FuseQL

Owned by Ashvin Kumaran
Last updated: Nov 08, 2024
4 min read

FuseQL is a new query language to perform analytics on log events. It is meant to be a drop-in replacement for Grafana’s LogQL support in Kloudfuse. In addition, it also supports more advanced operators such as anomaly detection, outlier detection, forecasting and several arithmetic and trigonometric operators.

Users can switch between FuseQL and LogQL with a toggle button on the log analytics page.

For some of the common use cases on how to use log analytics with FuseQL, refer to the cheatsheet page.

Query Builder

image-20241107-202333.png

Log Filters

To filter out logs that you want to run your analytics query on, click image-20241107-194249.png (Search logs). If no filters are specified, FuseQL will consider all log lines.

image-20241107-202405.png

Aggregations

Once the log filters have been added, you can apply an aggregation operator on the log lines. By default, FuseQL will display the count of all log lines that match the filter conditions.

For more information on various supported aggregation operators, refer to Aggregation Operators.

Groups

FuseQL also supports grouping of log lines by label and facets. Click on the by dropdown to add group by fields to your aggregation operators. By default, FuseQL groups by time buckets, and by collapsing all other labels.

Limit To

By default, FuseQL limits the resulting time series values to the top 10. This can be changed by editing the dropdown.

Roll Up

FuseQL aggregates data by roll up time period (for example, five seconds). The roll up value is auto-selected by the user-selected time range, but can be edited if needed. Editing the roll up will change the number of bucketed results you see in the visualization.

Below is an example of using a 1m roll up in a time range of 5m resulting in 5 buckets.

Functions

FuseQL supports various functions - you can choose any of the available functions by clicking on button. The list of functions supported can be broadly classified into the following three categories:

Add Query

To add another query, click image-20241107-220237.png (Add Query). Notice that a new query image-20241107-220454.png (B) appears under query image-20241107-220509.png (A), and it is a duplicate.

Add Formula

FuseQL also supports formulas by applying various mathematical operators on a set of queries. Currently following mathematical operators are supported:

  • Addition (+)

  • Subtraction/Difference (-)

  • Multiplication/Product (*)

  • Division (/)

  • Modulo (%)

  • Pow (^)

Each query can have its own set of filters and aggregation operators.

The screenshot below shows an example of counting all log lines with levels info, warn and error.

Formulas are currently not supported with any advanced functions or math operators. You can only use log filters and aggregation operators with formulas.

Visualizations

FuseQL supports four different visualization types. The default visualization is Time Series.

Time Series

Use Time Series Visualization when you want to analyze trends, patterns, and behaviors in buckets spanning the selected time range.

Top List

Use Top List when you want to quickly identify and compare the highest-ranking groups within the selected time range.

 

Table

Use Table when you need a detailed, row-by-row summary of your data for deeper comparison and analysis within the selected time range.

Pie Chart

Use Pie Chart when you want to visualize the relative proportions of different groups within your data in the selected time range.