PRODUCT
LEARN
CAREERS
ABOUT US

Hide navigation sidebar

Hide table of contents sidebar

Skip to content

Toggle site navigation sidebar

Observability Cloud documentation

Toggle table of contents sidebar

Get Started With Observe

Getting Started with Observe
Getting Help with Observe
Observe Tutorials
Toggle navigation of Observe Tutorials

Send Data to Observe

Observe Agent
Toggle navigation of Observe Agent
- Install Observe Agent on Kubernetes
  Toggle navigation of Install Observe Agent on Kubernetes
- Install Observe Agent on Linux
- Install Observe Agent on macOS
- Install Observe Agent on Windows
- Install Observe Agent using Ansible on Linux
- Install Observe Agent using Ansible on Windows
- Install Observe Agent on Amazon ECS (EC2)
- Install Observe Agent on Amazon ECS (Fargate)
- Docker
- Configuration
- Troubleshooting
- Versioning
  Toggle navigation of Versioning
  - Upgrade to Observe Agent v1.0.0
  - Upgrade to Observe Agent v2.0.0
APM Instrumentation
Toggle navigation of APM Instrumentation
LLM Application Instrumentation
Toggle navigation of LLM Application Instrumentation
Real User Monitoring Instrumentation
Observe Integrations
Toggle navigation of Observe Integrations
- Observe Apps
- Amazon Web Services (AWS)
  Toggle navigation of Amazon Web Services (AWS)
  - Amazon Web Services (AWS) Integration [Legacy]
  - Amazon CloudFront
  - Amazon EC2
  - Amazon Elastic Container Service
    Toggle navigation of Amazon Elastic Container Service
    - Amazon Elastic Container Service Metrics
    - Amazon Elastic Container Log Collection
  - Amazon RDS
    Toggle navigation of Amazon RDS
    - Amazon RDS Metrics
  - AWS Lambda
    Toggle navigation of AWS Lambda
    - AWS Lambda metrics
  - Elastic Load Balancing
    Toggle navigation of Elastic Load Balancing
    - Elastic Load Balancing Metrics
- AWS Quickstart
- Basic Threat Intel Integration
  Toggle navigation of Basic Threat Intel Integration
  - Installing the Basic Threat Intel App
  - Using Unified Basic Threat Intel Datasets with Observe
    Toggle navigation of Using Unified Basic Threat Intel Datasets with Observe
- Snowflake Observability
  Toggle navigation of Snowflake Observability
- Drata App (Public Preview)
  Toggle navigation of Drata App (Public Preview)
  - Installing the Drata App
- Fastly (Public Preview)
  Toggle navigation of Fastly (Public Preview)
  - Fastly app installation guide
  - Uninstalling the Fastly App
- Google Cloud Platform (GCP) App [Legacy]
  Toggle navigation of Google Cloud Platform (GCP) App [Legacy]
  - GCP Asset Inventory
  - GCP BigQuery
  - GCP Cloud Functions
    Toggle navigation of GCP Cloud Functions
    - GCP Cloud Functions metrics
  - GCP Cloud Load Balancing
    Toggle navigation of GCP Cloud Load Balancing
    - GCP Cloud Load Balancing Metrics
  - GCP Cloud Run
    Toggle navigation of GCP Cloud Run
    - GCP Cloud Run Metrics
  - GCP Cloud SQL
    Toggle navigation of GCP Cloud SQL
    - GCP Cloud SQL Metrics
  - GCP Cloud Storage
    Toggle navigation of GCP Cloud Storage
    - GCP Cloud Storage Metrics
  - GCP Compute
    Toggle navigation of GCP Compute
    - GCP Compute Metrics
  - GCP Logging
  - GCP Cloud Metrics
  - Google Kubernetes Engine
  - Memorystore Redis
- Google Cloud Platform Quickstart
  Toggle navigation of Google Cloud Platform Quickstart
  - Google Cloud Platform (GCP) Ingesting Data
- GitHub
  Toggle navigation of GitHub
- GitLab
  Toggle navigation of GitLab
- Host Monitoring [Legacy]
  Toggle navigation of Host Monitoring [Legacy]
  - Installing the Host Monitoring App
    Toggle navigation of Installing the Host Monitoring App
  - Uninstalling the Host Monitoring App
- Host Quickstart
- Jenkins CI/CD Integration
  Toggle navigation of Jenkins CI/CD Integration
  - Installing the Jenkins App
  - Uninstalling the Jenkins App
- Kubernetes
  Toggle navigation of Kubernetes
  - Installing the Kubernetes App
  - Collecting Pod Metrics and cAdvisor Metrics
- Microsoft Azure
  Toggle navigation of Microsoft Azure
- MongoDB Atlas
  Toggle navigation of MongoDB Atlas
  - Installing the MongoDB Atlas App
  - Updating the MongoDB Atlas App and Poller
- MySQL Database Service
  Toggle navigation of MySQL Database Service
  - Installing the MySQL DB App
  - Uninstalling the MySQL DB App
- Node Exporter
- OpenAI (Deprecated)
- Orca Security App (Public Preview)
  Toggle navigation of Orca Security App (Public Preview)
  - Installing the Orca Security App
- PostgreSQL Database Service
  Toggle navigation of PostgreSQL Database Service
  - Installing the PostgreSQL DB App
  - Uninstalling the PostgreSQL DB App
- Prometheus Metrics (Public Preview)
  Toggle navigation of Prometheus Metrics (Public Preview)
  - Installing the Prometheus Metrics App
  - Tutorial: Getting Started with Observe and Prometheus
- Security Onion App (Public Preview)
  Toggle navigation of Security Onion App (Public Preview)
  - Installing the Security Onion App
- Service Level Objectives (SLOs)
  Toggle navigation of Service Level Objectives (SLOs)
  - Installing the Service Level Objective App
Data Ingestion
Toggle navigation of Data Ingestion
- Datastreams
- Sources
  Toggle navigation of Sources
- Forwarders
  Toggle navigation of Forwarders
- Endpoints
  Toggle navigation of Endpoints
- Friendly Stem Names
- Troubleshooting Data Ingestion

Products

Log Management
Toggle navigation of Log Management
- Log Explorer
  Toggle navigation of Log Explorer
- Using Log Correlation
- Using Live Mode in Logs Explorer
- Adding new datasets to Log Explorer
- Unified Search Syntax
  Toggle navigation of Unified Search Syntax
  - Migrate to Unified Search Syntax
Application Performance Monitoring
Toggle navigation of Application Performance Monitoring
LLM Observability
Toggle navigation of LLM Observability
- LLM telemetry reference
Frontend Observability
Toggle navigation of Frontend Observability
- RUM telemetry reference
Metrics
Toggle navigation of Metrics
- Collecting and Using Metrics
  Toggle navigation of Collecting and Using Metrics
- Tutorial: Shaping Metrics
- Metrics Explorer
- Adding Custom Metric Datasets
- Adding Metrics Using the Metrics Expression Builder
- Tutorial: Shaping Host System Metrics
- Tutorial: Aggregated Metrics Shaping
Kubernetes Observability
Toggle navigation of Kubernetes Observability
Snowflake Observability
Toggle navigation of Snowflake Observability

Platform Capabilities

Creating Dashboards
Toggle navigation of Creating Dashboards
- Using Dashboards
- Dashboard Reports
Monitors and Alerts
Toggle navigation of Monitors and Alerts
- Creating a Threshold Monitor
- Creating a Count Monitor
- Creating a Promote Monitor
- Monitor Rules and Severities
- Muting Monitors
- Customizing Alert Messages
  Toggle navigation of Customizing Alert Messages
  - Monitoring Mustache Template Reference
- Overview of Shared Actions
- Alerting Example: Shared Actions and Monitors
- Working with Alerts in Observe
- Tuning and Troubleshooting Monitor Health
- Negative Monitoring
- Monitoring Anti-patterns
- Shared Action Integrations
  Toggle navigation of Shared Action Integrations
Creating and Sharing Worksheets
Toggle navigation of Creating and Sharing Worksheets
- Working with Data Formats and Types
Pivoting
Correlation Tags
Resources
Data Export
Drop filters
Create a drop filter
Delete a drop filter

Manage Observe

Authentication and Authorization in Observe
Toggle navigation of Authentication and Authorization in Observe
- Audit Trail
- Role Based Access Control
- Single Sign On (SSO) Configurations for Observe
  Toggle navigation of Single Sign On (SSO) Configurations for Observe
- Observe API Authentication
- Observe API Tokens
Manage application data volume
Customizing the Home Page
Toggle navigation of Customizing the Home Page
- Creating and Using Favorites
Using Acceleration Manager with Datasets
Using Credit Manager to Manage Compute Usage
Toggle navigation of Using Credit Manager to Manage Compute Usage
Observe Terraform Provider
Observe Regions
Settings

Develop with Observe

Exporting Query Results in CSV or JSON Format
Developer Toolkit Overview
URL Query Parameters
Observe Command Line Interface Tool Overview
Toggle navigation of Observe Command Line Interface Tool Overview
Snowflake Outbound Sharing

Reference

Key Observe Concepts
Toggle navigation of Key Observe Concepts
- Advanced Observe Concepts
- Exploring Data
- About Queries and On-demand Acceleration
- Observe Datasets and Time
  Toggle navigation of Observe Datasets and Time
Visualization Types Reference
Observe OPAL Query Language Reference
Toggle navigation of Observe OPAL Query Language Reference
- OPAL — Observe Processing and Analysis Language
  Toggle navigation of OPAL — Observe Processing and Analysis Language
  - All OPAL functions
    Toggle navigation of All OPAL functions
    - OPAL Functions By Category
      Toggle navigation of OPAL Functions By Category
      - OPAL Aggregate Functions
        Toggle navigation of OPAL Aggregate Functions
        
        any
        
        any_not_null
        
        array_agg
        
        array_agg_distinct
        
        array_union_agg
        
        avg
        
        count
        
        count_distinct
        
        count_distinct_exact
        
        delta
        
        delta_monotonic
        
        deriv
        
        first
        
        first_not_null
        
        hash_agg
        
        hash_agg_distinct
        
        histogram_combine
        
        last
        
        last_not_null
        
        max
        
        median
        
        median_exact
        
        min
        
        object_agg
        
        otel_exponential_histogram_sum
        
        otel_histogram_sum
        
        percentile
        
        percentile_cont
        
        percentile_disc
        
        prom_quantile
        
        rate
        
        stddev
        
        string_agg
        
        string_agg_distinct
        
        sum
        
        tdigest_agg
        
        tdigest_combine
        
        topk_agg
      - OPAL Boolean Functions
        Toggle navigation of OPAL Boolean Functions
        
        array_contains
        
        arrays_overlap
        
        bool
        
        bool_null
        
        contains
        
        ends_with
        
        eq
        
        gt
        
        gte
        
        in
        
        ipv4_address_in_network
        
        is_null
        
        like
        
        lt
        
        lte
        
        match_regex
        
        ne
        
        path_exists
        
        same
        
        search
        
        starts_with
      - OPAL Misc Functions
        Toggle navigation of OPAL Misc Functions
        
        asc
        
        coalesce
        
        desc
        
        exponential_histogram_null
        
        float64
        
        frame
        
        frame_exact
        
        frame_following
        
        frame_preceding
        
        hash
        
        histogram_null
        
        histogram_quantile
        
        if
        
        if_null
        
        int64
        
        m_exponential_histogram
        
        m_histogram
        
        m_tdigest
        
        nullsfirst
        
        nullslast
        
        numeric_null
        
        on
        
        order_by
        
        parse_hex
        
        strlen
        
        tdigest
        
        tdigest_null
        
        variant_null
      - OPAL Networking Functions
        Toggle navigation of OPAL Networking Functions
        
        int64_to_ipv4
        
        ipv4
        
        ipv4_address_in_network
        
        ipv4_network_int64
        
        ipv4_to_int64
        
        parse_ip
      - OPAL Numeric Functions
        Toggle navigation of OPAL Numeric Functions
        
        abs
        
        arccos_deg
        
        arccos_rad
        
        arcsin_deg
        
        arcsin_rad
        
        arctan_deg
        
        arctan_rad
        
        avg
        
        ceil
        
        cos_deg
        
        cos_rad
        
        count
        
        degrees
        
        delta
        
        delta_monotonic
        
        dense_rank
        
        deriv
        
        ewma
        
        exp
        
        float64_null
        
        floor
        
        haversine_distance_km
        
        int64_null
        
        int_div
        
        ln
        
        log
        
        median
        
        median_exact
        
        mod
        
        percentile
        
        percentile_cont
        
        percentile_disc
        
        pi
        
        pow
        
        prom_quantile
        
        radians
        
        rank
        
        rate
        
        round
        
        row_number
        
        sin_deg
        
        sin_rad
        
        sqrt
        
        stddev
        
        sum
        
        tan_deg
        
        tan_rad
        
        uniform
        
        width_bucket
        
        zipf
      - OPAL Regex Functions
        Toggle navigation of OPAL Regex Functions
        
        count_regex_matches
        
        get_regex
        
        get_regex_all
        
        match_regex
        
        regex
        
        replace_regex
      - OPAL Semistructured Functions
        Toggle navigation of OPAL Semistructured Functions
        
        append_item
        
        array
        
        array_agg
        
        array_agg_distinct
        
        array_contains
        
        array_distinct
        
        array_length
        
        array_max
        
        array_min
        
        array_null
        
        array_to_string
        
        array_union_agg
        
        arrays_overlap
        
        concat_arrays
        
        detect_browser
        
        drop_fields
        
        embed_sql_params
        
        get_field
        
        get_item
        
        get_jmespath
        
        get_regex_all
        
        index_of_item
        
        insert_item
        
        intersect_arrays
        
        m_object
        
        make_array
        
        make_array_range
        
        make_fields
        
        make_object
        
        merge_objects
        
        object
        
        object_agg
        
        object_keys
        
        object_null
        
        otel_exponential_histogram_quantile
        
        otel_exponential_histogram_sum
        
        otel_histogram_quantile
        
        otel_histogram_sum
        
        parse_csv
        
        parse_ip
        
        parse_json
        
        parse_kvs
        
        parse_url
        
        path_exists
        
        pick_fields
        
        pivot_array
        
        prepend_item
        
        slice_array
        
        sort_array
        
        split
        
        tokenize
        
        topk_agg
        
        unpivot_array
      - OPAL Special Functions
        Toggle navigation of OPAL Special Functions
        
        case
        
        group_by
        
        m
        
        metric
        
        options
        
        primary_key
        
        pk
        
        tags
        
        valid_for
        
        window
      - OPAL String Functions
        Toggle navigation of OPAL String Functions
        
        array_to_string
        
        check_json
        
        concat_strings
        
        contains
        
        decode_base64
        
        decode_uri
        
        decode_uri_component
        
        detect_browser
        
        editdistance
        
        embed_sql_params
        
        encode_base64
        
        encode_uri
        
        encode_uri_component
        
        ends_with
        
        format_time
        
        get_regex
        
        int64_to_ipv4
        
        ipv4_address_in_network
        
        label
        
        left
        
        like
        
        lower
        
        lpad
        
        ltrim
        
        parse_csv
        
        parse_kvs
        
        parse_timestamp
        
        pivot_array
        
        position
        
        regex
        
        replace
        
        replace_regex
        
        right
        
        rpad
        
        rtrim
        
        sha2
        
        split
        
        split_part
        
        starts_with
        
        string
        
        string_agg
        
        string_agg_distinct
        
        string_null
        
        substring
        
        tokenize
        
        tokenize_part
        
        trim
        
        unpivot_array
        
        upper
        
        variant_type_name
      - OPAL Time Functions
        Toggle navigation of OPAL Time Functions
        
        abs
        
        avg
        
        bin_end_time
        
        bin_size
        
        bin_start_time
        
        delta
        
        delta_monotonic
        
        deriv
        
        duration
        
        duration_hr
        
        duration_min
        
        duration_ms
        
        duration_null
        
        duration_sec
        
        ewma
        
        format_time
        
        from_milliseconds
        
        timestamp_ms
        
        from_nanoseconds
        
        timestamp_ns
        
        from_seconds
        
        timestamp_s
        
        histogram_fraction
        
        median
        
        median_exact
        
        now
        
        parse_duration
        
        parse_isotime
        
        parse_timestamp
        
        percentile
        
        percentile_cont
        
        percentile_disc
        
        query_end_time
        
        query_start_time
        
        rate
        
        row_end_time
        
        row_timestamp
        
        row_start_time
        
        stddev
        
        sum
        
        tdigest_agg
        
        tdigest_quantile
        
        timestamp_null
        
        to_days
        
        to_hours
        
        to_milliseconds
        
        to_minutes
        
        to_nanoseconds
        
        to_seconds
        
        to_weeks
        
        valid_for
      - OPAL Window Functions
        Toggle navigation of OPAL Window Functions
        
        any
        
        any_not_null
        
        array_union_agg
        
        avg
        
        count
        
        count_distinct
        
        count_distinct_exact
        
        delta
        
        delta_monotonic
        
        dense_rank
        
        deriv
        
        ewma
        
        first
        
        first_not_null
        
        hash_agg
        
        hash_agg_distinct
        
        lag
        
        lag_not_null
        
        last
        
        last_not_null
        
        lead
        
        lead_not_null
        
        max
        
        median
        
        median_exact
        
        min
        
        object_agg
        
        percentile
        
        percentile_cont
        
        percentile_disc
        
        rank
        
        rate
        
        row_number
        
        stddev
        
        sum
        
        tdigest_agg
        
        tdigest_combine
        
        topk_agg
      - OPAL Deprecated Function Aliases
        Toggle navigation of OPAL Deprecated Function Aliases
        
        any_null
        
        array_pivot
        
        array_unpivot
        
        countdistinct
        
        countdistinctexact
        
        decodebase64
        
        denserank
        
        encodebase64
        
        endswith
        
        groupby
        
        ifnull
        
        isnull
        
        makeobject
        
        match_regex_all
        
        medianexact
        
        milliseconds
        
        nanoseconds
        
        orderby
        
        parsehex
        
        parseip
        
        parseisotime
        
        parsejson
        
        parsekvs
        
        parseurl
        
        percentilecont
        
        percentiledisc
        
        primarykey
        
        queryendtime
        
        querystarttime
        
        regex_match
        
        regex_replace
        
        row_endtime
        
        rownumber
        
        seconds
        
        startswith
        
        strcat
        
        string_concat
        
        validfor
  - All OPAL verbs
    Toggle navigation of All OPAL verbs
    - OPAL Verbs By Category
      Toggle navigation of OPAL Verbs By Category
      - OPAL Aggregate Verbs
        Toggle navigation of OPAL Aggregate Verbs
        
        aggregate
        
        align
        
        dedup
        
        distinct
        
        fill
        
        histogram
        
        make_session
        
        merge_events
        
        pivot
        
        rollup
        
        statsby
        
        timechart
        
        bucketize
        
        timestats
        
        unpivot
      - OPAL Filter Verbs
        Toggle navigation of OPAL Filter Verbs
        
        always
        
        bottomk
        
        ever
        
        filter
        
        filter_last
        
        limit
        
        never
        
        topk
      - OPAL Join Verbs
        Toggle navigation of OPAL Join Verbs
        
        exists
        
        follow
        
        follow_not
        
        fulljoin
        
        join
        
        leftjoin
        
        lookup
        
        lookup_ip_info
        
        not_exists
        
        surrounding
        
        union
        
        update_resource
      - OPAL Metadata Verbs
        Toggle navigation of OPAL Metadata Verbs
        
        add_key
        
        drop_interface
        
        interface
        
        make_event
        
        make_interval
        
        make_metric
        
        make_resource
        
        make_session
        
        make_table
        
        merge_events
        
        set_col_enum
        
        set_col_immutable
        
        set_col_searchable
        
        set_col_visible
        
        set_label
        
        set_link
        
        set_metric
        
        set_metric_metadata
        
        set_primary_key
        
        set_pk
        
        set_timestamp
        
        set_valid_from
        
        set_valid_to
        
        sort
        
        timeshift
        
        unset_all_links
        
        unset_keys
        
        unset_link
        
        unsort
      - OPAL Metrics Verbs
        Toggle navigation of OPAL Metrics Verbs
        
        aggregate
        
        align
        
        make_metric
        
        rollup
        
        set_metric
        
        timeshift
      - OPAL Projection Verbs
        Toggle navigation of OPAL Projection Verbs
        
        drop_col
        
        extract_regex
        
        make_col
        
        pick_col
        
        rename_col
      - OPAL Semistructured Verbs
        Toggle navigation of OPAL Semistructured Verbs
        
        extract_regex
        
        flatten
        
        flatten_all
        
        flatten_leaves
        
        flatten_single
      - OPAL Deprecated Verb Aliases
        Toggle navigation of OPAL Deprecated Verb Aliases
        
        addfk
        
        addkey
        
        addmetric
        
        changelog
        
        coldrop
        
        colenum
        
        colimmutable
        
        colmake
        
        colpick
        
        colregex
        
        colrename
        
        colshow
        
        droptime
        
        fkdrop
        
        flattenall
        
        flattenleaves
        
        flattensingle
        
        makeresource
        
        makesession
        
        merge_event
        
        mergeevent
        
        reaggregate
        
        setlabel
        
        setpk
        
        setvf
        
        setvt
  - Language syntax
  - Data Types and Operators
- Language syntax
- Data Types and Operators
- Observe Performance Cookbook
  Toggle navigation of Observe Performance Cookbook
- Examples
- All OPAL functions
  Toggle navigation of All OPAL functions
  - OPAL Functions By Category
    Toggle navigation of OPAL Functions By Category
    - OPAL Aggregate Functions
      Toggle navigation of OPAL Aggregate Functions
      - any
      - any_not_null
      - array_agg
      - array_agg_distinct
      - array_union_agg
      - avg
      - count
      - count_distinct
      - count_distinct_exact
      - delta
      - delta_monotonic
      - deriv
      - first
      - first_not_null
      - hash_agg
      - hash_agg_distinct
      - histogram_combine
      - last
      - last_not_null
      - max
      - median
      - median_exact
      - min
      - object_agg
      - otel_exponential_histogram_sum
      - otel_histogram_sum
      - percentile
      - percentile_cont
      - percentile_disc
      - prom_quantile
      - rate
      - stddev
      - string_agg
      - string_agg_distinct
      - sum
      - tdigest_agg
      - tdigest_combine
      - topk_agg
    - OPAL Boolean Functions
      Toggle navigation of OPAL Boolean Functions
      - array_contains
      - arrays_overlap
      - bool
      - bool_null
      - contains
      - ends_with
      - eq
      - gt
      - gte
      - in
      - ipv4_address_in_network
      - is_null
      - like
      - lt
      - lte
      - match_regex
      - ne
      - path_exists
      - same
      - search
      - starts_with
    - OPAL Misc Functions
      Toggle navigation of OPAL Misc Functions
      - asc
      - coalesce
      - desc
      - exponential_histogram_null
      - float64
      - frame
      - frame_exact
      - frame_following
      - frame_preceding
      - hash
      - histogram_null
      - histogram_quantile
      - if
      - if_null
      - int64
      - m_exponential_histogram
      - m_histogram
      - m_tdigest
      - nullsfirst
      - nullslast
      - numeric_null
      - on
      - order_by
      - parse_hex
      - strlen
      - tdigest
      - tdigest_null
      - variant_null
    - OPAL Networking Functions
      Toggle navigation of OPAL Networking Functions
    - OPAL Numeric Functions
      Toggle navigation of OPAL Numeric Functions
      - abs
      - arccos_deg
      - arccos_rad
      - arcsin_deg
      - arcsin_rad
      - arctan_deg
      - arctan_rad
      - avg
      - ceil
      - cos_deg
      - cos_rad
      - count
      - degrees
      - delta
      - delta_monotonic
      - dense_rank
      - deriv
      - ewma
      - exp
      - float64_null
      - floor
      - haversine_distance_km
      - int64_null
      - int_div
      - ln
      - log
      - median
      - median_exact
      - mod
      - percentile
      - percentile_cont
      - percentile_disc
      - pi
      - pow
      - prom_quantile
      - radians
      - rank
      - rate
      - round
      - row_number
      - sin_deg
      - sin_rad
      - sqrt
      - stddev
      - sum
      - tan_deg
      - tan_rad
      - uniform
      - width_bucket
      - zipf
    - OPAL Regex Functions
      Toggle navigation of OPAL Regex Functions
    - OPAL Semistructured Functions
      Toggle navigation of OPAL Semistructured Functions
    - OPAL Special Functions
      Toggle navigation of OPAL Special Functions
      - case
      - group_by
      - m
      - metric
      - options
      - primary_key
      - pk
      - tags
      - valid_for
      - window
    - OPAL String Functions
      Toggle navigation of OPAL String Functions
      - array_to_string
      - check_json
      - concat_strings
      - contains
      - decode_base64
      - decode_uri
      - decode_uri_component
      - detect_browser
      - editdistance
      - embed_sql_params
      - encode_base64
      - encode_uri
      - encode_uri_component
      - ends_with
      - format_time
      - get_regex
      - int64_to_ipv4
      - ipv4_address_in_network
      - label
      - left
      - like
      - lower
      - lpad
      - ltrim
      - parse_csv
      - parse_kvs
      - parse_timestamp
      - pivot_array
      - position
      - regex
      - replace
      - replace_regex
      - right
      - rpad
      - rtrim
      - sha2
      - split
      - split_part
      - starts_with
      - string
      - string_agg
      - string_agg_distinct
      - string_null
      - substring
      - tokenize
      - tokenize_part
      - trim
      - unpivot_array
      - upper
      - variant_type_name
    - OPAL Time Functions
      Toggle navigation of OPAL Time Functions
      - abs
      - avg
      - bin_end_time
      - bin_size
      - bin_start_time
      - delta
      - delta_monotonic
      - deriv
      - duration
      - duration_hr
      - duration_min
      - duration_ms
      - duration_null
      - duration_sec
      - ewma
      - format_time
      - from_milliseconds
      - timestamp_ms
      - from_nanoseconds
      - timestamp_ns
      - from_seconds
      - timestamp_s
      - histogram_fraction
      - median
      - median_exact
      - now
      - parse_duration
      - parse_isotime
      - parse_timestamp
      - percentile
      - percentile_cont
      - percentile_disc
      - query_end_time
      - query_start_time
      - rate
      - row_end_time
      - row_timestamp
      - row_start_time
      - stddev
      - sum
      - tdigest_agg
      - tdigest_quantile
      - timestamp_null
      - to_days
      - to_hours
      - to_milliseconds
      - to_minutes
      - to_nanoseconds
      - to_seconds
      - to_weeks
      - valid_for
    - OPAL Window Functions
      Toggle navigation of OPAL Window Functions
      - any
      - any_not_null
      - array_union_agg
      - avg
      - count
      - count_distinct
      - count_distinct_exact
      - delta
      - delta_monotonic
      - dense_rank
      - deriv
      - ewma
      - first
      - first_not_null
      - hash_agg
      - hash_agg_distinct
      - lag
      - lag_not_null
      - last
      - last_not_null
      - lead
      - lead_not_null
      - max
      - median
      - median_exact
      - min
      - object_agg
      - percentile
      - percentile_cont
      - percentile_disc
      - rank
      - rate
      - row_number
      - stddev
      - sum
      - tdigest_agg
      - tdigest_combine
      - topk_agg
    - OPAL Deprecated Function Aliases
      Toggle navigation of OPAL Deprecated Function Aliases
      - any_null
      - array_pivot
      - array_unpivot
      - countdistinct
      - countdistinctexact
      - decodebase64
      - denserank
      - encodebase64
      - endswith
      - groupby
      - ifnull
      - isnull
      - makeobject
      - match_regex_all
      - medianexact
      - milliseconds
      - nanoseconds
      - orderby
      - parsehex
      - parseip
      - parseisotime
      - parsejson
      - parsekvs
      - parseurl
      - percentilecont
      - percentiledisc
      - primarykey
      - queryendtime
      - querystarttime
      - regex_match
      - regex_replace
      - row_endtime
      - rownumber
      - seconds
      - startswith
      - strcat
      - string_concat
      - validfor
- OPAL Functions By Category
  Toggle navigation of OPAL Functions By Category
  - OPAL Aggregate Functions
    Toggle navigation of OPAL Aggregate Functions
    - any
    - any_not_null
    - array_agg
    - array_agg_distinct
    - array_union_agg
    - avg
    - count
    - count_distinct
    - count_distinct_exact
    - delta
    - delta_monotonic
    - deriv
    - first
    - first_not_null
    - hash_agg
    - hash_agg_distinct
    - histogram_combine
    - last
    - last_not_null
    - max
    - median
    - median_exact
    - min
    - object_agg
    - otel_exponential_histogram_sum
    - otel_histogram_sum
    - percentile
    - percentile_cont
    - percentile_disc
    - prom_quantile
    - rate
    - stddev
    - string_agg
    - string_agg_distinct
    - sum
    - tdigest_agg
    - tdigest_combine
    - topk_agg
  - OPAL Boolean Functions
    Toggle navigation of OPAL Boolean Functions
    - array_contains
    - arrays_overlap
    - bool
    - bool_null
    - contains
    - ends_with
    - eq
    - gt
    - gte
    - in
    - ipv4_address_in_network
    - is_null
    - like
    - lt
    - lte
    - match_regex
    - ne
    - path_exists
    - same
    - search
    - starts_with
  - OPAL Misc Functions
    Toggle navigation of OPAL Misc Functions
    - asc
    - coalesce
    - desc
    - exponential_histogram_null
    - float64
    - frame
    - frame_exact
    - frame_following
    - frame_preceding
    - hash
    - histogram_null
    - histogram_quantile
    - if
    - if_null
    - int64
    - m_exponential_histogram
    - m_histogram
    - m_tdigest
    - nullsfirst
    - nullslast
    - numeric_null
    - on
    - order_by
    - parse_hex
    - strlen
    - tdigest
    - tdigest_null
    - variant_null
  - OPAL Networking Functions
    Toggle navigation of OPAL Networking Functions
  - OPAL Numeric Functions
    Toggle navigation of OPAL Numeric Functions
    - abs
    - arccos_deg
    - arccos_rad
    - arcsin_deg
    - arcsin_rad
    - arctan_deg
    - arctan_rad
    - avg
    - ceil
    - cos_deg
    - cos_rad
    - count
    - degrees
    - delta
    - delta_monotonic
    - dense_rank
    - deriv
    - ewma
    - exp
    - float64_null
    - floor
    - haversine_distance_km
    - int64_null
    - int_div
    - ln
    - log
    - median
    - median_exact
    - mod
    - percentile
    - percentile_cont
    - percentile_disc
    - pi
    - pow
    - prom_quantile
    - radians
    - rank
    - rate
    - round
    - row_number
    - sin_deg
    - sin_rad
    - sqrt
    - stddev
    - sum
    - tan_deg
    - tan_rad
    - uniform
    - width_bucket
    - zipf
  - OPAL Regex Functions
    Toggle navigation of OPAL Regex Functions
  - OPAL Semistructured Functions
    Toggle navigation of OPAL Semistructured Functions
  - OPAL Special Functions
    Toggle navigation of OPAL Special Functions
    - case
    - group_by
    - m
    - metric
    - options
    - primary_key
    - pk
    - tags
    - valid_for
    - window
  - OPAL String Functions
    Toggle navigation of OPAL String Functions
    - array_to_string
    - check_json
    - concat_strings
    - contains
    - decode_base64
    - decode_uri
    - decode_uri_component
    - detect_browser
    - editdistance
    - embed_sql_params
    - encode_base64
    - encode_uri
    - encode_uri_component
    - ends_with
    - format_time
    - get_regex
    - int64_to_ipv4
    - ipv4_address_in_network
    - label
    - left
    - like
    - lower
    - lpad
    - ltrim
    - parse_csv
    - parse_kvs
    - parse_timestamp
    - pivot_array
    - position
    - regex
    - replace
    - replace_regex
    - right
    - rpad
    - rtrim
    - sha2
    - split
    - split_part
    - starts_with
    - string
    - string_agg
    - string_agg_distinct
    - string_null
    - substring
    - tokenize
    - tokenize_part
    - trim
    - unpivot_array
    - upper
    - variant_type_name
  - OPAL Time Functions
    Toggle navigation of OPAL Time Functions
    - abs
    - avg
    - bin_end_time
    - bin_size
    - bin_start_time
    - delta
    - delta_monotonic
    - deriv
    - duration
    - duration_hr
    - duration_min
    - duration_ms
    - duration_null
    - duration_sec
    - ewma
    - format_time
    - from_milliseconds
    - timestamp_ms
    - from_nanoseconds
    - timestamp_ns
    - from_seconds
    - timestamp_s
    - histogram_fraction
    - median
    - median_exact
    - now
    - parse_duration
    - parse_isotime
    - parse_timestamp
    - percentile
    - percentile_cont
    - percentile_disc
    - query_end_time
    - query_start_time
    - rate
    - row_end_time
    - row_timestamp
    - row_start_time
    - stddev
    - sum
    - tdigest_agg
    - tdigest_quantile
    - timestamp_null
    - to_days
    - to_hours
    - to_milliseconds
    - to_minutes
    - to_nanoseconds
    - to_seconds
    - to_weeks
    - valid_for
  - OPAL Window Functions
    Toggle navigation of OPAL Window Functions
    - any
    - any_not_null
    - array_union_agg
    - avg
    - count
    - count_distinct
    - count_distinct_exact
    - delta
    - delta_monotonic
    - dense_rank
    - deriv
    - ewma
    - first
    - first_not_null
    - hash_agg
    - hash_agg_distinct
    - lag
    - lag_not_null
    - last
    - last_not_null
    - lead
    - lead_not_null
    - max
    - median
    - median_exact
    - min
    - object_agg
    - percentile
    - percentile_cont
    - percentile_disc
    - rank
    - rate
    - row_number
    - stddev
    - sum
    - tdigest_agg
    - tdigest_combine
    - topk_agg
  - OPAL Deprecated Function Aliases
    Toggle navigation of OPAL Deprecated Function Aliases
    - any_null
    - array_pivot
    - array_unpivot
    - countdistinct
    - countdistinctexact
    - decodebase64
    - denserank
    - encodebase64
    - endswith
    - groupby
    - ifnull
    - isnull
    - makeobject
    - match_regex_all
    - medianexact
    - milliseconds
    - nanoseconds
    - orderby
    - parsehex
    - parseip
    - parseisotime
    - parsejson
    - parsekvs
    - parseurl
    - percentilecont
    - percentiledisc
    - primarykey
    - queryendtime
    - querystarttime
    - regex_match
    - regex_replace
    - row_endtime
    - rownumber
    - seconds
    - startswith
    - strcat
    - string_concat
    - validfor
- OPAL Aggregate Functions
  Toggle navigation of OPAL Aggregate Functions
  - any
  - any_not_null
  - array_agg
  - array_agg_distinct
  - array_union_agg
  - avg
  - count
  - count_distinct
  - count_distinct_exact
  - delta
  - delta_monotonic
  - deriv
  - first
  - first_not_null
  - hash_agg
  - hash_agg_distinct
  - histogram_combine
  - last
  - last_not_null
  - max
  - median
  - median_exact
  - min
  - object_agg
  - otel_exponential_histogram_sum
  - otel_histogram_sum
  - percentile
  - percentile_cont
  - percentile_disc
  - prom_quantile
  - rate
  - stddev
  - string_agg
  - string_agg_distinct
  - sum
  - tdigest_agg
  - tdigest_combine
  - topk_agg
- OPAL Alignment Functions
  Toggle navigation of OPAL Alignment Functions
  - any
  - any_not_null
  - avg
  - count
  - count_distinct
  - count_distinct_exact
  - delta
  - delta_monotonic
  - deriv
  - first
  - first_not_null
  - last
  - last_not_null
  - max
  - median
  - median_exact
  - min
  - object_agg
  - percentile
  - percentile_cont
  - percentile_disc
  - prom_quantile
  - rate
  - stddev
  - sum
  - tdigest_agg
  - tdigest_combine
  - topk_agg
- OPAL Boolean Functions
  Toggle navigation of OPAL Boolean Functions
  - array_contains
  - arrays_overlap
  - bool
  - bool_null
  - contains
  - ends_with
  - eq
  - gt
  - gte
  - in
  - ipv4_address_in_network
  - is_null
  - like
  - lt
  - lte
  - match_regex
  - ne
  - path_exists
  - same
  - search
  - starts_with
- OPAL Case Sensitivity
- OPAL Numeric Functions
  Toggle navigation of OPAL Numeric Functions
  - abs
  - arccos_deg
  - arccos_rad
  - arcsin_deg
  - arcsin_rad
  - arctan_deg
  - arctan_rad
  - avg
  - ceil
  - cos_deg
  - cos_rad
  - count
  - degrees
  - delta
  - delta_monotonic
  - dense_rank
  - deriv
  - ewma
  - exp
  - float64_null
  - floor
  - haversine_distance_km
  - int64_null
  - int_div
  - ln
  - log
  - median
  - median_exact
  - mod
  - percentile
  - percentile_cont
  - percentile_disc
  - pi
  - pow
  - prom_quantile
  - radians
  - rank
  - rate
  - round
  - row_number
  - sin_deg
  - sin_rad
  - sqrt
  - stddev
  - sum
  - tan_deg
  - tan_rad
  - uniform
  - width_bucket
  - zipf
- OPAL Regex Functions
  Toggle navigation of OPAL Regex Functions
- OPAL Semistructured Functions
  Toggle navigation of OPAL Semistructured Functions
- OPAL Special Functions
  Toggle navigation of OPAL Special Functions
  - case
  - group_by
  - m
  - metric
  - options
  - primary_key
  - pk
  - tags
  - valid_for
  - window
- OPAL Time Functions
  Toggle navigation of OPAL Time Functions
  - abs
  - avg
  - bin_end_time
  - bin_size
  - bin_start_time
  - delta
  - delta_monotonic
  - deriv
  - duration
  - duration_hr
  - duration_min
  - duration_ms
  - duration_null
  - duration_sec
  - ewma
  - format_time
  - from_milliseconds
  - timestamp_ms
  - from_nanoseconds
  - timestamp_ns
  - from_seconds
  - timestamp_s
  - histogram_fraction
  - median
  - median_exact
  - now
  - parse_duration
  - parse_isotime
  - parse_timestamp
  - percentile
  - percentile_cont
  - percentile_disc
  - query_end_time
  - query_start_time
  - rate
  - row_end_time
  - row_timestamp
  - row_start_time
  - stddev
  - sum
  - tdigest_agg
  - tdigest_quantile
  - timestamp_null
  - to_days
  - to_hours
  - to_milliseconds
  - to_minutes
  - to_nanoseconds
  - to_seconds
  - to_weeks
  - valid_for
- Parsing Time Strings in OPAL
- OPAL Networking Functions
  Toggle navigation of OPAL Networking Functions
- OPAL Window Functions
  Toggle navigation of OPAL Window Functions
  - any
  - any_not_null
  - array_union_agg
  - avg
  - count
  - count_distinct
  - count_distinct_exact
  - delta
  - delta_monotonic
  - dense_rank
  - deriv
  - ewma
  - first
  - first_not_null
  - hash_agg
  - hash_agg_distinct
  - lag
  - lag_not_null
  - last
  - last_not_null
  - lead
  - lead_not_null
  - max
  - median
  - median_exact
  - min
  - object_agg
  - percentile
  - percentile_cont
  - percentile_disc
  - rank
  - rate
  - row_number
  - stddev
  - sum
  - tdigest_agg
  - tdigest_combine
  - topk_agg
- OPAL Misc Functions
  Toggle navigation of OPAL Misc Functions
  - asc
  - coalesce
  - desc
  - exponential_histogram_null
  - float64
  - frame
  - frame_exact
  - frame_following
  - frame_preceding
  - hash
  - histogram_null
  - histogram_quantile
  - if
  - if_null
  - int64
  - m_exponential_histogram
  - m_histogram
  - m_tdigest
  - nullsfirst
  - nullslast
  - numeric_null
  - on
  - order_by
  - parse_hex
  - strlen
  - tdigest
  - tdigest_null
  - variant_null
- OPAL Deprecated Function Aliases
  Toggle navigation of OPAL Deprecated Function Aliases
  - any_null
  - array_pivot
  - array_unpivot
  - countdistinct
  - countdistinctexact
  - decodebase64
  - denserank
  - encodebase64
  - endswith
  - groupby
  - ifnull
  - isnull
  - makeobject
  - match_regex_all
  - medianexact
  - milliseconds
  - nanoseconds
  - orderby
  - parsehex
  - parseip
  - parseisotime
  - parsejson
  - parsekvs
  - parseurl
  - percentilecont
  - percentiledisc
  - primarykey
  - queryendtime
  - querystarttime
  - regex_match
  - regex_replace
  - row_endtime
  - rownumber
  - seconds
  - startswith
  - strcat
  - string_concat
  - validfor
- All OPAL verbs
  Toggle navigation of All OPAL verbs
  - OPAL Verbs By Category
    Toggle navigation of OPAL Verbs By Category
    - OPAL Aggregate Verbs
      Toggle navigation of OPAL Aggregate Verbs
      - aggregate
      - align
      - dedup
      - distinct
      - fill
      - histogram
      - make_session
      - merge_events
      - pivot
      - rollup
      - statsby
      - timechart
      - bucketize
      - timestats
      - unpivot
    - OPAL Filter Verbs
      Toggle navigation of OPAL Filter Verbs
      - always
      - bottomk
      - ever
      - filter
      - filter_last
      - limit
      - never
      - topk
    - OPAL Join Verbs
      Toggle navigation of OPAL Join Verbs
      - exists
      - follow
      - follow_not
      - fulljoin
      - join
      - leftjoin
      - lookup
      - lookup_ip_info
      - not_exists
      - surrounding
      - union
      - update_resource
    - OPAL Metadata Verbs
      Toggle navigation of OPAL Metadata Verbs
    - OPAL Metrics Verbs
      Toggle navigation of OPAL Metrics Verbs
      - aggregate
      - align
      - make_metric
      - rollup
      - set_metric
      - timeshift
    - OPAL Projection Verbs
      Toggle navigation of OPAL Projection Verbs
    - OPAL Semistructured Verbs
      Toggle navigation of OPAL Semistructured Verbs
    - OPAL Deprecated Verb Aliases
      Toggle navigation of OPAL Deprecated Verb Aliases
      - addfk
      - addkey
      - addmetric
      - changelog
      - coldrop
      - colenum
      - colimmutable
      - colmake
      - colpick
      - colregex
      - colrename
      - colshow
      - droptime
      - fkdrop
      - flattenall
      - flattenleaves
      - flattensingle
      - makeresource
      - makesession
      - merge_event
      - mergeevent
      - reaggregate
      - setlabel
      - setpk
      - setvf
      - setvt
- OPAL Verbs By Category
  Toggle navigation of OPAL Verbs By Category
  - OPAL Aggregate Verbs
    Toggle navigation of OPAL Aggregate Verbs
    - aggregate
    - align
    - dedup
    - distinct
    - fill
    - histogram
    - make_session
    - merge_events
    - pivot
    - rollup
    - statsby
    - timechart
    - bucketize
    - timestats
    - unpivot
  - OPAL Filter Verbs
    Toggle navigation of OPAL Filter Verbs
    - always
    - bottomk
    - ever
    - filter
    - filter_last
    - limit
    - never
    - topk
  - OPAL Join Verbs
    Toggle navigation of OPAL Join Verbs
    - exists
    - follow
    - follow_not
    - fulljoin
    - join
    - leftjoin
    - lookup
    - lookup_ip_info
    - not_exists
    - surrounding
    - union
    - update_resource
  - OPAL Metadata Verbs
    Toggle navigation of OPAL Metadata Verbs
  - OPAL Metrics Verbs
    Toggle navigation of OPAL Metrics Verbs
    - aggregate
    - align
    - make_metric
    - rollup
    - set_metric
    - timeshift
  - OPAL Projection Verbs
    Toggle navigation of OPAL Projection Verbs
  - OPAL Semistructured Verbs
    Toggle navigation of OPAL Semistructured Verbs
  - OPAL Deprecated Verb Aliases
    Toggle navigation of OPAL Deprecated Verb Aliases
    - addfk
    - addkey
    - addmetric
    - changelog
    - coldrop
    - colenum
    - colimmutable
    - colmake
    - colpick
    - colregex
    - colrename
    - colshow
    - droptime
    - fkdrop
    - flattenall
    - flattenleaves
    - flattensingle
    - makeresource
    - makesession
    - merge_event
    - mergeevent
    - reaggregate
    - setlabel
    - setpk
    - setvf
    - setvt
- OPAL Aggregate Verbs
  Toggle navigation of OPAL Aggregate Verbs
  - aggregate
  - align
  - dedup
  - distinct
  - fill
  - histogram
  - make_session
  - merge_events
  - pivot
  - rollup
  - statsby
  - timechart
  - bucketize
  - timestats
  - unpivot
- OPAL Filter Verbs
  Toggle navigation of OPAL Filter Verbs
  - always
  - bottomk
  - ever
  - filter
  - filter_last
  - limit
  - never
  - topk
- OPAL Join Verbs
  Toggle navigation of OPAL Join Verbs
  - exists
  - follow
  - follow_not
  - fulljoin
  - join
  - leftjoin
  - lookup
  - lookup_ip_info
  - not_exists
  - surrounding
  - union
  - update_resource
- OPAL Metrics Verbs
  Toggle navigation of OPAL Metrics Verbs
  - aggregate
  - align
  - make_metric
  - rollup
  - set_metric
  - timeshift
- OPAL Projection Verbs
  Toggle navigation of OPAL Projection Verbs
- OPAL Semistructured Verbs
  Toggle navigation of OPAL Semistructured Verbs
- OPAL Metadata Verbs
  Toggle navigation of OPAL Metadata Verbs
- OPAL Deprecated Verb Aliases
  Toggle navigation of OPAL Deprecated Verb Aliases
  - addfk
  - addkey
  - addmetric
  - changelog
  - coldrop
  - colenum
  - colimmutable
  - colmake
  - colpick
  - colregex
  - colrename
  - colshow
  - droptime
  - fkdrop
  - flattenall
  - flattenleaves
  - flattensingle
  - makeresource
  - makesession
  - merge_event
  - mergeevent
  - reaggregate
  - setlabel
  - setpk
  - setvf
  - setvt
Observasaurus
Toggle navigation of Observasaurus
Observe Performance Cookbook
Toggle navigation of Observe Performance Cookbook
Conditional Formatting Reference
Units of Measurement
Keyboard Shortcuts Reference
Helpful Hints
Toggle navigation of Helpful Hints

Support Policies

Support Policies
Toggle navigation of Support Policies

Toggle table of contents sidebar

Helpful Hints¶

UI¶

Supported Web Browsers¶

Observe works best with the latest versions of Chrome, Edge, Firefox, and Safari.

How Many Monitors Are We Using?

Formatting large numbers for readability

Copyright © 2017-2025 Observe, Inc.

Made with Furo

Have comments about the Observe docs?

On this page

Helpful Hints
- UI
  - Supported Web Browsers