Defining and Using Baselines
You can establish a particular set of query results as a baseline snapshot against which to compare the results of other runs of the same query. Comparing the results of the same query run at different times and in different contexts highlights the deltas (differences) and helps identify areas that vary significantly from normal. If spikes, dips, or other anomalies appear, you can compare them against the baseline.
You can define baselines and run comparisons with any query viewer that:
-
Lends itself well to a table format display
-
Includes one or more key fields by which to locate matching entries between the baseline and currently displayed information.
For example, suppose you have a query that returns the top 10 event counts by name and you want to compare it against some baseline. A reasonable comparison would be between similarly named events in both sets of data. In this case, the event name would be used as the key field.
Note: Following are important considerations on baselines.
-
Baselines are applicable only to table views of result data. Baselines do not apply to graphical views such as pie charts, bar charts, and so on. You always have the option to view query data from any query viewer as a graphical chart or a table, but the baseline data is only accessible from the table view of the data.
-
Baselines require one or more key fields by which to locate matches between the baseline and the displayed data. The key fields must be built into the query viewer to which you want to add a baseline.
-
Values for Key fields must be unique. When adding baselines, make sure key fields in the query viewer have unique values. (See the Fields tab in the query viewer editor.) Also, check the query viewer start and end times (on the Attributes tab in the query viewer editor) to make sure the time frame over which the query runs makes sense.
You can add one or more baselines to a single query viewer, and delete them as needed.