Simple Query¶
Query data from different sources and display it in charts by selecting aggregation functions, grouping tags, labels, and filter conditions.
Data Sources¶
Includes a combination of data from Metrics, Logs, Infrastructure Objects, Resource Catalog, Events, APM, RUM, Network, Profile, and Cloud Billing.
| Source | Description |
|---|---|
| Metrics | Select a Measurement and Metric. A Measurement can contain multiple Metrics. |
| Other Types | Infrastructure Objects, Resource Catalog: Select a Class and Attribute/Label; Logs, Events, APM, RUM: Select a Source and Attribute/Label. |
When Logs are the Data Source
You can select different indexes to correspond to the log content, with the default index being default.
For more details, refer to Log Indexes.
Multiple Queries¶
Select multiple query conditions, and the data will be grouped and displayed according to the selected filter options. Click the AS button to add an alias for each query condition, making it easier to distinguish the data query results. If you want the added alias to be directly displayed on the chart, click the Legend on the right > Position, and select Bottom or Right.
Label Filter¶
Prerequisite
The Label attribute has been set for hosts in Infrastructure > Hosts.
In fx > Label Filter, include or exclude host Label attributes for filtering.
Add Filter¶
Click the icon to add filter conditions to the current query.
You can add multiple filter conditions under a single query, with each condition connected by AND or OR.
| Filter Condition | Description | Supported Filter Condition Types |
|---|---|---|
= |
Equal to | Integer, Float, String |
!= |
Not equal to | Integer, Float, String |
>= |
Greater than or equal to | Integer, Float, String |
<= |
Less than or equal to | Integer, Float, String |
> |
Greater than | Integer, Float, String |
< |
Less than | Integer, Float, String |
match |
Contains | String |
not match |
Does not contain | String |
wildcard |
Fuzzy match (supports log data except Metrics) | String |
not wildcard |
Fuzzy mismatch (supports log data except Metrics) | String |
Functions¶
Click the fx icon to add function calculations to the query for Metrics and other data sources.
Rollup Function¶
Slice the data into specified time intervals and calculate the data for each interval.
Note
- In time series charts, after selecting this function and the aggregation method, you can go to Advanced Configuration to select the time interval;
- In non-time series charts, after selecting this function, you can choose aggregation methods including
avg,sum,min, etc., and time intervals including auto, 10s, 20s, 30s, 1m, 5m, 10m, 30m, 1h, 6h, 12h, 1d, 7d, 30d (interval); - Only supports Metrics data queries; other data queries in simple mode do not support the Rollup function;
- The Rollup function does not support adding multiple functions.
For more details, refer to Rollup Function.
Transformation Functions¶
Also known as outer functions, the following functions are supported in UI mode:
Transformation Functions (Outer Functions) |
Description |
|---|---|
cumsum |
Cumulative sum of the processed set |
abs |
Calculate the absolute value of each element in the processed set |
log2 |
Calculate the base-2 logarithm of each element in the processed set; the processed set must have more than one row, otherwise returns null |
log10 |
Calculate the base-10 logarithm of each element in the processed set; the processed set must have more than one row, otherwise returns null |
moving_average |
Calculate the moving average of the processed set; the window size must be greater than or equal to the number of rows in the processed set, otherwise returns null |
difference |
Calculate the difference between adjacent elements in the processed set; the processed set must have more than one row, otherwise returns null |
derivative |
Calculate the derivative of adjacent elements in the processed set; the time unit for derivation is seconds (s) |
non_negative_derivative |
Calculate the non-negative derivative of adjacent elements in the processed set; the time unit for derivation is seconds (s) |
non_negative_difference |
Calculate the non-negative difference between adjacent elements in the processed set; the processed set must have more than one row, otherwise returns null |
series_sum |
When grouping produces multiple series, merge them into 1 series based on time points. Multiple series at the same time point are summed; the processed set must have more than one row, otherwise returns null |
rate |
Calculate the rate of change of a metric over a certain time range, suitable for slowly changing counters. The time unit is seconds (s) |
irate |
Calculate the rate of change of a metric over a certain time range, suitable for rapidly changing counters. The time unit is seconds (s) |
In DQL mode, more outer functions are supported. Refer to DQL Outer Functions.
Aggregation Functions¶
In UI mode, you can select aggregation methods to return result values.
| Aggregation Function | Description |
|---|---|
last |
Returns the value with the latest timestamp |
first |
Returns the value with the earliest timestamp |
avg |
Returns the average value of the field. There is only one parameter, and the parameter type is the field name |
min |
Returns the minimum value |
max |
Returns the maximum value |
sum |
Returns the sum of the field values |
P50 |
Returns the 50th percentile of the field values |
P75 |
Returns the 75th percentile of the field values |
P90 |
Returns the 90th percentile of the field values |
P99 |
Returns the 99th percentile of the field values |
count |
Returns the sum of non-null field values |
count_distinct |
Counts the number of distinct field values |
difference |
Returns the difference between consecutive time values in a field |
derivative |
Returns the rate of change of a field in a series |
non_negative_derivative |
Returns the non-negative rate of change of a field in a series |
In DQL mode, more aggregation functions are supported. Refer to DQL Aggregation Functions.
Window Functions¶
Use the selected time interval as the window (record set) and combine it with aggregation functions to perform statistical calculations on each record. Supports selecting 1 minute, 5 minutes, 15 minutes, 30 minutes, 1 hour, 3 hours, 6 hours, 12 hours, 24 hours.
Note
The window function query result does not change the number of records. The existing number of records remains the same after executing the function result.
No Data Fill¶
Set the fill method for null data, which will be displayed as fill in the query. Includes three types:
| Function | Description |
|---|---|
| Previous Fill (previous) | Converts null data to the previous value. |
| Linear Fill (linear) | Fills null data after linear function calculation. |
| Numeric Fill | Custom fill value. |
Advanced Functions¶
Advanced functions are mainly used for further function calculations on data queried by DQL and for intuitive time series chart display.
For more details, refer to Advanced Functions.
Hide Query¶
Click the icon to hide the query result on the chart.
As shown below, the system loads data and only displays the query results for 1m and 15m. The system load query result for 5m has been hidden and cannot be viewed on the chart.
