Window Operators
FuseQL window operators enable you to perform calculations across a specific set of rows, or a “window,” while retaining the individual rows in the dataset. Unlike traditional aggregate functions that summarize data for the entire group, window functions allow detailed calculations for specific partitions or subsets of data.
| Window functions apply ONLY to numerical data. |
FuseQL offers the following window functions:
- accum
-
Calculates the running sum of the field.
- rollingstd
-
Calculates the rolling standard deviation of the field.
- smooth
-
Calculates the rolling average of a field.
- total
-
Calculates the rolling total of the field, by
group_byvalues.
accum
Calculates the running sum of the field.
- Syntax
-
accum <field> [as <field>] (1) [by <field1>, <field2>, ...] (2)text1 as: alias clause; optional2 by: group by clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | accum (_count) as running_count" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } }text - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 5 ], [ 7, 1726675200000, "advance-functions-server", 12 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "running_count" ] } } }text
rollingstd
Calculates the rolling standard deviation of the field.
- Syntax
-
rollingstd <field> [, <window length>] (1) [as <field>] (2)text1 window length: size of the window; if not specified, uses default of10.2 as: alias clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | rollingstd (_count),10 as moving_std" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } }text - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 0 ], [ 7, 1726675200000, "advance-functions-server", 1.4142135623730951 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "moving_std" ] } } }text
smooth
Calculates the rolling average of a field.
- Syntax
-
smooth <field> [, <window length>] (1) [as <field>] (2)text1 window length: size of the window; if not specified, uses default of10.2 as: alias clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | smooth (_count), 10 as moving_avg" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } }text - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 5 ], [ 7, 1726675200000, "advance-functions-server", 6 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "moving_avg" ] } } }text
total
Calculates the rolling total of the field, by group_by values.
- Syntax
-
total <field> [as <field>] (1) [by <field1>, <field2>, ...] (2)text1 as: alias clause; optional2 by: group by clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | total (_count) as total_count" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } }text - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 7504 ], [ 7, 1726675200000, "advance-functions-server", 7504 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "total_count" ] } } }text
