The SigNoz Logs API uses a JSON payload for queries, which includes various fields and nested fields. This document provides a detailed explanation of each field to help users construct effective queries.
Top-level
The top-level of the payload model has the following fields:
NAME | DESCRIPTION |
---|---|
start | Epoch timestamp marking the start of the query range (in milliseconds) |
end | Epoch timestamp marking the end of the query range (in milliseconds) |
requestType | Type of response expected (e.g., time_series, scalar, raw) |
compositeQuery | This contains the compositeQuery which is explained below |
variables | Variables for templated queries (optional) |
Composite Query
The compositeQuery
field consists of:
NAME | DESCRIPTION |
---|---|
queries | Array of query envelopes |
Query Envelope
Each query in the queries
array consists of:
NAME | DESCRIPTION |
---|---|
type | Type of query (e.g., builder_query, builder_formula, clickhouse_sql, promql). Scope of this documentation is limited to builder_query type |
spec | Query specification based on type - contains the builderQuery for builder_query type |
Builder Query
A builderQuery
spec consists of:
NAME | DESCRIPTION |
---|---|
name | Name of the query (e.g., A, B, C) |
signal | Source of data (e.g., logs, traces, metrics) |
stepInterval | Aggregation interval for query in seconds |
aggregations | Array of aggregation expressions |
filter | filter expression for filtering data |
groupBy | Array of groupByKey used for groupBy |
order | Array of orderBy for sorting |
limit | Maximum number of results to return |
offset | Offset used in pagination |
disabled | Specifies if the query is disabled |
Aggregation
An aggregation
consists of:
NAME | DESCRIPTION |
---|---|
expression | Aggregation expression - count(), count_distinct(field), sum(field), avg(field), min(field), max(field), p50(field), p75(field), p90(field), p95(field), p99(field) |
alias | Optional alias for the aggregation result |
Filter
A filter
consists of:
NAME | DESCRIPTION |
---|---|
expression | Filter expression string using operators like =, !=, >, >=, <, <=, IN, NOT IN, CONTAINS, NOT CONTAINS, REGEXP, NOT REGEXP, EXISTS, NOT EXISTS |
GroupBy Key
The groupByKey
includes:
NAME | DESCRIPTION |
---|---|
name | Name of the field |
fieldDataType | Data type of the field (e.g., string, int64, float64, bool) |
fieldContext | Type of the field, i.e., attribute/resource |
OrderBy
The orderBy
includes:
NAME | DESCRIPTION |
---|---|
key | Object containing the field name to order by |
direction | Sort direction (asc, desc) |
Sample Payload
This sample payload contains the different fields that we looked at above. It queries the SigNoz Logs API and illustrates how to count distinct component
values and group them by container_id
.
{
"start": 1700734490000,
"end": 1700738090000,
"requestType": "scalar",
"variables": {},
"compositeQuery": {
"queries": [
{
"type": "builder_query",
"spec": {
"name": "A",
"signal": "logs",
"stepInterval": 60,
"aggregations": [
{
"expression": "count_distinct(component)",
"alias": "distinct_components"
}
],
"groupBy": [
{
"name": "container_id",
}
],
"order": [
{
"key": {
"name": "distinct_components"
},
"direction": "desc"
}
],
"disabled": false
}
}
]
}
}