Scheduled Views

Scheduled views are pre-aggregated datasets that Kloudfuse generates at scheduled intervals to improve query performance and efficiency. Instead of expensive real-time queries on raw data, scheduled views store advance results, enabling faster access to summarized information.

Consider the following benefits of using scheduled views instead of regular queries:

  • Scheduled views have a significantly smaller footprint, and use much less storage than complete logs.

  • Scheduled views update every minute for near real-time data availability.

  • When you store precomputed results, the system processes the query and saves the aggregated results separately from the log data.

  • When you access scheduled view results through FuseQL (instead of running raw data queries), it ensures faster performance with current insights.

  • You can design your retention policies to optimize both storage and accessibility to older data by only the relevant data that is both abbreviated and aggregated. This enables better reporting without significant overhead.

You must use an aggregate operator when defining a scheduled view.

To begin working with scheduled views, follow these steps:

  1. Select the Logs tab, and then the Scheduled Views option in the dropdown menu.

    Navigate to the logs Scheduled Views interface

  2. The Scheduled Views report appears.

Using Scheduled Views

The Scheduled Views report has the following information and affordances:

The log cardinality report

  1. The Search feature enables you to search across all existing scheduled views.

  2. Make a new scheduled view by clicking the Create scheduled view button.

  3. Use the List of scheduled views to review what views are already available, and to manage them.

  4. The first column of the list displays the Status of the view. Views can be Active or Paused.

  5. View Name is either generated sequentially (see view3, view4), or a custom name you assign to the view when you create it.

  6. FuseQL is the SQL level definition of the query that defines the view; note that we are using the FuseQL piped dialect.

  7. Created at is the timestamp of when the view is created.

When you hover the cursor over one of the rows that represent a scheduled view, Kloudfuse displays action options. Choose one of them to perform these actions:

  1. View Logs to examine what logs have been extracted into the view.

    Kloudfuse only saves the timestamp and the queried fields, not the entire log record.

  2. Pause or Resume collecting data points into the view.

  3. xef:#delete[Delete] scheduled view to stop collecting data.

Create a scheduled view

This is how to create a scheduled view:

  1. In the default Logs > Scheduled Views interface, click Create scheduled view.

    logs scheduled views create new

  2. The Create scheduled view page appears.

  3. In the interface, specify:

    Define scheduled view
    View Name

    Choose a meaningful name; do not use spaces.

    FuseQL Query

    Specify the query that defines the view, both the filters and the aggregation logic. For example,

    * | count by (level,kube_cluster_name)
    code

  4. Click Create.

  5. The new view appears the list of views.

View Logs

  1. In the list of Scheduled Views, hover the pointer over the view you plan to examine.

    In this example, we use view4, which is defined as * | count by (level)

  2. Click the View Logs option.

  3. The list of logs that match the view appear.

    The Search parameters are, by default, for _view=<view=name>. In the following example, it is _view=view4.

    The default time interval is for the preceding 5 minutes. You can adjust this by changing the time picker. In the following example, the time interval is for the last minute.

    The columns in the table are extracted from the view definition for the logs. They always include Timestamp. In this example, the aggregation is _count, and the metric is level.

    View logs that match the view

Pause or Resume Scheduled view

Disable or pause the scheduled view to temporarily stop updates without deleting it, and then resume processing as necessary.

  1. Hover your pointer over the view you plan to pause, and click the Pause option.

    Pause Scheduled View

  2. Notice that the status changes to paused (grey indicator).

    Scheduled View paused

  3. To resume collecting data into the scheduled view, hover your pointer over the view you plan to use, and click the Resume option.

    Resume Scheduled View

Delete Scheduled view

Delete a schedule view to stop collecting data.

You can still use a deleted view in a query. Be mindful that like all data, scheduled views have a retention timeframe that expires.

  1. Hover your pointer over the view you plan to delete, and click the Delete option.

    Delete Scheduled View

  2. Notice that the view is no longer in the list of available views.

Query a Scheduled view

To query a view, prefix the FuseQL query by adding the view information. So, the first component of the query has the following form:

Query against a view
| _view=<view_name>
code

Do not use quotes around the view name.

Query multiple views

To query multiple views, prefix the query using the following form:

Query against multiple views
_view=<view1> or _view=<view2> or _view=<view3> ...
code

For example, consider this combined view:

fuseql multi view 3.3.0