Simple Query¶
Query data from different sources, and display it in charts by selecting aggregation functions, grouping tags, Labels, and filter conditions.
Data Source¶
Includes a series of data combinations from Metrics, Logs, Basic Objects, Resource Catalog, Events, APM, RUM, Network, Profile, and Cloud Bill.
| Source | Description |
|---|---|
| Metrics | Requires selecting a Measurement and a Metric. One Measurement can contain multiple Metrics. |
| Other Types | Basic Objects, Resource Catalog: Requires selecting a Class and an Attribute/Tag; Logs, Events, APM, RUM: Requires selecting a Source and an Attribute/Tag. |
When Logs are the data source
Different indexes can be selected to correspond to the log content. The default index is default.
For more details, refer to Log Indexes.
Multiple Queries¶
Select multiple query conditions, and data is displayed grouped by the selected filter items. Click the AS button to add an alias for each query condition, making it easier to distinguish the display of query results. If you want the added alias to be displayed directly on the chart, click the Legend on the right > Position, and select Bottom or Right.
Label Filter¶
Prerequisite
Label attributes have been set for hosts in Infrastructure > Hosts.
In fx > Label Filter, filter and display by positively or negatively selecting host Label attributes.
Add Filter¶
Click the icon to add filter conditions to the current query.
Multiple filter conditions can be added under a single query. The relationship between each filter condition can be either AND or OR.
| Filter Condition | Description | Supported Filter Condition Types |
|---|---|---|
= |
Equal to | Integer, Float, String |
!= |
Not equal to | Integer, Float, String |
>= |
Greater than or equal to | Integer, Float, String |
<= |
Less than or equal to | Integer, Float, String |
> |
Greater than | Integer, Float, String |
< |
Less than | Integer, Float, String |
match |
Contains | String |
not match |
Does not contain | String |
wildcard |
Fuzzy match (supports log-type data except Metrics) | String |
not wildcard |
Fuzzy non-match (supports log-type data except Metrics) | String |
Functions¶
Click the fx icon to add function calculations for Metrics and other data sources for this query.
Rollup Function¶
Slices data into specified time intervals and calculates and returns data for each interval.
Note
- In time series charts, after selecting this function and the aggregation method, go to Advanced Configuration to select the time interval;
- In non-time series charts, after selecting this function, you can choose aggregation methods including
avg,sum,min, etc., and time intervals (interval) including auto, 10s, 20s, 30s, 1m, 5m, 10m, 30m, 1h, 6h, 12h, 1d, 7d, 30d; - Only supports Metrics data queries; other data queries in simple chart mode do not support selecting the Rollup function;
- The Rollup function does not support adding multiple.
For more details, refer to Rollup Function.
Transformation Functions¶
Also known as outer functions. The functions supported in UI mode are as follows:
Transformation Function (Outer Function) |
Description |
|---|---|
cumsum |
Cumulative sum of the processed set |
abs |
Calculates the absolute value of each element in the processed set |
log2 |
Calculates the base-2 logarithm of each element in the processed set. The processed set must have more than one row, otherwise returns a null value |
log10 |
Calculates the base-10 logarithm of each element in the processed set. The processed set must have more than one row, otherwise returns a null value |
moving_average |
Calculates the moving average of the processed set. The window size must be not less than the number of rows in the processed set, otherwise returns a null value |
difference |
Calculates the difference between adjacent elements in the processed set. The processed set must have more than one row, otherwise returns a null value |
derivative |
Calculates the derivative of adjacent elements in the processed set. The time unit for derivation is seconds (s) |
non_negative_derivative |
Calculates the non-negative derivative of adjacent elements in the processed set. The time unit for derivation is seconds (s) |
non_negative_difference |
Calculates the non-negative difference between adjacent elements in the processed set. The processed set must have more than one row, otherwise returns a null value |
series_sum |
When grouping produces multiple series, merges them into 1 series based on time points. Among them, multiple series at the same time point are summed. The processed set must have more than one row, otherwise returns a null value |
rate |
Calculates the rate of change of a certain Metric over a certain time range, suitable for slowly changing counters. The time unit is seconds (s) |
irate |
Calculates the rate of change of a certain Metric over a certain time range, suitable for rapidly changing counters. The time unit is seconds (s) |
In DQL mode, more outer functions are supported. Refer to DQL Outer Functions.
Aggregation Functions¶
UI mode supports selecting aggregation methods to return result values.
| Aggregation Function | Description |
|---|---|
last |
Returns the value of the latest timestamp |
first |
Returns the value of the earliest timestamp |
avg |
Returns the average value of the field. Has exactly one parameter, which is the field name |
min |
Returns the minimum value |
max |
Returns the maximum value |
sum |
Returns the sum of the field values |
P50 |
Returns the 50th percentile field value |
P75 |
Returns the 75th percentile field value |
P90 |
Returns the 90th percentile field value |
P99 |
Returns the 99th percentile field value |
count |
Returns the aggregate value of non-null field values |
count_distinct |
Counts the number of distinct values in a field |
difference |
Returns the difference between consecutive time values in a field |
derivative |
Returns the rate of change of a field in a series |
non_negative_derivative |
Returns the non-negative rate of change of values in a field in a series |
In DQL mode, more aggregation functions are supported. Refer to DQL Aggregation Functions.
Window Function¶
Uses the selected time interval as the window (record set), combines it with aggregation functions to perform statistical calculations on each record, and supports selecting 1 minute, 5 minutes, 15 minutes, 30 minutes, 1 hour, 3 hours, 6 hours, 12 hours, 24 hours.
Note
The window function query result does not change the number of records. The current number of records remains the same after executing the function result.
No Data Filling¶
Sets the filling method for null data, displayed as fill in the query after setting, including three types:
| Function | Description |
|---|---|
| Previous Value Filling (previous) | Converts null data to the previous value. |
| Linear Filling (linear) | Fills null data after calculation using a linear function. |
| Value Filling | Allows custom filling value. |
Advanced Functions¶
Advanced functions are mainly used for further function calculation on data queried by DQL and for intuitive time series chart display.
For more details, refer to Advanced Functions.
Hide Query¶
Click the icon to hide the query result of that entry on the chart.
As shown in the figure below, the system loading data only displays the query results for 1m and 15m. The system loading query result for 5m has been hidden and cannot be viewed on the chart.
