Explore & Monitors query builder
The Query Builder in the platform's Explore and Monitors sections helps you craft and visualize queries on top of your data - Metrics, Infra Metrics, Logs, and Traces.
Last updated
The Query Builder in the platform's Explore and Monitors sections helps you craft and visualize queries on top of your data - Metrics, Infra Metrics, Logs, and Traces.
Last updated
Metrics – Work with all your available metrics. Great for advanced use cases and custom metrics.
Infra Metrics – Use expert-built, predefined queries for common infrastructure scenarios. Ideal if you’re not sure which metric to pick or just want a quick start.
Logs – Query and visualize Logs data.
Traces – Query and visualize Traces, similar to logs.
When you select the Metrics or Infra Metrics modes, you’ll work with something akin to Prometheus queries - but simplified.
groundcover supports a wide variety of metrics - Application and Infrastructure metrics are automatically generated using our eBPF sensor, and custom metrics can be ingested natively.
Function Selector:
rate: How fast a counter is increasing per time interval.
increase: Total growth of a counter over a time range.
histogram_quantile: Find a percentile (e.g., 95%) from histogram metrics.
no function: Use the raw value, no calculations.
When selecting a metric from our built-in (in Metrics mode), the Query Builder will automatically choose the appropriate function, based on the metadata.
Metric Selector:
Search and choose a metric.
View associated labels and metadata (for groundcover’s built-in metrics).
If the chosen built-in metric’s type is known, the Query Builder automatically applies the best-suited function to streamline your workflow.
Infra Metrics Mode:
Select from ready-made queries grouped into categories (e.g., Container CPU, Node Disk).
Perfect if you’re unsure which metric to choose. Just pick a category, and you’re set.
Filters Bar (Metrics/Infra Metrics):
Filter by label key/value pairs.
Use - to exclude values
All filters are ANDed together, but multiple values for the same key form an OR condition.
Type a key and : (e.g cluster:) to list its values.
Use patterns (wildcards, partial matches) to refine results.
Aggregation Function Selector:
sum: Adds up all values.
avg: Calculates the average value.
max: Finds the maximum value.
min: Finds the minimum value.
count: Counts how many data points there are.
no aggregation: Leaves data un-aggregated.
Aggregation Labels Selector:
Select one or more labels to group your results by.
Limit Selector:
Show top or bottom results based on:
Max: Highest values.
Min: Lowest values.
Mean: Highest/lowest average values.
Median: Highest/lowest median values.
Last: Highest/lowest most recent values.
Visualization Type:
Time-series: View data over time (time range set by the time-picker).
Table: See instant snapshot data.
Time & Rollup Notes:
The time-picker defines the time range for your query.
Advanced Query
Switching to Advanced Query mode allows you to view and modify the PromQL query generated by the Query Builder. This mode provides full flexibility for advanced users. However, changes made in the editor are not reflected back in the Query Builder. The editor is ideal for making manual adjustments that are beyond the capabilities offered in Query Builder mode.
Selecting or deselecting Clusters and Environments in the Backend Picker won't affect the metrics displayed.
Filters Bar (Logs/Traces):
Same label-based filtering as Metrics.
Free Text Search (Logs only): Search for any substring.
Exclude terms by prefixing with -
Use * as a wildcard.
Measurement Selection (Logs/Traces):
Count: Count total logs/traces.
Count (unique): Count distinct values of a chosen field.
Avg/Sum/Max/Min: For numeric fields, perform calculations.
Percentiles (P99/P95/P50/P10): Show the value at a specific percentile.
Group By:
Group results by fields (e.g., k8s.namespace, service.name) to break down the data by categories.
Rollup (Logs/Traces):
Choose time buckets (like 1m, 5m) for aggregation. This helps smooth out spikes or show trends over chosen intervals.
Limit:
Limit and sort table data to display only the most relevant rows.
Visualization Type (Logs/Traces):
Time-series: Shows how counts or numeric fields change over time.
Table: Displays raw event data in a tabular format.
Here are a few examples to help you understand how to build and visualize queries using the Query Builder:
Query the top 5 workloads with the highest average container CPU usage in the namespaces demo-ng and opentelemetry-demo.
Quickly find the average memory usage of workloads in the namespace demo-ng. Instead of crafting a complex query, we simply selected Container Memory > Usage Amount.
Query the P99 duration of all HTTP traces across the platform. This query is broad, with no filters applied for clusters, namespaces, or specific services.
Narrow it down: Query the P99 duration of HTTP traces, but this time only for outbound traces from a specific workload.
Visualize the distribution of log counts per log level in the cluster demo. This provides a quick snapshot of the log severity levels.
