PromQL Query Explorer

Use the PromQL Query Explorer to run PromQL queries and build infrastructure views. It allows you

  • Write PromQL queries faster by automatically identifying the common labels and labels among different metrics.

    See Run PromQL Queries Faster with Extended Label Set.

  • Query metrics by leveraging advanced functions, operators, and boolean logic.

  • Interactively modify the PromQL results by using visual label filtering.

  • Use label filtering to visualize the common labels between metrics, which is key when combining multiple metrics.

About the PromQL Explorer UI

The main components of the PromQL Query Explorer UI include widgets, time navigation, and dashboard and time series panel.

You’ll find PromQL Explore under the Explore tab on the Sysdig Monitor UI.

PromQL Query

The PromQL field supports manually building PromQL queries. You can manually enter simple or complex PromQL queries and build dashboards and create alerts. The PromQL Query Explorer allows running up to 5 queries simultaneously. With the query field, you can do the following:

  • Explore metrics and labels available in your infrastructure.

    For example, calculate the number of bytes received in a selected host:

    sysdig_host_net_total_bytes{host_mac="0a:e2:e8:b4:6c:1a"}
    

    Calculate the number of bytes received in all the hosts except one:

    sysdig_host_net_total_bytes{host_mac!="0a:a3:4b:3e:db:a2"}
    

    Compare current data with historical data:

    sysdig_host_net_total_bytes offset 7d
    
  • Use arithmetic operators to perform calculations on one or more metrics or labels.

    For example, calculate the rate of incoming bytes and convert it to bits:

    rate(sysdig_host_net_total_bytes[5m]) * 8
    
  • Build complex PromQL queries.

    For example, return summary ingress traffic across all the network interfaces grouped by instances

    sum(rate(sysdig_host_net_total_bytes[5m])) by (container_id)
    

Label Filtering

Label filtering to automatically identify common labels between queries for vector matching. In the given example, you can see that A and B metrics have only the host_mac label in common.

You can also filter by using the relational operators available in the time series table. Simply click the operator for it to be automatically applied to the queries. Run the queries again to visualize the metrics.

Filtering simultaneously applies to all the queries in the PromQL Query Explorer.

Widgets

PromQL Query Explorer supports only time series (Timechart). You can run advanced (PromQL) queries and build dashboard panels. PromQL Explorer does not support building form-based queries.

Time Navigation

PromQL Query Explorer is designed around time. After a query has been executed, Sysdig Monitor polls the infrastructure data every 10 seconds and refreshes the metrics on the Dashboard panel. You select how to view this gathered data by choosing a Preset interval and a time Range. For more information, see Time Navigation.

Legend

The legend is positioned on the upper right corner of the panel. Each query will have associated legends listed in the same execution order.

Build a Query

  1. On the Explore tab, click PromQL Query.

  2. Enter a PromQL query manually.

    sysdig_host_cpu_used_percent
    

    Click Add Query to run multiple queries. You can run up to 5 queries at once.

    sysdig_container_cpu_used_percent
    
  3. Click Run Query or press command+Enter.

    A dashboard will appear on the screen. You can either Copy to a Dashboard or Create an Alert.

Copy to a Dashboard

  1. Run a PromQL query.

  2. Click Create > Create a Dashboard Panel.

  3. Either select an existing Dashboard or enter the Dashboard name to copy to a new Dashboard.

  4. Click Copy and Open.

    The new Dashboard panel with the given title will open to the Dashboard tab.

    You might want to continue with the Dashboard operations as given in Dashboards.

Create an Alert

  1. Run a PromQL query.

  2. Click Create > Create Alert.

  3. If you have multiple queries, select the query you want to create the alert for.

    A new PromQL Alert page for the selected query appears on the screen.

    Continue with PromQL Alerts.

Remove a Query

Click the three dots next to the query field to remove the query.

Toggle Query Results

Click the respective query buttons, for example, A or B, to show or hide query results.



Last modified July 17, 2021: Aliases to old site urls (#98) (917a9be2)