Query Builder
Introduction
Logs and Trace Explorer will help you write complex queries on your logs and trace data using an intuitive user interface. At top-level the explorer pages let you filter data based on certain attributes, apply aggregate operations, and group your results by attributes like service name, container ID, trace ID, span ID etc.
Once you create your query, you can click on Run Query to see your results. You can select the time range filter in the top-right corner to select the duration for which you want to see the data for.
You can then visualize your data using different views. Let's see what different components of the query builder can help you achieve.
Filter
The filter input lets you filter your data based on certain attributes. You can apply multiple filters and then use operators like =, !=, IN, NOT_IN, CONTAINS, NOT_CONTAINS. It allows you to have single-select and multi-select filter options. Using this you can filter the logs or traces of any specific component in your application.
Aggregation options
Once you have your data filtered out, you can apply aggregate options like Count, Sum, Avg, p90, p95, p99, etc. You need to choose an aggregate attribute to aggregate your data on. You can use this field to do things like finding latency of a service or multiple services.
Group By
The Group By field lets you to group your results by any specified attribute. You can use this field to create time-series charts showing data grouped by your selected attributes. For example, you can filter out your services, and use the Group By field to plot a chart showing p99 latency of different services.
Order By, Limit, Having, and Aggregation Intervals
You can use the above fields to add more conditions to your results.
Order By - lets you order your results based on timestamps, or any input data that can be ordered.
Limit - coming soon.
Having - if you want to filter out your results based on conditions like count operations larger than a specified number you can use this field.
Aggregate Every - This is fixed at 60s currently. More options are coming soon.
Logs Visualization Panels
List View
List View can show logs data in three different formats - raw, default, and column view. You can also customize things like max lines per row and columns.
Time Series
The time-series tab helps you visualize your logs data in form of charts. You can then add this chart as a panel into any of your existing or new dashboard.
Trace Visualization Panels
List View
List view shows trace data in a simple tabular format with options for customizing columns.
Traces
The traces tab shows you a list of root spans and the number of spans it has. A root span is a span that does not have a parent span. You can click on the Trace ID to see the detailed flamegraph and gantt chart of the particular root span.
Time Series
The time series tab helps you visualize your trace data in form of charts. You can then add this chart as a panel into any of your existing or new dashboard.
Adding charts as Panels to Dashboards
You can export your charts from logs and trace explorer as a panel to a any of your existing dashboard. You can also export the chart as a panel in a new dashboard.
Step 1. Click on Add to Dashboard
Step 2. Choose any dashboard from the list of dashboard, or click on New Dashboard.
Step 3. Click on Export. Once you have clicked on Export, you can set things like panel title, description, y-axis units, etc.
Setup Alerts
You can also set up alerts by clicking on Setup Alerts. It will take you to the alerts query builder with your selected options in place.
