Simple Query¶
Query data from different sources and display it in charts by selecting aggregation functions, grouping labels, Labels, and filtering conditions.
Data Source¶
Includes a series of data combinations from Metrics, Logs, Basic Objects, Resource Catalogs, Events, Application Performance Monitoring (APM), Real User Monitoring (RUM), Security Checks, NETWORK, Profiles, Cloud Billing.
| Source | Description |
|---|---|
| Metrics | You need to select Measurement and Metrics, one measurement can contain multiple metrics. |
| Other types | Basic Objects, Resource Catalogs, Security Checks: Select Resource Class and Attributes/Labels; Logs, Events, APM, RUM: Select Source and Attributes/Labels. |
When Logs are used as the data source
You can choose different indexes corresponding to log content, with default being the default index.
For more details, refer to Log Index.
Multiple Queries¶
Select multiple query conditions, and the data will be grouped according to the selected filter items. Click the AS button to add aliases for each query condition, which makes it easier to distinguish between the displayed results of the data queries. If you wish for the added alias to be directly displayed on the chart, click the Legend > Position on the right side, then select bottom or right.
Label Filtering¶
Prerequisite
Labels have already been set for hosts under Infrastructure > HOST.
In fx > Label Filtering, you can either include or exclude host Label properties for filtered display.
Adding Filters¶
Click the icon to add filtering conditions for the current query.
Under a single query, multiple filtering conditions can be added, with each condition including AND and OR options.
| Filtering Condition | Description | Supported Filter Types |
|---|---|---|
= |
Equals | Integer, Float, String |
!= |
Not equals | Integer, Float, String |
>= |
Greater than or equal to | Integer, Float, String |
<= |
Less than or equal to | Integer, Float, String |
> |
Greater than | Integer, Float, String |
< |
Less than | Integer, Float, String |
match |
Contains | String |
not match |
Does not contain | String |
wildcard |
Fuzzy match (supports all log-type data except Metrics) | String |
not wildcard |
Fuzzy non-match (supports all log-type data except Metrics) | String |
Functions¶
Click the fx icon to add functions to calculate metrics and other data sources for this query.
Rollup Function¶
Slices data into specified time intervals and calculates and returns the data for each time interval.
Note
- In time-series charts, after selecting this function and the aggregation method, you can go to Advanced Configuration to select the time interval;
- In non-time-series charts, after selecting this function, you can choose an aggregation method that includes
avg,sum,min, etc., along with time intervals such as auto, 10s, 20s, 30s, 1m, 5m, 10m, 30m, 1h, 6h, 12h, 1d, 7d, 30d (interval); - Only supports Metrics data queries, other data queries do not support the selection of the Rollup function in simple mode;
- The Rollup function does not support adding multiple entries.
For more details, refer to Rollup Function.
Transformation Functions¶
Also known as outer functions, the following functions are supported in UI mode:
Transformation Function (Outer Function) |
Description |
|---|---|
cumsum |
Cumulatively sums up the processed set |
abs |
Calculates the absolute value of each element in the processed set |
log2 |
Calculates the logarithm base 2 for each element in the processed set. The processed set must be at least greater than one row, otherwise it returns null. |
log10 |
Calculates the logarithm base 10 for each element in the processed set. The processed set must be at least greater than one row, otherwise it returns null. |
moving_average |
Calculates the moving average of the processed set. The window size needs to be no smaller than the number of rows in the processed set, otherwise it returns null. |
difference |
Calculates the difference between adjacent elements in the processed set. The processed set must be at least greater than one row, otherwise it returns null. |
derivative |
Calculates the derivative of adjacent elements in the processed set. The time unit for differentiation is seconds (s). |
non_negative_derivative |
Calculates the non-negative derivative of adjacent elements in the processed set. The time unit for differentiation is seconds (s). |
non_negative_difference |
Calculates the non-negative difference between adjacent elements in the processed set. The processed set must be at least greater than one row, otherwise it returns null. |
series_sum |
When grouping produces multiple series, they are merged into one series based on the time point. Among these, the values of series at the same time point are summed up. The processed set must be at least greater than one row, otherwise it returns null. |
rate |
Calculates the rate of change of a metric within a certain time range, suitable for slowly changing counters. The time unit is seconds (s). |
irate |
Calculates the rate of change of a metric within a certain time range, suitable for rapidly changing counters. The time unit is seconds (s). |
In DQL mode, more external functions are supported, refer to DQL Outer Functions.
Aggregation Functions¶
UI mode supports choosing aggregation methods to return result values.
| Aggregation Function | Description |
|---|---|
last |
Returns the value of the latest timestamp |
first |
Returns the value of the earliest timestamp |
avg |
Returns the average value of the field. There is only one parameter, and the parameter type is the field name. |
min |
Returns the minimum value |
max |
Returns the maximum value |
sum |
Returns the sum of the field values |
P50 |
Returns the 50th percentile value of the field |
P75 |
Returns the 75th percentile value of the field |
P90 |
Returns the 90th percentile value of the field |
P99 |
Returns the 99th percentile value of the field |
count |
Returns the total count of non-null field values |
count_distinct |
Counts the number of distinct values in the field |
difference |
Returns the difference between consecutive time values in a field |
derivative |
Returns the rate of change of a field within a series |
non_negative_derivative |
Returns the non-negative rate of change of a field within a series |
In DQL mode, more aggregation functions are supported, refer to DQL Aggregation Functions.
Window Functions¶
Window functions use selected time intervals as windows (record sets) and combine them with aggregation functions to perform statistical calculations on each record. Time intervals of 1 minute, 5 minutes, 15 minutes, 30 minutes, 1 hour, 3 hours, 6 hours, 12 hours, and 24 hours can be selected.
Note
The results of window function queries do not change the number of records. The number of existing records remains unchanged after executing the function.
No Data Filling¶
Set the filling method for empty-value data. After setting, it displays as fill in the query, including three types:
| Function | Description |
|---|---|
| Previous Value Fill (previous) | Converts missing data into the previous numerical value. |
| Linear Fill (linear) | Calculates and fills missing data using a linear function. |
| Numerical Fill | Customizable fill value. |
Advanced Functions¶
Advanced functions are mainly used for further functional calculations on data queried via DQL and provide intuitive time-series chart displays.
For more details, refer to Advanced Functions.
Hiding Queries¶
Click the icon to hide the query result for this line on the chart.
As shown in the figure below, the system loads data showing only the 1m and 15m query results. The 5m system load query result has been hidden and cannot be viewed on the chart.
