Logs API Payload Model

The SigNoz Logs API uses a JSON payload for queries, which includes various fields and nested fields. This document provides a detailed explanation of each field to help users construct effective queries.

Top-level

The top-level of the payload model has the following fields:

NAMEDESCRIPTION
startEpoch timestamp marking the start of the query range (in milliseconds)
endEpoch timestamp marking the end of the query range (in milliseconds)
requestTypeType of response expected (e.g., time_series, scalar, raw)
compositeQueryThis contains the compositeQuery which is explained below
variablesVariables for templated queries (optional)

Composite Query

The compositeQuery field consists of:

NAMEDESCRIPTION
queriesArray of query envelopes

Query Envelope

Each query in the queries array consists of:

NAMEDESCRIPTION
typeType of query (e.g., builder_query, builder_formula, clickhouse_sql, promql). Scope of this documentation is limited to builder_query type
specQuery specification based on type - contains the builderQuery for builder_query type

Builder Query

A builderQuery spec consists of:

NAMEDESCRIPTION
nameName of the query (e.g., A, B, C)
signalSource of data (e.g., logs, traces, metrics)
stepIntervalAggregation interval for query in seconds
aggregationsArray of aggregation expressions
filterfilter expression for filtering data
groupByArray of groupByKey used for groupBy
orderArray of orderBy for sorting
limitMaximum number of results to return
offsetOffset used in pagination
disabledSpecifies if the query is disabled

Aggregation

An aggregation consists of:

NAMEDESCRIPTION
expressionAggregation expression - count(), count_distinct(field), sum(field), avg(field), min(field), max(field), p50(field), p75(field), p90(field), p95(field), p99(field)
aliasOptional alias for the aggregation result

Filter

A filter consists of:

NAMEDESCRIPTION
expressionFilter expression string using operators like =, !=, >, >=, <, <=, IN, NOT IN, CONTAINS, NOT CONTAINS, REGEXP, NOT REGEXP, EXISTS, NOT EXISTS

GroupBy Key

The groupByKey includes:

NAMEDESCRIPTION
nameName of the field
fieldDataTypeData type of the field (e.g., string, int64, float64, bool)
fieldContextType of the field, i.e., attribute/resource

OrderBy

The orderBy includes:

NAMEDESCRIPTION
keyObject containing the field name to order by
directionSort direction (asc, desc)

Sample Payload

This sample payload contains the different fields that we looked at above. It queries the SigNoz Logs API and illustrates how to count distinct component values and group them by container_id.

{
    "start": 1700734490000,
    "end": 1700738090000,
    "requestType": "scalar",
    "variables": {},
    "compositeQuery": {
        "queries": [
            {
                "type": "builder_query",
                "spec": {
                    "name": "A",
                    "signal": "logs",
                    "stepInterval": 60,
                    "aggregations": [
                        {
                            "expression": "count_distinct(component)",
                            "alias": "distinct_components"
                        }
                    ],
                    "groupBy": [
                        {
                            "name": "container_id",
                        }
                    ],
                    "order": [
                        {
                            "key": {
                                "name": "distinct_components"
                            },
                            "direction": "desc"
                        }
                    ],
                    "disabled": false
                }
            }
        ]
    }
}

Last updated: June 6, 2024

Edit on GitHub

Was this page helpful?