Metrics Operators

This guide describes Sumo Logic metrics operators and provides usage examples.

Guide contents

In this section, we'll introduce the following concepts:

📄️ accum

The accum operator creates a series of running totals for each metric time series. The running total in each series starts from the value of the first data point in the series, then iteratively adds up successive

📄️ along

The along operator joins metric queries to have Sumo evaluate and perform expressions by comparing one or more metric fields. It considers multiple query rows and metrics referenced by another row according to one field or multiple fields separated by a comma (#A, #B,...).

📄️ avg

The avg operator calculates the average of all matching time series. If grouping is specified, it calculates the average for each group.

📄️ bottomk

The bottomk operator applies a specified aggregation function to the time series that match the query selector, and returns the n time series that have the lowest evaluated value over the query time range.

📄️ count

count

📄️ delta

The delta operator computes the backward difference at each data point in the time series to determine how much the metric has changed from its last value in the series.

📄️ eval

The eval operator evaluates a time series based on a user-specified arithmetic or mathematical function.

📄️ ewma

Currently, the ewma operator is supported only in the Metrics Explorer’s advanced mode, not basic mode.

📄️ fillmissing

If a metric query returns results with empty timeslices, the visualization contains a straight line between the data points on either side of the empty timeslice(s).

📄️ filter

You can use the filter operator to limit the results returned by a metric query. There are several ways you can restrict results. You can apply an aggregation function, such as avg, to a time series. You can also filter based on how many times the value of individual data points meet a value condition over a particular duration.

📄️ histogram_quantile

The histogramquantile operator calculates the φ-quantile (0 ≤ φ ≤ 1) from the buckets of a histogram. This operator is specific to the Prometheus Histogram data type and does not work with non-Prometheus histograms. It is equivalent to the PromQL histogramquantile()

📄️ in

The in operator functionality can be used in a metrics query selector as shorthand for multiple OR conditions.

📄️ max

The max operator calculates the maximum value of the time series that match the query. If grouping is specified, it calculates the maximum for each group.

📄️ min

The min operator calculates the minimum value of the time series that match the query. If grouping is specified, it calculates the minimum for each group.

📄️ outlier

The metrics outlier operator identifies metrics data points that are outside the range of expected values. Outliers help you spot unusual behavior in your metrics visualizations and track the behavior over time.

📄️ parse

The parse operator parses the specified field to create new fields to use in the metrics query.

📄️ pct

The pct operator calculates, at each timestamp, the nth percentile of values of the input series for each time interval. If grouping is specified, it calculates the specified percentile for each group.

📄️ quantize

You can use the quantize operator to control the Sumo’s quantization behavior, which is described in detail in Metric Quantization.

📄️ rate

The rate operator calculates the per-second rate of change between consecutive data points. It divides the difference in values of consecutive data points by the difference in their timestamps (in milliseconds) and then multiplies the result by 1000 (to scale up the quantity from a per-millisecond rate to a per-second rate).

📄️ stddev

The stddev operator measures of the magnitude of deviations between the values in a time series.

📄️ sum

The sum operator calculates the sum of the metrics values that match the query. If grouping is specified, it calculates the sum for each group.

📄️ timeshift

The timeshift operator shifts the time series from your metrics query by a specified period of time.

📄️ topk

The topk operator applies a specified aggregation function to the time series that match the query selector, and returns the n time series that have the highest evaluated value over the query time range.

📄️ where

You can use the where operator to filter data points by value.