FuseQL Window Operators
FuseQL window operators enable you to perform calculations across a specific set of rows, or a “window,” while retaining the individual rows in the dataset. Unlike traditional aggregate functions that summarize data for the entire group, window functions allow detailed calculations for specific partitions or subsets of data.
| Window functions apply ONLY to numerical data. |
FuseQL offers the following window functions:
- accum
-
Running sum of the field.
- rollingstd
-
Rolling standard deviation of the field.
- smooth
-
Rolling average of a field.
- total
-
Rolling total of the field.
accum
Computes the running sum of the field.
Syntax
accum <field>
[as <field>] (1)
[by <field1>, <field2>, ...] (2)| 1 | as: alias clause; optional |
| 2 | by: group by clause; optional |
Example
- Query
query {
getLogMetricsResultWithKfuseQl(
query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | accum (_count) as running_count"
startTs: "2024-09-18T09:00:00-07:00"
endTs: "2024-09-18T11:15:00-07:00"
) {
TableResult
ColumnHeaders
}
}- output
{
"data": {
"getLogMetricsResultWithKfuseQl": {
"TableResult": [
[
5,
1726675200000,
"frontend_fluentd",
5
],
[
7,
1726675200000,
"advance-functions-server",
12
]
],
"ColumnHeaders": [
"_count",
"_timeslice",
"source",
"running_count"
]
}
}
}rollingstd
Computes the rolling, or moving, standard deviation.
Syntax
rollingstd <field>
[, <window length>] (1)
[as <field>] (2)| 1 | window length: size of the window; if not specified, uses default of 10. |
| 2 | as: alias clause; optional |
Example
- Query
query {
getLogMetricsResultWithKfuseQl(
query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | rollingstd (_count),10 as moving_std"
startTs: "2024-09-18T09:00:00-07:00"
endTs: "2024-09-18T11:15:00-07:00"
) {
TableResult
ColumnHeaders
}
}- Output
{
"data": {
"getLogMetricsResultWithKfuseQl": {
"TableResult": [
[
5,
1726675200000,
"frontend_fluentd",
0
],
[
7,
1726675200000,
"advance-functions-server",
1.4142135623730951
]
],
"ColumnHeaders": [
"_count",
"_timeslice",
"source",
"moving_std"
]
}
}
}smooth
Computes the rolling, or moving, average of a field.
Syntax
smooth <field>
[, <window length>] (1)
[as <field>] (2)| 1 | window length: size of the window; if not specified, uses default of 10. |
| 2 | as: alias clause; optional |
Example
- Query
query {
getLogMetricsResultWithKfuseQl(
query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | smooth (_count), 10 as moving_avg"
startTs: "2024-09-18T09:00:00-07:00"
endTs: "2024-09-18T11:15:00-07:00"
) {
TableResult
ColumnHeaders
}
}- Query
{
"data": {
"getLogMetricsResultWithKfuseQl": {
"TableResult": [
[
5,
1726675200000,
"frontend_fluentd",
5
],
[
7,
1726675200000,
"advance-functions-server",
6
]
],
"ColumnHeaders": [
"_count",
"_timeslice",
"source",
"moving_avg"
]
}
}
}total
Computes the total of the field, by group_by values.
Syntax
total <field>
[as <field>] (1)
[by <field1>, <field2>, ...] (2)| 1 | as: alias clause; optional |
| 2 | by: group by clause; optional |
Example
- Query
query {
getLogMetricsResultWithKfuseQl(
query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | total (_count) as total_count"
startTs: "2024-09-18T09:00:00-07:00"
endTs: "2024-09-18T11:15:00-07:00"
) {
TableResult
ColumnHeaders
}
}- Output
{
"data": {
"getLogMetricsResultWithKfuseQl": {
"TableResult": [
[
5,
1726675200000,
"frontend_fluentd",
7504
],
[
7,
1726675200000,
"advance-functions-server",
7504
]
],
"ColumnHeaders": [
"_count",
"_timeslice",
"source",
"total_count"
]
}
}
}