Skip to main content

User Guide

Searching for short events

The minimal event duration setting for the value-based search is equal to two times the index resolution due to tag indexing and search mechanisms. This limit can somtetimes be blocking, as it is fairly common we would like to find all events where certain conditions are met, regardless of their duration.

For simple cases where we need to find (short) events where our tag exceeds a certain limit, we can solve this problem through the following steps:

  1. Create a maximum aggregation of the original tag with a central aggregation window that equals to two times the index resolution. This effectively creates a tag that creates a spike of at least two times the index resolution, even if the original event was only very short.

    short_spike_workaround.png

  2. Event Search

    Perform a value-based search on the new aggregation tag being above the threshold. Using the default minimal duration of two times the index resolution should now yield all instances where the original tag exceeded the threshold, no matter how short.

Note

We can use the same procedure when searching for events where our tag goes below a certain limit. In that case, we simply need to use the minimum aggregation

Tip

When our search criteria are more complicated and we need to check if conditions on multiple tags are true at the same time, we cannot simply create an aggregation per tag and then combine the conditions in the search. After all, the conditions might have not been true at exactly the same time.

In such a case, we first need to create a binary state tag showing when all conditions are met. This tag will have a value of 1 only for the events we want to identify. We can then thus create maximum aggregation tag on top of this formula. Searching on this tag having a value of 1 will yield all events were our conditions were met.

Warning

A downside of the approach above is that we cannot discern multiple events that are close together. When the space between events is closer than two time the index resolution, the aggregation will fuse them together and our search will only yield a single, longer result.

In this section: