cfxdm - dm:hist

dm:hist: This cfxdm tag allows the user to generate an histogram out of timeseries data from a selected extension's tag.

dm:hist syntax:

• timestamp (mandatory): select timestamp column from the selected extension's tag.

• interval (mandatory): select the interval in days or hours or minutes or seconds. (Ex: 1d (day), 4h (hour), 15min (minutes), 30s (seconds)

In the below example, for a reference, we are going to use Elasticsearch as an extension to query the timeseries data index (or indexes) and ingest it into dm:hist to generate an histogram.

Enter the below command to select Elasticsearch's index tag (#es124111:winlog-events). (In this example, es124111 name is used as a label to identify Elasticsearch extension, and winlog-events representing Windows log events indexes with Elasticsearch extension as a tag. The label is defined while adding the extension in cfxdx configuration file or through UI or CLI)

tag #es124111:winlog-events

Example 1: Select log events as timeseries data and generate an histogram

Get timeseries data out of Windows log events from Elasticsearch tag for last 10 hours with an interval of 1 hour and generate an histogram.

Timestamp Column:

• @timestamp

data `@timestamp` after -10 hour --> dm:hist timestamp = '@timestamp' & interval = '1h'