Metrics Operators

This guide describes Sumo Logic metrics operators and provides usage examples.

Download a Metrics Cheatsheet

Guide contents

In this section, we'll introduce the following concepts:

📄️ accum

The accum operator creates a series of running totals for each metric time series. The running total in each series starts from the value of the first data point in the series, then iteratively adds up successive

📄️ along

The along metrics operator is useful when you join queries – it allows you to control what results are joined based on the value of one or more result fields. For more information, see Join Query Results.

📄️ avg

The avg operator calculates the average of all matching time series. If grouping is specified, it calculates the average for each group.

📄️ bottomk

The bottomk operator applies a specified aggregation function to the time series that match the query selector, and returns the n time series that have the lowest evaluated value over the query time range.

📄️ count

count

📄️ delta

The delta operator computes the backward difference at each data point in the time series to determine how much the metric has changed from its last value in the series.

📄️ eval

The eval operator evaluates a time series based on a user-specified arithmetic or mathematical function.

📄️ ewma

The ewma operator computes an Exponentially Weighted Moving Average (EWMA) on the data points returned by the query for the selected time range. This allows you to smooth out short-term fluctuations (outliers) and display long-term trends.

📄️ fillmissing

If a metric query returns results with empty timeslices, the visualization contains a straight line between the data points on either side of the empty timeslice(s).

📄️ filter

The functionality provided by the filter operator has been incorporated into the where operator. We recommend the use of where over filter, because filter will be deprecated in the future. For more information, see where Metrics Operator

📄️ histogram_quantile

The histogramquantile operator calculates the φ-quantile (0 ≤ φ ≤ 1) from the buckets of a histogram. This operator is specific to the Prometheus Histogram data type and does not work with non-Prometheus histograms. It is equivalent to the PromQL histogramquantile()

📄️ in

The in operator functionality can be used in a metrics query selector as shorthand for multiple OR conditions.

📄️ max

The max operator calculates the maximum value of the time series that match the query. If grouping is specified, it calculates the maximum for each group.

📄️ min

The min operator calculates the minimum value of the time series that match the query. If grouping is specified, it calculates the minimum for each group.

📄️ outlier

The metrics outlier operator identifies metrics data points that are outside the range of expected values. Outliers help you spot unusual behavior in your metrics visualizations and track the behavior over time.

📄️ parse

The parse operator parses the specified field to create new fields to use in the metrics query.

📄️ predict

Predict future values based on a single time series.

📄️ pct

The pct operator calculates, at each timestamp, the nth percentile of values of the input series for each time interval. If grouping is specified, it calculates the specified percentile for each group.

📄️ quantize

You can use the quantize operator to control the Sumo’s quantization behavior, which is described in detail in Metric Quantization.

📄️ rate

The rate operator calculates the per-second rate of change between consecutive data points. It divides the difference in values of consecutive data points by the difference in their timestamps (in milliseconds) and then multiplies the result by 1000 (to scale up the quantity from a per-millisecond rate to a per-second rate).

📄️ stddev

The stddev operator measures of the magnitude of deviations between the values in a time series.

📄️ sum

The sum operator calculates the sum of the metrics values that match the query. If grouping is specified, it calculates the sum for each group.

📄️ timeshift

The timeshift operator shifts the time series from your metrics query by a specified period of time.

📄️ topk

The topk operator applies a specified aggregation function to the time series that match the query selector, and returns the n time series that have the highest evaluated value over the query time range.

📄️ where

You can use the where operator to filter out either entire time series, or individual data points within a time series.