Live Dashboards NQL examples

When configuring widgets using NQL, do not hardcode absolute time values or static timestamps.

This list of NQL query examples is designed to help you create live dashboard widgets.

KPI widget

NQL structure

...
summarize <kpi> = <sum() | count() | avg() | max() | min()>

Examples

Display the total web application errors during the last 7 days.

web.errors during past 7d
| summarize total_errors = number_of_errors.sum()

Display the ratio of backend page load duration during the last 7 days.

web.page_views during past 7d
| summarize 
  backend_dur_ratio = page_load_time.backend.sum() /
  page_load_time.overall.sum()

Display the estimated savings from remote action remediation in USD.

remote_action.executions during past 30d
| where status == success
| where purpose == remediation
| summarize amt_saved = (number_of_executions.sum()) * (20)
| list amt_saved.as(format = currency,code = usd)

Line chart

NQL structure

<event table> <time_duration>
...
summarize <kpi1>, <kpi2>, ... by <time_duration_granularity>
(list <time>, <kpi1>, <kpi2>, ...)

Examples

Display average daily backend page load duration, client page load duration, and network duration over the last 7 days, without specifying the list line.

web.page_views during past 7d
| summarize 
    backend_duration = page_load_time.backend.avg() , 
    client_duration = page_load_time.client.avg() , 
    network_duration = page_load_time.network.avg() by 1d

Display average daily backend page load duration, client page load duration, and network duration over the last 7 days, using the list line to indicate the parameters that should be included.

web.page_views during past 7d
| summarize 
    backend_duration = page_load_time.backend.avg() , 
    client_duration = page_load_time.client.avg() , 
    network_duration = page_load_time.network.avg() by 1d
| list end_time, backend_duration, client_duration, network_duration

Display the estimated daily total energy consumption in kilowatt-hours (kWh).

execution.events during past 15d
| where device.operating_system.name != "*server*"
| where 
  (device.hardware.type == laptop 
  or device.hardware.type == desktop)
| where binary.name in ["nxtsvc.exe", "nxtsvc"]
| summarize 
  Total_energy_consumption = 
  (((execution_duration.sum()) ^ (1)) / (3600)) * (30) 
  by 1d
| list 
  start_time, 
  Total_energy_consumption.as(format = energy)

Bar chart with disabled default breakdowns

NQL structure

In this case, as the default breakdowns are disabled, you should always specify by <segmentation1>,... in the query.

...
summarize <kpi1>, <kpi2>, ... by <segmentation1>, <segmentation2>, ...

Examples

Display the number of hard resets and the number of device over the last 7 days, broken down by: platform, hardware manufacturer and model.

device_performance.hard_resets  during past 7d
| summarize
    num_hard_resets = number_of_hard_resets.sum() ,
    num_devices = device.count()
   by
    device.operating_system.platform ,
    device.hardware.manufacturer ,
    device.hardware.model
| sort num_hard_resets desc

Display the number of web transactions by application.

web.transactions 
| summarize nb_transactions = number_of_transactions.sum() 
   by application.name 
| sort nb_transactions desc

Display the Internet Service Provider (ISP) count excluding unknown ISP.

devices
| where device.public_ip.isp != null
| summarize 
  devices = device.name.count() 
  by device.public_ip.isp
| sort devices desc

Display the estimated savings in USD achieved through the workflows, categorized by each trigger method.

workflow.executions during past 30d
| where status == success
| summarize amt_saved = (number_of_executions.sum()) * (100) 
  by trigger_method
| list trigger_method, amt_saved.as(format = currency,code = usd)
| sort amt_saved desc

Bar chart with enabled default breakdowns

NQL structure

In this case, as the default breakdowns are enabled, you can omit by <segmentation1>,... from the query since the system defaults to the options in the breakdown dropdown.

...
summarize <kpi1>, <kpi2>, ...

Examples

Number of web page view by default breakdown options

Since default breakdowns are enabled, the system displays web.page_views according to the available default options in the breakdown dropdown. In this case, by: URL, Adapted type, Number of active tabs, Number of large resources, Experience level.

web.page_views
| summarize web.page_views = number_of_page_view.sum()

Single-metric gauge chart

Ratio of devices or users when there is a bad event

Create a single-metric gauge chart displaying the ratio of devices or users when there is a bad event, for example, a crash. It allows to see how devices or users are affected by the issue.

NQL structure

<devices|users>
| include <event table>
| compute temp_bad_number = <device|user>.count()
| summarize 
   <metric> = temp_bad_number.sum(), 
   <total> = count()

Example

Display the ratio of devices with execution crashes out of all the devices in the company.

devices
| include execution.crashes
| compute crash_cnt = device.count()
| summarize 
   devices_with_crashes = crash_cnt.sum(), 
   total_devices = count()

Display only the crashes that happened while the application was running in the foreground.

devices
| include execution.crashes
| compute crash_cnt = device.countif(process_visibility == foreground)
| summarize
   devices_with_crashes = crash_cnt.sum(),
   total_devices = count()

Ratio of events

Display the ratio of events when there is an event such as a crash, freeze, hard reset, system reset.

NQL structure

<devices|users>
| include <bad event table>
| compute temp_metric_number = count()
| include <total event table>
| compute temp_total_number = count()
| summarize 
    <metric> = temp_metric_number.sum(), 
    <total> = temp_total_number.sum()

Example

Display the ratio of poor quality collaboration sessions out of the total number of sessions.

devices 
| include collaboration.sessions 
| where video.quality == poor or audio.quality == poor 
| compute num_poor_quality_sessions = id.count() 
| include collaboration.sessions 
| compute num_total_sessions = id.count() 
| summarize
    poor_quality = num_poor_quality_sessions.sum(), 
    acceptable_quality = num_total_sessions.sum()

Score metric

Display the DEX score metric.

NQL structure

<score table>
| summarize <metric> = <score_field>.avg(), <total> = <total>

Example

Display the DEX score metric

dex.scores
| summarize score = value.avg() , total = 100

Multi-metric gauge chart

Ratio of devices or users with bad events against objects without them

NQL structure

<devices|users>
| include <event table>
| compute temp_bad_number = <device|user>.count()
| summarize 
   <good_label> = count() - temp_bad_number.sum(), 
   <bad_label> = temp_bad_number.sum()

Example

Display the ratio of devices with crashes against those without them.

devices
| include execution.crashes
| compute crash_cnt = device.count()
| summarize 
    without_crashes = count() - crash_cnt.sum(), 
    with_crashes = crash_cnt.sum()

Ratio of devices with bad events against devices without them

NQL structure

devices
| include <bad event table>
| compute temp_bad_number = count()
| include <total event table>
| compute temp_total_number = count()
| summarize 
   <good_label> = temp_total_number.sum() - temp_bad_number.sum(), 
   <bad_label> = temp_bad_number.sum()

Example

Display the ratio of devices with hard resets against the ones without them.

devices
| include device_performance.hard_resets
| compute hard_reset_cnt = number_of_hard_resets.sum()
| include device_performance.events
| compute total_cnt = count()
| summarize 
   no_hard_resets = total_cnt.sum() - hard_reset_cnt.sum(), 
   hard_resets = hard_reset_cnt.sum()

Ratio of users or devices with a good state against the ones with a bad state

NQL structure

<devices|users>
| include <event table>
| where <condition is bad>
| compute temp_bad_number = <device|user>.count()
| include <event table>
| where <condition is good>
| compute temp_good_number = <device|user>.count()
| summarize 
   <good_label> = temp_good_number.sum(), 
   <bad_label> = temp_bad_number.sum()

Example

Display the ratio of users with good page views experience against the ones with a frustrating experience.

users
| include web.page_views
| where experience_level == frustrating
| compute frustrating_cnt = user.count()
| include web.page_views
| where experience_level == good 
| compute good_cnt = user.count()
| summarize 
   good = good_cnt.sum(), 
   frustrating = frustrating_cnt.sum()

Ratio of events with a good state against events with a bad state

NQL structure

<devices|users>
| include <event table>
| where <condition is bad>
| compute temp_bad_number = <sum|count>
| include <event table>
| where <condition is good>
| compute temp_good_number = <sum|count>
| summarize 
   <good_label> = temp_good_number.sum(), 
  <bad_label> = temp_bad_number.sum()

Example

Display the ratio of page views with good experience against the ones with a frustrating experience.

users
| include web.page_views
| where experience_level == frustrating
| compute frustrating_cnt = number_of_page_views.sum() 
| include web.page_views
| where experience_level == good 
| compute good_cnt = number_of_page_views.sum() 
| summarize 
   good = good_cnt.sum(), 
   frustrating = frustrating_cnt.sum()