days, without specifying the list line.
web.page_views during past 7d
| summarize
backend_duration = page_load_time.backend.avg() ,
client_duration = page_load_time.client.avg() ,
network_duration = page_load_time.network.avg() by 1d
Display average daily backend page load duration, client page load duration, and network duration over the last 7 days, using the list line to indicate the parameters that should be included.
web.page_views during past 7d
| summarize
backend_duration = page_load_time.backend.avg() ,
client_duration = page_load_time.client.avg() ,
network_duration = page_load_time.network.avg() by 1d
| list end_time, backend_duration, client_duration, network_durationDisplay the estimated daily total energy consumption in kilowatt-hours (kWh).
execution.events during past 15d
| where device.operating_system.name != "*server*"
| where
(device.hardware.type == laptop
or device.hardware.type == desktop)
| where binary.name in ["nxtsvc.exe", "nxtsvc"]
| summarize
Total_energy_consumption =
(((execution_duration.sum()) ^ (1)) / (3600)) * (30)
by 1d
| list
start_time,
Total_energy_consumption.as(format = energy)Bar chart
Examples
Display the number of hard resets and the number of device over the last 7 days, broken down by: platform, hardware manufacturer and model.
device_performance.hard_resets during past 7d
| summarize
num_hard_resets = number_of_hard_resets.sum() ,
num_devices = device.count()
by
device.operating_system.platform ,
device.hardware.manufacturer ,
device.hardware.model
| sort num_hard_resets descDisplay the number of web transactions by application.
web.transactions
| summarize nb_transactions = number_of_transactions.sum()
by application.name
| sort nb_transactions descDisplay the Internet Service Provider (ISP) count excluding unknown ISP.
devices
| where device.public_ip.isp != null
| summarize
devices = device.name.count()
by device.public_ip.isp
| sort devices descDisplay the estimated savings in USD achieved through the workflows, categorized by each trigger method.
workflow.executions during past 30d
| where status == success
| summarize amt_saved = (number_of_executions.sum()) * (100)
by trigger_method
| list trigger_method, amt_saved.as(format = currency,code = usd)
| sort amt_saved descSingle-metric gauge chart
Ratio of devices or users when there is a bad event
Create a single-metric gauge chart displaying the ratio of devices or users when there is a bad event, for example, a crash. It allows to see how devices or users are affected by the issue.
NQL structure
<devices|users>
| include <event table>
| compute temp_bad_number = <device|user>.count()
| summarize
<metric> = temp_bad_number.sum(),
<total> = count()Example
Display the ratio of devices with execution crashes out of all the devices in the company.
devices
| include execution.crashes
| compute crash_cnt = device.count()
| summarize
devices_with_crashes = crash_cnt.sum(),
total_devices = count()Ratio of events
Display the ratio of events when there is an event such as a crash, freeze, hard reset, system reset.
NQL structure
<devices|users>
| include <bad event table>
| compute temp_metric_number = count()
| include <total event table>
| compute temp_total_number = count()
| summarize
<metric> = temp_metric_number.sum(),
<total> = temp_total_number.sum()Example
Display the ratio of poor quality collaboration sessions out of the total number of sessions.
devices
| include collaboration.sessions
| where video.quality == poor or audio.quality == poor
| compute num_poor_quality_sessions = id.count()
| include collaboration.sessions
| compute num_total_sessions = id.count()
| summarize
poor_quality = num_poor_quality_sessions.sum(),
acceptable_quality = num_total_sessions.sum()Score metric
Display the DEX score metric.
Example
Multi-metric gauge chart
Ratio of devices or users with bad events against objects without them
NQL structure
<devices|users>
| include <event table>
| compute temp_bad_number = <device|user>.count()
| summarize
<good_label> = count() - temp_bad_number.sum(),
<bad_label> = temp_bad_number.sum()Example
Display the ratio of devices with crashes against those without them.
devices
| include execution.crashes
| compute crash_cnt = device.count()
| summarize
without_crashes = count() - crash_cnt.sum(),
with_crashes = crash_cnt.sum()Ratio of devices with bad events against devices without them
NQL structure
devices
| include <bad event table>
| compute temp_bad_number = count()
| include <total event table>
| compute temp_total_number = count()
| summarize
<good_label> = temp_total_number.sum() - temp_bad_number.sum(),
<bad_label> = temp_bad_number.sum()Example
Display the ratio of devices with hard resets against the ones without them.
devices
| include device_performance.hard_resets
| compute hard_reset_cnt = number_of_hard_resets.sum()
| include device_performance.events
| compute total_cnt = count()
| summarize
no_hard_resets = total_cnt.sum() - hard_reset_cnt.sum(),
hard_resets = hard_reset_cnt.sum()Ratio of users or devices with a good state against the ones with a bad state
NQL structure
<devices|users>
| include <event table>
| where <condition is bad>
| compute temp_bad_number = <device|user>.count()
| include <event table>
| where <condition is good>
| compute temp_good_number = <device|user>.count()
| summarize
<good_label> = temp_good_number.sum(),
<bad_label> = temp_bad_number.sum()Example
Display the ratio of users with good page views experience against the ones with a frustrating experience.
users
| include web.page_views
| where experience_level == frustrating
| compute frustrating_cnt = user.count()
| include web.page_views
| where experience_level == good
| compute good_cnt = user.count()
| summarize
good = good_cnt.sum(),
frustrating = frustrating_cnt.sum()Ratio of events with a good state against events with a bad state
NQL structure
<devices|users>
| include <event table>
| where <condition is bad>
| compute temp_bad_number = <sum|count>
| include <event table>
| where <condition is good>
| compute temp_good_number = <sum|count>
| summarize
<good_label> = temp_good_number.sum(),
<bad_label> = temp_bad_number.sum()Example
Display the ratio of page views with good experience against the ones with a frustrating experience.
users
| include web.page_views
| where experience_level == frustrating
| compute frustrating_cnt = number_of_page_views.sum()
| include web.page_views
| where experience_level == good
| compute good_cnt = number_of_page_views.sum()
| summarize
good = good_cnt.sum(),
frustrating = frustrating_cnt.sum()RELATED TOPIC:
Last updated