QueryNode
The query node defines a source and a schedule for processing batch data. Data is queried from InfluxDB, computed by the query node, and then passed into the data pipeline.
Example:
batch
|query('''
SELECT mean("value")
FROM "telegraf"."default".cpu_usage_idle
WHERE "host" = 'serverA'
''')
.period(1m)
.every(20s)
.groupBy(time(10s), 'cpu')
...
In the example above, InfluxDB is queried every 20 seconds; the window of time returned spans 1 minute and is grouped into 10 second buckets.
To use InfluxQL advanced syntax for functions in the query node, you must express part of the InfluxQL query in the TICKScript. Advanced syntax computes the nested aggregation over time buckets, and then applies the outer aggregate on the results.
For example, the following InfluxQL script, which calculates the non-negative difference of the 10-second mean of cpu usage for every cpu, isn’t valid for the query node:
SELECT non_negative_difference(mean("value"))
FROM "telegraf"."default"."cpu_usage_idle"
WHERE "host" = 'serverA'
GROUP BY time(10s), "cpu"
...
To calculate the result above for the query node, you must specify grouping and the outer aggregate using TICKScript:
batch
|query('''
SELECT mean("value")
FROM "telegraf"."default".cpu_usage_idle
WHERE "host" = 'serverA'
''')
.period(1m)
.every(1m)
.groupBy(time(10s), 'cpu')
| difference('max_usage')
| where(lambda: "difference" >= 0)
...
Constructor
| Chaining Method | Description |
|---|---|
query ( q string) |
The query to execute. Must not contain a time condition in the WHERE clause or contain a GROUP BY clause. The time conditions are added dynamically according to the period, offset and schedule. The GROUP BY clause is added dynamically according to the dimensions passed to the groupBy method. |
Property Methods
| Setters | Description |
|---|---|
| align ( ) | Align start and stop times for queries with even boundaries of the QueryNode.Every property. Does not apply if using the QueryNode.Cron property. |
| alignGroup ( ) | Align the group by time intervals with the start time of the query |
cluster ( value string) |
The name of a configured InfluxDB cluster. If empty the default cluster will be used. |
cron ( value string) |
Define a schedule using a cron syntax. |
every ( value time.Duration) |
How often to query InfluxDB. |
fill ( value interface{}) |
Fill the data. Options are: |
groupBy ( d ...interface{}) |
Group the data by a set of dimensions. Can specify one time dimension. |
| groupByMeasurement ( ) | If set will include the measurement name in the group ID. Along with any other group by dimensions. |
offset ( value time.Duration) |
How far back in time to query from the current time |
period ( value time.Duration) |
The period or length of time that will be queried from InfluxDB |
| quiet ( ) | Suppress all error logging events from this node. |
Chaining Methods
Alert, Barrier, Bottom, ChangeDetect, Combine, Count, CumulativeSum, Deadman, Default, Delete, Derivative, Difference, Distinct, Ec2Autoscale, Elapsed, Eval, First, Flatten, HoltWinters, HoltWintersWithFit, HttpOut, HttpPost, InfluxDBOut, Join, K8sAutoscale, KapacitorLoopback, Last, Log, Max, Mean, Median, Min, Mode, MovingAverage, Percentile, Sample, Shift, Sideload, Spread, StateCount, StateDuration, Stats, Stddev, Sum, SwarmAutoscale, Top, Trickle, Union, Where, Window
Properties
Property methods modify state on the calling node.
They do not add another node to the pipeline, and always return a reference to the calling node.
Property methods are marked using the . operator.
Align
Align start and stop times for queries with even boundaries of the QueryNode.Every property. Does not apply if using the QueryNode.Cron property.
query.align()
AlignGroup
Align the group by time intervals with the start time of the query
query.alignGroup()
Cluster
The name of a configured InfluxDB cluster. If empty the default cluster will be used.
query.cluster(value string)
Cron
Define a schedule using a cron syntax.
The specific cron implementation is documented here: https://github.com/gorhill/cronexpr#implementation
The Cron property is mutually exclusive with the Every property.
query.cron(value string)
Every
How often to query InfluxDB.
The Every property is mutually exclusive with the Cron property.
query.every(value time.Duration)
Fill
Fill the data. Options are:
- Any numerical value
- null - exhibits the same behavior as the default
- previous - reports the value of the previous window
- none - suppresses timestamps and values where the value is null
- linear - reports the results of linear interpolation
query.fill(value interface{})
GroupBy
Group the data by a set of dimensions. Can specify one time dimension.
This property adds a GROUP BY clause to the query
so all the normal behaviors when querying InfluxDB with a GROUP BY apply.
Use group by time when your period is longer than your group by time interval.
Example:
batch
|query(...)
.period(1m)
.every(1m)
.groupBy(time(10s), 'tag1', 'tag2'))
.align()
A group by time offset is also possible.
Example:
batch
|query(...)
.period(1m)
.every(1m)
.groupBy(time(10s, -5s), 'tag1', 'tag2'))
.align()
.offset(5s)
It is recommended to use QueryNode.Align and QueryNode.Offset in conjunction with group by time dimensions so that the time bounds match up with the group by intervals. To automatically align the group by intervals to the start of the query time, use QueryNode.AlignGroup. This is useful in more complex situations, such as when the groupBy time period is longer than the query frequency.
Example:
batch
|query(...)
.period(5m)
.every(30s)
.groupBy(time(1m), 'tag1', 'tag2')
.align()
.alignGroup()
For the above example, without QueryNode.AlignGroup, every other query issued by Kapacitor (at :30 past the minute) will align to :00 seconds instead of the desired :30 seconds, which would create 6 group by intervals instead of 5, the first and last of which would only have 30 seconds of data instead of a full minute. If the group by time offset (i.e. time(t, offset)) is used in conjunction with QueryNode.AlignGroup, the alignment will occur first, and will be offset the specified amount after.
NOTE: Since QueryNode.Offset is inherently a negative property the second “offset” argument to the “time” function is negative to match.
query.groupBy(d ...interface{})
GroupByMeasurement
If set will include the measurement name in the group ID. Along with any other group by dimensions.
Example:
batch
|query('SELECT sum("value") FROM "telegraf"."autogen"./process_.*/')
.groupByMeasurement()
.groupBy('host')
The above example selects data from several measurements matching `/process_.*/ and then each point is grouped by the host tag and measurement name. Thus keeping measurements in their own groups.
query.groupByMeasurement()
Offset
How far back in time to query from the current time
For example an Offset of 2 hours and an Every of 5m, Kapacitor will query InfluxDB every 5 minutes for the window of data 2 hours ago.
This applies to Cron schedules as well. If the cron specifies to run every Sunday at 1 AM and the Offset is 1 hour. Then at 1 AM on Sunday the data from 12 AM will be queried.
query.offset(value time.Duration)
Period
The period or length of time that will be queried from InfluxDB
query.period(value time.Duration)
Quiet
Suppress all error logging events from this node.
query.quiet()
Chaining Methods
Chaining methods create a new node in the pipeline as a child of the calling node.
They do not modify the calling node.
Chaining methods are marked using the | operator.
Alert
Create an alert node, which can trigger alerts.
query|alert()
Returns: AlertNode
Barrier
Create a new Barrier node that emits a BarrierMessage periodically.
One BarrierMessage will be emitted every period duration.
query|barrier()
Returns: BarrierNode
Bottom
Select the bottom num points for field and sort by any extra tags or fields.
query|bottom(num int64, field string, fieldsAndTags ...string)
Returns: InfluxQLNode
ChangeDetect
Create a new node that only emits new points if different from the previous point.
query|changeDetect(field string)
Returns: ChangeDetectNode
Combine
Combine this node with itself. The data is combined on timestamp.
query|combine(expressions ...ast.LambdaNode)
Returns: CombineNode
Count
Count the number of points.
query|count(field string)
Returns: InfluxQLNode
CumulativeSum
Compute a cumulative sum of each point that is received. A point is emitted for every point collected.
query|cumulativeSum(field string)
Returns: InfluxQLNode
Deadman
Helper function for creating an alert on low throughput, a.k.a. deadman’s switch.
- Threshold: trigger alert if throughput drops below threshold in points/interval.
- Interval: how often to check the throughput.
- Expressions: optional list of expressions to also evaluate. Useful for time of day alerting.
Example:
var data = batch
|query()...
// Trigger critical alert if the throughput drops below 100 points per 10s and checked every 10s.
data
|deadman(100.0, 10s)
//Do normal processing of data
data...
The above is equivalent to this example:
var data = batch
|query()...
// Trigger critical alert if the throughput drops below 100 points per 10s and checked every 10s.
data
|stats(10s)
.align()
|derivative('emitted')
.unit(10s)
.nonNegative()
|alert()
.id('node \'stream0\' in task \'{{ .TaskName }}\'')
.message('{{ .ID }} is {{ if eq .Level "OK" }}alive{{ else }}dead{{ end }}: {{ index .Fields "emitted" | printf "%0.3f" }} points/10s.')
.crit(lambda: "emitted" <= 100.0)
//Do normal processing of data
data...
The id and message alert properties can be configured globally via the ‘deadman’ configuration section.
Since the AlertNode is the last piece it can be further modified as usual. Example:
var data = batch
|query()...
// Trigger critical alert if the throughput drops below 100 points per 10s and checked every 10s.
data
|deadman(100.0, 10s)
.slack()
.channel('#dead_tasks')
//Do normal processing of data
data...
You can specify additional lambda expressions to further constrain when the deadman’s switch is triggered. Example:
var data = batch
|query()...
// Trigger critical alert if the throughput drops below 100 points per 10s and checked every 10s.
// Only trigger the alert if the time of day is between 8am-5pm.
data
|deadman(100.0, 10s, lambda: hour("time") >= 8 AND hour("time") <= 17)
//Do normal processing of data
data...
query|deadman(threshold float64, interval time.Duration, expr ...ast.LambdaNode)
Returns: AlertNode
Default
Create a node that can set defaults for missing tags or fields.
query|default()
Returns: DefaultNode
Delete
Create a node that can delete tags or fields.
query|delete()
Returns: DeleteNode
Derivative
Create a new node that computes the derivative of adjacent points.
query|derivative(field string)
Returns: DerivativeNode
Difference
Compute the difference between points independent of elapsed time.
query|difference(field string)
Returns: InfluxQLNode
Distinct
Produce batch of only the distinct points.
query|distinct(field string)
Returns: InfluxQLNode
Ec2Autoscale
Create a node that can trigger autoscale events for a ec2 autoscalegroup.
query|ec2Autoscale()
Returns: Ec2AutoscaleNode
Elapsed
Compute the elapsed time between points.
query|elapsed(field string, unit time.Duration)
Returns: InfluxQLNode
Eval
Create an eval node that will evaluate the given transformation function to each data point. A list of expressions may be provided and will be evaluated in the order they are given. The results are available to later expressions.
query|eval(expressions ...ast.LambdaNode)
Returns: EvalNode
First
Select the first point.
query|first(field string)
Returns: InfluxQLNode
Flatten
Flatten points with similar times into a single point.
query|flatten()
Returns: FlattenNode
HoltWinters
Compute the Holt-Winters (/influxdb/v1/query_language/functions/#holt-winters) forecast of a data set.
query|holtWinters(field string, h int64, m int64, interval time.Duration)
Returns: InfluxQLNode
HoltWintersWithFit
Compute the Holt-Winters (/influxdb/v1/query_language/functions/#holt-winters) forecast of a data set. This method also outputs all the points used to fit the data in addition to the forecasted data.
query|holtWintersWithFit(field string, h int64, m int64, interval time.Duration)
Returns: InfluxQLNode
HttpOut
Create an HTTP output node that caches the most recent data it has received.
The cached data is available at the given endpoint.
The endpoint is the relative path from the API endpoint of the running task.
For example, if the task endpoint is at /kapacitor/v1/tasks/<task_id> and endpoint is
top10, then the data can be requested from /kapacitor/v1/tasks/<task_id>/top10.
query|httpOut(endpoint string)
Returns: HTTPOutNode
HttpPost
Creates an HTTP Post node that POSTS received data to the provided HTTP endpoint. HttpPost expects 0 or 1 arguments. If 0 arguments are provided, you must specify an endpoint property method.
query|httpPost(url ...string)
Returns: HTTPPostNode
InfluxDBOut
Create an influxdb output node that will store the incoming data into InfluxDB.
query|influxDBOut()
Returns: InfluxDBOutNode
Join
Join this node with other nodes. The data is joined on timestamp.
query|join(others ...Node)
Returns: JoinNode
K8sAutoscale
Create a node that can trigger autoscale events for a kubernetes cluster.
query|k8sAutoscale()
Returns: K8sAutoscaleNode
KapacitorLoopback
Create an kapacitor loopback node that will send data back into Kapacitor as a stream.
query|kapacitorLoopback()
Returns: KapacitorLoopbackNode
Last
Select the last point.
query|last(field string)
Returns: InfluxQLNode
Log
Create a node that logs all data it receives.
query|log()
Returns: LogNode
Max
Select the maximum point.
query|max(field string)
Returns: InfluxQLNode
Mean
Compute the mean of the data.
query|mean(field string)
Returns: InfluxQLNode
Median
Compute the median of the data.
Note: This method is not a selector. If you want the median point, use
.percentile(field, 50.0).
query|median(field string)
Returns: InfluxQLNode
Min
Select the minimum point.
query|min(field string)
Returns: InfluxQLNode
Mode
Compute the mode of the data.
query|mode(field string)
Returns: InfluxQLNode
MovingAverage
Compute a moving average of the last window points. No points are emitted until the window is full.
query|movingAverage(field string, window int64)
Returns: InfluxQLNode
Percentile
Select a point at the given percentile. This is a selector function, no interpolation between points is performed.
query|percentile(field string, percentile float64)
Returns: InfluxQLNode
Sample
Create a new node that samples the incoming points or batches.
One point will be emitted every count or duration specified.
query|sample(rate interface{})
Returns: SampleNode
Shift
Create a new node that shifts the incoming points or batches in time.
query|shift(shift time.Duration)
Returns: ShiftNode
Sideload
Create a node that can load data from external sources.
query|sideload()
Returns: SideloadNode
Spread
Compute the difference between min and max points.
query|spread(field string)
Returns: InfluxQLNode
StateCount
Create a node that tracks number of consecutive points in a given state.
query|stateCount(expression ast.LambdaNode)
Returns: StateCountNode
StateDuration
Create a node that tracks duration in a given state.
query|stateDuration(expression ast.LambdaNode)
Returns: StateDurationNode
Stats
Create a new stream of data that contains the internal statistics of the node. The interval represents how often to emit the statistics based on real time. This means the interval time is independent of the times of the data points the source node is receiving.
query|stats(interval time.Duration)
Returns: StatsNode
Stddev
Compute the standard deviation.
query|stddev(field string)
Returns: InfluxQLNode
Sum
Compute the sum of all values.
query|sum(field string)
Returns: InfluxQLNode
SwarmAutoscale
Create a node that can trigger autoscale events for a Docker swarm cluster.
query|swarmAutoscale()
Returns: SwarmAutoscaleNode
Top
Select the top num points for field and sort by any extra tags or fields.
query|top(num int64, field string, fieldsAndTags ...string)
Returns: InfluxQLNode
Trickle
Create a new node that converts batch data to stream data.
query|trickle()
Returns: TrickleNode
Union
Perform the union of this node and all other given nodes.
query|union(node ...Node)
Returns: UnionNode
Where
Create a new node that filters the data stream by a given expression.
query|where(expression ast.LambdaNode)
Returns: WhereNode
Window
Create a new node that windows the stream by time.
NOTE: Window can only be applied to stream edges.
query|window()
Returns: WindowNode
Was this page helpful?
Thank you for your feedback!
Support and feedback
Thank you for being part of our community! We welcome and encourage your feedback and bug reports for Kapacitor and this documentation. To find support, use the following resources: