Documentation
¶
Overview ¶
Package query provides the datatypes and functions for construction queries using the Axiom Processing Language (APL) and working with their results.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Entry ¶
type Entry struct {
// Time is the time the event occurred. Matches SysTime if not specified
// during ingestion.
Time time.Time `json:"_time"`
// SysTime is the time the event was recorded on the server.
SysTime time.Time `json:"_sysTime"`
// RowID is the unique ID of the event row.
RowID string `json:"_rowId"`
// Data contains the raw data of the event (with filters and aggregations
// applied).
Data map[string]any `json:"data"`
}
Entry is an event that matched a query and is thus part of the result set.
type EntryGroup ¶
type EntryGroup struct {
// ID is the unique the group.
ID uint64 `json:"id"`
// Group maps the fieldnames to the unique values for the entry.
Group map[string]any `json:"group"`
// Aggregations of the group.
Aggregations []EntryGroupAgg `json:"aggregations"`
}
EntryGroup is a group of queried event.
type EntryGroupAgg ¶
type EntryGroupAgg struct {
// Alias is the aggregations alias. If it wasn't specified at query time, it
// is the uppercased string representation of the aggregation operation.
Alias string `json:"op"`
// Value is the result value of the aggregation.
Value any `json:"value"`
}
EntryGroupAgg is an aggregation which is part of a group of queried events.
type Interval ¶
type Interval struct {
// StartTime of the interval.
StartTime time.Time `json:"startTime"`
// EndTime of the interval.
EndTime time.Time `json:"endTime"`
// Groups of the interval.
Groups []EntryGroup `json:"groups"`
}
Interval is the interval of queried time series.
type Message ¶
type Message struct {
// Priority of the message.
Priority MessagePriority `json:"priority"`
// Code of the message.
Code MessageCode `json:"code"`
// Count describes how often a message of this type was raised by the query.
Count uint `json:"count"`
// Text is a human readable text representation of the message.
Text string `json:"msg"`
}
Message is a message associated with a query result.
type MessageCode ¶
type MessageCode uint8
MessageCode represents the code of a message associated with a query.
const ( VirtualFieldFinalizeError MessageCode // virtual_field_finalize_error MissingColumn // missing_column LicenseLimitForQueryWarning // license_limit_for_query_warning DefaultLimitWarning // default_limit_warning )
All available message codes.
func (MessageCode) MarshalJSON ¶ added in v0.12.0
func (mc MessageCode) MarshalJSON() ([]byte, error)
MarshalJSON implements `json.Marshaler`. It is in place to marshal the MessageCode to its string representation because that's what the server expects.
func (MessageCode) String ¶
func (i MessageCode) String() string
func (*MessageCode) UnmarshalJSON ¶
func (mc *MessageCode) UnmarshalJSON(b []byte) (err error)
UnmarshalJSON implements `json.Unmarshaler`. It is in place to unmarshal the MessageCode from the string representation the server returns.
type MessagePriority ¶
type MessagePriority uint8
MessagePriority represents the priority of a message associated with a query.
const ( Trace MessagePriority // trace Debug // debug Info // info Warn // warn Error // error Fatal // fatal )
All available message priorities.
func (MessagePriority) MarshalJSON ¶ added in v0.12.0
func (mp MessagePriority) MarshalJSON() ([]byte, error)
MarshalJSON implements `json.Marshaler`. It is in place to marshal the MessagePriority to its string representation because that's what the server expects.
func (MessagePriority) String ¶
func (i MessagePriority) String() string
func (*MessagePriority) UnmarshalJSON ¶
func (mp *MessagePriority) UnmarshalJSON(b []byte) (err error)
UnmarshalJSON implements `json.Unmarshaler`. It is in place to unmarshal the MessagePriority from the string representation the server returns.
type Option ¶ added in v0.13.0
type Option func(*Options)
An Option applies an optional parameter to a query.
func SetEndTime ¶ added in v0.13.0
SetEndTime specifies the queries end time.
func SetStartTime ¶ added in v0.13.0
SetStartTime specifies the queries start time.
type Options ¶
type Options struct {
// StartTime of the query.
StartTime time.Time `url:"-"`
// EndTime of the query.
EndTime time.Time `url:"-"`
}
Options specifies the optional parameters for a query.
type Result ¶
type Result struct {
// Status of the query result.
Status Status `json:"status"`
// Matches are the events that matched the query.
Matches []Entry `json:"matches"`
// Buckets are the time series buckets.
Buckets Timeseries `json:"buckets"`
// SavedQueryID is the ID of the query that generated this result when it
// was saved on the server. This is only set when the query was sent with
// the `SaveKind` option specified.
SavedQueryID string `json:"-"`
}
Result is the result of an APL query.
type Status ¶
type Status struct {
// ElapsedTime is the duration it took the query to execute.
ElapsedTime time.Duration `json:"elapsedTime"`
// BlocksExamined is the amount of blocks that have been examined by the
// query.
BlocksExamined uint64 `json:"blocksExamined"`
// RowsExamined is the amount of rows that have been examined by the query.
RowsExamined uint64 `json:"rowsExamined"`
// RowsMatched is the amount of rows that matched the query.
RowsMatched uint64 `json:"rowsMatched"`
// NumGroups is the amount of groups returned by the query.
NumGroups uint32 `json:"numGroups"`
// IsPartial describes if the query result is a partial result.
IsPartial bool `json:"isPartial"`
// ContinuationToken is populated when IsPartial is true and must be passed
// to the next query request to retrieve the next result set.
ContinuationToken string `json:"continuationToken"`
// IsEstimate describes if the query result is estimated.
IsEstimate bool `json:"isEstimate"`
// MinBlockTime is the timestamp of the oldest block examined.
MinBlockTime time.Time `json:"minBlockTime"`
// MaxBlockTime is the timestamp of the newest block examined.
MaxBlockTime time.Time `json:"maxBlockTime"`
// Messages associated with the query.
Messages []Message `json:"messages"`
// MinCursor is the id of the oldest row, as seen server side. May be lower
// than what the results include if the server scanned more data than
// included in the results. Can be used to efficiently resume time-sorted
// non-aggregating queries (i.e. filtering only).
MinCursor string `json:"minCursor"`
// MaxCursor is the id of the newest row, as seen server side. May be higher
// than what the results include if the server scanned more data than
// included in the results. Can be used to efficiently resume time-sorted
// non-aggregating queries (i.e. filtering only).
MaxCursor string `json:"maxCursor"`
}
Status is the status of a query result.
func (Status) MarshalJSON ¶
MarshalJSON implements `json.Marshaler`. It is in place to marshal the ElapsedTime into its microsecond representation because that's what the server expects.
func (*Status) UnmarshalJSON ¶
UnmarshalJSON implements `json.Unmarshaler`. It is in place to unmarshal the ElapsedTime into a proper time.Duration value because the server returns it in microseconds.
type Timeseries ¶
type Timeseries struct {
// Series are the intervals that build a time series.
Series []Interval `json:"series"`
// Totals of the time series.
Totals []EntryGroup `json:"totals"`
}
Timeseries are queried time series.
Source Files