Aggregation operators help aggregate log messages into groups. These groups can be user-defined or by default, they’re grouped over time. At a high level, FuseQL supports the following aggregation groups:
count all log lines
count_unique of labels or string-valued facets or fingerprints
statistical operations (
min,max,avg,sum,stddev,stdvarandpercentiles) on numeric or duration facet valuesmisc aggregation operations (
firstandlast).
Facet values have duration datatype if they follow go duration format. While applying any aggregation operators on these values, they are normalized to nanosecond float value.
All aggregations are performed after applying filters, if any, in the log search bar, and in a time range selected by the user in the time picker.
count
Counts the total number of log lines.
count_unique
Counts only unique or distinct occurrences of the field. This operator can be applied on fingerprints, labels or string valued facets (facet value can be of string/UUID/IP address datatype).
avg
Computes the average value of numeric or duration valued facets within a group.
sum
Computes the sum of numeric or duration valued facets within a group.
min
Computes the min value of numeric or duration valued facets within a group.
max
Computes the max value of numeric or duration valued facets within a group.
first
Computes the first value of numeric or duration valued facets within a group.
last
Computes the last value of numeric or duration valued facets within a group.
percentiles
Computes the percentiles (p50, p75, p90, p95 and p99) of numeric or duration valued facets within a group
stddev
Computes the standard deviation of numeric or duration valued facets within a group.
stdvar
Computes the standard variance of numeric or duration valued facets within a group.
