Aggregation operators help aggregate log messages into groups. These groups can be user-defined or by default, they’re grouped over time. At a high level, FuseQL supports the following aggregation groupsoperators:
count all log lines or fingerprints.
count_unique of labels or string-valued facets or fingerprints.
statistical operations (
min,max,avg,sum,stddev,stdvarandpercentiles) on numeric or duration facet values.misc aggregation operations (
firstandlast).
...
All aggregations are performed after applying filters, if any, in the log search bar, and in a time range selected by the user in the time picker. All aggregations are grouped by time buckets, unless user specifies additional grouping from the by dropdown.
count
Counts the total number of log lines.
...
Computes the average value of numeric or duration valued facets within a group.
...
sum
Computes the sum of numeric or duration valued facets within a group.
...
min
Computes the min value of numeric or duration valued facets within a group.
...
max
Computes the max value of numeric or duration valued facets within a group.
...
first
Computes the first value of numeric or duration valued facets within a group.
...
last
Computes the last value of numeric or duration valued facets within a group.
...
percentiles
Computes the percentiles (p50, p75, p90, p95 and or p99) of numeric or duration valued facets within a group.
...
stddev
Computes the standard deviation of numeric or duration valued facets within a group.
...
stdvar
Computes the standard variance of numeric or duration valued facets within a group.
...