Events in a data table can easily be grouped to facilitate analysis. The result of grouping is a data table presenting all the different row value combinations of the grouped columns. Grouping is also required in order to subsequently apply aggregation operations on the data.
- Select the icon in the query window toolbar and the Operations Over Columns window appears with the Group By option selected.
- Choose the time period you want to use to group the events and the arguments (columns) you want to use to define the groups.
- Select Group by. The result will be a row for each unique combination of arguments and time period.
After grouping the data, you can continue applying groups as many times as necessary.
There are two different types of grouping:
- No temporal - Select No temporal in the Every field to get all the possible combinations of the columns added as arguments. In the following example we have grouped the data using the Server and OperatingSystem columns as arguments to get all the possible combinations of operating systems and servers.
- Temporal - You can include a time period when you group data in order to facilitate data analysis. Select the period you want to group by in the Every field. Note that the more columns you add as arguments in a temporal grouping, the less information you will extract, since the result will look more and more like the original table. In this way you can, for example, see the different combinations of operating systems and IPs each 15 minutes.
applied search operations bar, each one indicating one of the grouping period types:In Devo, groupings use two different time periods to group the data. After grouping the data, you will see two different tabs in the
- Server grouping period - The first tab is the grouping period asked to the server. When you select a large period for your grouping, the server is asked to download a smaller interval, and then is recalculated to show the period you choose.
- Client grouping period - The second tab is the grouping period used by your browser, and is the actual period you indicated in the grouping. Modifying this period does not ask data to the server again, but only recalculates the groups locally.
For example, if you group data by 3 hours, Devo automatically sets the server grouping period to 30 minutes. Then, data is recalculated and grouped every 3 hours, which is the period you indicated in the query window.
To edit the period of a grouping, you can either click the pencil icon in the second tab of the grouping or select Additional tools → Edit Client Period.