• PRODUCT
  • LEARN
    • BLOG
    • RESOURCES
    • DOCS
    • OBSERVABILITY COURSE
  • CAREERS
  • ABOUT US
Contents Menu Expand Light mode Dark mode Auto light/dark, in light mode Auto light/dark, in dark mode Skip to content
Observability Cloud documentation
Light Logo Dark Logo

Get Started With Observe

  • Getting Started with Observe
  • Getting Help with Observe
  • Observe Tutorials
    • Tutorial: Modeling Weather Data
    • Tutorial: Improbable Travel Search
    • Tutorial: Creating a Single Stat Dashboard
    • Tutorial: Using O11y Slack to Manage an Incident
    • Tutorial: Shaping Metrics
    • Tutorial: Aggregated Metrics Shaping
    • Tutorial: Shaping Host System Metrics
    • OPAL 101 – Getting Started with OPAL
    • OPAL 102 – Shaping Structured and Unstructured Data Using Stages
    • Batch Ingestion with Observe

Send Data to Observe

  • Observe Agent
    • Install Observe Agent on Linux
    • Install Observe Agent on macOS
    • Install Observe Agent on Windows
    • Install Observe Agent using Ansible
    • Install Observe Agent on Kubernetes
      • Configure application instrumentation
      • Collect Annotations and Labels
      • Add or Delete Attributes
      • Prometheus Autodiscovery
      • Filter Logs or Metrics
      • Collect Statsd Metrics
      • Collect Statsd Metrics using UDS
      • Node Affinity, Taints, and Tolerations
      • Deploy the Observe Agent to Multiple Kubernetes Clusters Using Rancher
      • Tuning Service Resource Requests and Limits
    • Install Observe Agent on Amazon ECS (EC2)
    • Docker
    • Configuration
    • Troubleshooting
    • Versioning
      • Upgrade to Observe Agent v1.0.0
      • Upgrade to Observe Agent v2.0.0
  • Application Instrumentation
    • Send Java application data to Observe
    • Send .NET application data to Observe
    • Send Node.js application data to Observe
    • Send Python application data to Observe
    • Send Ruby application data to Observe
    • Auto-Instrumentation with OpenTelemetry Operator in Kubernetes
  • Observe Integrations
    • Observe Apps
    • Amazon Web Services (AWS)
      • Amazon Web Services (AWS) Integration [Legacy]
      • Amazon CloudFront
      • Amazon EC2
      • Amazon Elastic Container Service
        • Amazon Elastic Container Service Metrics
        • Amazon Elastic Container Log Collection
      • Amazon RDS
        • Amazon RDS Metrics
      • AWS Lambda
        • AWS Lambda metrics
      • Elastic Load Balancing
        • Elastic Load Balancing Metrics
    • AWS Quickstart (Public Preview)
    • Basic Threat Intel Integration
      • Installing the Basic Threat Intel App
      • Using Unified Basic Threat Intel Datasets with Observe
        • Example: Using Unified Hosts-Domains and URL Threatlists
        • Example: Using Unified IPv4 Threatlists
        • Example: Using Unified IPv4 IAAS Providers List
    • Snowflake Observability
      • Observe for Snowflake Components
      • Prepare Observe to Receive Snowflake Data
      • Create Virtual Warehouse to Run Observe for Snowflake
      • Install Observe for Snowflake Application
      • Configure Observe for Snowflake Application
      • Send Data from Snowflake to Observe
      • Snowflake Data in Observe
      • Manage Snowflake With Observe
    • Drata App (Public Preview)
      • Installing the Drata App
    • Fastly (Public Preview)
      • Fastly app installation guide
      • Uninstalling the Fastly App
    • Google Cloud Platform (GCP) App [Legacy]
      • GCP Asset Inventory
      • GCP BigQuery
      • GCP Cloud Functions
        • GCP Cloud Functions metrics
      • GCP Cloud Load Balancing
        • GCP Cloud Load Balancing Metrics
      • GCP Cloud Run
        • GCP Cloud Run Metrics
      • GCP Cloud SQL
        • GCP Cloud SQL Metrics
      • GCP Cloud Storage
        • GCP Cloud Storage Metrics
      • GCP Compute
        • GCP Compute Metrics
      • GCP Logging
      • GCP Cloud Metrics
      • Google Kubernetes Engine
      • Memorystore Redis
    • Google Cloud Platform Quickstart
      • Google Cloud Platform (GCP) Ingesting Data
    • GitHub
      • Installing the GitHub App
      • Uninstalling the GitHub App
      • Upgrading to GitHub App v0.7.0
    • GitLab
      • Installing the GitLab App
      • Uninstalling the GitLab App
      • Upgrading the GitLab App to v0.4.0
    • Host Monitoring [Legacy]
      • Installing the Host Monitoring App
        • Installing Host Monitoring on Linux
        • Installing Host Monitoring on Windows
        • Installing Host Monitoring on MacOS
      • Uninstalling the Host Monitoring App
    • Host Quickstart
    • Jenkins CI/CD Integration
      • Installing the Jenkins App
      • Uninstalling the Jenkins App
    • Kubernetes
      • Installing the Kubernetes App
      • Collecting Pod Metrics and cAdvisor Metrics
    • Microsoft Azure
      • Azure Active Directory (AD)
      • Azure App Services
      • Azure Cognitive Services
      • Azure Functions
      • Azure Kubernetes Service (AKS)
      • Azure SQL Database
      • Azure SQL Managed Instances
      • Azure Storage Account
      • Azure Virtual Machines
      • Uninstalling the Microsoft Azure App
    • MongoDB Atlas
      • Installing the MongoDB Atlas App
      • Updating the MongoDB Atlas App and Poller
    • MySQL Database Service
      • Installing the MySQL DB App
      • Uninstalling the MySQL DB App
    • Node Exporter
    • OpenAI (Deprecated)
    • Orca Security App (Public Preview)
      • Installing the Orca Security App
    • PostgreSQL Database Service
      • Installing the PostgreSQL DB App
      • Uninstalling the PostgreSQL DB App
    • Prometheus Metrics (Public Preview)
      • Installing the Prometheus Metrics App
      • Tutorial: Getting Started with Observe and Prometheus
    • Security Onion App (Public Preview)
      • Installing the Security Onion App
    • Service Level Objectives (SLOs)
      • Installing the Service Level Objective App
  • Data Ingestion
    • Datastreams
    • Sources
      • Amazon API Gateway logs
      • Amazon S3
      • Amazon S3 Bucket Access Logs
      • AWS AppSync
      • AWS CloudTrail
      • Amazon EventBridge
      • Amazon CloudWatch Metrics Streams
      • Amazon CloudWatch Logs
      • GitHub
      • Google Workspace Audit Logs
      • Jira Tickets
      • Webhook
      • Windows Servers
      • Zendesk Tickets
    • Forwarders
      • Amazon Kinesis Firehose
      • Elastic Beats
      • Fluent Bit
      • Fluentd
      • Log4j
      • Logstash
      • Observe Lambda
      • OpenTelemetry Collector
      • Prometheus
      • Telegraf
    • Endpoints
      • Datadog Metrics
      • Elasticsearch
      • HTTP
      • Kinesis
      • OpenTelemetry
      • Prometheus
    • Friendly Stem Names
    • Troubleshooting Data Ingestion

Products

  • Log Management
    • Log Explorer
      • Using Log Correlation
      • Using Live Mode in Logs Explorer
      • Adding new datasets to Log Explorer
    • Using Log Correlation
    • Drop filters (Private Preview)
    • Create a drop filter
    • Delete a drop filter
    • Using Live Mode in Logs Explorer
    • Adding new datasets to Log Explorer
    • Unified Search Syntax
      • Migrate to Unified Search Syntax
  • Application Performance Management
    • Service management
    • Monitor and track new deploys on your service
    • Troubleshoot service endpoints
    • Trace Explorer
    • Monitor business applications
    • View logs associated with a trace
    • APM reference
  • Metrics
    • Collecting and Using Metrics
      • Adding Metrics Using the Metrics Expression Builder
      • Tutorial: Shaping Host System Metrics
      • Tutorial: Shaping Metrics
      • Adding Custom Metric Datasets
    • Tutorial: Shaping Metrics
    • Metrics Explorer
    • Adding Custom Metric Datasets
    • Adding Metrics Using the Metrics Expression Builder
    • Tutorial: Shaping Host System Metrics
    • Tutorial: Aggregated Metrics Shaping
    • OpenTelemetry metrics
  • Kubernetes Observability
    • Install the Observe Agent
    • Kubernetes Visibility
    • Kubernets Resource Utilization
    • Kubernetes Data Collection and Agent Interface
    • Metrics
    • Logs
  • Snowflake Observability
    • Observe for Snowflake Components
    • Prepare Observe to Receive Snowflake Data
    • Create Virtual Warehouse to Run Observe for Snowflake
    • Install Observe for Snowflake Application
    • Configure Observe for Snowflake Application
    • Send Data from Snowflake to Observe
    • Snowflake Data in Observe
    • Manage Snowflake With Observe

Platform Capabilities

  • Creating Dashboards
    • Using Dashboards
    • Dashboard Reports
  • Monitors and Alerts
    • Creating a Threshold Monitor
    • Creating a Count Monitor
    • Creating a Promote Monitor
    • Monitor Rules and Severities
    • Muting Monitors
    • Customizing Alert Messages
      • Monitoring Mustache Template Reference
    • Overview of Shared Actions
    • Alerting Example: Shared Actions and Monitors
    • Working with Alerts in Observe
    • Tuning and Troubleshooting Monitor Health
    • Negative Monitoring
    • Monitoring Anti-patterns
    • Shared Action Integrations
      • Sample Action for Microsoft Teams
      • Customization Options
      • PagerDuty
  • Creating and Sharing Worksheets
    • Working with Data Formats and Types
  • Pivoting
  • Correlation Tags
  • Resources
  • Data Export

Manage Observe

  • Authentication and Authorization in Observe
    • Audit Trail
    • Role Based Access Control
    • Single Sign On (SSO) Configurations for Observe
      • Configuring Microsoft Entra ID (formerly Azure Active Directory) Single Sign On (SSO)
      • Configuring Microsoft Active Directory Federation Service (ADFS)
      • Configuring Google Workspace SAML and Single Sign On (SSO)
      • Configuring Okta for SAML and Single Sign On (SSO)
      • Configuring OneLogin for Single Sign On (SSO)
      • Configuring Ping Identity PingOne for Single Sign On (SSO)
    • Observe API Authentication
    • Observe API Tokens
  • Manage application data volume
  • Customizing the Home Page
    • Creating and Using Favorites
  • Using Acceleration Manager with Datasets
  • Using Credit Manager to Manage Compute Usage
    • Configuring Credit Manager Settings Via Terraform
    • Understanding the License Dashboard
    • Understanding the Usage Dashboard
  • Observe Terraform Provider
  • Observe Regions
  • Settings

Develop with Observe

  • Exporting Query Results in CSV or JSON Format
  • Developer Toolkit Overview
  • URL Query Parameters
  • Observe Command Line Interface Tool Overview
    • Login Command
    • Help CLI Command
    • Get CLI Command
    • List CLI Command
    • Query Command
  • Snowflake Outbound Sharing

Reference

  • Key Observe Concepts
    • Advanced Observe Concepts
    • Exploring Data
    • About Queries and On-demand Acceleration
    • Observe Datasets and Time
      • Foreign Keys
      • Resource Primary Keys
      • Resource Times
      • Reference Tables
  • Visualization Types Reference
  • Observe OPAL Query Language Reference
    • OPAL — Observe Processing and Analysis Language
      • All OPAL functions
        • OPAL Functions By Category
          • OPAL Aggregate Functions
            • any
            • any_not_null
            • array_agg
            • array_agg_distinct
            • array_union_agg
            • avg
            • count
            • count_distinct
            • count_distinct_exact
            • delta
            • delta_monotonic
            • deriv
            • first
            • first_not_null
            • hash_agg
            • hash_agg_distinct
            • last
            • last_not_null
            • max
            • median
            • median_exact
            • min
            • object_agg
            • percentile
            • percentile_cont
            • percentile_disc
            • prom_quantile
            • rate
            • stddev
            • string_agg
            • string_agg_distinct
            • sum
            • tdigest_agg
            • tdigest_combine
            • topk_agg
          • OPAL Boolean Functions
            • array_contains
            • arrays_overlap
            • bool
            • bool_null
            • contains
            • ends_with
            • eq
            • gt
            • gte
            • in
            • ipv4_address_in_network
            • is_null
            • like
            • lt
            • lte
            • match_regex
            • ne
            • path_exists
            • same
            • search
            • starts_with
          • OPAL Misc Functions
            • asc
            • coalesce
            • desc
            • float64
            • frame
            • frame_exact
            • frame_following
            • frame_preceding
            • hash
            • if
            • if_null
            • int64
            • m_tdigest
            • nullsfirst
            • nullslast
            • numeric_null
            • on
            • order_by
            • parse_hex
            • strlen
            • tdigest
            • tdigest_null
            • variant_null
          • OPAL Networking Functions
            • int64_to_ipv4
            • ipv4
            • ipv4_address_in_network
            • ipv4_network_int64
            • ipv4_to_int64
            • parse_ip
          • OPAL Numeric Functions
            • abs
            • arccos_deg
            • arccos_rad
            • arcsin_deg
            • arcsin_rad
            • arctan_deg
            • arctan_rad
            • avg
            • ceil
            • cos_deg
            • cos_rad
            • count
            • degrees
            • delta
            • delta_monotonic
            • dense_rank
            • deriv
            • ewma
            • exp
            • float64_null
            • floor
            • haversine_distance_km
            • int64_null
            • int_div
            • ln
            • log
            • median
            • median_exact
            • mod
            • percentile
            • percentile_cont
            • percentile_disc
            • pi
            • pow
            • prom_quantile
            • radians
            • rank
            • rate
            • round
            • row_number
            • sin_deg
            • sin_rad
            • sqrt
            • stddev
            • sum
            • tan_deg
            • tan_rad
            • uniform
            • width_bucket
            • zipf
          • OPAL Regex Functions
            • count_regex_matches
            • get_regex
            • get_regex_all
            • match_regex
            • regex
            • replace_regex
          • OPAL Semistructured Functions
            • append_item
            • array
            • array_agg
            • array_agg_distinct
            • array_contains
            • array_distinct
            • array_length
            • array_max
            • array_min
            • array_null
            • array_to_string
            • array_union_agg
            • arrays_overlap
            • concat_arrays
            • detect_browser
            • drop_fields
            • embed_sql_params
            • get_field
            • get_item
            • get_jmespath
            • get_regex_all
            • index_of_item
            • insert_item
            • intersect_arrays
            • m_object
            • make_array
            • make_array_range
            • make_fields
            • make_object
            • merge_objects
            • object
            • object_agg
            • object_keys
            • object_null
            • parse_csv
            • parse_ip
            • parse_json
            • parse_kvs
            • parse_url
            • path_exists
            • pick_fields
            • pivot_array
            • prepend_item
            • slice_array
            • sort_array
            • split
            • tokenize
            • topk_agg
            • unpivot_array
          • OPAL Special Functions
            • case
            • group_by
            • m
            • metric
            • options
            • primary_key
            • pk
            • tags
            • valid_for
            • window
          • OPAL String Functions
            • array_to_string
            • check_json
            • concat_strings
            • contains
            • decode_base64
            • decode_uri
            • decode_uri_component
            • detect_browser
            • editdistance
            • embed_sql_params
            • encode_base64
            • encode_uri
            • encode_uri_component
            • ends_with
            • format_time
            • get_regex
            • int64_to_ipv4
            • ipv4_address_in_network
            • label
            • left
            • like
            • lower
            • lpad
            • ltrim
            • parse_csv
            • parse_kvs
            • parse_timestamp
            • pivot_array
            • position
            • regex
            • replace
            • replace_regex
            • right
            • rpad
            • rtrim
            • sha2
            • split
            • split_part
            • starts_with
            • string
            • string_agg
            • string_agg_distinct
            • string_null
            • substring
            • tokenize
            • tokenize_part
            • trim
            • unpivot_array
            • upper
            • variant_type_name
          • OPAL Time Functions
            • abs
            • avg
            • bin_end_time
            • bin_size
            • bin_start_time
            • delta
            • delta_monotonic
            • deriv
            • duration
            • duration_hr
            • duration_min
            • duration_ms
            • duration_null
            • duration_sec
            • ewma
            • format_time
            • from_milliseconds
            • timestamp_ms
            • from_nanoseconds
            • timestamp_ns
            • from_seconds
            • timestamp_s
            • median
            • median_exact
            • now
            • parse_duration
            • parse_isotime
            • parse_timestamp
            • percentile
            • percentile_cont
            • percentile_disc
            • query_end_time
            • query_start_time
            • rate
            • row_end_time
            • row_timestamp
            • row_start_time
            • stddev
            • sum
            • tdigest_agg
            • tdigest_quantile
            • timestamp_null
            • to_days
            • to_hours
            • to_milliseconds
            • to_minutes
            • to_nanoseconds
            • to_seconds
            • to_weeks
            • valid_for
          • OPAL Window Functions
            • any
            • any_not_null
            • array_union_agg
            • avg
            • count
            • count_distinct
            • count_distinct_exact
            • delta
            • delta_monotonic
            • dense_rank
            • deriv
            • ewma
            • first
            • first_not_null
            • hash_agg
            • hash_agg_distinct
            • lag
            • lag_not_null
            • last
            • last_not_null
            • lead
            • lead_not_null
            • max
            • median
            • median_exact
            • min
            • object_agg
            • percentile
            • percentile_cont
            • percentile_disc
            • rank
            • rate
            • row_number
            • stddev
            • sum
            • tdigest_agg
            • tdigest_combine
            • topk_agg
          • OPAL Deprecated Function Aliases
            • any_null
            • array_pivot
            • array_unpivot
            • countdistinct
            • countdistinctexact
            • decodebase64
            • denserank
            • encodebase64
            • endswith
            • groupby
            • ifnull
            • isnull
            • makeobject
            • match_regex_all
            • medianexact
            • milliseconds
            • nanoseconds
            • orderby
            • parsehex
            • parseip
            • parseisotime
            • parsejson
            • parsekvs
            • parseurl
            • percentilecont
            • percentiledisc
            • primarykey
            • queryendtime
            • querystarttime
            • regex_match
            • regex_replace
            • row_endtime
            • rownumber
            • seconds
            • startswith
            • strcat
            • string_concat
            • validfor
      • All OPAL verbs
        • OPAL Verbs By Category
          • OPAL Aggregate Verbs
            • aggregate
            • align
            • dedup
            • distinct
            • fill
            • histogram
            • make_session
            • merge_events
            • pivot
            • rollup
            • statsby
            • timechart
            • bucketize
            • timestats
            • unpivot
          • OPAL Filter Verbs
            • always
            • bottomk
            • ever
            • filter
            • filter_last
            • limit
            • never
            • topk
          • OPAL Join Verbs
            • exists
            • follow
            • follow_not
            • fulljoin
            • join
            • leftjoin
            • lookup
            • lookup_ip_info
            • not_exists
            • surrounding
            • union
            • update_resource
          • OPAL Metadata Verbs
            • add_key
            • drop_interface
            • interface
            • make_event
            • make_interval
            • make_metric
            • make_resource
            • make_session
            • make_table
            • merge_events
            • set_col_enum
            • set_col_immutable
            • set_col_searchable
            • set_col_visible
            • set_label
            • set_link
            • set_metric
            • set_metric_metadata
            • set_primary_key
            • set_pk
            • set_valid_from
            • set_valid_to
            • sort
            • timeshift
            • unset_all_links
            • unset_keys
            • unset_link
            • unsort
          • OPAL Metrics Verbs
            • aggregate
            • align
            • make_metric
            • rollup
            • set_metric
            • timeshift
          • OPAL Projection Verbs
            • drop_col
            • extract_regex
            • make_col
            • pick_col
            • rename_col
          • OPAL Semistructured Verbs
            • extract_regex
            • flatten
            • flatten_all
            • flatten_leaves
            • flatten_single
          • OPAL Deprecated Verb Aliases
            • addfk
            • addkey
            • addmetric
            • changelog
            • coldrop
            • colenum
            • colimmutable
            • colmake
            • colpick
            • colregex
            • colrename
            • colshow
            • droptime
            • fkdrop
            • flattenall
            • flattenleaves
            • flattensingle
            • makeresource
            • makesession
            • merge_event
            • mergeevent
            • reaggregate
            • setlabel
            • setpk
            • setvf
            • setvt
      • Language syntax
      • Data Types and Operators
    • Language syntax
    • Data Types and Operators
    • Observe Performance Cookbook
      • Observe Performance Cookbook: Use Approximate Values When Feasible
      • Observe Performance Cookbook: Avoid Large JSON Blobs
      • Observe Performance Cookbook: Cast Data Columns Extracted from JSON
      • Observe Performance Cookbook: Create Intermediate Datasets
      • Observe Performance Cookbook: Filter Earlier in OPAL Scripts
      • Observe Performance Cookbook: Using Filter instead of Ever
      • Observe Performance Cookbook: Flatten Less First
      • Observe Performance Cookbook: Limit Worksheet Time Windows
      • Observe Performance Cookbook: Limit Resource Time Windows
      • Observe Performance Cookbook: Limit Valid Event Time Windows
      • Observe Performance Cookbook: Look for Hidden Columns
      • Observe Performance Cookbook: Use Make_Events before Window Functions
      • Observe Performance Cookbook: Mark Immutable Resource Columns
      • Observe Performance Cookbook: Making Resources from Multiple Datasets
      • Observe Performance Cookbook: Prefer Join to Lookup
      • Observe Performance Cookbook: Prefer Lead and Lag to First and Last
      • Observe Performance Cookbook: Prefer Timechart to Timestats
      • Observe Performance Cookbook: Limit Query Time Windows
      • Observe Performance Cookbook: Limit Query Time Windows
      • Observe Performance Cookbook: Reduce Columns Earlier in OPAL Scripts
      • Observe Performance Cookbook: Extract from JSON instead of using Flatten
      • Observe Performance Cookbook: Type Data Columns
      • Observe Performance Cookbook: Use Interval for Ephemeral Things
    • Examples
    • All OPAL functions
      • OPAL Functions By Category
        • OPAL Aggregate Functions
          • any
          • any_not_null
          • array_agg
          • array_agg_distinct
          • array_union_agg
          • avg
          • count
          • count_distinct
          • count_distinct_exact
          • delta
          • delta_monotonic
          • deriv
          • first
          • first_not_null
          • hash_agg
          • hash_agg_distinct
          • last
          • last_not_null
          • max
          • median
          • median_exact
          • min
          • object_agg
          • percentile
          • percentile_cont
          • percentile_disc
          • prom_quantile
          • rate
          • stddev
          • string_agg
          • string_agg_distinct
          • sum
          • tdigest_agg
          • tdigest_combine
          • topk_agg
        • OPAL Boolean Functions
          • array_contains
          • arrays_overlap
          • bool
          • bool_null
          • contains
          • ends_with
          • eq
          • gt
          • gte
          • in
          • ipv4_address_in_network
          • is_null
          • like
          • lt
          • lte
          • match_regex
          • ne
          • path_exists
          • same
          • search
          • starts_with
        • OPAL Misc Functions
          • asc
          • coalesce
          • desc
          • float64
          • frame
          • frame_exact
          • frame_following
          • frame_preceding
          • hash
          • if
          • if_null
          • int64
          • m_tdigest
          • nullsfirst
          • nullslast
          • numeric_null
          • on
          • order_by
          • parse_hex
          • strlen
          • tdigest
          • tdigest_null
          • variant_null
        • OPAL Networking Functions
          • int64_to_ipv4
          • ipv4
          • ipv4_address_in_network
          • ipv4_network_int64
          • ipv4_to_int64
          • parse_ip
        • OPAL Numeric Functions
          • abs
          • arccos_deg
          • arccos_rad
          • arcsin_deg
          • arcsin_rad
          • arctan_deg
          • arctan_rad
          • avg
          • ceil
          • cos_deg
          • cos_rad
          • count
          • degrees
          • delta
          • delta_monotonic
          • dense_rank
          • deriv
          • ewma
          • exp
          • float64_null
          • floor
          • haversine_distance_km
          • int64_null
          • int_div
          • ln
          • log
          • median
          • median_exact
          • mod
          • percentile
          • percentile_cont
          • percentile_disc
          • pi
          • pow
          • prom_quantile
          • radians
          • rank
          • rate
          • round
          • row_number
          • sin_deg
          • sin_rad
          • sqrt
          • stddev
          • sum
          • tan_deg
          • tan_rad
          • uniform
          • width_bucket
          • zipf
        • OPAL Regex Functions
          • count_regex_matches
          • get_regex
          • get_regex_all
          • match_regex
          • regex
          • replace_regex
        • OPAL Semistructured Functions
          • append_item
          • array
          • array_agg
          • array_agg_distinct
          • array_contains
          • array_distinct
          • array_length
          • array_max
          • array_min
          • array_null
          • array_to_string
          • array_union_agg
          • arrays_overlap
          • concat_arrays
          • detect_browser
          • drop_fields
          • embed_sql_params
          • get_field
          • get_item
          • get_jmespath
          • get_regex_all
          • index_of_item
          • insert_item
          • intersect_arrays
          • m_object
          • make_array
          • make_array_range
          • make_fields
          • make_object
          • merge_objects
          • object
          • object_agg
          • object_keys
          • object_null
          • parse_csv
          • parse_ip
          • parse_json
          • parse_kvs
          • parse_url
          • path_exists
          • pick_fields
          • pivot_array
          • prepend_item
          • slice_array
          • sort_array
          • split
          • tokenize
          • topk_agg
          • unpivot_array
        • OPAL Special Functions
          • case
          • group_by
          • m
          • metric
          • options
          • primary_key
          • pk
          • tags
          • valid_for
          • window
        • OPAL String Functions
          • array_to_string
          • check_json
          • concat_strings
          • contains
          • decode_base64
          • decode_uri
          • decode_uri_component
          • detect_browser
          • editdistance
          • embed_sql_params
          • encode_base64
          • encode_uri
          • encode_uri_component
          • ends_with
          • format_time
          • get_regex
          • int64_to_ipv4
          • ipv4_address_in_network
          • label
          • left
          • like
          • lower
          • lpad
          • ltrim
          • parse_csv
          • parse_kvs
          • parse_timestamp
          • pivot_array
          • position
          • regex
          • replace
          • replace_regex
          • right
          • rpad
          • rtrim
          • sha2
          • split
          • split_part
          • starts_with
          • string
          • string_agg
          • string_agg_distinct
          • string_null
          • substring
          • tokenize
          • tokenize_part
          • trim
          • unpivot_array
          • upper
          • variant_type_name
        • OPAL Time Functions
          • abs
          • avg
          • bin_end_time
          • bin_size
          • bin_start_time
          • delta
          • delta_monotonic
          • deriv
          • duration
          • duration_hr
          • duration_min
          • duration_ms
          • duration_null
          • duration_sec
          • ewma
          • format_time
          • from_milliseconds
          • timestamp_ms
          • from_nanoseconds
          • timestamp_ns
          • from_seconds
          • timestamp_s
          • median
          • median_exact
          • now
          • parse_duration
          • parse_isotime
          • parse_timestamp
          • percentile
          • percentile_cont
          • percentile_disc
          • query_end_time
          • query_start_time
          • rate
          • row_end_time
          • row_timestamp
          • row_start_time
          • stddev
          • sum
          • tdigest_agg
          • tdigest_quantile
          • timestamp_null
          • to_days
          • to_hours
          • to_milliseconds
          • to_minutes
          • to_nanoseconds
          • to_seconds
          • to_weeks
          • valid_for
        • OPAL Window Functions
          • any
          • any_not_null
          • array_union_agg
          • avg
          • count
          • count_distinct
          • count_distinct_exact
          • delta
          • delta_monotonic
          • dense_rank
          • deriv
          • ewma
          • first
          • first_not_null
          • hash_agg
          • hash_agg_distinct
          • lag
          • lag_not_null
          • last
          • last_not_null
          • lead
          • lead_not_null
          • max
          • median
          • median_exact
          • min
          • object_agg
          • percentile
          • percentile_cont
          • percentile_disc
          • rank
          • rate
          • row_number
          • stddev
          • sum
          • tdigest_agg
          • tdigest_combine
          • topk_agg
        • OPAL Deprecated Function Aliases
          • any_null
          • array_pivot
          • array_unpivot
          • countdistinct
          • countdistinctexact
          • decodebase64
          • denserank
          • encodebase64
          • endswith
          • groupby
          • ifnull
          • isnull
          • makeobject
          • match_regex_all
          • medianexact
          • milliseconds
          • nanoseconds
          • orderby
          • parsehex
          • parseip
          • parseisotime
          • parsejson
          • parsekvs
          • parseurl
          • percentilecont
          • percentiledisc
          • primarykey
          • queryendtime
          • querystarttime
          • regex_match
          • regex_replace
          • row_endtime
          • rownumber
          • seconds
          • startswith
          • strcat
          • string_concat
          • validfor
    • OPAL Functions By Category
      • OPAL Aggregate Functions
        • any
        • any_not_null
        • array_agg
        • array_agg_distinct
        • array_union_agg
        • avg
        • count
        • count_distinct
        • count_distinct_exact
        • delta
        • delta_monotonic
        • deriv
        • first
        • first_not_null
        • hash_agg
        • hash_agg_distinct
        • last
        • last_not_null
        • max
        • median
        • median_exact
        • min
        • object_agg
        • percentile
        • percentile_cont
        • percentile_disc
        • prom_quantile
        • rate
        • stddev
        • string_agg
        • string_agg_distinct
        • sum
        • tdigest_agg
        • tdigest_combine
        • topk_agg
      • OPAL Boolean Functions
        • array_contains
        • arrays_overlap
        • bool
        • bool_null
        • contains
        • ends_with
        • eq
        • gt
        • gte
        • in
        • ipv4_address_in_network
        • is_null
        • like
        • lt
        • lte
        • match_regex
        • ne
        • path_exists
        • same
        • search
        • starts_with
      • OPAL Misc Functions
        • asc
        • coalesce
        • desc
        • float64
        • frame
        • frame_exact
        • frame_following
        • frame_preceding
        • hash
        • if
        • if_null
        • int64
        • m_tdigest
        • nullsfirst
        • nullslast
        • numeric_null
        • on
        • order_by
        • parse_hex
        • strlen
        • tdigest
        • tdigest_null
        • variant_null
      • OPAL Networking Functions
        • int64_to_ipv4
        • ipv4
        • ipv4_address_in_network
        • ipv4_network_int64
        • ipv4_to_int64
        • parse_ip
      • OPAL Numeric Functions
        • abs
        • arccos_deg
        • arccos_rad
        • arcsin_deg
        • arcsin_rad
        • arctan_deg
        • arctan_rad
        • avg
        • ceil
        • cos_deg
        • cos_rad
        • count
        • degrees
        • delta
        • delta_monotonic
        • dense_rank
        • deriv
        • ewma
        • exp
        • float64_null
        • floor
        • haversine_distance_km
        • int64_null
        • int_div
        • ln
        • log
        • median
        • median_exact
        • mod
        • percentile
        • percentile_cont
        • percentile_disc
        • pi
        • pow
        • prom_quantile
        • radians
        • rank
        • rate
        • round
        • row_number
        • sin_deg
        • sin_rad
        • sqrt
        • stddev
        • sum
        • tan_deg
        • tan_rad
        • uniform
        • width_bucket
        • zipf
      • OPAL Regex Functions
        • count_regex_matches
        • get_regex
        • get_regex_all
        • match_regex
        • regex
        • replace_regex
      • OPAL Semistructured Functions
        • append_item
        • array
        • array_agg
        • array_agg_distinct
        • array_contains
        • array_distinct
        • array_length
        • array_max
        • array_min
        • array_null
        • array_to_string
        • array_union_agg
        • arrays_overlap
        • concat_arrays
        • detect_browser
        • drop_fields
        • embed_sql_params
        • get_field
        • get_item
        • get_jmespath
        • get_regex_all
        • index_of_item
        • insert_item
        • intersect_arrays
        • m_object
        • make_array
        • make_array_range
        • make_fields
        • make_object
        • merge_objects
        • object
        • object_agg
        • object_keys
        • object_null
        • parse_csv
        • parse_ip
        • parse_json
        • parse_kvs
        • parse_url
        • path_exists
        • pick_fields
        • pivot_array
        • prepend_item
        • slice_array
        • sort_array
        • split
        • tokenize
        • topk_agg
        • unpivot_array
      • OPAL Special Functions
        • case
        • group_by
        • m
        • metric
        • options
        • primary_key
        • pk
        • tags
        • valid_for
        • window
      • OPAL String Functions
        • array_to_string
        • check_json
        • concat_strings
        • contains
        • decode_base64
        • decode_uri
        • decode_uri_component
        • detect_browser
        • editdistance
        • embed_sql_params
        • encode_base64
        • encode_uri
        • encode_uri_component
        • ends_with
        • format_time
        • get_regex
        • int64_to_ipv4
        • ipv4_address_in_network
        • label
        • left
        • like
        • lower
        • lpad
        • ltrim
        • parse_csv
        • parse_kvs
        • parse_timestamp
        • pivot_array
        • position
        • regex
        • replace
        • replace_regex
        • right
        • rpad
        • rtrim
        • sha2
        • split
        • split_part
        • starts_with
        • string
        • string_agg
        • string_agg_distinct
        • string_null
        • substring
        • tokenize
        • tokenize_part
        • trim
        • unpivot_array
        • upper
        • variant_type_name
      • OPAL Time Functions
        • abs
        • avg
        • bin_end_time
        • bin_size
        • bin_start_time
        • delta
        • delta_monotonic
        • deriv
        • duration
        • duration_hr
        • duration_min
        • duration_ms
        • duration_null
        • duration_sec
        • ewma
        • format_time
        • from_milliseconds
        • timestamp_ms
        • from_nanoseconds
        • timestamp_ns
        • from_seconds
        • timestamp_s
        • median
        • median_exact
        • now
        • parse_duration
        • parse_isotime
        • parse_timestamp
        • percentile
        • percentile_cont
        • percentile_disc
        • query_end_time
        • query_start_time
        • rate
        • row_end_time
        • row_timestamp
        • row_start_time
        • stddev
        • sum
        • tdigest_agg
        • tdigest_quantile
        • timestamp_null
        • to_days
        • to_hours
        • to_milliseconds
        • to_minutes
        • to_nanoseconds
        • to_seconds
        • to_weeks
        • valid_for
      • OPAL Window Functions
        • any
        • any_not_null
        • array_union_agg
        • avg
        • count
        • count_distinct
        • count_distinct_exact
        • delta
        • delta_monotonic
        • dense_rank
        • deriv
        • ewma
        • first
        • first_not_null
        • hash_agg
        • hash_agg_distinct
        • lag
        • lag_not_null
        • last
        • last_not_null
        • lead
        • lead_not_null
        • max
        • median
        • median_exact
        • min
        • object_agg
        • percentile
        • percentile_cont
        • percentile_disc
        • rank
        • rate
        • row_number
        • stddev
        • sum
        • tdigest_agg
        • tdigest_combine
        • topk_agg
      • OPAL Deprecated Function Aliases
        • any_null
        • array_pivot
        • array_unpivot
        • countdistinct
        • countdistinctexact
        • decodebase64
        • denserank
        • encodebase64
        • endswith
        • groupby
        • ifnull
        • isnull
        • makeobject
        • match_regex_all
        • medianexact
        • milliseconds
        • nanoseconds
        • orderby
        • parsehex
        • parseip
        • parseisotime
        • parsejson
        • parsekvs
        • parseurl
        • percentilecont
        • percentiledisc
        • primarykey
        • queryendtime
        • querystarttime
        • regex_match
        • regex_replace
        • row_endtime
        • rownumber
        • seconds
        • startswith
        • strcat
        • string_concat
        • validfor
    • OPAL Aggregate Functions
      • any
      • any_not_null
      • array_agg
      • array_agg_distinct
      • array_union_agg
      • avg
      • count
      • count_distinct
      • count_distinct_exact
      • delta
      • delta_monotonic
      • deriv
      • first
      • first_not_null
      • hash_agg
      • hash_agg_distinct
      • last
      • last_not_null
      • max
      • median
      • median_exact
      • min
      • object_agg
      • percentile
      • percentile_cont
      • percentile_disc
      • prom_quantile
      • rate
      • stddev
      • string_agg
      • string_agg_distinct
      • sum
      • tdigest_agg
      • tdigest_combine
      • topk_agg
    • OPAL Alignment Functions
      • any
      • any_not_null
      • avg
      • count
      • count_distinct
      • count_distinct_exact
      • delta
      • delta_monotonic
      • deriv
      • first
      • first_not_null
      • last
      • last_not_null
      • max
      • median
      • median_exact
      • min
      • object_agg
      • percentile
      • percentile_cont
      • percentile_disc
      • prom_quantile
      • rate
      • stddev
      • sum
      • tdigest_agg
      • tdigest_combine
      • topk_agg
    • OPAL Boolean Functions
      • array_contains
      • arrays_overlap
      • bool
      • bool_null
      • contains
      • ends_with
      • eq
      • gt
      • gte
      • in
      • ipv4_address_in_network
      • is_null
      • like
      • lt
      • lte
      • match_regex
      • ne
      • path_exists
      • same
      • search
      • starts_with
    • OPAL Case Sensitivity
    • OPAL Numeric Functions
      • abs
      • arccos_deg
      • arccos_rad
      • arcsin_deg
      • arcsin_rad
      • arctan_deg
      • arctan_rad
      • avg
      • ceil
      • cos_deg
      • cos_rad
      • count
      • degrees
      • delta
      • delta_monotonic
      • dense_rank
      • deriv
      • ewma
      • exp
      • float64_null
      • floor
      • haversine_distance_km
      • int64_null
      • int_div
      • ln
      • log
      • median
      • median_exact
      • mod
      • percentile
      • percentile_cont
      • percentile_disc
      • pi
      • pow
      • prom_quantile
      • radians
      • rank
      • rate
      • round
      • row_number
      • sin_deg
      • sin_rad
      • sqrt
      • stddev
      • sum
      • tan_deg
      • tan_rad
      • uniform
      • width_bucket
      • zipf
    • OPAL Regex Functions
      • count_regex_matches
      • get_regex
      • get_regex_all
      • match_regex
      • regex
      • replace_regex
    • OPAL Semistructured Functions
      • append_item
      • array
      • array_agg
      • array_agg_distinct
      • array_contains
      • array_distinct
      • array_length
      • array_max
      • array_min
      • array_null
      • array_to_string
      • array_union_agg
      • arrays_overlap
      • concat_arrays
      • detect_browser
      • drop_fields
      • embed_sql_params
      • get_field
      • get_item
      • get_jmespath
      • get_regex_all
      • index_of_item
      • insert_item
      • intersect_arrays
      • m_object
      • make_array
      • make_array_range
      • make_fields
      • make_object
      • merge_objects
      • object
      • object_agg
      • object_keys
      • object_null
      • parse_csv
      • parse_ip
      • parse_json
      • parse_kvs
      • parse_url
      • path_exists
      • pick_fields
      • pivot_array
      • prepend_item
      • slice_array
      • sort_array
      • split
      • tokenize
      • topk_agg
      • unpivot_array
    • OPAL Special Functions
      • case
      • group_by
      • m
      • metric
      • options
      • primary_key
      • pk
      • tags
      • valid_for
      • window
    • OPAL Time Functions
      • abs
      • avg
      • bin_end_time
      • bin_size
      • bin_start_time
      • delta
      • delta_monotonic
      • deriv
      • duration
      • duration_hr
      • duration_min
      • duration_ms
      • duration_null
      • duration_sec
      • ewma
      • format_time
      • from_milliseconds
      • timestamp_ms
      • from_nanoseconds
      • timestamp_ns
      • from_seconds
      • timestamp_s
      • median
      • median_exact
      • now
      • parse_duration
      • parse_isotime
      • parse_timestamp
      • percentile
      • percentile_cont
      • percentile_disc
      • query_end_time
      • query_start_time
      • rate
      • row_end_time
      • row_timestamp
      • row_start_time
      • stddev
      • sum
      • tdigest_agg
      • tdigest_quantile
      • timestamp_null
      • to_days
      • to_hours
      • to_milliseconds
      • to_minutes
      • to_nanoseconds
      • to_seconds
      • to_weeks
      • valid_for
    • Parsing Time Strings in OPAL
    • OPAL Networking Functions
      • int64_to_ipv4
      • ipv4
      • ipv4_address_in_network
      • ipv4_network_int64
      • ipv4_to_int64
      • parse_ip
    • OPAL Window Functions
      • any
      • any_not_null
      • array_union_agg
      • avg
      • count
      • count_distinct
      • count_distinct_exact
      • delta
      • delta_monotonic
      • dense_rank
      • deriv
      • ewma
      • first
      • first_not_null
      • hash_agg
      • hash_agg_distinct
      • lag
      • lag_not_null
      • last
      • last_not_null
      • lead
      • lead_not_null
      • max
      • median
      • median_exact
      • min
      • object_agg
      • percentile
      • percentile_cont
      • percentile_disc
      • rank
      • rate
      • row_number
      • stddev
      • sum
      • tdigest_agg
      • tdigest_combine
      • topk_agg
    • OPAL Misc Functions
      • asc
      • coalesce
      • desc
      • float64
      • frame
      • frame_exact
      • frame_following
      • frame_preceding
      • hash
      • if
      • if_null
      • int64
      • m_tdigest
      • nullsfirst
      • nullslast
      • numeric_null
      • on
      • order_by
      • parse_hex
      • strlen
      • tdigest
      • tdigest_null
      • variant_null
    • OPAL Deprecated Function Aliases
      • any_null
      • array_pivot
      • array_unpivot
      • countdistinct
      • countdistinctexact
      • decodebase64
      • denserank
      • encodebase64
      • endswith
      • groupby
      • ifnull
      • isnull
      • makeobject
      • match_regex_all
      • medianexact
      • milliseconds
      • nanoseconds
      • orderby
      • parsehex
      • parseip
      • parseisotime
      • parsejson
      • parsekvs
      • parseurl
      • percentilecont
      • percentiledisc
      • primarykey
      • queryendtime
      • querystarttime
      • regex_match
      • regex_replace
      • row_endtime
      • rownumber
      • seconds
      • startswith
      • strcat
      • string_concat
      • validfor
    • All OPAL verbs
      • OPAL Verbs By Category
        • OPAL Aggregate Verbs
          • aggregate
          • align
          • dedup
          • distinct
          • fill
          • histogram
          • make_session
          • merge_events
          • pivot
          • rollup
          • statsby
          • timechart
          • bucketize
          • timestats
          • unpivot
        • OPAL Filter Verbs
          • always
          • bottomk
          • ever
          • filter
          • filter_last
          • limit
          • never
          • topk
        • OPAL Join Verbs
          • exists
          • follow
          • follow_not
          • fulljoin
          • join
          • leftjoin
          • lookup
          • lookup_ip_info
          • not_exists
          • surrounding
          • union
          • update_resource
        • OPAL Metadata Verbs
          • add_key
          • drop_interface
          • interface
          • make_event
          • make_interval
          • make_metric
          • make_resource
          • make_session
          • make_table
          • merge_events
          • set_col_enum
          • set_col_immutable
          • set_col_searchable
          • set_col_visible
          • set_label
          • set_link
          • set_metric
          • set_metric_metadata
          • set_primary_key
          • set_pk
          • set_valid_from
          • set_valid_to
          • sort
          • timeshift
          • unset_all_links
          • unset_keys
          • unset_link
          • unsort
        • OPAL Metrics Verbs
          • aggregate
          • align
          • make_metric
          • rollup
          • set_metric
          • timeshift
        • OPAL Projection Verbs
          • drop_col
          • extract_regex
          • make_col
          • pick_col
          • rename_col
        • OPAL Semistructured Verbs
          • extract_regex
          • flatten
          • flatten_all
          • flatten_leaves
          • flatten_single
        • OPAL Deprecated Verb Aliases
          • addfk
          • addkey
          • addmetric
          • changelog
          • coldrop
          • colenum
          • colimmutable
          • colmake
          • colpick
          • colregex
          • colrename
          • colshow
          • droptime
          • fkdrop
          • flattenall
          • flattenleaves
          • flattensingle
          • makeresource
          • makesession
          • merge_event
          • mergeevent
          • reaggregate
          • setlabel
          • setpk
          • setvf
          • setvt
    • OPAL Verbs By Category
      • OPAL Aggregate Verbs
        • aggregate
        • align
        • dedup
        • distinct
        • fill
        • histogram
        • make_session
        • merge_events
        • pivot
        • rollup
        • statsby
        • timechart
        • bucketize
        • timestats
        • unpivot
      • OPAL Filter Verbs
        • always
        • bottomk
        • ever
        • filter
        • filter_last
        • limit
        • never
        • topk
      • OPAL Join Verbs
        • exists
        • follow
        • follow_not
        • fulljoin
        • join
        • leftjoin
        • lookup
        • lookup_ip_info
        • not_exists
        • surrounding
        • union
        • update_resource
      • OPAL Metadata Verbs
        • add_key
        • drop_interface
        • interface
        • make_event
        • make_interval
        • make_metric
        • make_resource
        • make_session
        • make_table
        • merge_events
        • set_col_enum
        • set_col_immutable
        • set_col_searchable
        • set_col_visible
        • set_label
        • set_link
        • set_metric
        • set_metric_metadata
        • set_primary_key
        • set_pk
        • set_valid_from
        • set_valid_to
        • sort
        • timeshift
        • unset_all_links
        • unset_keys
        • unset_link
        • unsort
      • OPAL Metrics Verbs
        • aggregate
        • align
        • make_metric
        • rollup
        • set_metric
        • timeshift
      • OPAL Projection Verbs
        • drop_col
        • extract_regex
        • make_col
        • pick_col
        • rename_col
      • OPAL Semistructured Verbs
        • extract_regex
        • flatten
        • flatten_all
        • flatten_leaves
        • flatten_single
      • OPAL Deprecated Verb Aliases
        • addfk
        • addkey
        • addmetric
        • changelog
        • coldrop
        • colenum
        • colimmutable
        • colmake
        • colpick
        • colregex
        • colrename
        • colshow
        • droptime
        • fkdrop
        • flattenall
        • flattenleaves
        • flattensingle
        • makeresource
        • makesession
        • merge_event
        • mergeevent
        • reaggregate
        • setlabel
        • setpk
        • setvf
        • setvt
    • OPAL Aggregate Verbs
      • aggregate
      • align
      • dedup
      • distinct
      • fill
      • histogram
      • make_session
      • merge_events
      • pivot
      • rollup
      • statsby
      • timechart
      • bucketize
      • timestats
      • unpivot
    • OPAL Filter Verbs
      • always
      • bottomk
      • ever
      • filter
      • filter_last
      • limit
      • never
      • topk
    • OPAL Join Verbs
      • exists
      • follow
      • follow_not
      • fulljoin
      • join
      • leftjoin
      • lookup
      • lookup_ip_info
      • not_exists
      • surrounding
      • union
      • update_resource
    • OPAL Metrics Verbs
      • aggregate
      • align
      • make_metric
      • rollup
      • set_metric
      • timeshift
    • OPAL Projection Verbs
      • drop_col
      • extract_regex
      • make_col
      • pick_col
      • rename_col
    • OPAL Semistructured Verbs
      • extract_regex
      • flatten
      • flatten_all
      • flatten_leaves
      • flatten_single
    • OPAL Metadata Verbs
      • add_key
      • drop_interface
      • interface
      • make_event
      • make_interval
      • make_metric
      • make_resource
      • make_session
      • make_table
      • merge_events
      • set_col_enum
      • set_col_immutable
      • set_col_searchable
      • set_col_visible
      • set_label
      • set_link
      • set_metric
      • set_metric_metadata
      • set_primary_key
      • set_pk
      • set_valid_from
      • set_valid_to
      • sort
      • timeshift
      • unset_all_links
      • unset_keys
      • unset_link
      • unsort
    • OPAL Deprecated Verb Aliases
      • addfk
      • addkey
      • addmetric
      • changelog
      • coldrop
      • colenum
      • colimmutable
      • colmake
      • colpick
      • colregex
      • colrename
      • colshow
      • droptime
      • fkdrop
      • flattenall
      • flattenleaves
      • flattensingle
      • makeresource
      • makesession
      • merge_event
      • mergeevent
      • reaggregate
      • setlabel
      • setpk
      • setvf
      • setvt
  • Observasaurus
    • Observasaurus: Accelerate
    • Observasaurus: Agents
    • Observasaurus: Channel
    • Observasaurus: Channel Action
    • Observasaurus: Collectors
    • Observasaurus: Console
    • Observasaurus: Dashboards
    • Observasaurus: Dataset Graph
    • Observasaurus: Datasets
    • Observasaurus: Datastreams
    • Observasaurus: Distributed Tracing
    • Observasaurus: Endpoints
    • Observasaurus: Explorers
    • Observasaurus: Freshness
    • Observasaurus: Link
    • Observasaurus: Logs
    • Observasaurus: Log Analytics
    • Observasaurus: Machine Data
    • Observasaurus: Metrics
    • Observasaurus: Metrics Analytics
    • Observasaurus: Metrics Tags
    • Observasaurus: Monitoring
    • Observasaurus: Monitors
    • Observasaurus: Observability
    • Observasaurus: OPAL
    • Observasaurus: Pollers
    • Observasaurus: Queries
    • Observasaurus: Resources
    • Observasaurus: Security Observability
    • Observasaurus: SIEM
    • Observasaurus: Spans
    • Observasaurus: Stages
    • Observasaurus: Streamable
    • Observasaurus: Telemetry
    • Observasaurus: Temporal SQL
    • Observasaurus: Time Series
    • Observasaurus: Tokens
    • Observasaurus: Traces
    • Observasaurus: Unstreamable
    • Observasaurus: Worksheets
  • Observe Performance Cookbook
    • Observe Performance Cookbook: Use Approximate Values When Feasible
    • Observe Performance Cookbook: Avoid Large JSON Blobs
    • Observe Performance Cookbook: Cast Data Columns Extracted from JSON
    • Observe Performance Cookbook: Create Intermediate Datasets
    • Observe Performance Cookbook: Filter Earlier in OPAL Scripts
    • Observe Performance Cookbook: Using Filter instead of Ever
    • Observe Performance Cookbook: Flatten Less First
    • Observe Performance Cookbook: Limit Worksheet Time Windows
    • Observe Performance Cookbook: Limit Resource Time Windows
    • Observe Performance Cookbook: Limit Valid Event Time Windows
    • Observe Performance Cookbook: Look for Hidden Columns
    • Observe Performance Cookbook: Use Make_Events before Window Functions
    • Observe Performance Cookbook: Mark Immutable Resource Columns
    • Observe Performance Cookbook: Making Resources from Multiple Datasets
    • Observe Performance Cookbook: Prefer Join to Lookup
    • Observe Performance Cookbook: Prefer Lead and Lag to First and Last
    • Observe Performance Cookbook: Prefer Timechart to Timestats
    • Observe Performance Cookbook: Limit Query Time Windows
    • Observe Performance Cookbook: Limit Query Time Windows
    • Observe Performance Cookbook: Reduce Columns Earlier in OPAL Scripts
    • Observe Performance Cookbook: Extract from JSON instead of using Flatten
    • Observe Performance Cookbook: Type Data Columns
    • Observe Performance Cookbook: Use Interval for Ephemeral Things
  • Conditional Formatting Reference
  • Units of Measurement
  • Keyboard Shortcuts Reference
  • Helpful Hints
    • How to use a formula
    • What Characters are Allowed in a Field Name?
    • How Should I Aggregate Data?
    • Anomaly Detection Monitors
    • How to find average values over time
    • How Do I Change A Field Type?
    • Can I change the name of an Observe Instance?
    • How do I Compare Time Ranges in OPAL?
    • How to create an array from existing columns
    • How to compute a cumulative count over any interval grouped by multiple fields.
    • What is My Customer ID?
    • OPAL duration conversion
    • How do I filter by a list of terms?
    • How do I test for multiple values in a dashboard parameter?
    • Filter out unwanted data
    • How do I Find the Size of a Column?
    • Formatting large numbers for readability
    • Helpful Hints
    • How Many Monitors Are We Using?
    • How Many Queries Are We Using?
    • How Much Ingest and Transform Are We Using?
    • How do I measure drift in a metric over time?
    • How to sort dates by time when they are sorted alphabetically?
    • How to sort digits numerically when they are sorted alphabetically?
    • How do I map fields to each other?
    • How do I pivot a dataset?
    • How do I measure drift in a resource over time?
    • How do I unpivot data?
    • How to Make a Service Appear in Service Explorer
    • Can I use OPAL to rename a dataset?
    • How Do I Prevent Lost Columns?
    • What is best practice for OPAL field extraction?
    • What is best practice for case statements in OPAL?
    • What is the best practice for field naming in OPAL?
    • What is best practice for managing the schema interface between datasets?
    • What is the best practice for using durations in OPAL?
    • OPAL case sensitive filtering with contains
    • OPAL case sensitive filtering with equals
    • OPAL case sensitive filtering with match_regex
    • OPAL case sensitive filtering with tilde and regex
    • OPAL case sensitive filtering with tilde
    • How do I compare values in OPAL?
    • How to extract the numeric parts of a message
    • How to extract parameters from a URL?
    • How Should I Rollup Aggregated Data?
    • How Do I Search By Time?
    • How to set the type of a column?
    • How do I Split a Field?
    • How do I calculate a running standard deviation?
    • What is the System Datastream?
    • OPAL timestamp conversion
    • How Do I Find a Weighted Average?
    • How do I Use Time Window Functions?

Support Policies

  • Support Policies
    • Observe Support Terms
    • Creating an Incident
    • Escalating an Issue
    • Viewing your requests
    • Sharing requests with your team
    • Support Policy for Accidental Ingestion of Sensitive Data
    • The Observe System User
Back to top
Next
Monitors and Alerts
Previous
Dashboard Reports
Copyright © 2017-2025 Observe, Inc.
Made with Furo

Have comments about the Observe docs?