• PRODUCT
  • LEARN
    • BLOG
    • RESOURCES
    • DOCS
    • OBSERVABILITY COURSE
  • CAREERS
  • ABOUT US
Contents Menu Expand Light mode Dark mode Auto light/dark, in light mode Auto light/dark, in dark mode Skip to content
Observability Cloud documentation
Light Logo Dark Logo

Welcome to Observe

  • Get started with Observe
  • Get help with Observe
    • Tutorial: Use O11y Slack to manage an incident
    • Support policies
      • Observe support terms
      • Create an incident
      • Escalate an issue
      • View your requests
      • Share requests with your team
      • Support policy for accidental ingestion of sensitive data
      • The Observe system user
  • Observe tutorials
    • Tutorial: Modeling weather data
    • Tutorial: Search for improbable travel
    • Tutorial: Create a single stat dashboard
    • Tutorial: Shaping metrics
    • Tutorial: Aggregated metrics shaping
    • Tutorial: Shape host system metrics
    • OPAL 101 – Getting started with OPAL
    • OPAL 102 – Shaping structured and unstructured data using stages
    • Tutorial: Batch ingestion with Observe
  • What’s new

Send Data to Observe

  • Observe Agent
    • Observe Agent updates
    • Helm chart updates
    • Install Observe Agent on Kubernetes
      • Collect annotations and labels
      • Add or delete attributes
      • Prometheus autodiscovery
      • Filter logs or metrics
      • Handle multiline log records
      • Mask sensitive data
      • Collect Statsd metrics
      • Collect Statsd metrics using UDS
      • Node Affinity, Taints, and Tolerations
      • Deploy the Observe Agent to multiple Kubernetes clusters using Rancher
      • Deploy the Observe Agent to a Serverless Kubernetes cluster (ex AWS EKS Fargate)
      • Tune service resource requests and limits
    • Install Observe Agent on Linux
    • Install Observe Agent on macOS
    • Install Observe Agent on Windows
    • Install Observe Agent using Ansible on Linux
    • Install Observe Agent using Ansible on Windows
    • Install Observe Agent on Amazon ECS (EC2)
    • Install Observe Agent on Amazon ECS (Fargate)
    • Docker
    • Configuration
    • Troubleshooting
    • Versioning
      • Upgrade to Observe Agent v1.0.0
      • Upgrade to Observe Agent v2.0.0
  • APM instrumentation
    • Send Java application data to Observe
    • Send .NET application data to Observe
    • Send Node.js application data to Observe
    • Send Python application data to Observe
    • Send Ruby application data to Observe
    • Auto-Instrumentation with OpenTelemetry Operator in Kubernetes
  • LLM instrumentation
    • Node.js (server) instrumentation for LLM observability
    • Python instrumentation for LLM observability
    • Instrumenting other languages for LLM observability
  • RUM instrumentation
    • Using CDN script tags
    • Instrument using the NPM package
  • Integrations
    • Observe apps
    • Amazon Web Services (AWS)
      • Amazon Web Services (AWS) Integration [Legacy]
      • Amazon CloudFront
      • Amazon EC2
      • Amazon Elastic Container Service
        • Amazon Elastic Container Service Metrics
        • Amazon Elastic Container Log Collection
      • Amazon RDS
        • Amazon RDS Metrics
      • AWS Lambda
        • AWS Lambda metrics
      • Elastic Load Balancing
        • Elastic Load Balancing Metrics
    • AWS Quickstart
    • Basic threat intel integration
      • Install the basic threat intel app
      • Use unified basic threat intel Datasets with Observe
        • Example: Use unified hosts-domains and URL threatlists
        • Example: Use unified IPv4 threatlists
        • Example: Use unified IPv4 IAAS providers list
    • Snowflake observability
      • Observe for Snowflake components
      • Prepare Observe to receive Snowflake data
      • Create virtual warehouse to run Observe for Snowflake
      • Install the Observe for Snowflake application
      • Configure the Observe for Snowflake application
      • Send data from Snowflake to Observe
      • Snowflake data in Observe
      • Manage Snowflake with Observe
    • Drata app (public preview)
      • Install the Drata app
    • Fastly (public preview)
      • Install the Fastly app
      • Uninstall the Fastly app
    • Google Cloud Platform (GCP) App [Legacy]
      • GCP Asset Inventory
      • GCP BigQuery
      • GCP Cloud Functions
        • GCP Cloud Functions metrics
      • GCP Cloud Load Balancing
        • GCP Cloud Load Balancing Metrics
      • GCP Cloud Run
        • GCP Cloud Run Metrics
      • GCP Cloud SQL
        • GCP Cloud SQL Metrics
      • GCP Cloud Storage
        • GCP Cloud Storage Metrics
      • GCP Compute
        • GCP Compute Metrics
      • GCP logging
      • GCP cloud metrics
      • Google Kubernetes Engine
      • Memorystore Redis
    • Google Cloud Platform quickstart
      • Google Cloud Platform (GCP) ingesting data
    • GitHub
      • Install the GitHub app
      • Uninstall the GitHub app
      • Upgrade to GitHub app v0.7.0
    • GitLab
      • Install the GitLab app
      • Uninstall the GitLab app
      • Upgrade the GitLab app to v0.4.0
    • Host Monitoring [Legacy]
      • Install the Host Monitoring app
        • Install Host Monitoring on Linux
        • Install Host Monitoring on Windows
        • Install Host Monitoring on MacOS
      • Uninstall the Host Monitoring app
    • Host Quickstart
    • Jenkins CI/CD integration
      • Install the Jenkins app
      • Uninstall the Jenkins app
    • Kubernetes
      • Install the Kubernetes app
      • Collect pod metrics and cAdvisor metrics
    • Microsoft Azure
      • Azure Active Directory (AD)
      • Azure app services
      • Azure cognitive services
      • Azure functions
      • Azure Kubernetes Service (AKS)
      • Azure SQL database
      • Azure SQL managed instances
      • Azure storage account
      • Azure virtual machines
      • Uninstall the Microsoft Azure app
    • MongoDB Atlas
      • Install the MongoDB Atlas app
      • Update the MongoDB Atlas app and poller
    • MySQL Database Service
      • Install the MySQL DB app
      • Uninstall the MySQL DB app
    • Prometheus Node Exporter
    • OpenAI (deprecated)
    • Orca Security app (public preview)
      • Install the Orca Security app
    • PostgreSQL Database Service
      • Install the PostgreSQL DB app
      • Uninstall the PostgreSQL DB app
    • Prometheus metrics (public preview)
      • Install the Prometheus Metrics app
      • Tutorial: Gett started with Observe and Prometheus
    • Security Onion app (public preview)
      • Install the Security Onion app
    • Service level objectives (SLOs)
      • Install the Service Level Objective app
  • Data ingestion
    • Datastreams
    • Sources
      • Amazon API Gateway logs
      • Amazon S3
      • Amazon S3 Bucket Access Logs
      • AWS AppSync
      • AWS CloudTrail
      • Amazon EventBridge
      • Amazon CloudWatch Metrics Streams
      • Amazon CloudWatch logs
      • GitHub
      • Google Workspace audit logs
      • Jira tickets
      • Webhook
      • Windows servers
      • Zendesk tickets
    • Forwarders
      • Amazon Kinesis Firehose
      • Elastic Beats
      • Fluent Bit
      • Fluentd
      • Log4j
      • Logstash
      • Observe Lambda
      • OpenTelemetry Collector
      • Prometheus
      • Telegraf
    • Endpoints
      • Datadog Metrics
      • Elasticsearch
      • HTTP
      • Kinesis
      • OpenTelemetry
      • Prometheus
    • Troubleshooting data ingestion

Products

  • Log management
    • Log Explorer
    • Use log correlation
    • Use live mode in Logs Explorer
    • Add new datasets to Log Explorer
    • Unified Search syntax
      • Migrate to Unified Search syntax
  • Application Performance Monitoring
    • Service management
    • Troubleshoot slow databases / n+1 issues
    • Monitor and track new deploys on your service
    • Associate Infrastructure Metrics with Services
    • Trace Explorer
    • Monitor business applications
    • View logs associated with a trace
    • APM reference
  • LLM observability
    • LLM telemetry reference
  • Frontend observability
    • RUM telemetry reference
  • Metrics
    • Collect and use metrics
    • Tutorial: Shaping metrics
    • Metrics Explorer
    • Add custom metric Datasets
    • Add metrics using the Metrics Expression Builder
    • Tutorial: Shape host system metrics
    • Tutorial: Aggregated metrics shaping
  • Kubernetes observability
    • Install the Observe Agent
    • Kubernetes visibility
    • Kubernets Resource Utilization
    • Kubernetes data collection and agent interface
    • Metrics
    • Logs
  • Snowflake observability
    • Observe for Snowflake components
    • Prepare Observe to receive Snowflake data
    • Create virtual warehouse to run Observe for Snowflake
    • Install the Observe for Snowflake application
    • Configure the Observe for Snowflake application
    • Send data from Snowflake to Observe
    • Snowflake data in Observe
    • Manage Snowflake with Observe
  • Model Context Protocol (MCP) - Private Preview

Platform Capabilities

  • Create dashboards
    • Use dashboards to visualize data
    • Generate dashboard reports
  • Monitors and alerts
    • Create a threshold monitor
    • Create a count monitor
    • Create a promote monitor
    • Monitor rules and severities
    • Mute monitors
    • Overview of shared actions
      • Customize alert messages
      • Mustache template reference
    • Alerting example: shared actions and monitors
    • Work with alerts in Observe
    • Tune and troubleshoot monitor health
    • Negative Monitoring
    • Monitor anti-patterns
    • Shared action integrations
      • Sample action for Microsoft Teams
      • PagerDuty
  • Create and share worksheets
    • Work with data formats and types
  • Pivot between data types
  • Correlation tags
  • Resources
  • Data export
  • Drop filters

Manage Observe

  • Authentication and authorization
    • Audit trail
    • Role-based access control (RBAC)
    • Local authentication policies
    • Single sign-on (SSO)
      • Configure Microsoft Entra ID (formerly Azure Active Directory) single sign-on (SSO)
      • Configure Microsoft Active Directory Federation Service (ADFS)
      • Configure Google Workspace SAML and single sign-on (SSO)
      • Configure Okta for SAML and single sign-on (SSO)
      • Configure OneLogin for single sign-on (SSO)
      • Configure Ping Identity PingOne for single sign-on (SSO)
    • Observe API authentication
    • Observe API tokens
    • Service Accounts
  • Manage application data volume
  • Customize the Home page
    • Create and use favorites
  • Use Acceleration Manager with Datasets
  • Use Credit Manager to manage compute usage
    • Configuring Credit Manager settings via Terraform
    • View your ingest usage in the License Dashboard
    • View your compute credit usage in the Usage Dashboard
  • Observe Terraform provider
  • Observe regions
  • Settings

Develop with Observe

  • Export query results
  • Developer toolkit overview
  • URL query parameters
  • CLI tool overview
    • login command
    • help command
    • get command
    • list command
    • query command
  • Snowflake outbound sharing

Reference

  • Key Observe concepts
    • Advanced Observe concepts
    • Explore data
    • About queries and on-demand acceleration
    • Observe Datasets and time
      • Foreign keys
      • Resource primary keys
      • Resource times
      • Reference tables
  • Visualization types
  • OPAL reference
    • What is OPAL?
    • OPAL language syntax
    • OPAL data types and operators
    • Performance cookbook
      • Observe Performance Cookbook: Use Approximate Values When Feasible
      • Observe Performance Cookbook: Avoid Large JSON Blobs
      • Observe Performance Cookbook: Cast Data Columns Extracted from JSON
      • Observe Performance Cookbook: Create Intermediate Datasets
      • Observe Performance Cookbook: Filter Earlier in OPAL Scripts
      • Observe Performance Cookbook: Using Filter instead of Ever
      • Observe Performance Cookbook: Flatten Less First
      • Observe Performance Cookbook: Limit Worksheet Time Windows
      • Observe Performance Cookbook: Limit Resource Time Windows
      • Observe Performance Cookbook: Limit Valid Event Time Windows
      • Observe Performance Cookbook: Look for Hidden Columns
      • Observe Performance Cookbook: Use Make_Events before Window Functions
      • Observe Performance Cookbook: Mark Immutable Resource Columns
      • Observe Performance Cookbook: Making Resources from Multiple Datasets
      • Observe Performance Cookbook: Prefer Join to Lookup
      • Observe Performance Cookbook: Prefer Lead and Lag to First and Last
      • Observe Performance Cookbook: Prefer Timechart to Timestats
      • Observe Performance Cookbook: Limit Query Time Windows
      • Observe Performance Cookbook: Limit Query Time Windows
      • Observe Performance Cookbook: Reduce Columns Earlier in OPAL Scripts
      • Observe Performance Cookbook: Extract from JSON instead of using Flatten
      • Observe Performance Cookbook: Type Data Columns
      • Observe Performance Cookbook: Use Interval for Ephemeral Things
    • OPAL examples
    • All OPAL functions
      • OPAL Functions By Category
        • OPAL Aggregate Functions
          • any
          • any_not_null
          • array_agg
          • array_agg_distinct
          • array_union_agg
          • avg
          • count
          • count_distinct
          • count_distinct_exact
          • delta
          • delta_monotonic
          • deriv
          • first
          • first_not_null
          • hash_agg
          • hash_agg_distinct
          • histogram_combine
          • last
          • last_not_null
          • max
          • median
          • median_exact
          • min
          • object_agg
          • otel_exponential_histogram_sum
          • otel_histogram_sum
          • percentile
          • percentile_cont
          • percentile_disc
          • prom_quantile
          • rate
          • stddev
          • string_agg
          • string_agg_distinct
          • sum
          • tdigest_agg
          • tdigest_combine
          • topk_agg
        • OPAL Boolean Functions
          • array_contains
          • arrays_overlap
          • bool
          • bool_null
          • contains
          • ends_with
          • eq
          • gt
          • gte
          • in
          • ipv4_address_in_network
          • is_null
          • like
          • lt
          • lte
          • match_regex
          • ne
          • path_exists
          • same
          • search
          • starts_with
        • OPAL Misc Functions
          • asc
          • coalesce
          • desc
          • exponential_histogram_null
          • float64
          • frame
          • frame_exact
          • frame_following
          • frame_preceding
          • hash
          • histogram_null
          • histogram_quantile
          • if
          • if_null
          • int64
          • m_exponential_histogram
          • m_histogram
          • m_tdigest
          • nullsfirst
          • nullslast
          • numeric_null
          • on
          • order_by
          • parse_hex
          • strlen
          • tdigest
          • tdigest_null
          • variant_null
        • OPAL Networking Functions
          • int64_to_ipv4
          • ipv4
          • ipv4_address_in_network
          • ipv4_network_int64
          • ipv4_to_int64
          • parse_ip
        • OPAL Numeric Functions
          • abs
          • arccos_deg
          • arccos_rad
          • arcsin_deg
          • arcsin_rad
          • arctan_deg
          • arctan_rad
          • avg
          • ceil
          • cos_deg
          • cos_rad
          • count
          • degrees
          • delta
          • delta_monotonic
          • dense_rank
          • deriv
          • ewma
          • exp
          • float64_null
          • floor
          • haversine_distance_km
          • int64_null
          • int_div
          • ln
          • log
          • median
          • median_exact
          • mod
          • percentile
          • percentile_cont
          • percentile_disc
          • pi
          • pow
          • prom_quantile
          • radians
          • rank
          • rate
          • round
          • row_number
          • sin_deg
          • sin_rad
          • sqrt
          • stddev
          • sum
          • tan_deg
          • tan_rad
          • uniform
          • width_bucket
          • zipf
        • OPAL Regex Functions
          • count_regex_matches
          • get_regex
          • get_regex_all
          • match_regex
          • regex
          • replace_regex
        • OPAL Semistructured Functions
          • append_item
          • array
          • array_agg
          • array_agg_distinct
          • array_contains
          • array_distinct
          • array_length
          • array_max
          • array_min
          • array_null
          • array_to_string
          • array_union_agg
          • arrays_overlap
          • concat_arrays
          • detect_browser
          • drop_fields
          • embed_sql_params
          • get_field
          • get_item
          • get_jmespath
          • get_regex_all
          • index_of_item
          • insert_item
          • intersect_arrays
          • m_object
          • make_array
          • make_array_range
          • make_fields
          • make_object
          • merge_objects
          • object
          • object_agg
          • object_keys
          • object_null
          • otel_exponential_histogram_quantile
          • otel_exponential_histogram_sum
          • otel_histogram_quantile
          • otel_histogram_sum
          • parse_csv
          • parse_ip
          • parse_json
          • parse_kvs
          • parse_url
          • path_exists
          • pick_fields
          • pivot_array
          • prepend_item
          • slice_array
          • sort_array
          • split
          • tokenize
          • topk_agg
          • unpivot_array
        • OPAL Special Functions
          • case
          • group_by
          • m
          • metric
          • options
          • primary_key
          • pk
          • tags
          • valid_for
          • window
        • OPAL String Functions
          • array_to_string
          • check_json
          • concat_strings
          • contains
          • decode_base64
          • decode_uri
          • decode_uri_component
          • detect_browser
          • editdistance
          • embed_sql_params
          • encode_base64
          • encode_uri
          • encode_uri_component
          • ends_with
          • format_time
          • get_regex
          • int64_to_ipv4
          • ipv4_address_in_network
          • label
          • left
          • like
          • lower
          • lpad
          • ltrim
          • parse_csv
          • parse_kvs
          • parse_timestamp
          • pivot_array
          • position
          • regex
          • replace
          • replace_regex
          • right
          • rpad
          • rtrim
          • sha2
          • split
          • split_part
          • starts_with
          • string
          • string_agg
          • string_agg_distinct
          • string_null
          • substring
          • tokenize
          • tokenize_part
          • trim
          • unpivot_array
          • upper
          • variant_type_name
        • OPAL Time Functions
          • abs
          • avg
          • bin_end_time
          • bin_size
          • bin_start_time
          • delta
          • delta_monotonic
          • deriv
          • duration
          • duration_hr
          • duration_min
          • duration_ms
          • duration_null
          • duration_sec
          • ewma
          • format_time
          • from_milliseconds
          • timestamp_ms
          • from_nanoseconds
          • timestamp_ns
          • from_seconds
          • timestamp_s
          • histogram_fraction
          • median
          • median_exact
          • now
          • parse_duration
          • parse_isotime
          • parse_timestamp
          • percentile
          • percentile_cont
          • percentile_disc
          • query_end_time
          • query_start_time
          • rate
          • row_end_time
          • row_timestamp
          • row_start_time
          • stddev
          • sum
          • tdigest_agg
          • tdigest_quantile
          • timestamp_null
          • to_days
          • to_hours
          • to_milliseconds
          • to_minutes
          • to_nanoseconds
          • to_seconds
          • to_weeks
          • valid_for
        • OPAL Window Functions
          • any
          • any_not_null
          • array_union_agg
          • avg
          • count
          • count_distinct
          • count_distinct_exact
          • delta
          • delta_monotonic
          • dense_rank
          • deriv
          • ewma
          • first
          • first_not_null
          • hash_agg
          • hash_agg_distinct
          • lag
          • lag_not_null
          • last
          • last_not_null
          • lead
          • lead_not_null
          • max
          • median
          • median_exact
          • min
          • object_agg
          • percentile
          • percentile_cont
          • percentile_disc
          • rank
          • rate
          • row_number
          • stddev
          • sum
          • tdigest_agg
          • tdigest_combine
          • topk_agg
        • OPAL Deprecated Function Aliases
          • any_null
          • array_pivot
          • array_unpivot
          • countdistinct
          • countdistinctexact
          • decodebase64
          • denserank
          • encodebase64
          • endswith
          • groupby
          • ifnull
          • isnull
          • makeobject
          • match_regex_all
          • medianexact
          • milliseconds
          • nanoseconds
          • orderby
          • parsehex
          • parseip
          • parseisotime
          • parsejson
          • parsekvs
          • parseurl
          • percentilecont
          • percentiledisc
          • primarykey
          • queryendtime
          • querystarttime
          • regex_match
          • regex_replace
          • row_endtime
          • rownumber
          • seconds
          • startswith
          • strcat
          • string_concat
          • validfor
    • OPAL Functions By Category
      • OPAL Aggregate Functions
        • any
        • any_not_null
        • array_agg
        • array_agg_distinct
        • array_union_agg
        • avg
        • count
        • count_distinct
        • count_distinct_exact
        • delta
        • delta_monotonic
        • deriv
        • first
        • first_not_null
        • hash_agg
        • hash_agg_distinct
        • histogram_combine
        • last
        • last_not_null
        • max
        • median
        • median_exact
        • min
        • object_agg
        • otel_exponential_histogram_sum
        • otel_histogram_sum
        • percentile
        • percentile_cont
        • percentile_disc
        • prom_quantile
        • rate
        • stddev
        • string_agg
        • string_agg_distinct
        • sum
        • tdigest_agg
        • tdigest_combine
        • topk_agg
      • OPAL Boolean Functions
        • array_contains
        • arrays_overlap
        • bool
        • bool_null
        • contains
        • ends_with
        • eq
        • gt
        • gte
        • in
        • ipv4_address_in_network
        • is_null
        • like
        • lt
        • lte
        • match_regex
        • ne
        • path_exists
        • same
        • search
        • starts_with
      • OPAL Misc Functions
        • asc
        • coalesce
        • desc
        • exponential_histogram_null
        • float64
        • frame
        • frame_exact
        • frame_following
        • frame_preceding
        • hash
        • histogram_null
        • histogram_quantile
        • if
        • if_null
        • int64
        • m_exponential_histogram
        • m_histogram
        • m_tdigest
        • nullsfirst
        • nullslast
        • numeric_null
        • on
        • order_by
        • parse_hex
        • strlen
        • tdigest
        • tdigest_null
        • variant_null
      • OPAL Networking Functions
        • int64_to_ipv4
        • ipv4
        • ipv4_address_in_network
        • ipv4_network_int64
        • ipv4_to_int64
        • parse_ip
      • OPAL Numeric Functions
        • abs
        • arccos_deg
        • arccos_rad
        • arcsin_deg
        • arcsin_rad
        • arctan_deg
        • arctan_rad
        • avg
        • ceil
        • cos_deg
        • cos_rad
        • count
        • degrees
        • delta
        • delta_monotonic
        • dense_rank
        • deriv
        • ewma
        • exp
        • float64_null
        • floor
        • haversine_distance_km
        • int64_null
        • int_div
        • ln
        • log
        • median
        • median_exact
        • mod
        • percentile
        • percentile_cont
        • percentile_disc
        • pi
        • pow
        • prom_quantile
        • radians
        • rank
        • rate
        • round
        • row_number
        • sin_deg
        • sin_rad
        • sqrt
        • stddev
        • sum
        • tan_deg
        • tan_rad
        • uniform
        • width_bucket
        • zipf
      • OPAL Regex Functions
        • count_regex_matches
        • get_regex
        • get_regex_all
        • match_regex
        • regex
        • replace_regex
      • OPAL Semistructured Functions
        • append_item
        • array
        • array_agg
        • array_agg_distinct
        • array_contains
        • array_distinct
        • array_length
        • array_max
        • array_min
        • array_null
        • array_to_string
        • array_union_agg
        • arrays_overlap
        • concat_arrays
        • detect_browser
        • drop_fields
        • embed_sql_params
        • get_field
        • get_item
        • get_jmespath
        • get_regex_all
        • index_of_item
        • insert_item
        • intersect_arrays
        • m_object
        • make_array
        • make_array_range
        • make_fields
        • make_object
        • merge_objects
        • object
        • object_agg
        • object_keys
        • object_null
        • otel_exponential_histogram_quantile
        • otel_exponential_histogram_sum
        • otel_histogram_quantile
        • otel_histogram_sum
        • parse_csv
        • parse_ip
        • parse_json
        • parse_kvs
        • parse_url
        • path_exists
        • pick_fields
        • pivot_array
        • prepend_item
        • slice_array
        • sort_array
        • split
        • tokenize
        • topk_agg
        • unpivot_array
      • OPAL Special Functions
        • case
        • group_by
        • m
        • metric
        • options
        • primary_key
        • pk
        • tags
        • valid_for
        • window
      • OPAL String Functions
        • array_to_string
        • check_json
        • concat_strings
        • contains
        • decode_base64
        • decode_uri
        • decode_uri_component
        • detect_browser
        • editdistance
        • embed_sql_params
        • encode_base64
        • encode_uri
        • encode_uri_component
        • ends_with
        • format_time
        • get_regex
        • int64_to_ipv4
        • ipv4_address_in_network
        • label
        • left
        • like
        • lower
        • lpad
        • ltrim
        • parse_csv
        • parse_kvs
        • parse_timestamp
        • pivot_array
        • position
        • regex
        • replace
        • replace_regex
        • right
        • rpad
        • rtrim
        • sha2
        • split
        • split_part
        • starts_with
        • string
        • string_agg
        • string_agg_distinct
        • string_null
        • substring
        • tokenize
        • tokenize_part
        • trim
        • unpivot_array
        • upper
        • variant_type_name
      • OPAL Time Functions
        • abs
        • avg
        • bin_end_time
        • bin_size
        • bin_start_time
        • delta
        • delta_monotonic
        • deriv
        • duration
        • duration_hr
        • duration_min
        • duration_ms
        • duration_null
        • duration_sec
        • ewma
        • format_time
        • from_milliseconds
        • timestamp_ms
        • from_nanoseconds
        • timestamp_ns
        • from_seconds
        • timestamp_s
        • histogram_fraction
        • median
        • median_exact
        • now
        • parse_duration
        • parse_isotime
        • parse_timestamp
        • percentile
        • percentile_cont
        • percentile_disc
        • query_end_time
        • query_start_time
        • rate
        • row_end_time
        • row_timestamp
        • row_start_time
        • stddev
        • sum
        • tdigest_agg
        • tdigest_quantile
        • timestamp_null
        • to_days
        • to_hours
        • to_milliseconds
        • to_minutes
        • to_nanoseconds
        • to_seconds
        • to_weeks
        • valid_for
      • OPAL Window Functions
        • any
        • any_not_null
        • array_union_agg
        • avg
        • count
        • count_distinct
        • count_distinct_exact
        • delta
        • delta_monotonic
        • dense_rank
        • deriv
        • ewma
        • first
        • first_not_null
        • hash_agg
        • hash_agg_distinct
        • lag
        • lag_not_null
        • last
        • last_not_null
        • lead
        • lead_not_null
        • max
        • median
        • median_exact
        • min
        • object_agg
        • percentile
        • percentile_cont
        • percentile_disc
        • rank
        • rate
        • row_number
        • stddev
        • sum
        • tdigest_agg
        • tdigest_combine
        • topk_agg
      • OPAL Deprecated Function Aliases
        • any_null
        • array_pivot
        • array_unpivot
        • countdistinct
        • countdistinctexact
        • decodebase64
        • denserank
        • encodebase64
        • endswith
        • groupby
        • ifnull
        • isnull
        • makeobject
        • match_regex_all
        • medianexact
        • milliseconds
        • nanoseconds
        • orderby
        • parsehex
        • parseip
        • parseisotime
        • parsejson
        • parsekvs
        • parseurl
        • percentilecont
        • percentiledisc
        • primarykey
        • queryendtime
        • querystarttime
        • regex_match
        • regex_replace
        • row_endtime
        • rownumber
        • seconds
        • startswith
        • strcat
        • string_concat
        • validfor
    • OPAL Aggregate Functions
      • any
      • any_not_null
      • array_agg
      • array_agg_distinct
      • array_union_agg
      • avg
      • count
      • count_distinct
      • count_distinct_exact
      • delta
      • delta_monotonic
      • deriv
      • first
      • first_not_null
      • hash_agg
      • hash_agg_distinct
      • histogram_combine
      • last
      • last_not_null
      • max
      • median
      • median_exact
      • min
      • object_agg
      • otel_exponential_histogram_sum
      • otel_histogram_sum
      • percentile
      • percentile_cont
      • percentile_disc
      • prom_quantile
      • rate
      • stddev
      • string_agg
      • string_agg_distinct
      • sum
      • tdigest_agg
      • tdigest_combine
      • topk_agg
    • OPAL alignment functions
      • any
      • any_not_null
      • avg
      • count
      • count_distinct
      • count_distinct_exact
      • delta
      • delta_monotonic
      • deriv
      • first
      • first_not_null
      • last
      • last_not_null
      • max
      • median
      • median_exact
      • min
      • object_agg
      • percentile
      • percentile_cont
      • percentile_disc
      • prom_quantile
      • rate
      • stddev
      • sum
      • tdigest_agg
      • tdigest_combine
      • topk_agg
    • OPAL Boolean Functions
      • array_contains
      • arrays_overlap
      • bool
      • bool_null
      • contains
      • ends_with
      • eq
      • gt
      • gte
      • in
      • ipv4_address_in_network
      • is_null
      • like
      • lt
      • lte
      • match_regex
      • ne
      • path_exists
      • same
      • search
      • starts_with
    • OPAL case sensitivity
    • OPAL Numeric Functions
      • abs
      • arccos_deg
      • arccos_rad
      • arcsin_deg
      • arcsin_rad
      • arctan_deg
      • arctan_rad
      • avg
      • ceil
      • cos_deg
      • cos_rad
      • count
      • degrees
      • delta
      • delta_monotonic
      • dense_rank
      • deriv
      • ewma
      • exp
      • float64_null
      • floor
      • haversine_distance_km
      • int64_null
      • int_div
      • ln
      • log
      • median
      • median_exact
      • mod
      • percentile
      • percentile_cont
      • percentile_disc
      • pi
      • pow
      • prom_quantile
      • radians
      • rank
      • rate
      • round
      • row_number
      • sin_deg
      • sin_rad
      • sqrt
      • stddev
      • sum
      • tan_deg
      • tan_rad
      • uniform
      • width_bucket
      • zipf
    • OPAL Regex Functions
      • count_regex_matches
      • get_regex
      • get_regex_all
      • match_regex
      • regex
      • replace_regex
    • OPAL Semistructured Functions
      • append_item
      • array
      • array_agg
      • array_agg_distinct
      • array_contains
      • array_distinct
      • array_length
      • array_max
      • array_min
      • array_null
      • array_to_string
      • array_union_agg
      • arrays_overlap
      • concat_arrays
      • detect_browser
      • drop_fields
      • embed_sql_params
      • get_field
      • get_item
      • get_jmespath
      • get_regex_all
      • index_of_item
      • insert_item
      • intersect_arrays
      • m_object
      • make_array
      • make_array_range
      • make_fields
      • make_object
      • merge_objects
      • object
      • object_agg
      • object_keys
      • object_null
      • otel_exponential_histogram_quantile
      • otel_exponential_histogram_sum
      • otel_histogram_quantile
      • otel_histogram_sum
      • parse_csv
      • parse_ip
      • parse_json
      • parse_kvs
      • parse_url
      • path_exists
      • pick_fields
      • pivot_array
      • prepend_item
      • slice_array
      • sort_array
      • split
      • tokenize
      • topk_agg
      • unpivot_array
    • OPAL Special Functions
      • case
      • group_by
      • m
      • metric
      • options
      • primary_key
      • pk
      • tags
      • valid_for
      • window
    • OPAL Time Functions
      • abs
      • avg
      • bin_end_time
      • bin_size
      • bin_start_time
      • delta
      • delta_monotonic
      • deriv
      • duration
      • duration_hr
      • duration_min
      • duration_ms
      • duration_null
      • duration_sec
      • ewma
      • format_time
      • from_milliseconds
      • timestamp_ms
      • from_nanoseconds
      • timestamp_ns
      • from_seconds
      • timestamp_s
      • histogram_fraction
      • median
      • median_exact
      • now
      • parse_duration
      • parse_isotime
      • parse_timestamp
      • percentile
      • percentile_cont
      • percentile_disc
      • query_end_time
      • query_start_time
      • rate
      • row_end_time
      • row_timestamp
      • row_start_time
      • stddev
      • sum
      • tdigest_agg
      • tdigest_quantile
      • timestamp_null
      • to_days
      • to_hours
      • to_milliseconds
      • to_minutes
      • to_nanoseconds
      • to_seconds
      • to_weeks
      • valid_for
    • Parsing time strings in OPAL
    • OPAL Networking Functions
      • int64_to_ipv4
      • ipv4
      • ipv4_address_in_network
      • ipv4_network_int64
      • ipv4_to_int64
      • parse_ip
    • OPAL Window Functions
      • any
      • any_not_null
      • array_union_agg
      • avg
      • count
      • count_distinct
      • count_distinct_exact
      • delta
      • delta_monotonic
      • dense_rank
      • deriv
      • ewma
      • first
      • first_not_null
      • hash_agg
      • hash_agg_distinct
      • lag
      • lag_not_null
      • last
      • last_not_null
      • lead
      • lead_not_null
      • max
      • median
      • median_exact
      • min
      • object_agg
      • percentile
      • percentile_cont
      • percentile_disc
      • rank
      • rate
      • row_number
      • stddev
      • sum
      • tdigest_agg
      • tdigest_combine
      • topk_agg
    • OPAL Misc Functions
      • asc
      • coalesce
      • desc
      • exponential_histogram_null
      • float64
      • frame
      • frame_exact
      • frame_following
      • frame_preceding
      • hash
      • histogram_null
      • histogram_quantile
      • if
      • if_null
      • int64
      • m_exponential_histogram
      • m_histogram
      • m_tdigest
      • nullsfirst
      • nullslast
      • numeric_null
      • on
      • order_by
      • parse_hex
      • strlen
      • tdigest
      • tdigest_null
      • variant_null
    • OPAL Deprecated Function Aliases
      • any_null
      • array_pivot
      • array_unpivot
      • countdistinct
      • countdistinctexact
      • decodebase64
      • denserank
      • encodebase64
      • endswith
      • groupby
      • ifnull
      • isnull
      • makeobject
      • match_regex_all
      • medianexact
      • milliseconds
      • nanoseconds
      • orderby
      • parsehex
      • parseip
      • parseisotime
      • parsejson
      • parsekvs
      • parseurl
      • percentilecont
      • percentiledisc
      • primarykey
      • queryendtime
      • querystarttime
      • regex_match
      • regex_replace
      • row_endtime
      • rownumber
      • seconds
      • startswith
      • strcat
      • string_concat
      • validfor
    • All OPAL verbs
      • OPAL Verbs By Category
        • OPAL Aggregate Verbs
          • aggregate
          • align
          • dedup
          • distinct
          • fill
          • histogram
          • make_reference
          • make_session
          • merge_events
          • pivot
          • rollup
          • statsby
          • timechart
          • bucketize
          • timestats
          • unpivot
        • OPAL Filter Verbs
          • always
          • bottomk
          • ever
          • filter
          • filter_last
          • limit
          • never
          • topk
        • OPAL Join Verbs
          • exists
          • follow
          • follow_not
          • fulljoin
          • join
          • leftjoin
          • lookup
          • lookup_ip_info
          • not_exists
          • surrounding
          • union
          • update_resource
        • OPAL Metadata Verbs
          • add_key
          • drop_interface
          • interface
          • make_event
          • make_interval
          • make_metric
          • make_reference
          • make_resource
          • make_session
          • make_table
          • merge_events
          • set_col_enum
          • set_col_immutable
          • set_col_searchable
          • set_col_visible
          • set_label
          • set_link
          • set_metric
          • set_metric_metadata
          • set_primary_key
          • set_pk
          • set_timestamp
          • set_valid_from
          • set_valid_to
          • sort
          • timeshift
          • unset_all_links
          • unset_keys
          • unset_link
          • unsort
        • OPAL Metrics Verbs
          • aggregate
          • align
          • make_metric
          • rollup
          • set_metric
          • timeshift
        • OPAL Projection Verbs
          • drop_col
          • extract_regex
          • make_col
          • pick_col
          • rename_col
        • OPAL Semistructured Verbs
          • extract_regex
          • flatten
          • flatten_all
          • flatten_leaves
          • flatten_single
        • OPAL Deprecated Verb Aliases
          • addfk
          • addkey
          • addmetric
          • changelog
          • coldrop
          • colenum
          • colimmutable
          • colmake
          • colpick
          • colregex
          • colrename
          • colshow
          • droptime
          • fkdrop
          • flattenall
          • flattenleaves
          • flattensingle
          • makeresource
          • makesession
          • merge_event
          • mergeevent
          • reaggregate
          • setlabel
          • setpk
          • setvf
          • setvt
    • OPAL Verbs By Category
      • OPAL Aggregate Verbs
        • aggregate
        • align
        • dedup
        • distinct
        • fill
        • histogram
        • make_reference
        • make_session
        • merge_events
        • pivot
        • rollup
        • statsby
        • timechart
        • bucketize
        • timestats
        • unpivot
      • OPAL Filter Verbs
        • always
        • bottomk
        • ever
        • filter
        • filter_last
        • limit
        • never
        • topk
      • OPAL Join Verbs
        • exists
        • follow
        • follow_not
        • fulljoin
        • join
        • leftjoin
        • lookup
        • lookup_ip_info
        • not_exists
        • surrounding
        • union
        • update_resource
      • OPAL Metadata Verbs
        • add_key
        • drop_interface
        • interface
        • make_event
        • make_interval
        • make_metric
        • make_reference
        • make_resource
        • make_session
        • make_table
        • merge_events
        • set_col_enum
        • set_col_immutable
        • set_col_searchable
        • set_col_visible
        • set_label
        • set_link
        • set_metric
        • set_metric_metadata
        • set_primary_key
        • set_pk
        • set_timestamp
        • set_valid_from
        • set_valid_to
        • sort
        • timeshift
        • unset_all_links
        • unset_keys
        • unset_link
        • unsort
      • OPAL Metrics Verbs
        • aggregate
        • align
        • make_metric
        • rollup
        • set_metric
        • timeshift
      • OPAL Projection Verbs
        • drop_col
        • extract_regex
        • make_col
        • pick_col
        • rename_col
      • OPAL Semistructured Verbs
        • extract_regex
        • flatten
        • flatten_all
        • flatten_leaves
        • flatten_single
      • OPAL Deprecated Verb Aliases
        • addfk
        • addkey
        • addmetric
        • changelog
        • coldrop
        • colenum
        • colimmutable
        • colmake
        • colpick
        • colregex
        • colrename
        • colshow
        • droptime
        • fkdrop
        • flattenall
        • flattenleaves
        • flattensingle
        • makeresource
        • makesession
        • merge_event
        • mergeevent
        • reaggregate
        • setlabel
        • setpk
        • setvf
        • setvt
    • OPAL Aggregate Verbs
      • aggregate
      • align
      • dedup
      • distinct
      • fill
      • histogram
      • make_reference
      • make_session
      • merge_events
      • pivot
      • rollup
      • statsby
      • timechart
      • bucketize
      • timestats
      • unpivot
    • OPAL Filter Verbs
      • always
      • bottomk
      • ever
      • filter
      • filter_last
      • limit
      • never
      • topk
    • OPAL Join Verbs
      • exists
      • follow
      • follow_not
      • fulljoin
      • join
      • leftjoin
      • lookup
      • lookup_ip_info
      • not_exists
      • surrounding
      • union
      • update_resource
    • OPAL Metrics Verbs
      • aggregate
      • align
      • make_metric
      • rollup
      • set_metric
      • timeshift
    • OPAL Projection Verbs
      • drop_col
      • extract_regex
      • make_col
      • pick_col
      • rename_col
    • OPAL Semistructured Verbs
      • extract_regex
      • flatten
      • flatten_all
      • flatten_leaves
      • flatten_single
    • OPAL Metadata Verbs
      • add_key
      • drop_interface
      • interface
      • make_event
      • make_interval
      • make_metric
      • make_reference
      • make_resource
      • make_session
      • make_table
      • merge_events
      • set_col_enum
      • set_col_immutable
      • set_col_searchable
      • set_col_visible
      • set_label
      • set_link
      • set_metric
      • set_metric_metadata
      • set_primary_key
      • set_pk
      • set_timestamp
      • set_valid_from
      • set_valid_to
      • sort
      • timeshift
      • unset_all_links
      • unset_keys
      • unset_link
      • unsort
    • OPAL Deprecated Verb Aliases
      • addfk
      • addkey
      • addmetric
      • changelog
      • coldrop
      • colenum
      • colimmutable
      • colmake
      • colpick
      • colregex
      • colrename
      • colshow
      • droptime
      • fkdrop
      • flattenall
      • flattenleaves
      • flattensingle
      • makeresource
      • makesession
      • merge_event
      • mergeevent
      • reaggregate
      • setlabel
      • setpk
      • setvf
      • setvt
  • Observasaurus
    • Observasaurus: Accelerate
    • Observasaurus: Agents
    • Observasaurus: Channel
    • Observasaurus: Channel Action
    • Observasaurus: Collectors
    • Observasaurus: Console
    • Observasaurus: Dashboards
    • Observasaurus: Dataset Graph
    • Observasaurus: Datasets
    • Observasaurus: Datastreams
    • Observasaurus: Distributed Tracing
    • Observasaurus: Endpoints
    • Observasaurus: Explorers
    • Observasaurus: Freshness
    • Observasaurus: Link
    • Observasaurus: Logs
    • Observasaurus: Log Analytics
    • Observasaurus: Machine Data
    • Observasaurus: Metrics
    • Observasaurus: Metrics Analytics
    • Observasaurus: Metrics Tags
    • Observasaurus: Monitoring
    • Observasaurus: Monitors
    • Observasaurus: Observability
    • Observasaurus: OPAL
    • Observasaurus: Pollers
    • Observasaurus: Queries
    • Observasaurus: Resources
    • Observasaurus: Security Observability
    • Observasaurus: SIEM
    • Observasaurus: Spans
    • Observasaurus: Stages
    • Observasaurus: Streamable
    • Observasaurus: Telemetry
    • Observasaurus: Temporal SQL
    • Observasaurus: Time Series
    • Observasaurus: Tokens
    • Observasaurus: Traces
    • Observasaurus: Unstreamable
    • Observasaurus: Worksheets
  • Conditional formatting
  • Units of measurement
  • Keyboard shortcuts
  • Helpful hints
    • How do I use a formula?
    • What characters are allowed in a field name?
    • How should I aggregate data?
    • How do I make a standard deviation anomaly detection monitor?
    • How do I find average values over time?
    • How do I change a field type?
    • Can I change the name of an Observe instance?
    • How do I compare time ranges in OPAL?
    • How to create an array from existing columns?
    • How do I compute a cumulative count over any interval grouped by multiple fields?
    • What is my customer ID?
    • OPAL duration conversion
    • How do I filter by a list of terms?
    • How do I test for multiple values in a dashboard parameter?
    • Filter out unwanted data
    • How do I Find the size of a column?
    • Formatting large numbers for readability
    • Helpful hints
    • How many monitors are we using?
    • How many queries are we using?
    • How much ingest and transform are we using?
    • How do I measure drift in a metric over time?
    • How do I sort dates by time when they are sorted alphabetically?
    • How to sort digits numerically when they are sorted alphabetically?
    • How do I map fields to each other?
    • How do I pivot a dataset?
    • How do I measure drift in a resource over time?
    • How do I unpivot data?
    • How do I make a service appear in Service Explorer?
    • Can I use OPAL to rename a dataset?
    • How do I prevent lost columns?
    • What is best practice for OPAL field extraction?
    • What is best practice for case statements in OPAL?
    • What is the best practice for field naming in OPAL?
    • What is best practice for managing the schema interface between datasets?
    • What is the best practice for using durations in OPAL?
    • OPAL case sensitive filtering with contains
    • OPAL case sensitive filtering with equals
    • OPAL case sensitive filtering with match_regex
    • OPAL case sensitive filtering with tilde and regex
    • OPAL case sensitive filtering with tilde
    • How do I compare values in OPAL?
    • How do I extract the numeric parts of a message?
    • How do I extract parameters from a URL?
    • How should I rollup aggregated data?
    • How do I search by time?
    • How to set the type of a column?
    • How do I split a field?
    • How do I calculate a running standard deviation?
    • What is the system datastream?
    • OPAL timestamp conversion
    • How do I find a weighted average?
    • How do I use time window functions?
Back to top

Authentication and authorization¶

Allowing or restricting access to your Observe tenant and associated Observe content is very flexible. Observe supports SAML for SSO, and also provides user-specific API tokens for programmatic access to Observe.

  • Audit trail
  • Role-based access control (RBAC)
  • Local authentication policies
  • Single sign-on (SSO)
  • Observe API authentication
  • Observe API tokens
  • Service Accounts
Next
Audit trail
Previous
Drop filters
Copyright © 2017-2025 Observe, Inc.
Made with Furo

Have comments about the Observe docs?