The world of observability is full of unknown unknowns – things you aren't aware that you don't know, but need to know – as well as hypotheses that you need answers for. To tame this world, we provide the Query Builder, a tool that helps you to explore MELT data in your own way. The Query Builder allows you to ask the right questions while troubleshooting by providing an interface for fetching any data. Fetching data using the unified query language (UQL) syntax is a programmatic way of getting information. Whereas entity-specific pages present data related to a single entity, the Query Builder presents data related to multiple entities at once – giving you the single, unified view you need. It's also the only interface currently available where you can retrieve custom metrics.

Advantages of the Query Builder

  • It gives you freedom and autonomy because you can fetch any data you need at a particular moment.
  • UQL queries can help you to understand the topology of your data. You can construct queries that retrieve specific MELT data, sliced by attribute, event, or tag, and aggregated, grouped, or filtered as needed. 
  • You can further drill down by modifying the query based on the query results – adding inclusion or exclusion filters based on attribute or entity ID, and so on. In other words, the Query Builder provides a way for you to “interrogate the data” by having a “conversation” with it,  alternating between sending a query and receiving a response that forms the basis for a new query.
  • You can visually correlate peaks in the same data type across different entities (such as average peaks in metrics, error logs, and so on).

Target Users

The Query Builder is geared for super users – users who are comfortable with UQL syntax and who need a power tool to freely explore MELT data. These users typically have goals like:

  • Exploring MELT data during troubleshooting in order to find any details that support a working hypothesis
  • Seeing the top ten slowest traces to start investigating their problem areas
  • Seeing business transactions which have more than <N> calls per minute
  • Seeing pods with high CPU usage

Components of the Query Builder

To load the Query Builder, navigate to Explore > Query Builder.


ComponentDescription
Query Editor

A text editor with support for constructing UQL queries. It offers:

  • Code completion for UQL syntax and values of attributes, tags, metrics, sources, events, spans
  • A familiar command-line or IDE type of interface
  • Ability to select from several query templates ( data type, entity, alert)
  • Error handling, syntax recommendations, hints
  • Ability to see query history

Results pane

Displays query results in flexible ways:

  • As a "list view visualization" showing numerical series and number of observations per entity
  • As the raw JSON response body

You can toggle the display by clicking the results or json tab. The json tab only displays the first 50000 characters of a JSON response. To see the entire JSON response body, click Show all data at the bottom of the pane.

History/Templates tab

The History tab lists queries you've run in this login session. The Templates tab lists predefined queries.

Send UQL Queries

  1. Enter a query in UQL syntax using any of these strategies:
    • Use the Schema Browser to construct a query automatically – this is the recommended to become familiar with UQL and your topology
    • Select a saved query from the History tab or a predefined query from the Templates tab
    • Type a query in unified query language (UQL) syntax
  2. Click Run Query.
    The page displays the query results in the Results pane, and the query is automatically saved in the History tab.
  3. (Optional) Toggle the view in the Results pane by clicking the results or json tab.

Sample Queries

Get logs:

SINCE now - 24h
fetch result:events("logs:generic_record") {timestamp, attributes(severity), attributes(level), raw, attributes, eventFields, tags, traceId, spanId} limits events.count(1) order events.desc()
SQL


Get logs and metrics related to a specific Kubernetes container named user-service

FETCH
    attributes(k8s.container.name),
    events(logs:generic_record) {
       timestamp, attributes(severity), attributes, tags
    },
    metrics(infra:container.cpu.usage)
FROM entities(infra:container)[attributes(k8s.container.name) = "user-service"]
LIMITS events.count(10)
SINCE -1d
SQL


Get specific MELT data and attributes:

fetch attributes('k8s.cluster.name'),
 attributes('anomaly.status'),
 metrics('k8s:cpu.usage'),
 metrics('k8s:memory.usage'),
 events('alerting:healthrule.violation'),
 events('logs:generic_record') from entities(k8s:cluster)
SQL