Skip to main content

Query builder

Create complex queries easily using the Query Builder in Custom Dashboards.

Overview

Using the Custom Dashboards Query Builder, you can now build queries for your widgets without the burden of knowing the exact DataPrime, Lucene, or PromQL syntax.

Use the Query Builder to create a query

During your widget setup, a query panel will appear in the lower part of the dashboard panel. Toggle between Builder and Query modes.

Metrics-based query

Logs-based query

The logs-based Query Builder allows you to create complex queries by crafting Lucene-based queries and then adding filters and functions.

Data source

In Builder mode, select logs as your source.

Data pipeline

Choose to query Frequent Search or Monitoring logs.

Filters

To add a filter, click +. Choose a label and an associated value.

Select the = or != operator from the drop-down menu to include or exclude one or more values, respectively. Selecting the =~ or !~ operators will allow you to input a regex expression.

To add additional label-value pairs, click the + button.

Functions

To add a function, click +. Show an aggregated value using one of the following functions.

FunctionDescription
CountThe total number of data points within the selected time range.
Count DistinctThe number of unique data points within the selected time range.
SumThe sum of all data points within the selected time range.
MinThe smallest value among the data points within the selected time range.
MaxThe largest value among the data points within the selected time range.
AverageThe average value of all data points within the selected time range.
Percentile XXRepresents the value below which XX% of the data points fall. For example, Percentile 95 is the value below which 95% of data points fall.

With Group by, you may group query results by one or more fields.

note

In time-based visualizations, when you use Group By with a timestamp field in logs or spans queries, the system automatically divides the selected dashboard time range into 96 equal time buckets.

The bucket size is calculated dynamically based on the time range picker (for example, Last 15 Minutes → ~9-second buckets).

Spans-based query

The spans-based Query Builder allows you to create complex queries by crafting Lucene-based queries and then adding filters and functions.

Data source

In Builder mode, select spans as your source.

Data pipeline

Choose to query Frequent Search or Monitoring spans. Find out more about TCO pipelines for spans here.

Filters

To add a filter, click +. Choose a label and an associated value.

Select the = or != operator from the drop-down menu to include or exclude one or more values, respectively. Selecting the =~ or !~ operators will allow you to input a regex expression.

To add additional label-value pairs, click the + button.

Functions

To add a function, click +. Show an aggregated value using one of the following functions.

FunctionDescription
CountThe total number of data points within the selected time range.
Count DistinctThe number of unique data points within the selected time range.
SumThe sum of all data points within the selected time range.
MinThe smallest value among the data points within the selected time range.
MaxThe largest value among the data points within the selected time range.
AverageThe average value of all data points within the selected time range.
Percentile XXRepresents the value below which XX% of the data points fall. For example, Percentile 95 is the value below which 95% of data points fall.

With Group By, you may group query results by 1 or more fields. The same 96-bucket time grouping applies here as in log-based queries.

DataPrime query

You may create a DataPrime query as the basis for your widget.

Data pipeline

Choose to query Frequent Search or Monitoring data. Find out more about TCO pipelines for logs here and for spans here.

DataPrime query assistance

Use the DataPrime Query Assistance to describe your query in natural language and the system will transform your input into a structured query.

Convert to DataPrime

When you create a logs-based or spans-based query, you have the option of converting it to DataPrime syntax language by clicking Convert to DataPrime in the upper right corner of the Builder.

When you do, the transformed query will appear under the DataPrime tab in the Builder.

note

Once you change data sources or convert your query to DataPrime, your original query parameters in the Builder will be lost. Saving your widget will preserve the most recent state of the widget.

Widget time

The dashboard's overall time picker sets the default timeframe for your query. To customize the timeframe for this widget alone, click Widget time and switch off the toggle to unlink it from the dashboard’s timeframe. You can then choose a standard or custom timeframe for this widget specifically.

Additional resources

Introduction to PromQL

Next steps

Learn how to create and manage variables for your dashboards.

Was this page helpful?
Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
On this page