Jump to Content
Home
Home
User Guides
Developer Docs
v1.0
Home
User Guides
v1.0
Home
User Guides
Developer Docs
What is OPAL?
All
Pages
Start typing to search…
Welcome to Observe
Welcome to Observe
What's new?
Observe platform
2025 releases
Observe Agent
Observe Agent versioning
Breaking changes when upgrading to version 1.0.0
Breaking changes when upgrading to version 2.0.0
Helm chart
Versions 0.7*
Versions 0.6*
Get help
Observe Community Forum
Observe support
Terms of support
Report an incident
Escalate an issue
View your requests
Share requests with your team
Observe system user
Observe support holiday calendar
Observe helpful hints
How do I change the name of my Observe Instance?
Where do I find my customer ID?
How do I create and use formulas?
How many Monitors am I using?
How many queries am I using?
How much ingest and transform are we using?
How do I make a service appear in the Service Explorer?
What is the System Datastream?
Use o11y AI in Slack
Give documentation feedback
Data security
AI data security
Accidental ingestion of sensitive data
Dataset query filters
Add Data
Get started
Observe Agent
Install Docker image
Install on a host
Install on Linux
Install on Windows
Install on macOS
Configure the Observe Agent on Linux, Windows, and macOS
Install on Kubernetes
Helm Chart components
Collect annotations and labels
Add and delete attributes
Prometheus autodiscovery
Application RED metrics
Filter logs and metrics
Handle multiline log records
Mask sensitive data
Collect StatsD metrics
Collect StatsD metrics using UDS
Collect StatsD metrics (legacy)
Collect StatsD metrics using UDS (legacy)
Node affinity, taints, and tolerations
Deploy in a custom namespace
Deploy to multiple clusters using Rancher
Deploy to multiple clusters using Rancher (legacy)
Deploy to a serverless EKS Fargate cluster
Tune service resource requests and limits
Trace tail sampling
Install on Amazon ECS
Install on Amazon ECS (EC2)
Install on Amazon ECS (Fargate)
Install on Amazon ECS (Fargate - Sidecar Pattern)
Install on Ansible
Install on Ansible for Linux
Install on Ansible for Windows
Install on Google Cloud
Install on Google Cloud Run (Sidecar)
Fleet Management
Manage application data volume
Configure your own OTel collector
Full host example
Full Kubernetes example
Troubleshoot the Observe Agent
APM instrumentation
APM runtime metrics
Send Java application data to Observe
Send .NET application data to Observe
Send Node.js application data to Observe
Instrument your Node.js application on a host
Instrument your Node.js application in Kubernetes
Send Python application data to Observe
Send Ruby application data to Observe
Send PHP application data to Observe
Troubleshoot APM instrumentation
Auto-instrumentation with OpenTelemetry Operator in Kubernetes
LLM instrumentation
Use Node.js (server) instrumentation for LLM observability
Use Python instrumentation for LLM observability
Other instrumentation for LLM observability
Cloud integrations
Get AWS data into Observe
AWS-at-scale data ingestion
AWS data collection
Uninstall an AWS integration
Troubleshoot AWS Integrations
Configure an AWS integration
Get Microsoft Azure data into Observe
Install and configure the Microsoft Azure app
Azure resource configuration
Azure Active Directory (AD)
Azure App Services
Azure Cognitive Services
Azure Functions
Azure Kubernetes Service (AKS)
Azure SQL Database
Azure SQL Managed Instances
Azure storage account
Azure virtual machines
Uninstall the Microsoft Azure app
Troubleshoot Azure
Get Google Cloud data into Observe
Configure your GCP project
Install the Google Cloud Platform Quickstart app
View GCP data in Observe
Uninstall the Google Cloud Platform Quickstart app
Observe integrations
Observe apps
Fastly
Install the Fastly app
View Fastly data in Observe
Uninstall the Fastly app
GitHub
Install the GitHub app
View GitHub data in Observe
Uninstall the GitHub app
GitLab
Install the GitLab app
View GitLab data in Observe
Uninstall the GitLab app
MongoDB Atlas
Install the MongoDB Atlas app
View MongoDB Atlas data in Observe
Update the MongoDB Atlas app
Uninstall the MongoDB Atlas app
MySQL
Install the MySQL app
View MySQL data in Observe
Uninstall the MySQL app
Orca Security
Install the Orca Security app
View Orca Security data in Observe
PagerDuty
PostgreSQL
Prometheus metrics
Install the Prometheus Metrics app
View Prometheus metrics in Observe
Prometheus Node Exporter
Security Onion
Install the Security Onion app
View Security Onion data in Observe
Service Level Objectives (SLO)
Threat Intel (Basic)
Install the Threat Intel (Basic) app
View Threat Intel (Basic) data in Observe
Example: Use unified hosts-domains and URL threatlists
Example: Use unified IPv4 threatlists
Example: Use unified IPv4 IAAS providers list
Custom data ingestion
Datastreams
Sources
GitHub
Google Workspace audit logs
Jira tickets
Webhook
Windows servers
Zendesk tickets
Forwarders
Elastic Beats
Fluent Bit
Fluentd
Log4j
Logstash
Observe Lambda
Prometheus
Telegraf
Endpoints
Datadog metrics
Elasticsearch
HTTP
Kinesis
OpenTelemetry
Prometheus
Troubleshoot data ingestion
OPAL Reference
What is OPAL?
OPAL syntax
OPAL data types and operators
OPAL examples
Parse time strings on OPAL
OPAL functions and verbs
OPAL Functions
abs
any
any_not_null
any_null (deprecated)
append_item
arccos_deg
arccos_rad
arcsin_deg
arcsin_rad
arctan_deg
arctan_rad
array
array_agg
array_agg_distinct
array_contains
array_distinct
array_length
array_max
array_min
array_null
array_pivot (deprecated)
array_to_string
array_union_agg
array_unpivot (deprecated)
arrays_overlap
asc
avg
bin_end_time
bin_size
bin_start_time
bool
bool_null
case
ceil
check_json
coalesce
concat_arrays
concat_strings
contains
cos_deg
cos_rad
count
count_distinct
count_distinct_exact
count_regex_matches
countdistinct (deprecated)
countdistinctexact (deprecated)
decode_base64
decode_uri
decode_uri_component
decodebase64 (deprecated)
degrees
delta
delta_monotonic
dense_rank
denserank (deprecated)
deriv
desc
detect_browser
drop_fields
duration
duration_hr
duration_min
duration_ms
duration_null
duration_sec
editdistance
embed_sql_params
encode_base64
encode_uri
encode_uri_component
encodebase64 (deprecated)
ends_with
endswith (deprecated)
eq
ewma
exp
exponential_histogram_null
first
first_not_null
float64
float64_null
floor
format_time
frame
frame_exact
frame_following
frame_preceding
from_milliseconds
from_nanoseconds
from_seconds
get_field
get_item
get_jmespath
get_regex
get_regex_all
group_by
groupby (deprecated)
gt
gte
hash
hash_agg
hash_agg_distinct
haversine_distance_km
histogram_combine
histogram_fraction
histogram_null
histogram_quantile
if
if_null
ifnull (deprecated)
in
index_of_item
insert_item
int64
int64_null
int64_to_ipv4
int_div
intersect_arrays
ipv4
ipv4_address_in_network
ipv4_network_int64
ipv4_to_int64
is_null
isnull (deprecated)
label
lag
lag_not_null
last
last_not_null
lead
lead_not_null
left
like
ln
log
lower
lpad
lt
lte
ltrim
m
m_exponential_histogram
m_histogram
m_object
m_tdigest
make_array
make_array_range
make_fields
make_object
makeobject (deprecated)
match_regex
match_regex_all (deprecated)
max
median
median_exact
medianexact (deprecated)
merge_objects
metric
milliseconds (deprecated)
min
mod
nanoseconds (deprecated)
ne
now
nullsfirst
nullslast
numeric_null
object
object_agg
object_keys
object_null
on
options
order_by
orderby (deprecated)
otel_exponential_histogram_quantile
otel_exponential_histogram_sum
otel_histogram_quantile
otel_histogram_sum
parse_csv
parse_duration
parse_hex
parse_ip
parse_isotime
parse_json
parse_kvs
parse_timestamp
parse_url
parsehex (deprecated)
parseip (deprecated)
parseisotime (deprecated)
parsejson (deprecated)
parsekvs (deprecated)
parseurl (deprecated)
path_exists
percentile
percentile_cont
percentile_disc
percentilecont (deprecated)
percentiledisc (deprecated)
pi
pick_fields
pivot_array
pk
position
pow
prepend_item
primary_key
primarykey (deprecated)
prom_quantile
query_end_time
query_start_time
queryendtime (deprecated)
querystarttime (deprecated)
radians
rank
rate
regex
regex_match (deprecated)
regex_replace (deprecated)
replace
replace_regex
right
round
row_end_time
row_endtime (deprecated)
row_number
row_start_time
row_timestamp
rownumber (deprecated)
rpad
rtrim
same
search
seconds (deprecated)
sha2
sin_deg
sin_rad
slice_array
sort_array
split
split_part
sqrt
starts_with
startswith (deprecated)
stddev
strcat (deprecated)
string
string_agg
string_agg_distinct
string_concat (deprecated)
string_null
strlen
substring
sum
tags
tan_deg
tan_rad
tdigest
tdigest_agg
tdigest_combine
tdigest_null
tdigest_quantile
timestamp_ms
timestamp_ns
timestamp_null
timestamp_s
to_days
to_hours
to_milliseconds
to_minutes
to_nanoseconds
to_seconds
to_weeks
tokenize
tokenize_part
topk_agg
trim
uniform
unpivot_array
upper
valid_for
validfor (deprecated)
variant_null
variant_type_name
width_bucket
window
zipf
OPAL Verbs
add_key
addfk (deprecated)
addkey (deprecated)
addmetric (deprecated)
aggregate
align
always
bottomk
bucketize
changelog (deprecated)
coldrop (deprecated)
colenum (deprecated)
colimmutable (deprecated)
colmake (deprecated)
colpick (deprecated)
colregex (deprecated)
colrename (deprecated)
colshow (deprecated)
dedup
distinct
drop_col
drop_interface
droptime (deprecated)
ever
exists
extract_regex
fill
filter
filter_last
fkdrop (deprecated)
flatten
flatten_all
flatten_leaves
flatten_single
flattenall (deprecated)
flattenleaves (deprecated)
flattensingle (deprecated)
follow
follow_not
fulljoin
histogram
interface
join
leftjoin
limit
lookup
lookup_ip_info
make_col
make_event
make_interval
make_metric
make_reference
make_resource
make_session
make_table
makeresource (deprecated)
makesession (deprecated)
merge_event (deprecated)
merge_events
mergeevent (deprecated)
never
not_exists
pick_col
pivot
reaggregate (deprecated)
rename_col
rollup
set_col_enum
set_col_immutable
set_col_searchable
set_col_visible
set_label
set_link
set_metric
set_metric_metadata
set_pk
set_primary_key
set_timestamp
set_valid_from
set_valid_to
setlabel (deprecated)
setpk (deprecated)
setvf (deprecated)
setvt (deprecated)
sort
statsby
surrounding
timechart
timeshift
timestats
timewrap
topk
union
unpivot
unset_all_links
unset_keys
unset_link
unsort
update_resource
OPAL tutorials
Get started with OPAL
Shape your data using stages
OPAL performance cookbook
Use approximate values when feasible
Avoid large JSON blobs
Cast data columns extracted from JSON
Create intermediate Datasets
Filter earlier in OPAL scripts
Use filter instead of ever
Flatten less first
Limit worksheet time windows
Limit resource time windows
Limit valid event time windows
Look for hidden columns
Use make_events before window functions
Mark immutable resource columns
Make Resources from multiple Datasets
Prefer join over lookup
Prefer lead and lag over first and last
Prefer timechart over timestats
Limit query time windows
Define stricter time filters in queries
Reduce columns earlier in OPAL scripts
Extract from JSON instead of flattening
Type data columns
Use interval for ephemeral things
OPAL helpful hints
How should I aggregate data?
How do I find a weighted average?
How do I use time window functions?
How can I make a standard deviation anomaly detection monitor?
How do I find the average of values over time?
How do I change a field type?
How do I compare time ranges?
How do I create an array from existing columns?
How do I compute a cumulative count over any interval grouped by multiple fields?
Convert to and from time durations
Convert to and from timestamps
How do I filter by a list of terms?
How do I filter out unwanted data?
How do I test for multiple values in a dashboard parameter?
How do I find the size of a column?
How do I format large numbers for readability?
How do I measure drift in a metric over time?
How do I measure drift in a resource over time?
How do I sort dates by time when they are sorted alphabetically?
How do I sort digits numerically when they are sorted alphabetically?
How do I map fields to each other?
How do I pivot a Dataset?
How do I unpivot data?
Can I use OPAL to rename a Dataset?
Best practices for OPAL field extraction
Best practices for case statements in OPAL
Best practices for field naming in OPAL
Best practices for managing the schema interface between Datasets
Best practices for using durations in OPAL
OPAL case-sensitive filtering with contains
OPAL case-sensitive filtering with equals
OPAL case-sensitive filtering with match_regex
OPAL case sensitive-filtering with tilde and regex
OPAL case-sensitive filtering with tilde
How do I compare values in OPAL?
How do I extract the numeric parts of a message?
How do I extract URL parameters?
How do I prevent lost columns?
How should I rollup aggregated data?
How do I search by time?
How do I set a column type?
How do I split a field?
How do I calculate a running standard deviation?
What are streamable and unstreamable verbs and functions?
What characters are allowed in field names?
Products
Observe AI
AI SRE
MCP Server
o11y AI Help
Observe AI important notes and caveats
Monitor your AI usage
Log management
Log Explorer
Use live mode in Log Explorer
Add new Datasets to Log Explorer
Log correlation
Unified search syntax
Query history
APM observability
Service management
Troubleshoot slow databases and n+1 issues
Monitor and track new deployments on your service
Associate infrastructure metrics with services
Trace Explorer
Monitor business applications
View logs associated with a trace
APM reference
LLM observability
LLM telemetry reference
Snowflake observability
Observe for Snowflake components
Prepare Observe to receive data from Snowflake
Create a virtual warehouse to run Observe for Snowflake
Install the Observe for Snowflake app
Configure the Observe for Snowflake app
Send data from Snowflake to Observe
Snowflake data in Observe
Use Observe to manage Snowflake
Kubernetes observability
Install the Observe Agent
Kubernetes visibility
Kubernetes resource utilization
Kubernetes data collection and agent interface
Metrics
Collect and use metrics
Metrics Explorer
Add custom metric Datasets
Add metrics using the Metrics Expression Builder
Metrics tutorials
Shape host system metrics
Shape aggregated metrics
Metrics reference
AWS metrics
APM metrics
Infrastructure metrics (Kubernetes)
Infrastructure metrics (hosts)
Platform Capabilities
Create and share dashboards
Use dashboards to visualize data
Generate dashboard reports
Create data links
Create Monitors and alerts
Create a threshold monitor
Create a count monitor
Create a promote monitor
Create an anomaly monitor
Monitor rules and severities
Mute a monitor
Configure shared actions
Customize alert messages
Mustache template reference for Slack
Sample action for Microsoft Teams
Sample action for PagerDuty
Work with alerts
Example using alerts and shared actions
Monitor health
Negative monitoring
Monitor anti-patterns
Create and share Worksheets
Work with data formats and types
Create and share Datasets
Explore data
Conditional formatting
Pivot between data types
Data export
Configure your S3 bucket to receive data from Observe
Create a data export job
Correlation tags
Resources
Manage Observe
Select light and dark mode settings
Workspace settings
Configure name, icon, and query settings
Set default permissions using RBAC
Configure RBAC using Terraform
Configure connections
Instance settings
Manage users and access
Manage local users
Manage local authentication policies
Manage groups and members
Permission manager
Configure single sign-on
Configure Microsoft Entra ID SSO
Configure ADFS SSO
Configure Google Workspace for SAML and SSO
Configure Okta for SAML and SSO
Configure OneLogin for SSO
Configure Ping Identity PingOne for SSO
Manage service accounts
Manage service account using the API
Manage service accounts using the UI
Track user activity with audit trails
Manage credits and usage
Acceleration Manager
Credit Manager
Configure Credit Manager settings using Terraform
View your data ingest usage in the License Dashboard
View your compute credit usage in the Usage Dashboard
Usage attribution
Auto-discovered attributes
Manage invoices
Drop filters
Customize the Home page
Create and use Favorites
Uploaded documents
Knowledge Base
Observe Knowledge Base
Key terms and concepts
Important concepts
Key terminology
Queries and on-demand acceleration
Datasets and time
Reference tables
Create reference tables using the API
Create reference tables using the UI
Visualization types
Customize and configure your visualizations
Bar chart
Change over time
Choropleth map
Directed acyclic graph
Geographic map
Heatmap
Hex grid
Histogram
Line chart
Pie chart
Scatter plot
Single stat
Stacked area
Top list
Waterfall chart
Observe deployment regions
Keyboard shortcuts
Units of measurement
Observe tutorials
Model weather data
Search for improbable travel
Batch data ingestion
OPAL Reference
What is OPAL?
Updated about 1 month ago
Troubleshoot data ingestion
OPAL syntax
Ask AI
