Aggregation operators help aggregate log messages into groups. These groups can be user-defined or by default, they’re grouped over time. At a high level, FuseQL supports the following aggregation groups:
count all log lines
count_unique of labels or string-valued facets or fingerprints
statistical operations (
min,max,avg,sum,stddev,stdvarandpercentiles) on numeric or duration facet valuesmisc aggregation operations (
firstandlast).
| Info |
|---|
Facet values can be duration datatype if they follow go duration format. While applying any aggregation operators on these values, they are normalized to nanosecond float value. |
All aggregation operators are applied after applying filters, if any, in the log search bar, and in a time range selected by the user in the time picker.
count
Counts the total number of log lines in a given time range, along with any filters applied in log search.
...
count_unique
Counts only unique or distinct occurrences of the field. This operator can be applied on fingerprints, labels or string valued facets (facet value can be of string/UUID/IP address datatype).
...
avg
Computes the average value of numeric or duration valued facets within a group.
...
sum
Computes the sum of numeric or duration valued facets within a group.
...
min
Computes the min value of numeric or duration valued facets within a group.
...
max
Computes the max value of numeric or duration valued facets within a group.
...
first
Computes the first value of numeric or duration valued facets within a group.
...
last
Computes the last value of numeric or duration valued facets within a group.
...
percentiles
Computes the percentiles (p50, p75, p90, p95 and p99) of numeric or duration valued facets within a group.
...
stddev
Computes the standard deviation of numeric or duration valued facets within a group.
...
stdvar
Computes the standard variance of numeric or duration valued facets within a group.
