Aggregation Operators

Aggregation operators help aggregate log messages into groups. FuseQL supports the following aggregation operators:

count all log lines or fingerprints
count_unique of labels or string-valued facets
statistical operations — min, max, avg, sum, stddev, stdvar] and percentiles — on numeric or duration facet values
ordered aggregation operations — first and last

Facet values have duration datatype if they follow the go language duration format. When applying aggregation operators to these values, FuseQL normalizes them to a nanosecond float value.

FuseQL applies aggregations after applying the filters specified in the log search bar, and in the time range selected in the time picker. All aggregations are grouped by time buckets, unless user specifies additional grouping from the dropdown.

Kloudfuse automatically selects the count and count_unique operators by default, depending on the data type of the variable. For other operators, click the drop-down next to the show label, and select the aggregation operator.

avg

Computes the average value of numeric or duration-valued facets.

count

Counts the total number of log lines.

count_unique

Counts only unique or distinct occurrences of the field. This operator can be applied on fingerprints, labels or string valued facets (facet value can be of string/UUID/IP address datatype).