Top results of Cross-Engine investigations
Last updated
Was this helpful?
Version 6.30
Last updated
Was this helpful?
Investigations that return a specified number of , which are ordered according to a particular criterion, may yield surprising results when targeting simultaneously.
Learn how these top investigations are executed in Cross-Engine contexts to avoid misunderstandings.
When targeting multiple Engines, a top investigation executes first on each Engine individually and then aggregates the results. For instance, suppose that you are looking for the top 4 domains ordered by the highest number of visiting devices across two Engines.
Domain
Number of Devices
Domain
Number of Devices
300
350
200
150
150
50
50
40
The Cross-Engine investigation returns the total number of devices by adding the results in both Engines.
650
300
250
90
However, imagine that you repeat the same investigation, but you only ask for the top 2 domains with the highest number of visiting devices. In this case, the individual execution on each Engine returns a different list of domains:
Domain
Number of Devices
Domain
Number of Devices
300
350
200
150
Results beyond the second domain are lost. Thus, the aggregation of results ignores anything after the second position and the Cross-Engine investigation returns the following:
650
200
While we might expect to find the domain www.nexthink.com in the second place with 300 devices, as in the previous top 4 investigation, we see instead that docs-v6.nexthink.com takes the second place with 200 devices because the aggregation is ignoring the values beyond the second place in both Engines. Keep in mind this behavior when writing Cross-Engine top investigations whose aggregates are added up.
RELATED TASKS