Explore & Monitors query builder

Modes Overview

1. Metrics – Work with all your available metrics. Great for advanced use cases and custom metrics.

2. Infra Metrics – Use expert-built, predefined queries for common infrastructure scenarios. Ideal if you’re not sure which metric to pick or just want a quick start.

3. Logs – Query and visualize Logs data.

4. Traces – Query and visualize Traces, similar to logs.

5. RUM - Query and visualizer RUM Events.

Metrics/Infra Metrics

When you select the Metrics or Infra Metrics modes, you’ll work with something akin to Prometheus queries - but simplified.

groundcover supports a wide variety of metrics - Application and Infrastructure metrics are automatically generated using our eBPF sensor, and custom metrics can be ingested natively.

Metric Selector:

• Search and choose a metric.

• View associated labels and metadata (for groundcover’s built-in metrics).

• If the chosen built-in metric’s type is known, the Query Builder automatically applies the best-suited function to streamline your workflow.

Infra Metrics Mode:

• Select from ready-made queries grouped into categories (e.g., Container CPU, Node Disk).

• Perfect if you’re unsure which metric to choose. Just pick a category, and you’re set.

Filters Bar (Metrics/Infra Metrics):

• Filter by label key/value pairs.

• Use - to exclude values

• All filters are ANDed together, but multiple values for the same key form an OR condition.

• Type a key and : (e.g cluster:) to list its values.

• Use patterns (wildcards, partial matches) to refine results.

Aggregation Function Selector:

• sum: Adds up all values.

• avg: Calculates the average value.

• max: Finds the maximum value.

• min: Finds the minimum value.

• count: Counts how many data points there are.

• no aggregation: Leaves data un-aggregated.

Aggregation Labels Selector:

• Select one or more labels to group your results by.

Limit Selector:

• Show top or bottom results based on:

  • Max: Highest values.

  • Min: Lowest values.

  • Mean: Highest/lowest average values.

  • Median: Highest/lowest median values.

  • Last: Highest/lowest most recent values.

Visualization Type:

• Time-series: View data over time (time range set by the time-picker).

• Table: See instant snapshot data.

Time & Rollup Notes:

• The time-picker defines the time range for your query.

Advanced Query

Switching to Advanced Query mode allows you to view and modify the PromQL query generated by the Query Builder. This mode provides full flexibility for advanced users. However, changes made in the editor are not reflected back in the Query Builder. The editor is ideal for making manual adjustments that are beyond the capabilities offered in Query Builder mode.

Metrics Formulas

To enhance your data analysis in Metrics mode, groundcover supports the use of Formulas. Formulas allow you to perform arithmetic operations and apply functions to your metrics queries.

Using Formulas:

1. Assign Query Symbols: each metric query is automatically assigned a letter (A, B, C, etc.).

2. Construct Formulas: Combine these letters using operators and functions to create expressions.

Supported Operators:

• Addition: +

• Subtraction: -

• Multiplication: *

• Division: /

• Modulo: %

• Exponentiation: **

• Parentheses: () for grouping

Example:

To calculate the CPU usage percentage where A is the used CPU metric and B is the total CPU capacity:

(A / B) * 100

Logs/Traces

Filters Bar (Logs/Traces):

• Same label-based filtering as Metrics.

• Free Text Search (Logs only): Search for any substring.

• Exclude terms by prefixing with -

• Use * as a wildcard.

Measurement Selection (Logs/Traces):

• Count: Count total logs/traces.

• Count (unique): Count distinct values of a chosen field.

• Avg/Sum/Max/Min: For numeric fields, perform calculations.

• Percentiles (P99/P95/P50/P10): Show the value at a specific percentile.

Group By:

• Group results by fields (e.g., k8s.namespace, service.name) to break down the data by categories.

Rollup (Logs/Traces):

• Choose time buckets (like 1m, 5m) for aggregation. This helps smooth out spikes or show trends over chosen intervals.

Limit:

• Limit and sort table data to display only the most relevant rows.

Visualization Type (Logs/Traces):

• Time-series

• Table

• Stat

• Top List

• Pie

Examples

Here are a few examples to help you understand how to build and visualize queries using the Query Builder:

Query the top 5 workloads with the highest average container CPU usage in the namespaces demo-ng and opentelemetry-demo.

Quickly find the average memory usage of workloads in the namespace demo-ng. Instead of crafting a complex query, we simply selected Container Memory > Usage Amount.

Query the P99 duration of all HTTP traces across the platform. This query is broad, with no filters applied for clusters, namespaces, or specific services.

Narrow it down: Query the P99 duration of HTTP traces, but this time only for outbound traces from a specific workload.

Visualize the distribution of log counts per log level in the cluster demo. This provides a quick snapshot of the log severity levels.

RUM

The RUM Query Builder allows you to query RUM data collected by the groundcover SDK.

It includes the same components as the Logs/Traces builder (Measurement Selection, Group By, Rollup, Limit, Visualization Type), plus an additional selector for Event Type.

The following event types and their properties are available:

Global properties available for all RUM events:

• session_id

• service.name

• location.path

• location.title

• user.email

• user.organization

• user.name

• browser.version

• browser.name

• browser.type

• browser.platform

Example

Create a visualization of Errors over time grouped by error_message in the demo service: