Window Operators
FuseQL window operators enable you to perform calculations across a specific set of rows, or a “window,” while retaining the individual rows in the dataset. Unlike traditional aggregate functions that summarize data for the entire group, window functions allow detailed calculations for specific partitions or subsets of data.
| Window functions apply ONLY to numerical data. |
FuseQL offers the following window functions:
- accum
-
Calculates the running sum of the field.
- rollingstd
-
Calculates the rolling standard deviation of the field.
- smooth
-
Calculates the rolling average of a field.
- total
-
Calculates the rolling total of the field, by
group_byvalues.
accum
Calculates the running sum of the field.
- Syntax
-
accum <field> [as <field>] (1) [by <field1>, <field2>, ...] (2)1 as: alias clause; optional2 by: group by clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | accum (_count) as running_count" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } } - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 5 ], [ 7, 1726675200000, "advance-functions-server", 12 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "running_count" ] } } }
rollingstd
Calculates the rolling standard deviation of the field.
- Syntax
-
rollingstd <field> [, <window length>] (1) [as <field>] (2)1 window length: size of the window; if not specified, uses default of10.2 as: alias clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | rollingstd (_count),10 as moving_std" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } } - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 0 ], [ 7, 1726675200000, "advance-functions-server", 1.4142135623730951 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "moving_std" ] } } }
smooth
Calculates the rolling average of a field.
- Syntax
-
smooth <field> [, <window length>] (1) [as <field>] (2)1 window length: size of the window; if not specified, uses default of10.2 as: alias clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | smooth (_count), 10 as moving_avg" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } } - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 5 ], [ 7, 1726675200000, "advance-functions-server", 6 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "moving_avg" ] } } }
total
Calculates the rolling total of the field, by group_by values.
- Syntax
-
total <field> [as <field>] (1) [by <field1>, <field2>, ...] (2)1 as: alias clause; optional2 by: group by clause; optional - Query
-
query { getLogMetricsResultWithKfuseQl( query: "level = \"error\" | timeslice 15s | count by (_timeslice, source) | total (_count) as total_count" startTs: "2024-09-18T09:00:00-07:00" endTs: "2024-09-18T11:15:00-07:00" ) { TableResult ColumnHeaders } } - Output
-
{ "data": { "getLogMetricsResultWithKfuseQl": { "TableResult": [ [ 5, 1726675200000, "frontend_fluentd", 7504 ], [ 7, 1726675200000, "advance-functions-server", 7504 ] ], "ColumnHeaders": [ "_count", "_timeslice", "source", "total_count" ] } } }
