Complete the code to query APM data for transactions.
{
"query": {
"match": {
"[1]": "transaction"
}
}
}user.id instead of event.type causes no matching transactions.host.name or service.name filters by host or service, not event type.The field event.type is used to filter APM transaction events.
Complete the code to aggregate average transaction duration.
{
"aggs": {
"avg_duration": {
"[1]": {
"field": "transaction.duration.us"
}
}
}
}terms aggregation instead of avg causes a bucket aggregation, not a metric.max or min returns wrong statistics.The avg aggregation calculates the average value of the specified field.
Fix the error in the filter to select transactions longer than 1 second.
{
"query": {
"range": {
"transaction.duration.us": {
"[1]": 1000000
}
}
}
}lt or lte filters for shorter transactions.gte includes transactions equal to 1 second, which may be acceptable but not the exact fix.The gt operator filters for values greater than the given threshold.
Fill both blanks to create a filter for errors with status code 500.
{
"query": {
"bool": {
"must": [
{ "term": { "[1]": "error" } },
{ "term": { "[2]": 500 } }
]
}
}
}transaction.status instead of event.type misses error events.http.response.status_code may not be present in error documents.event.type filters for error events, and error.status_code filters for HTTP 500 errors.
Fill all three blanks to create a dictionary comprehension that maps service names to average transaction durations over 2 seconds.
result = { [1]: [2] for [3] in services if [2] > 2000000 }transaction.duration.us as key or loop variable causes errors.service as key instead of service.name results in wrong dictionary keys.This comprehension maps each service.name to its avg_duration for services where the average duration is greater than 2,000,000 microseconds (2 seconds).