count_over_time_of_ip required_capability: ts_command_v0 TS k8s | STATS ip = min(count_over_time(client.ip)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; ip:long | cluster:keyword | time_bucket:datetime 4 | prod | 2024-05-10T00:00:00.000Z 11 | qa | 2024-05-10T00:00:00.000Z 6 | staging | 2024-05-10T00:00:00.000Z 9 | prod | 2024-05-10T00:10:00.000Z 11 | qa | 2024-05-10T00:10:00.000Z 5 | staging | 2024-05-10T00:10:00.000Z 1 | prod | 2024-05-10T00:20:00.000Z 1 | qa | 2024-05-10T00:20:00.000Z 2 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_ip_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m ip=(min by (cluster) (count_over_time(client.ip[10m]))) | SORT step, cluster | LIMIT 10; ip:double | step:datetime | cluster:keyword 4.0 | 2024-05-10T00:00:00.000Z | prod 11.0 | 2024-05-10T00:00:00.000Z | qa 6.0 | 2024-05-10T00:00:00.000Z | staging 9.0 | 2024-05-10T00:10:00.000Z | prod 11.0 | 2024-05-10T00:10:00.000Z | qa 5.0 | 2024-05-10T00:10:00.000Z | staging 1.0 | 2024-05-10T00:20:00.000Z | prod 1.0 | 2024-05-10T00:20:00.000Z | qa 2.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_long required_capability: ts_command_v0 TS k8s | STATS bytes_in = sum(count_over_time(network.bytes_in)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT bytes_in DESC, cluster, time_bucket | LIMIT 10; bytes_in:long | cluster:keyword | time_bucket:datetime 39 | qa | 2024-05-10T00:10:00.000Z 37 | qa | 2024-05-10T00:00:00.000Z 31 | prod | 2024-05-10T00:10:00.000Z 24 | staging | 2024-05-10T00:00:00.000Z 23 | prod | 2024-05-10T00:00:00.000Z 23 | staging | 2024-05-10T00:10:00.000Z 10 | staging | 2024-05-10T00:20:00.000Z 7 | prod | 2024-05-10T00:20:00.000Z 6 | qa | 2024-05-10T00:20:00.000Z ; count_over_time_of_long_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m bytes_in=(sum by (cluster) (count_over_time(network.bytes_in[10m]))) | SORT bytes_in DESC, cluster, step | LIMIT 10; bytes_in:double | step:datetime | cluster:keyword 39.0 | 2024-05-10T00:10:00.000Z | qa 37.0 | 2024-05-10T00:00:00.000Z | qa 31.0 | 2024-05-10T00:10:00.000Z | prod 24.0 | 2024-05-10T00:00:00.000Z | staging 23.0 | 2024-05-10T00:00:00.000Z | prod 23.0 | 2024-05-10T00:10:00.000Z | staging 10.0 | 2024-05-10T00:20:00.000Z | staging 7.0 | 2024-05-10T00:20:00.000Z | prod 6.0 | 2024-05-10T00:20:00.000Z | qa ; count_over_time_with_window required_capability: ts_command_v0 required_capability: time_series_window_v1 TS k8s | STATS bytes_in = sum(count_over_time(network.bytes_in, 10 minute)) BY cluster, time_bucket = tbucket(2minute) | SORT time_bucket, cluster | LIMIT 20; bytes_in:long | cluster:keyword | time_bucket:datetime 23 | prod | 2024-05-10T00:00:00.000Z 37 | qa | 2024-05-10T00:00:00.000Z 24 | staging | 2024-05-10T00:00:00.000Z 21 | prod | 2024-05-10T00:02:00.000Z 43 | qa | 2024-05-10T00:02:00.000Z 24 | staging | 2024-05-10T00:02:00.000Z 22 | prod | 2024-05-10T00:04:00.000Z 42 | qa | 2024-05-10T00:04:00.000Z 25 | staging | 2024-05-10T00:04:00.000Z 25 | prod | 2024-05-10T00:06:00.000Z 41 | qa | 2024-05-10T00:06:00.000Z 30 | staging | 2024-05-10T00:06:00.000Z 32 | prod | 2024-05-10T00:08:00.000Z 41 | qa | 2024-05-10T00:08:00.000Z 30 | staging | 2024-05-10T00:08:00.000Z 31 | prod | 2024-05-10T00:10:00.000Z 39 | qa | 2024-05-10T00:10:00.000Z 23 | staging | 2024-05-10T00:10:00.000Z 33 | prod | 2024-05-10T00:12:00.000Z 35 | qa | 2024-05-10T00:12:00.000Z ; count_over_time_with_window_promql required_capability: promql_command_v0 required_capability: time_series_window_v1 PROMQL index=k8s step=2m bytes_in=(sum by (cluster) (count_over_time(network.bytes_in[10m]))) | SORT step, cluster | LIMIT 20; bytes_in:double | step:datetime | cluster:keyword 23.0 | 2024-05-10T00:00:00.000Z | prod 37.0 | 2024-05-10T00:00:00.000Z | qa 24.0 | 2024-05-10T00:00:00.000Z | staging 21.0 | 2024-05-10T00:02:00.000Z | prod 43.0 | 2024-05-10T00:02:00.000Z | qa 24.0 | 2024-05-10T00:02:00.000Z | staging 22.0 | 2024-05-10T00:04:00.000Z | prod 42.0 | 2024-05-10T00:04:00.000Z | qa 25.0 | 2024-05-10T00:04:00.000Z | staging 25.0 | 2024-05-10T00:06:00.000Z | prod 41.0 | 2024-05-10T00:06:00.000Z | qa 30.0 | 2024-05-10T00:06:00.000Z | staging 32.0 | 2024-05-10T00:08:00.000Z | prod 41.0 | 2024-05-10T00:08:00.000Z | qa 30.0 | 2024-05-10T00:08:00.000Z | staging 31.0 | 2024-05-10T00:10:00.000Z | prod 39.0 | 2024-05-10T00:10:00.000Z | qa 23.0 | 2024-05-10T00:10:00.000Z | staging 33.0 | 2024-05-10T00:12:00.000Z | prod 35.0 | 2024-05-10T00:12:00.000Z | qa ; count_over_time_of_boolean required_capability: ts_command_v0 TS k8s | STATS eth0_up = min(count_over_time(network.eth0.up)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; eth0_up:long | cluster:keyword | time_bucket:datetime 4 | prod | 2024-05-10T00:00:00.000Z 11 | qa | 2024-05-10T00:00:00.000Z 6 | staging | 2024-05-10T00:00:00.000Z 9 | prod | 2024-05-10T00:10:00.000Z 11 | qa | 2024-05-10T00:10:00.000Z 5 | staging | 2024-05-10T00:10:00.000Z 1 | prod | 2024-05-10T00:20:00.000Z 1 | qa | 2024-05-10T00:20:00.000Z 2 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_boolean_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m eth0_up=(min by (cluster) (count_over_time(network.eth0.up[10m]))) | SORT step, cluster | LIMIT 10; eth0_up:double | step:datetime | cluster:keyword 4.0 | 2024-05-10T00:00:00.000Z | prod 11.0 | 2024-05-10T00:00:00.000Z | qa 6.0 | 2024-05-10T00:00:00.000Z | staging 9.0 | 2024-05-10T00:10:00.000Z | prod 11.0 | 2024-05-10T00:10:00.000Z | qa 5.0 | 2024-05-10T00:10:00.000Z | staging 1.0 | 2024-05-10T00:20:00.000Z | prod 1.0 | 2024-05-10T00:20:00.000Z | qa 2.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_date_nanos required_capability: ts_command_v0 TS datenanos-k8s | STATS last_up = max(count_over_time(network.eth0.last_up)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; last_up:long | cluster:keyword | time_bucket:date_nanos 10 | prod | 2024-05-10T00:00:00.000Z 14 | qa | 2024-05-10T00:00:00.000Z 10 | staging | 2024-05-10T00:00:00.000Z 11 | prod | 2024-05-10T00:10:00.000Z 14 | qa | 2024-05-10T00:10:00.000Z 11 | staging | 2024-05-10T00:10:00.000Z 3 | prod | 2024-05-10T00:20:00.000Z 3 | qa | 2024-05-10T00:20:00.000Z 5 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_date_nanos_promql required_capability: promql_command_v0 required_capability: promql_date_nanos_support_v0 PROMQL index=datenanos-k8s step=10m last_up=(max by (cluster) (count_over_time(network.eth0.last_up[10m]))) | SORT step, cluster | LIMIT 10; last_up:double | step:date_nanos | cluster:keyword 10.0 | 2024-05-10T00:00:00.000Z | prod 14.0 | 2024-05-10T00:00:00.000Z | qa 10.0 | 2024-05-10T00:00:00.000Z | staging 11.0 | 2024-05-10T00:10:00.000Z | prod 14.0 | 2024-05-10T00:10:00.000Z | qa 11.0 | 2024-05-10T00:10:00.000Z | staging 3.0 | 2024-05-10T00:20:00.000Z | prod 3.0 | 2024-05-10T00:20:00.000Z | qa 5.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_date required_capability: ts_command_v0 TS k8s | STATS last_up = max(count_over_time(to_datetime(network.eth0.last_up))) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; last_up:long | cluster:keyword | time_bucket:datetime 10 | prod | 2024-05-10T00:00:00.000Z 14 | qa | 2024-05-10T00:00:00.000Z 10 | staging | 2024-05-10T00:00:00.000Z 11 | prod | 2024-05-10T00:10:00.000Z 14 | qa | 2024-05-10T00:10:00.000Z 11 | staging | 2024-05-10T00:10:00.000Z 3 | prod | 2024-05-10T00:20:00.000Z 3 | qa | 2024-05-10T00:20:00.000Z 5 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_date_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m last_up=(max by (cluster) (count_over_time(network.eth0.last_up[10m]))) | SORT step, cluster | LIMIT 10; last_up:double | step:datetime | cluster:keyword 10.0 | 2024-05-10T00:00:00.000Z | prod 14.0 | 2024-05-10T00:00:00.000Z | qa 10.0 | 2024-05-10T00:00:00.000Z | staging 11.0 | 2024-05-10T00:10:00.000Z | prod 14.0 | 2024-05-10T00:10:00.000Z | qa 11.0 | 2024-05-10T00:10:00.000Z | staging 3.0 | 2024-05-10T00:20:00.000Z | prod 3.0 | 2024-05-10T00:20:00.000Z | qa 5.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_version required_capability: ts_command_v0 TS k8s | STATS version = max(count_over_time(network.eth0.firmware_version)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; version:long | cluster:keyword | time_bucket:datetime 10 | prod | 2024-05-10T00:00:00.000Z 14 | qa | 2024-05-10T00:00:00.000Z 10 | staging | 2024-05-10T00:00:00.000Z 11 | prod | 2024-05-10T00:10:00.000Z 14 | qa | 2024-05-10T00:10:00.000Z 11 | staging | 2024-05-10T00:10:00.000Z 3 | prod | 2024-05-10T00:20:00.000Z 3 | qa | 2024-05-10T00:20:00.000Z 5 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_version_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m version=(max by (cluster) (count_over_time(network.eth0.firmware_version[10m]))) | SORT step, cluster | LIMIT 10; version:double | step:datetime | cluster:keyword 10.0 | 2024-05-10T00:00:00.000Z | prod 14.0 | 2024-05-10T00:00:00.000Z | qa 10.0 | 2024-05-10T00:00:00.000Z | staging 11.0 | 2024-05-10T00:10:00.000Z | prod 14.0 | 2024-05-10T00:10:00.000Z | qa 11.0 | 2024-05-10T00:10:00.000Z | staging 3.0 | 2024-05-10T00:20:00.000Z | prod 3.0 | 2024-05-10T00:20:00.000Z | qa 5.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_integer required_capability: ts_command_v0 TS k8s | STATS clients = avg(count_over_time(network.eth0.currently_connected_clients)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; clients:double | cluster:keyword | time_bucket:datetime 7.666666666666667 | prod | 2024-05-10T00:00:00.000Z 12.333333333333334 | qa | 2024-05-10T00:00:00.000Z 8.0 | staging | 2024-05-10T00:00:00.000Z 10.333333333333334 | prod | 2024-05-10T00:10:00.000Z 13.0 | qa | 2024-05-10T00:10:00.000Z 7.666666666666667 | staging | 2024-05-10T00:10:00.000Z 2.3333333333333335 | prod | 2024-05-10T00:20:00.000Z 2.0 | qa | 2024-05-10T00:20:00.000Z 3.3333333333333335 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_integer_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m clients=(avg by (cluster) (count_over_time(network.eth0.currently_connected_clients[10m]))) | SORT step, cluster | LIMIT 10; clients:double | step:datetime | cluster:keyword 7.666666666666667 | 2024-05-10T00:00:00.000Z | prod 12.333333333333334 | 2024-05-10T00:00:00.000Z | qa 8.0 | 2024-05-10T00:00:00.000Z | staging 10.333333333333334 | 2024-05-10T00:10:00.000Z | prod 13.0 | 2024-05-10T00:10:00.000Z | qa 7.666666666666667 | 2024-05-10T00:10:00.000Z | staging 2.3333333333333335 | 2024-05-10T00:20:00.000Z | prod 2.0 | 2024-05-10T00:20:00.000Z | qa 3.3333333333333335 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_text required_capability: ts_command_v0 TS k8s | STATS event_log = max(count_over_time(event_log)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT event_log, cluster, time_bucket | LIMIT 10; event_log:long | cluster:keyword | time_bucket:datetime 3 | prod | 2024-05-10T00:20:00.000Z 3 | qa | 2024-05-10T00:20:00.000Z 5 | staging | 2024-05-10T00:20:00.000Z 10 | prod | 2024-05-10T00:00:00.000Z 10 | prod | 2024-05-10T00:10:00.000Z 10 | staging | 2024-05-10T00:00:00.000Z 11 | staging | 2024-05-10T00:10:00.000Z 13 | qa | 2024-05-10T00:00:00.000Z 14 | qa | 2024-05-10T00:10:00.000Z ; count_over_time_of_text_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m event_log=(max by (cluster) (count_over_time(event_log[10m]))) | SORT event_log, cluster, step | LIMIT 10; event_log:double | step:datetime | cluster:keyword 3.0 | 2024-05-10T00:20:00.000Z | prod 3.0 | 2024-05-10T00:20:00.000Z | qa 5.0 | 2024-05-10T00:20:00.000Z | staging 10.0 | 2024-05-10T00:00:00.000Z | prod 10.0 | 2024-05-10T00:10:00.000Z | prod 10.0 | 2024-05-10T00:00:00.000Z | staging 11.0 | 2024-05-10T00:10:00.000Z | staging 13.0 | 2024-05-10T00:00:00.000Z | qa 14.0 | 2024-05-10T00:10:00.000Z | qa ; count_over_time_of_keyword required_capability: ts_command_v0 TS k8s | STATS pod = min(count_over_time(network.eth0.up)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; pod:long | cluster:keyword | time_bucket:datetime 4 | prod | 2024-05-10T00:00:00.000Z 11 | qa | 2024-05-10T00:00:00.000Z 6 | staging | 2024-05-10T00:00:00.000Z 9 | prod | 2024-05-10T00:10:00.000Z 11 | qa | 2024-05-10T00:10:00.000Z 5 | staging | 2024-05-10T00:10:00.000Z 1 | prod | 2024-05-10T00:20:00.000Z 1 | qa | 2024-05-10T00:20:00.000Z 2 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_keyword_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m pod=(min by (cluster) (count_over_time(network.eth0.up[10m]))) | SORT step, cluster | LIMIT 10; pod:double | step:datetime | cluster:keyword 4.0 | 2024-05-10T00:00:00.000Z | prod 11.0 | 2024-05-10T00:00:00.000Z | qa 6.0 | 2024-05-10T00:00:00.000Z | staging 9.0 | 2024-05-10T00:10:00.000Z | prod 11.0 | 2024-05-10T00:10:00.000Z | qa 5.0 | 2024-05-10T00:10:00.000Z | staging 1.0 | 2024-05-10T00:20:00.000Z | prod 1.0 | 2024-05-10T00:20:00.000Z | qa 2.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_aggregate_metric_double required_capability: ts_command_v0 required_capability: aggregate_metric_double_v0 TS k8s-downsampled | STATS tx = sum(count_over_time(network.eth0.tx)) BY cluster, time_bucket = bucket(@timestamp, 10minute) | SORT time_bucket, cluster | LIMIT 10; tx:long | cluster:keyword | time_bucket:datetime 26 | prod | 2024-05-09T23:30:00.000Z 16 | qa | 2024-05-09T23:30:00.000Z 22 | staging | 2024-05-09T23:30:00.000Z 14 | prod | 2024-05-09T23:40:00.000Z 20 | qa | 2024-05-09T23:40:00.000Z 16 | staging | 2024-05-09T23:40:00.000Z 20 | prod | 2024-05-09T23:50:00.000Z 25 | qa | 2024-05-09T23:50:00.000Z 19 | staging | 2024-05-09T23:50:00.000Z ; count_over_time_of_aggregate_metric_double_promql required_capability: promql_command_v0 required_capability: aggregate_metric_double_v0 PROMQL index=k8s-downsampled step=10m tx=(sum by (cluster) (count_over_time(network.eth0.tx[10m]))) | SORT step, cluster | LIMIT 10; tx:double | step:datetime | cluster:keyword 26.0 | 2024-05-09T23:30:00.000Z | prod 16.0 | 2024-05-09T23:30:00.000Z | qa 22.0 | 2024-05-09T23:30:00.000Z | staging 14.0 | 2024-05-09T23:40:00.000Z | prod 20.0 | 2024-05-09T23:40:00.000Z | qa 16.0 | 2024-05-09T23:40:00.000Z | staging 20.0 | 2024-05-09T23:50:00.000Z | prod 25.0 | 2024-05-09T23:50:00.000Z | qa 19.0 | 2024-05-09T23:50:00.000Z | staging ; count_over_time_of_geopoint required_capability: ts_command_v0 TS k8s | STATS min = min(count_over_time(event_city)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; min:long | cluster:keyword | time_bucket:datetime 4 | prod | 2024-05-10T00:00:00.000Z 11 | qa | 2024-05-10T00:00:00.000Z 6 | staging | 2024-05-10T00:00:00.000Z 9 | prod | 2024-05-10T00:10:00.000Z 11 | qa | 2024-05-10T00:10:00.000Z 5 | staging | 2024-05-10T00:10:00.000Z 1 | prod | 2024-05-10T00:20:00.000Z 1 | qa | 2024-05-10T00:20:00.000Z 2 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_geopoint_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m min=(min by (cluster) (count_over_time(event_city[10m]))) | SORT step, cluster | LIMIT 10; min:double | step:datetime | cluster:keyword 4.0 | 2024-05-10T00:00:00.000Z | prod 11.0 | 2024-05-10T00:00:00.000Z | qa 6.0 | 2024-05-10T00:00:00.000Z | staging 9.0 | 2024-05-10T00:10:00.000Z | prod 11.0 | 2024-05-10T00:10:00.000Z | qa 5.0 | 2024-05-10T00:10:00.000Z | staging 1.0 | 2024-05-10T00:20:00.000Z | prod 1.0 | 2024-05-10T00:20:00.000Z | qa 2.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_geoshape required_capability: ts_command_v0 TS k8s | STATS min = min(count_over_time(event_city_boundary)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; min:long | cluster:keyword | time_bucket:datetime 4 | prod | 2024-05-10T00:00:00.000Z 11 | qa | 2024-05-10T00:00:00.000Z 6 | staging | 2024-05-10T00:00:00.000Z 9 | prod | 2024-05-10T00:10:00.000Z 11 | qa | 2024-05-10T00:10:00.000Z 5 | staging | 2024-05-10T00:10:00.000Z 1 | prod | 2024-05-10T00:20:00.000Z 1 | qa | 2024-05-10T00:20:00.000Z 2 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_geoshape_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m min=(min by (cluster) (count_over_time(event_city_boundary[10m]))) | SORT step, cluster | LIMIT 10; min:double | step:datetime | cluster:keyword 4.0 | 2024-05-10T00:00:00.000Z | prod 11.0 | 2024-05-10T00:00:00.000Z | qa 6.0 | 2024-05-10T00:00:00.000Z | staging 9.0 | 2024-05-10T00:10:00.000Z | prod 11.0 | 2024-05-10T00:10:00.000Z | qa 5.0 | 2024-05-10T00:10:00.000Z | staging 1.0 | 2024-05-10T00:20:00.000Z | prod 1.0 | 2024-05-10T00:20:00.000Z | qa 2.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_shape required_capability: ts_command_v0 TS k8s | STATS min = min(count_over_time(event_shape)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; min:long | cluster:keyword | time_bucket:datetime 4 | prod | 2024-05-10T00:00:00.000Z 11 | qa | 2024-05-10T00:00:00.000Z 6 | staging | 2024-05-10T00:00:00.000Z 9 | prod | 2024-05-10T00:10:00.000Z 11 | qa | 2024-05-10T00:10:00.000Z 5 | staging | 2024-05-10T00:10:00.000Z 1 | prod | 2024-05-10T00:20:00.000Z 1 | qa | 2024-05-10T00:20:00.000Z 2 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_shape_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m min=(min by (cluster) (count_over_time(event_shape[10m]))) | SORT step, cluster | LIMIT 10; min:double | step:datetime | cluster:keyword 4.0 | 2024-05-10T00:00:00.000Z | prod 11.0 | 2024-05-10T00:00:00.000Z | qa 6.0 | 2024-05-10T00:00:00.000Z | staging 9.0 | 2024-05-10T00:10:00.000Z | prod 11.0 | 2024-05-10T00:10:00.000Z | qa 5.0 | 2024-05-10T00:10:00.000Z | staging 1.0 | 2024-05-10T00:20:00.000Z | prod 1.0 | 2024-05-10T00:20:00.000Z | qa 2.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_of_point required_capability: ts_command_v0 TS k8s | STATS min = min(count_over_time(event_location)) BY cluster, time_bucket = bucket(@timestamp,10minute) | SORT time_bucket, cluster | LIMIT 10; min:long | cluster:keyword | time_bucket:datetime 4 | prod | 2024-05-10T00:00:00.000Z 11 | qa | 2024-05-10T00:00:00.000Z 6 | staging | 2024-05-10T00:00:00.000Z 9 | prod | 2024-05-10T00:10:00.000Z 11 | qa | 2024-05-10T00:10:00.000Z 5 | staging | 2024-05-10T00:10:00.000Z 1 | prod | 2024-05-10T00:20:00.000Z 1 | qa | 2024-05-10T00:20:00.000Z 2 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_of_point_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m min=(min by (cluster) (count_over_time(event_location[10m]))) | SORT step, cluster | LIMIT 10; min:double | step:datetime | cluster:keyword 4.0 | 2024-05-10T00:00:00.000Z | prod 11.0 | 2024-05-10T00:00:00.000Z | qa 6.0 | 2024-05-10T00:00:00.000Z | staging 9.0 | 2024-05-10T00:10:00.000Z | prod 11.0 | 2024-05-10T00:10:00.000Z | qa 5.0 | 2024-05-10T00:10:00.000Z | staging 1.0 | 2024-05-10T00:20:00.000Z | prod 1.0 | 2024-05-10T00:20:00.000Z | qa 2.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_with_filtering required_capability: ts_command_v0 TS k8s | WHERE pod != "three" | STATS tx = sum(count_over_time(network.bytes_in)) BY cluster, time_bucket = bucket(@timestamp, 10minute) | SORT time_bucket, cluster | LIMIT 10; tx:long | cluster:keyword | time_bucket:datetime 13 | prod | 2024-05-10T00:00:00.000Z 26 | qa | 2024-05-10T00:00:00.000Z 16 | staging | 2024-05-10T00:00:00.000Z 20 | prod | 2024-05-10T00:10:00.000Z 28 | qa | 2024-05-10T00:10:00.000Z 12 | staging | 2024-05-10T00:10:00.000Z 6 | prod | 2024-05-10T00:20:00.000Z 4 | qa | 2024-05-10T00:20:00.000Z 5 | staging | 2024-05-10T00:20:00.000Z ; count_over_time_with_filtering_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m tx=(sum by (cluster) (count_over_time(network.bytes_in{pod!="three"}[10m]))) | SORT step, cluster | LIMIT 10; tx:double | step:datetime | cluster:keyword 13.0 | 2024-05-10T00:00:00.000Z | prod 26.0 | 2024-05-10T00:00:00.000Z | qa 16.0 | 2024-05-10T00:00:00.000Z | staging 20.0 | 2024-05-10T00:10:00.000Z | prod 28.0 | 2024-05-10T00:10:00.000Z | qa 12.0 | 2024-05-10T00:10:00.000Z | staging 6.0 | 2024-05-10T00:20:00.000Z | prod 4.0 | 2024-05-10T00:20:00.000Z | qa 5.0 | 2024-05-10T00:20:00.000Z | staging ; count_over_time_older_than_10d required_capability: ts_command_v0 required_capability: aggregate_metric_double_v0 TS k8s-downsampled | WHERE cluster == "qa" AND @timestamp < now() - 10 day | STATS cost = avg(count_over_time(network.eth0.rx)) BY pod, time_bucket = bucket(@timestamp, 10minute) | SORT time_bucket, pod | LIMIT 5; cost:double | pod:keyword | time_bucket:datetime 9.0 | one | 2024-05-09T23:30:00.000Z 1.0 | three | 2024-05-09T23:30:00.000Z 9.0 | two | 2024-05-09T23:30:00.000Z 10.0 | one | 2024-05-09T23:40:00.000Z 10.0 | three | 2024-05-09T23:40:00.000Z ; eval_on_count_over_time required_capability: ts_command_v0 TS k8s | STATS bytes = sum(count_over_time(network.bytes_in)) BY pod, time_bucket = bucket(@timestamp, 10minute) | EVAL kb = to_double(bytes) / 1000.0 | LIMIT 10 | SORT time_bucket, pod; bytes:long | pod:keyword | time_bucket:datetime | kb:double 27 | one | 2024-05-10T00:00:00.000Z | 0.027 29 | three | 2024-05-10T00:00:00.000Z | 0.029 28 | two | 2024-05-10T00:00:00.000Z | 0.028 30 | one | 2024-05-10T00:10:00.000Z | 0.03 33 | three | 2024-05-10T00:10:00.000Z | 0.033 30 | two | 2024-05-10T00:10:00.000Z | 0.03 8 | one | 2024-05-10T00:20:00.000Z | 0.008 8 | three | 2024-05-10T00:20:00.000Z | 0.008 7 | two | 2024-05-10T00:20:00.000Z | 0.007 ; eval_on_count_over_time_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m bytes=(sum by (pod) (count_over_time(network.bytes_in[10m]))) | EVAL kb = bytes / 1000.0 | SORT step, pod | LIMIT 10; bytes:double | step:datetime | pod:keyword | kb:double 27.0 | 2024-05-10T00:00:00.000Z | one | 0.027 29.0 | 2024-05-10T00:00:00.000Z | three | 0.029 28.0 | 2024-05-10T00:00:00.000Z | two | 0.028 30.0 | 2024-05-10T00:10:00.000Z | one | 0.03 33.0 | 2024-05-10T00:10:00.000Z | three | 0.033 30.0 | 2024-05-10T00:10:00.000Z | two | 0.03 8.0 | 2024-05-10T00:20:00.000Z | one | 0.008 8.0 | 2024-05-10T00:20:00.000Z | three | 0.008 7.0 | 2024-05-10T00:20:00.000Z | two | 0.007 ; count_over_time_multi_values required_capability: ts_command_v0 TS k8s | WHERE @timestamp < "2024-05-10T00:10:00.000Z" | STATS events = avg(count_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 1minute) | SORT events, pod, time_bucket | LIMIT 10; events:double | pod:keyword | time_bucket:datetime 1.0 | one | 2024-05-10T00:01:00.000Z 1.0 | one | 2024-05-10T00:04:00.000Z 1.0 | three | 2024-05-10T00:01:00.000Z 1.0 | three | 2024-05-10T00:02:00.000Z 1.0 | two | 2024-05-10T00:00:00.000Z 1.0 | two | 2024-05-10T00:01:00.000Z 1.0 | two | 2024-05-10T00:07:00.000Z 1.5 | one | 2024-05-10T00:03:00.000Z 1.5 | three | 2024-05-10T00:00:00.000Z 1.5 | three | 2024-05-10T00:05:00.000Z ; count_over_time_multi_values_promql required_capability: promql_command_v0 PROMQL index=k8s step=1m start="2024-05-10T00:00:00.000Z" end="2024-05-10T00:09:00.000Z" events=(avg by (pod) (count_over_time(events_received[1m]))) | SORT events, pod, step | LIMIT 10; events:double | step:datetime | pod:keyword 1.0 | 2024-05-10T00:01:00.000Z | one 1.0 | 2024-05-10T00:04:00.000Z | one 1.0 | 2024-05-10T00:01:00.000Z | three 1.0 | 2024-05-10T00:02:00.000Z | three 1.0 | 2024-05-10T00:00:00.000Z | two 1.0 | 2024-05-10T00:01:00.000Z | two 1.0 | 2024-05-10T00:07:00.000Z | two 1.5 | 2024-05-10T00:03:00.000Z | one 1.5 | 2024-05-10T00:00:00.000Z | three 1.5 | 2024-05-10T00:05:00.000Z | three ; count_over_time_null_values required_capability: ts_command_v0 TS k8s | WHERE @timestamp > "2024-05-10T00:10:00.000Z" and @timestamp < "2024-05-10T00:15:00.000Z" | STATS events = sum(count_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 1minute) | SORT events NULLS FIRST, pod, time_bucket | LIMIT 10; events:long | pod:keyword | time_bucket:datetime 0 | one | 2024-05-10T00:12:00.000Z 0 | two | 2024-05-10T00:13:00.000Z 1 | one | 2024-05-10T00:11:00.000Z 1 | three | 2024-05-10T00:11:00.000Z 1 | two | 2024-05-10T00:10:00.000Z 1 | two | 2024-05-10T00:11:00.000Z 2 | one | 2024-05-10T00:10:00.000Z 2 | one | 2024-05-10T00:14:00.000Z 2 | three | 2024-05-10T00:14:00.000Z 2 | two | 2024-05-10T00:14:00.000Z ; count_over_time_null_values_promql required_capability: promql_command_v0 PROMQL index=k8s step=1m start="2024-05-10T00:10:00.000Z" end="2024-05-10T00:14:00.000Z" events=(sum by (pod) (count_over_time(events_received[1m]))) | SORT events, pod, step | LIMIT 10; events:double | step:datetime | pod:keyword 0.0 | 2024-05-10T00:12:00.000Z | one 0.0 | 2024-05-10T00:13:00.000Z | two 1.0 | 2024-05-10T00:11:00.000Z | one 1.0 | 2024-05-10T00:11:00.000Z | three 1.0 | 2024-05-10T00:10:00.000Z | two 1.0 | 2024-05-10T00:11:00.000Z | two 2.0 | 2024-05-10T00:10:00.000Z | one 3.0 | 2024-05-10T00:13:00.000Z | one 3.0 | 2024-05-10T00:12:00.000Z | three 3.0 | 2024-05-10T00:13:00.000Z | three ; count_over_time_all_value_types required_capability: ts_command_v0 TS k8s | STATS events = sum(count_over_time(events_received)) by pod, time_bucket = bucket(@timestamp, 10minute) | SORT events NULLS FIRST, pod, time_bucket | LIMIT 10 ; events:long | pod:keyword | time_bucket:datetime 4 | one | 2024-05-10T00:20:00.000Z 13 | three | 2024-05-10T00:20:00.000Z 13 | two | 2024-05-10T00:20:00.000Z 23 | one | 2024-05-10T00:10:00.000Z 30 | three | 2024-05-10T00:10:00.000Z 34 | two | 2024-05-10T00:10:00.000Z 53 | one | 2024-05-10T00:00:00.000Z 53 | three | 2024-05-10T00:00:00.000Z 53 | two | 2024-05-10T00:00:00.000Z ; count_over_time_all_value_types_promql required_capability: promql_command_v0 PROMQL index=k8s step=10m events=(sum by (pod) (count_over_time(events_received[10m]))) | SORT events, pod, step | LIMIT 10; events:double | step:datetime | pod:keyword 4.0 | 2024-05-10T00:20:00.000Z | one 13.0 | 2024-05-10T00:20:00.000Z | three 13.0 | 2024-05-10T00:20:00.000Z | two 23.0 | 2024-05-10T00:10:00.000Z | one 30.0 | 2024-05-10T00:10:00.000Z | three 34.0 | 2024-05-10T00:10:00.000Z | two 53.0 | 2024-05-10T00:00:00.000Z | one 53.0 | 2024-05-10T00:00:00.000Z | three 53.0 | 2024-05-10T00:00:00.000Z | two ; count_over_time_aggregate_metric_double_implicit_casting required_capability: ts_command_v0 required_capability: aggregate_metric_double_v0 TS k8s* | STATS bytes = sum(count_over_time(network.eth0.rx)) by pod, time_bucket = bucket(@timestamp, 10minute) | SORT bytes, pod, time_bucket | LIMIT 10 ; bytes:long | pod:keyword | time_bucket:datetime 7 | two | 2024-05-10T00:20:00.000Z 8 | one | 2024-05-10T00:20:00.000Z 8 | three | 2024-05-10T00:20:00.000Z 8 | two | 2024-05-09T23:40:00.000Z 10 | three | 2024-05-09T23:30:00.000Z 11 | one | 2024-05-09T23:50:00.000Z 12 | two | 2024-05-09T23:30:00.000Z 15 | three | 2024-05-09T23:40:00.000Z 19 | two | 2024-05-09T23:50:00.000Z 20 | one | 2024-05-09T23:40:00.000Z ; # Awaits fix: https://github.com/elastic/metrics-program/issues/302 count_over_time_aggregate_metric_double_implicit_casting_promql-Ignore required_capability: promql_command_v0 required_capability: aggregate_metric_double_v0 PROMQL index=k8s* step=10m bytes=(sum by (pod) (count_over_time(network.eth0.rx[10m]))) | SORT bytes, pod, step | LIMIT 10; bytes:double | step:datetime | pod:keyword 7.0 | 2024-05-10T00:20:00.000Z | two 8.0 | 2024-05-10T00:20:00.000Z | one 8.0 | 2024-05-10T00:20:00.000Z | three 8.0 | 2024-05-09T23:40:00.000Z | two 10.0 | 2024-05-09T23:30:00.000Z | three 11.0 | 2024-05-09T23:50:00.000Z | one 12.0 | 2024-05-09T23:30:00.000Z | two 15.0 | 2024-05-09T23:40:00.000Z | three 19.0 | 2024-05-09T23:50:00.000Z | two 20.0 | 2024-05-09T23:40:00.000Z | one ;