Metrics Operators
This guide describes Sumo Logic metrics operators and provides usage examples.
Guide contentsโ
In this section, we'll introduce the following concepts:
๐๏ธ accum
The accum operator creates a series of running totals for each metric time series. The running total in each series starts from the value of the first data point in the series, then iteratively adds up successive
๐๏ธ along
The along operator joins metric queries to have Sumo evaluate and perform expressions by comparing one or more metric fields. It considers multiple query rows and metrics referenced by another row according to one field or multiple fields separated by a comma (#A, #B,...).
๐๏ธ avg
The avg operator calculates the average of all matching time series. If grouping is specified, it calculates the average for each group.
๐๏ธ bottomk
The bottomk operator applies a specified aggregation function to the time series that match the query selector, and returns the n time series that have the lowest evaluated value over the query time range.
๐๏ธ count
count
๐๏ธ delta
The delta operator computes the backward difference at each data point in the time series to determine how much the metric has changed from its last value in the series.
๐๏ธ eval
The eval operator evaluates a time series based on a user-specified arithmetic or mathematical function.
๐๏ธ ewma
Currently, the ewma operator is supported only in the Metrics Explorerโs advanced mode, not basic mode.
๐๏ธ fillmissing
If a metric query returns results with empty timeslices, the visualization contains a straight line between the data points on either side of the empty timeslice(s).
๐๏ธ filter
You can use the filter operator to limit the results returned by a metric query. There are several ways you can restrict results. You can apply an aggregation function, such as avg, to a time series. You can also filter based on how many times the value of individual data points meet a value condition over a particular duration.
๐๏ธ histogram_quantile
The histogramquantile operator calculates the ฯ-quantile (0 โค ฯ โค 1) from the buckets of a histogram. This operator is specific to the Prometheus Histogram data type and does not work with non-Prometheus histograms. It is equivalent to the PromQL histogramquantile()
๐๏ธ in
The in operator functionality can be used in a metrics query selector as shorthand for multiple OR conditions.
๐๏ธ max
The max operator calculates the maximum value of the time series that match the query. If grouping is specified, it calculates the maximum for each group.
๐๏ธ min
The min operator calculates the minimum value of the time series that match the query. If grouping is specified, it calculates the minimum for each group.
๐๏ธ outlier
The metrics outlier operator identifies metrics data points that are outside the range of expected values. Outliers help you spot unusual behavior in your metrics visualizations and track the behavior over time.
๐๏ธ parse
The parse operator parses the specified field to create new fields to use in the metrics query.
๐๏ธ pct
The pct operator calculates, at each timestamp, the nth percentile of values of the input series for each time interval. If grouping is specified, it calculates the specified percentile for each group.
๐๏ธ quantize
You can use the quantize operator to control the Sumoโs quantization behavior, which is described in detail in Metric Quantization.
๐๏ธ rate
The rate operator calculates the per-second rate of change between consecutive data points. It divides the difference in values of consecutive data points by the difference in their timestamps (in milliseconds) and then multiplies the result by 1000 (to scale up the quantity from a per-millisecond rate to a per-second rate).
๐๏ธ stddev
The stddev operator measures of the magnitude of deviations between the values in a time series.
๐๏ธ sum
The sum operator calculates the sum of the metrics values that match the query. If grouping is specified, it calculates the sum for each group.
๐๏ธ timeshift
The timeshift operator shifts the time series from your metrics query by a specified period of time.
๐๏ธ topk
The topk operator applies a specified aggregation function to the time series that match the query selector, and returns the n time series that have the highest evaluated value over the query time range.
๐๏ธ where
You can use the where operator to filter data points by value.
