Homeโ€บ๐Ÿ“Š Phase 2: Migrate Dashboardsโ€บModule 102 min read ยท 11/21

Adopt Notebooks for Investigation

Hands-on

Notebooks โ€” Replacing Data Explorer

Notebooks replace the Data Explorer for ad-hoc analysis and investigation. Any Data Explorer workflow should move to Notebooks โ€” they combine DQL queries, markdown notes, and visualizations in one shareable document.

When to Use What

Use Case                    Tool          Why
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€  โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€  โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
Real-time monitoring        Dashboard     Wall screen, auto-refresh, shared
Investigation & analysis    Notebook      Sequential, shareable, annotated
Ad-hoc queries              Notebook      Quick DQL, explore data
Reporting                   Dashboard     Polished, variables, filters
Collaboration               Notebook      Add notes, share findings

๐Ÿ›  Try it: Ctrl+K โ†’ "Notebooks" โ†’ Create new โ†’ Add a DQL section โ†’ type fetch dt.entity.host | fields entity.name, cpuCores, osType โ†’ Add a Markdown section โ†’ write your analysis notes.

Notebook Sections

Notebooks support five section types:

Section Type    What It Does                              Icon
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€  โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€  โ”€โ”€โ”€โ”€
Query (DQL)     Write DQL queries, choose visualizations   ๐Ÿ“Š
Explore         Point-and-click data exploration            ๐Ÿ”
Code            Run JavaScript for custom logic             ๐Ÿ’ป
Markdown        Add headers, notes, formatted text          ๐Ÿ“
Prompt          Ask Davis CoPilot in natural language        ๐Ÿค–

๐Ÿ’ก Prompt sections let you ask Davis CoPilot questions in plain English โ€” it generates and runs the DQL for you. Try: "Show me the top 5 hosts by CPU usage in the last hour".

Explore Data (Point-and-Click)

Don't want to write DQL? Use the "Explore data" feature:

  1. In a Notebook, click "Explore data" instead of "Query Grail"
  2. Choose your data source (Logs, Metrics, Business events)
  3. Use the point-and-click interface to filter, aggregate, and visualize
  4. Click "Show DQL" to see the generated query

๐Ÿ’ก "Explore data" is the best way to learn DQL โ€” build your query visually, then read the generated DQL to understand the syntax.

Notebooks vs Dashboards

Aspect              Notebook                        Dashboard
โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€  โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€  โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€โ”€
Layout              Linear, top-to-bottom           Grid-based (24 columns)
Purpose             Investigation, analysis, RCA    Monitoring, at-a-glance status
DQL location        state.input.value               query
Viz config          state.visualization             visualizationSettings

Notebook YAML uses sections format (not cells). Each section is either type: markdown or a DQL query with state.input.value containing the query.

โ† PreviousMigrate Classic โ†’ Gen3 DashboardsNext โ†’Migrate MZ Filters โ†’ Variables & Segments