sum
Sum aggregation operator. There are two variants of the :sum operator.
Aggregation¶
Input Stack:
|
⇨ | Output Stack:
|
Compute the sum of all the time series that match the query. Sum is the default aggregate function used if a query is specified with no explicit aggregate function.
Parameters¶
- query: A query expression that selects the time series to aggregate
Examples¶
Example with implicit sum (:sum is applied automatically):
name,ssCpuUser,:eq
Equivalent example with explicit sum:
name,ssCpuUser,:eq, :sum
When matching against the sample data in the table below, the highlighted time series would be included in the aggregate result:
| Name | nf.app | nf.node | Data |
|---|---|---|---|
| ssCpuUser | alerttest | i-0123 | [1.0, 2.0, NaN] |
| ssCpuSystem | alerttest | i-0123 | [3.0, 4.0, 5.0] |
| ssCpuUser | nccp | i-0abc | [8.0, 7.0, 6.0] |
| ssCpuSystem | nccp | i-0abc | [6.0, 7.0, 8.0] |
| numRequests | nccp | i-0abc | [1.0, 2.0, 4.0] |
| ssCpuUser | api | i-0456 | [1.0, 2.0, 2.0] |
The values from the corresponding intervals will be aggregated. For the first interval using
the sample data above the values are 1.0, 8.0, and 1.0. Each value other than NaN
contributes one to the sum. This leads to a final result of:
| Name | Data |
|---|---|
| ssCpuUser | [10.0, 11.0, 8.0] |
The only tags for the aggregated result are those that are matched exactly (:eq clause) as part of the choosing criteria or are included in a group by.
Math¶
Input Stack:
|
⇨ | Output Stack:
|
Compute the sum of all the time series from the input expression. This variant is typically used when you need to apply a different aggregation function for grouping first, then sum the results.
Parameters¶
- expr: A time series expression that may contain multiple series to sum
Examples¶
First group by cluster using max aggregation, then sum all the groups:
| Before | After |
 |  |
name,sps,:eq, :max, (,nf.cluster,),:by | name,sps,:eq, :max, (,nf.cluster,),:by, :sum |