Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Current »

FuseQL is a new query language to perform analytics on log events. It is meant to be a drop-in replacement for Grafana’s LogQL support in Kloudfuse. In addition, it also supports more advanced operators such as anomaly detection, outlier detection, forecasting and several arithmetic and trigonometric operators.

Users can switch between FuseQL and LogQL with a toggle button on the log analytics page.

For some of the common use cases on how to use log analytics with FuseQL, refer to the cheatsheet page.

Query Builder

image-20241107-202333.png

Log Filters

To filter out logs that you want to run your analytics query on, click image-20241107-194249.png (Search logs). If no filters are specified, FuseQL will consider all log lines.

image-20241107-202405.png

Aggregations

Once the log filters have been added, you can apply an aggregation operator on the log lines. By default, FuseQL will display the count of all log lines that match the filter conditions.

For more information on various supported aggregation operators, refer to Aggregation Operators.

Groups

FuseQL also supports grouping of log lines by label and facets. Click on the by dropdown to add group by fields to your aggregation operators. By default, FuseQL groups by time buckets, and by collapsing all other labels.

image-20241107-204050.png

Limit To

By default, FuseQL limits the resulting time series values to the top 10. This can be changed by editing the dropdown.

image-20241107-204449.png

Roll Up

FuseQL aggregates data by roll up time period (for example, five seconds). The roll up value is auto-selected by the user-selected time range, but can be edited if needed. Editing the roll up will change the number of bucketed results you see in the visualization.

Below is an example of using a 1m roll up in a time range of 5m resulting in 5 buckets.

image-20241107-205834.png

Functions

FuseQL supports various functions - you can choose any of the available functions by clicking on button. The list of functions supported can be broadly classified into the following three categories:

Add Query

To add another query, click image-20241107-220237.png (Add Query). Notice that a new query image-20241107-220454.png (B) appears under query image-20241107-220509.png (A), and it is a duplicate.

image-20241107-220703.png

Add Formula

FuseQL also supports formulas by applying various mathematical operators on a set of queries. Currently following mathematical operators are supported:

  • Addition (+)

  • Subtraction/Difference (-)

  • Multiplication/Product (*)

  • Division (/)

  • Modulo (%)

  • Pow (^)

Each query can have its own set of filters and aggregation operators.

The screenshot below shows an example of counting all log lines with levels info, warn and error.

image-20241107-235716.png

Formulas are currently not supported with any advanced functions or math operators. You can only use log filters and aggregation operators with formulas.

Visualizations

FuseQL supports four different visualization types. The default visualization is Time Series.

image-20241107-210335.png

Time Series

Use Time Series Visualization when you want to analyze trends, patterns, and behaviors over time.

image-20241108-180230.png

Top List

Use Top List when you want to quickly identify and compare the highest-ranking groups.

image-20241108-180256.png

Table

image-20241108-180407.png

Pie Chart

image-20241108-180432.png

  • No labels