By Steef-Jan Wiggers and Azure Sentinel News
MQL provides developers and operators with powerful metric querying, analysis, charting, and alerting capabilities. They can use the language for use cases such as troubleshooting purposes, root cause analysis, reporting and analytics, and complex alert logic.
Google built MQL using operations and functions. Using the ‘pipe’ idiom, operations are connected together, where one operation’s output becomes the input to the next – and by linking, users can build up complex queries incrementally. In the same way, users can compose and chain commands and data via pipes on the Linux command line – allowing them to fetch metrics and apply operations using MQL. Users can use MQL to:
- Create ratio-based charts and alerts
- Perform time-shift analysis
- Apply mathematical, logical, table operations, and other functions to metrics
- Fetch, join, and aggregate over multiple metrics
- Select by arbitrary, rather than predefined, percentile values
- Create new labels to aggregate data by using arbitrary string manipulations, including regular expressions
Developers and operators can access the MQL Query Editor through the Cloud Monitoring Metrics Explorer. Next, they can create a query in the Metrics Explorer UI and subsequently, by clicking the Query Editor button, see the query converted to an MQL query.
fetch https_lb_rule::loadbalancing.googleapis.com/https/request_count | group_by [matched_url_path_rule], sum(if(response_code_class = 500, val(), 0)) / sum(val())
Another recent feature is that a query can also be used as an alert policy by navigating to Alerting – a developer or operator can create an alert policy by clicking ‘Add Condition’ and again see the same query editor as in the Metrics Explorer. For a threshold alert, for instance, a developer or operator can use the condition operation.
fetch https_lb_rule::loadbalancing.googleapis.com/https/request_count | group_by [matched_url_path_rule], sum(if(response_code_class = 500, val(), 0)) / sum(val()) | condition val() > .50 '10^2.%'
imilarly, other public cloud providers, such as Microsoft, provide a query language called Kusto Query Language (KQL) for developers and operators. With KQL, they can query Azure Monitor logs. Furthermore, AWS also has a proprietary query language for its CloudWatch monitoring service. All these proprietary languages follow the ‘pipe’ idiom and use operations and functions.
In the blog post, Rory Petty, cloud monitoring product manager, wrote: