Datadog Logs

Aggregate events

This action aggregates events into buckets and computes metrics and timeseries.

Inputs

Expand All

Field

Type

Description

compute

[object]

The list of metrics or timeseries to compute for the retrieved buckets.

aggregation [required]

enum

default: count

metric

string

The metric to use.

interval

string

The time buckets' size, only used for type=timeseries. Defaults to a resolution of 150 points.

type

enum

The type of compute. Allowed enum values: timeseries,total

default: total

filter

object

The search and filter query settings.

from

string

The minimum time for the requested logs, supports date math and regular timestamps (milliseconds).

default: now-15m

indexes

[string]

For customers with multiple indexes, the indexes to search.

default: *

query

string

The search query, following the log search syntax.

default: *

storage_tier

enum

Specifies storage type as indexes or online-archives. Allowed enum values: indexes,online-archives

default: indexes

to

string

The maximum time for the requested logs, supports date math and regular timestamps (milliseconds).

default: now

group_by

[object]

The rules for the group by.

facet [required]

string

The name of the facet to use.

histogram

object

Used to perform a histogram computation (only for measure facets). The number of buckets is (max - min)/interval, with max = 100.

interval [required]

number

The bin size of the histogram buckets, only for measure facets.

max [required]

number

The maximum value for the measure used in the histogram (values greater than this one are filtered out), only for measure facets.

min [required]

number

The minimum value for the measure used in the histogram (values smaller than this one are filtered out), only for measure facets.

limit

number

The maximum buckets to return for this group by. At most can be 10000. If grouping by multiple facets, the product of limits must not exceed 10000.

default: 10

missing

string,number

The value to use for logs that don't have the facet used to group by.

sort

object

A sort rule.

aggregation

enum

default: count

metric

string

The metric to sort by, only used for type=measure.

order

enum

The order to use, ascending or descending. Allowed enum values: asc,desc

type

enum

The type of sorting algorithm. Allowed enum values: alphabetical,measure

default: alphabetical

total

boolean,string,number

A resulting object to put the given computes in over all the matching records. If set to true, creates an additional bucket labeled "$facet_total". If set to string or number, used as a key for the total bucket.

options

object

Global query options that are used during the query. Use either timezone or time offset, but not both (fails otherwise).

timeOffset

number

The time offset (in seconds) to apply to the query.

timezone

string

The timezone can be specified as GMT, UTC, an offset from UTC (like UTC+1), or as a Timezone Database identifier (like America/New_York). Defaults to UTC.

default: UTC

page

object

Paging settings. Page cursor is the returned paging point to use to get the next results, at most 1000 results can be paged.

cursor

string

The returned paging point to use to get the next results.

Outputs

Expand All

Field

Type

Description

meta [required]

object

The metadata associated with a request

elapsed [required]

number

The time elapsed in milliseconds.

page

object

Paging attributes.

after [required]

string

The cursor to use to get the next results, if any. To make the next request, use the same parameters with the addition of the page[cursor].

request_id [required]

string

The identifier of the request.

status [required]

enum

The status of the respons Allowed enum values: done,timeout

warnings

object

A list of warnings (non fatal errors) encountered. Partial results might be returned if warnings are present in the response.

code

string

detail

string

title

string

data [required]

object

The query results

buckets [required]

[object]

The list of matching buckets, one item per bucket

by [required]

object

The key, value pairs for each group by

computes

object

A map of the metric name -> value for regular compute or list of values for a timeseries