Selection Functions

These functions allow you to select time series in Outlyer which you want to query and transform. Each unique metric name and labels is a unique time series in Outlyer that can be selected using the following functions.

• Selection Functions
  • :eq (Equals)
  • :not (Not)
  • :in (In)
  • :has (Has)
  • :gt (Greater Than)
  • :ge (Greater Than or Equal Too)
  • :lt (Less Than)
  • :le (Less Than or Equal Too)
  • :re (Regex)
  • :and (And)
  • :or (Or)
  • :by (Group By)
  • :cq (Combine Query)
• Aggregation Functions
  • :sum (Default)
  • :max
  • :min
  • :count
• Consolidation Functions
  • :cf-avg
  • :cf-min
  • :cf-max
  • :cf-sum
• Shift/Offset Functions

:eq (Equals)

The :eq function will select all time series that have the label {label} with the exact {value} from Outlyer.

{label},{value},:eq

:not (Not)

The opposite of above, the not function will exclude all time series where {label}={value}.

{label},{value},:eq,:not

:in (In)

The :in function will select all time series with a {label} value that match an array of comma seperated values.

{label},(,{values},),:in

:has (Has)

The :has function will select all time series that have the label {label}.

{label},:has

:gt (Greater Than)

For labels with numeric values, you can use the :gt (greater than) function to select all {label} time series with values greater than {value}.

{label},{value},:gt

:ge (Greater Than or Equal Too)

For labels with numeric values, you can use the :ge (greater than or equal too) function to select all {label} time series with values greater than or equal too {value}.

{label},{value},:gt

:lt (Less Than)

For labels with numeric values, you can use the :lt (less than) function to select all {label} time series with values less than {value}.

{label},{value},:lt

:le (Less Than or Equal Too)

For labels with numeric values, you can use the :le (less than or equal too) function to select all {label} time series with values less than or equal too {value}.

{label},{value},:le

:re (Regex)

The :re (regular expression) function will select all time series where the {label} matches the {regex}. Useful for wildcard queries but not recommended if you have a lot of metrics as it can cause performance issues with your queries.

{label},{regex},:re

:and (And)

The :and function allows you to combine the above queries to select all time series that match all the selection queries given only.

{label},{value},:eq,{label},{value},:eq,:and

:or (Or)

The :or function allows you to combine the above queries to select all time series that match any of the selection queries given.

{label},{value},:eq,{label},{value},:eq,:or

:by (Group By)

Finally the :by (group by) operator can be used to split a single aggregated time series into multiple time series for each {value} of the {label} selected by the group by operator.

{query},(,{labels},),:by

Multiple labels can be combined to do more complex group by selection such as showing a seperate time series for every aws.region further broken up by instance.type:

{query},(,awe.region,instance.type,),:by

:cq (Combine Query)

Recursively AND a common query to all queries in an expression. If the first parameter is not an expression, then it will be not be modified.

This function is used by dashboard scopes to generate scoped queries that apply selected key/value labels to the existing queries. It enables you to combine query expressions easily without you having to figure out the full combined query yourself.

The example query will get all time series for sys.cpu_pct only for instances in the us-east-1 AWS region:

name,sys.cpu_pct,:eq,aws.region,us-east-1,:eq,:cq

Aggregation Functions

All time series must have an aggregation function applied to summarize the data. If none is provided :sum is used by default. Aggregation functions will summarize the returned time series into the statistic you want to view the data points in.

:sum (Default)

Will add up all the data point values and return the total sum for each step period.

:max

Will select the maximum data point for each step period.

:min

Will select the minimum data point for each step period.

:count

Will return a count of all the unique time series found for each step period.

Consolidation Functions

As discussed in Normalization of metrics, if you want to override the default consolidation function selected by Outlyer, you can do so using the following consolidation functions at the end of your query:

:cf-avg

Consolidate data points across step periods by the average value of all the data points in that period.

:cf-min

Consolidate data points across step periods by the minimum value of all the data points in that period.

:cf-max

Consolidate data points across step periods by the maximum value of all the data points in that period.

:cf-sum

Consolidate data points across step periods by the combined sum of all the data points in that period.

Shift/Offset Functions

Sometimes its useful to graph the same time series side by side for different periods so you can compare. For example you may want to show a query for this week vs. last week over the same period to see if the time series patterns are the same or different week on week.

The :offset function allows you to do this by taking a query for the current time range and shifting it by a defined period:

{query},1w,:offset

The above query will offset the query by one week from the current time period. The offset can use the following duration units with a positive integer to calculate the offset:

• s, second, or seconds
• m, min, minute, or minutes
• h, hour, or hours
• d, day, or days
• w, week, or weeks
• month or months
• y, year, or years