Scheduled views

Scheduled views are pre-aggregated datasets that Kloudfuse generates at scheduled intervals to improve query performance and efficiency. Instead of expensive real-time queries on raw data, scheduled views store advance results, enabling faster access to summarized information.

Consider the following benefits of using scheduled views instead of regular queries:

Scheduled views have a significantly smaller footprint, and use much less storage than complete logs.
Scheduled views update every minute for near real-time data availability.
When you store precomputed results, the system processes the query and saves the aggregated results separately from the log data.
When you access scheduled view results through FuseQL (instead of running raw data queries), it ensures faster performance with current insights.
You can design your retention policies to optimize both storage and accessibility to older data by only the relevant data that is both abbreviated and aggregated. This enables better reporting without significant overhead.

Rules

You must use an aggregate operator when defining a scheduled view.
Always run an aggregation by a timeslice operator. If you do not, evaluation time will be used.
You cannot create a scheduled view from another scheduled view.
You cannot use cat operator as part of a scheduled view query.
View names must start with a letter and can only contain letters, numbers, $, and _ characters. Spaces are not allowed.

Navigate to Scheduled Views

To begin working with scheduled views, follow these steps:

Select the Logs tab, and then the Scheduled Views option in the dropdown menu.
The Scheduled Views report appears.

Using Scheduled Views

The Scheduled Views page contains the following:

The Search feature enables you to search across all existing scheduled views.
Make a new scheduled view by clicking the Create scheduled view button.
Use the List of scheduled views to review what views are already available, and to manage them.

Table Columns

The scheduled views table displays the following information:

Column Description

Column	Description
View name	A unique name you assign to the view when you create it. Used as `_view=<name>` when querying.
Folder	The folder where the scheduled view is organized. Use folders to manage access permissions and organize related views together.
Status	The current state of the scheduled view. Possible values: * Running - The view is actively evaluating queries and writing results * Catching Up - The view is processing historical data to catch up to the current time * Paused - The view is temporarily paused and not processing new data
Start time	The timestamp from which the scheduled view begins processing data. You can configure this when creating a view to backfill historical data.
Last evaluated	The timestamp of the most recent query evaluation. This column is hidden by default; use the column options to display it.
Next evaluation	The timestamp when the next query evaluation is scheduled. This column is hidden by default.
Lag (s)	How far behind the scheduled view is from the current time, measured in seconds. A lower lag indicates the view is more current.
FuseQL	The query that gets evaluated at each interval (default: every minute).
Created at	The timestamp of when the view was created. This column is hidden by default.

View name

A unique name you assign to the view when you create it. Used as _view=<name> when querying.

Folder

The folder where the scheduled view is organized. Use folders to manage access permissions and organize related views together.

Status

The current state of the scheduled view. Possible values:

* Running - The view is actively evaluating queries and writing results * Catching Up - The view is processing historical data to catch up to the current time * Paused - The view is temporarily paused and not processing new data

Start time

The timestamp from which the scheduled view begins processing data. You can configure this when creating a view to backfill historical data.

Last evaluated

The timestamp of the most recent query evaluation. This column is hidden by default; use the column options to display it.

Next evaluation

The timestamp when the next query evaluation is scheduled. This column is hidden by default.

Lag (s)

How far behind the scheduled view is from the current time, measured in seconds. A lower lag indicates the view is more current.

FuseQL

The query that gets evaluated at each interval (default: every minute).

Created at

The timestamp of when the view was created. This column is hidden by default.

Row Actions

When you hover the cursor over one of the rows that represent a scheduled view, Kloudfuse displays action options:

Copy query - Copy the FuseQL query to your clipboard
View Logs - Open the view results in the Logs Explorer
Change folder - Move the scheduled view to a different folder
Pause or Resume - Temporarily stop or restart collecting data
Delete - Permanently remove the scheduled view

Bulk Actions

Select multiple scheduled views using the checkboxes to perform bulk operations:

Pause - Pause all selected active views
Resume - Resume all selected paused views
Move to folder - Move all selected views to a specific folder
Delete - Delete all selected views

Create a scheduled view

To create a scheduled view:

In the default Logs > Scheduled Views interface, click Create scheduled view.
The Create scheduled view page appears.
In the interface, specify:
View Name

Choose a meaningful name. The name must start with a letter and can only contain letters, numbers, $, and _. Do not use spaces.

Folder (optional)

Select a folder to organize the scheduled view. Folders help manage access permissions when RBAC is enabled. You can also create a new folder using the folder icon.

Start Time

Select the date and time from which the scheduled view should begin processing data. This allows you to backfill historical data. The start time cannot be in the future.

FuseQL Query
Specify the query that defines the view, including filters and aggregation. For example:
* | timeslice 1m | count by _timeslice, source

none
Click Create.
The new view appears in the list of views and begins processing data from the specified start time.

View Logs

In the list of Scheduled Views, hover the pointer over the view you plan to examine.

In this example, we use countBySource, which is defined as * | timeslice 1m | count by _timeslice, source
Click the View Logs option.
The list of aggregated data for the view appears.

The Search parameters are, by default, for _view=<view-name>. In the following example, it is _view=countBySource.

The default time interval is for the preceding 5 minutes. You can adjust this by changing the time picker. In the following example, the time interval is for the last minute.

Pause or Resume Scheduled view

Disable or pause the scheduled view to temporarily stop updates without deleting it, and then resume processing as necessary.

Pause a Single View

Hover your pointer over the view you plan to pause, and click the Pause icon.
The status changes to Paused.

Resume a Single View

To resume collecting data into a paused scheduled view, hover your pointer over the view and click the Resume icon.
The view resumes processing and automatically catches up from where it was paused. During catch-up, the status shows as Catching Up.

Bulk Pause or Resume

Select multiple views using the checkboxes in the leftmost column.
Click the Pause button to pause all selected active views, or the Resume button to resume all selected paused views.
A confirmation dialog appears. Click Confirm to proceed.

Delete Scheduled view

Delete a scheduled view to permanently stop collecting data.

You can still query data from a deleted view until its retention period expires. Be mindful that like all data, scheduled views have a retention timeframe.

Delete a Single View

Hover your pointer over the view you plan to delete, and click the Delete icon.
Confirm the deletion when prompted.
The view is removed from the list.

Bulk Delete

Select multiple views using the checkboxes in the leftmost column.
Click the Delete button in the toolbar.
A confirmation dialog appears listing all views to be deleted. Click Confirm to proceed.

Organize with Folders

Scheduled views can be organized into folders for better management and access control.

Move a Single View to a Folder

Hover your pointer over the view and click the Change folder icon.
Select the destination folder from the dropdown.
Click Save to move the view.

Bulk Move to Folder

Select multiple views using the checkboxes.
Click the Move to folder button in the toolbar.
Select the destination folder and confirm.

Query a Scheduled view

To query a view, prefix the FuseQL query by adding the view information. So, the first component of the query has the following form:

Query against a view

| _view=<view_name>

none

Do not use quotes around the view name.

Query multiple views

To query multiple views, prefix the query using the following form:

Query against multiple views

_view=<view1> or _view=<view2> or _view=<view3> ...

none

For example, consider this combined view:

Examples

The following example shows how to track log volume by source over time using a scheduled view.

Track log volume by source

Use case: You want to monitor the volume of logs from each source over time for capacity planning. Creating a scheduled view provides two key benefits:

Faster queries - Pre-aggregated data means queries run significantly faster than querying raw logs
Long-term storage - Retain aggregated metrics beyond the retention period of the original logs

Original query on raw logs:

*
| timeslice 1h
| count by _timeslice, source

none

This query runs against all raw log data, which can be slow for large time ranges and is limited by log retention.

Scheduled view definition:

*
| timeslice 1m
| count by _timeslice, source

none

The scheduled view aggregates log counts by source every minute, storing only the pre-computed results.

Query the scheduled view:

_view=logVolumeBySource
| timeslice 1h
| sum(_count) by _timeslice, source

none

This query runs against pre-aggregated data, providing fast results even for extended time ranges that exceed the original log retention period.

GraphQL API Reference

Scheduled views can be managed programmatically using the GraphQL API.

Query

query {
  getScheduledViews(limit: Int) {
    Name
    FuseQlQuery
    Created
    Active
    FolderUid
    StartTime
    Status {
      State
      EvalTime
      NextEvalTime
      LagTime
    }
  }
}

graphql

Mutations

Create a Scheduled View

mutation {
  createScheduledView(
    viewName: String!
    fuseQlQuery: String!
    folderUid: String
    startTime: Time
  )
}

graphql

Pause a Scheduled View

mutation {
  pauseScheduledView(viewName: String!)
}

graphql

Resume a Scheduled View

mutation {
  resumeScheduledView(viewName: String!)
}

graphql

Delete a Scheduled View

mutation {
  deleteScheduledView(viewName: String!)
}

graphql

Response Types

type ScheduledView {
  Name: String!
  FuseQlQuery: String!
  StartTime: Time
  IntervalSeconds: Int
  RetentionTime: Int
  RetentionUnit: RetentionUnit
  Created: Time!
  Active: Boolean!
  FolderUid: String
  Status: ScheduledViewStatus
}

type ScheduledViewStatus {
  State: ViewState!
  EvalTime: Time
  NextEvalTime: Time
  LagTime: Int
}

enum ViewState {
  running
  catchingUp
  paused
}

enum RetentionUnit {
  days
  weeks
  months
}

graphql