Filtering in Instana

Instana offers powerful filtering tools to help you focus on the most relevant data during monitoring and troubleshooting. The two primary methods are Dynamic Focus Queries (DFQs) and Tag Filter Expressions (TFEs). Each serves similar purposes but is designed to meet different user needs. DFQs offer more flexibility and cross-context capabilities, making them suitable for detailed insights orchestrated across different data stores. TFEs are more accessible for quick, context-specific filtering, making them ideal for an intuitive tag-based approach.

For more information, see Dynamic Focus Queries and Tag Filter Expressions.

Overview

Dynamic Focus Queries (DFQs)

DFQs are a keyword-based query method in Instana that you can use to filter on specific entities such as metrics or traces. DFQs also support selecting entities across different contexts in Instana's Dynamic Graph, making them highly flexible, but potentially complex and slower.

The following three types of contexts (and filters) in DFQ are supported:

  1. Infrastructure (entity.*)
  2. Applications (entity.application.*, entity.service.*, entity.endpoint.*)
  3. Events (events.*)

Tag Filter Expressions (TFEs)

TFEs are more intuitive, particularly for less experienced users. TFEs are tag-based and focus on filtering and grouping data within a single context. They benefit from enrichments that are made at ingest time, allowing for quicker, and more streamlined searches.

Comparing DFQs and TFEs

Feature DFQs TFEs
Use case Ideal for detailed and multi-context searches. Suitable for filtering data within a single context.
Best place to explore Infrastructure Map Analytics
Coverage Infrastructure, Applications, Events (excluding Synthetics, EUM, Logs, and BizOps). Everything except Events.
More details Learn more about DFQs Learn more about TFEs

Using DFQs and TFEs

Accessing filters

  • DFQs: can be accessed by using the filter icon or Add Filter option in any dashboard or page in the Instana UI where data is displayed.
  • TFEs: can be accessed from the analytics sections of Instana, such as Service or Infrastructure Analysis.

Creating a query or expression

For DFQs:

  1. Select Metrics/Traces: Choose the data that you want to filter.
  2. Define Conditions: Set up your text-based or keyword-based conditions (for example, response time > 500 ms, serviceName contains 'checkout').
  3. Apply Filter: Update your view to reflect the filtered data.

For TFEs:

  1. Select Tags: Choose from predefined tags that correspond to various attributes of your entities (for example, services and endpoints).
  2. Add Conditions: Apply filter conditions and groupings based on these tags.
  3. Apply Expression: Instana filters the data within the context of the selected tags.

Refining and saving queries

  • DFQs: You can add multiple conditions to further narrow down the data, modify, or remove conditions as needed.
  • TFEs: You can click through different tags and refine your filters dynamically.
  • Save for Reuse: Both DFQs and TFEs can be saved for future use, which is especially useful for recurring analysis or troubleshooting tasks.

Best practices for filtering

  • DFQs: Start with broad conditions and refine them as you gain more insights. Review and update saved DFQs regularly to keep them aligned with your monitoring needs.
  • TFEs: Use the point-and-click interface for quick filtering, especially when you focus on specific contexts like services or infrastructure components. Regularly review your tag selections to ensure that they match your current focus.

Usage examples

  • Performance monitoring:

    • DFQs: Filter for services with specific response times across different contexts.
    • TFEs: Focus on services or endpoints with certain tags that are related to performance issues.
  • Infrastructure management:

    • DFQs: Aggregate metrics from various infrastructure components.
    • TFEs: Isolate data for specific infrastructure elements within a single context.
  • Application debugging:

    • DFQs: Drill down into specific traces across multiple applications or services.
    • TFEs: Filter logs or metrics that are associated with a specific application tag.