Datadog syntax: Difference between revisions
From wikinotes
(5 intermediate revisions by the same user not shown) | |||
Line 5: | Line 5: | ||
| facets || https://docs.datadoghq.com/logs/explorer/facets/#manage-facets | | facets || https://docs.datadoghq.com/logs/explorer/facets/#manage-facets | ||
|- | |- | ||
| functions || https://docs.datadoghq.com/dashboards/functions/#overview | |||
|} | |} | ||
</blockquote><!-- Documentation --> | </blockquote><!-- Documentation --> | ||
Line 10: | Line 11: | ||
= Example = | = Example = | ||
<blockquote> | <blockquote> | ||
Perform queries | |||
<syntaxhighlight lang="yaml"> | |||
# there is the JSON query syntax (described here) | |||
# and a UI-assisted JSON query syntax where the code is abstracted. | |||
Notebooks: | |||
- New Notebook: | |||
- </> # on the far right of the query, this toggles interactive "json-syntax" queries | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="promql"> | <syntaxhighlight lang="promql"> | ||
sum:my_metric{*}.as_count() # sum counts per-sample of `my_metric` | sum:my_metric{*}.as_count() # sum counts per-sample of `my_metric` | ||
Line 16: | Line 26: | ||
</blockquote><!-- Example --> | </blockquote><!-- Example --> | ||
= | = Components = | ||
<blockquote> | <blockquote> | ||
Queries are composed of a <code>term</code> and an <code>operator</code>. | |||
terms | terms | ||
Line 39: | Line 36: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
operator | |||
<syntaxhighlight lang="yaml"> | <syntaxhighlight lang="yaml"> | ||
</syntaxhighlight> | </syntaxhighlight> | ||
</blockquote><!-- Components --> | </blockquote><!-- Components --> | ||
= Datatypes = | = Datatypes = | ||
Line 54: | Line 50: | ||
</syntaxhighlight> | </syntaxhighlight> | ||
</blockquote><!-- Datatypes --> | </blockquote><!-- Datatypes --> | ||
= Operators = | |||
<blockquote> | |||
You can do operator math. | |||
<syntaxhighlight lang="promql"> | |||
node.avail_memory / node.total_memory | |||
</syntaxhighlight> | |||
<syntaxhighlight lang="promql"> | |||
* # multiply | |||
/ # divide | |||
+ # add | |||
- # subtract | |||
</syntaxhighlight> | |||
</blockquote><!-- Operators --> | |||
= Filters = | = Filters = | ||
Line 96: | Line 108: | ||
<syntaxhighlight lang="promql"> | <syntaxhighlight lang="promql"> | ||
avg:perform_time{*}.rollup(avg, 60) # average-perform time, within 60s windows | avg:perform_time{*}.rollup(avg, 60) # average-perform time, within 60s windows | ||
</syntaxhighlight> | |||
You cannot use numeric filters on aggregated samples, but there are helpful functions. | |||
<syntaxhighlight lang="promql"> | |||
cutoff_min(avg:perform_time{*}.rollup(avg, 60), 10) # only show samples that exceed 10 | |||
</syntaxhighlight> | </syntaxhighlight> | ||
</blockquote><!-- Aggregation (Samples) --> | </blockquote><!-- Aggregation (Samples) --> | ||
= Functions = | |||
<blockquote> | |||
Several functions are available. See docs | |||
https://docs.datadoghq.com/dashboards/functions/#overview | |||
</blockquote><!-- Functions --> |
Latest revision as of 22:48, 5 May 2022
Documentation
facets https://docs.datadoghq.com/logs/explorer/facets/#manage-facets functions https://docs.datadoghq.com/dashboards/functions/#overview
Example
Perform queries
# there is the JSON query syntax (described here) # and a UI-assisted JSON query syntax where the code is abstracted. Notebooks: - New Notebook: - </> # on the far right of the query, this toggles interactive "json-syntax" queriessum:my_metric{*}.as_count() # sum counts per-sample of `my_metric` sum:my_metric{env:prod} # `my_metric`, where tag `env=prod`
Components
Queries are composed of a
term
and anoperator
.terms
facet: @host, @url # provided by the application, applies to all metrics tag: status, perform_time # assigned to your specific metric when emittedoperator
Datatypes
Metrics are assigned datatypes
Operators
You can do operator math.
node.avail_memory / node.total_memory* # multiply / # divide + # add - # subtract
Filters
Glob/Wildcard
You can glob-match metrics.
jobs:*{*} # jobs.* with no tag matchersTag-Search
Tag-Search lets you conditionally match metrics by tag.
AND # metric with both tags OR # metric with either tag - # (AND|OR) exclude results with another matcherperform_time{(env:prod AND env:staging)} perform_time{(env:prod AND -user:test)}Comparison/Ranges
Exclude records by numerical operators, or ranges
foo.response_time:>100 foo.response_time:[100 TO 200]
Aggregation (Samples)
rollup lets you change the sample-size, to a time period in seconds.
avg:perform_time{*}.rollup(avg, 60) # average-perform time, within 60s windowsYou cannot use numeric filters on aggregated samples, but there are helpful functions.
cutoff_min(avg:perform_time{*}.rollup(avg, 60), 10) # only show samples that exceed 10
Functions
Several functions are available. See docs