Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Querying Prometheus with Flux

Avatar for Paul Dix Paul Dix
August 09, 2018
Technology
1
910

Querying Prometheus with Flux

Talk given at PromCon 2018 where I introduce Flux (#fluxlang) and show how it can be used to query Prometheus servers.
Avatar for Paul Dix

Paul Dix

August 09, 2018
Tweet

More Decks by Paul Dix

See All by Paul Dix
InfluxDB IOx Project Update - 2021-02-10
Avatar for Paul Dix pauldix
0
230
InfluxDB IOx data lifecycle and object store persistence
Avatar for Paul Dix pauldix
1
620
InfluxDB 2.0 and Flux
Avatar for Paul Dix pauldix
1
720
Flux and InfluxDB 2.0
Avatar for Paul Dix pauldix
1
1.3k
Flux (#fluxlang): a new (time series) data scripting language
Avatar for Paul Dix pauldix
7
5.2k
At Scale, Everything is Hard
Avatar for Paul Dix pauldix
2
710
IFQL and the future of InfluxData
Avatar for Paul Dix pauldix
2
1.4k
Time series & monitoring with InfluxDB and the TICK stack
Avatar for Paul Dix pauldix
0
460
InfluxDB + Prometheus
Avatar for Paul Dix pauldix
2
3.2k

Other Decks in Technology

See All in Technology
Delegating the chores of authenticating users to Keycloak
Avatar for Alexander Schwartz ahus1
0
130
「良さそう」と「とても良い」の間には 「良さそうだがホンマか」がたくさんある / 2025.07.01 LLM品質Night
Avatar for Shumpei Miyawaki smiyawaki0820
1
430
急成長を支える基盤作り〜地道な改善からコツコツと〜 #cre_meetup
Avatar for すてにゃん stefafafan
0
150
CI/CD/IaC 久々に0から環境を作ったらこうなりました
Avatar for Kaz Watanabe kaz29
1
200
5min GuardDuty Extended Threat Detection EKS
Avatar for takakuni takakuni
0
180
2025-06-26_Lightning_Talk_for_Lightning_Talks
Avatar for hashimo2 _hashimo2
2
110
ハッカソン by 生成AIハッカソンvol.05
Avatar for 1ft-seabass 1ftseabass
PRO
0
120
mrubyと micro-ROSが繋ぐロボットの世界
Avatar for Katsuhiko Kageyama kishima
2
380
KubeCon + CloudNativeCon Japan 2025 Recap Opening & Choose Your Own Adventureシリーズまとめ
Avatar for mm-matsuda mmmatsuda
0
230
2025-06-26 GitHub CopilotとAI駆動開発:実践と導入のリアル
Avatar for 河内崇 fl_kawachi
1
240
Tokyo_reInforce_2025_recap_iam_access_analyzer
Avatar for h-ashisan hiashisan
0
140
モバイル界のMCPを考える
Avatar for naoto33 naoto33
0
350

Featured

See All Featured
How STYLIGHT went responsive
Avatar for nonsquared nonsquared
100
5.6k
Automating Front-end Workflow
Avatar for Addy Osmani addyosmani
1370
200k
Building a Modern Day 
E-commerce SEO Strategy
Avatar for Aleyda Solis aleyda
42
7.4k
Mobile First: as difficult as doing things right
Avatar for Swwweet swwweet
223
9.7k
Fashionably flexible responsive web design (full day workshop)
Avatar for Andy Clarke malarkey
407
66k
A Modern Web Designer's Workflow
Avatar for Chris Coyier chriscoyier
694
190k
How to Ace a Technical Interview
Avatar for Jacob Kaplan-Moss jacobian
277
23k
Principles of Awesome APIs and How to Build Them.
Avatar for Keavy McMinn keavy
126
17k
Bootstrapping a Software Product
Avatar for Garrett Dimon garrettdimon
PRO
307
110k
The Psychology of Web Performance [Beyond Tellerrand 2023]
Avatar for Tammy Everts tammyeverts
48
2.9k
Optimizing for Happiness
Avatar for Tom Preston-Werner mojombo
379
70k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
Avatar for Joe Casabona jcasabona
32
2.4k

Transcript

  1. Querying Prometheus with Flux (#fluxlang) Paul Dix @pauldix paul@influxdata.com

  2. None

  3. • Data-scripting language • Functional • MIT Licensed • Language

    & Runtime/Engine

  4. Prometheus users: so what?

  5. High availability?

  6. Sharded Data?

  7. Federation?

  8. None
  9. None
  10. None
  11. None

  12. subqueries

  13. None

  14. subqueries recording rules

  15. Ad hoc exporation

  16. None

  17. Focus is Strength

  18. Saying No is an Asset

  19. None

  20. Liberate the silo!

  21. None

  22. Language Elements

  23. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system")

  24. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system") Comments

  25. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system") Functions

  26. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: r => r._measurement == "cpu" and r._field == "usage_system") Pipe forward operator

  27. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system") Named Arguments

  28. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system") String Literal

  29. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system") Duration Literal (relative time)

  30. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:”2018-08-09T14:00:00Z“) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system") Time Literal

  31. // get all data from the telegraf db from(db:"telegraf") //

    filter that by the last hour |> range(start:-1h) // filter further by series with a specific measurement and field |> filter(fn: (r) => r._measurement == "cpu" and r._field == "usage_system") Anonymous Function

  32. Operators + == != ( ) - < !~ [

    ] * > =~ { } / <= = , : % >= <- . |>

  33. Types • int • uint • float64 • string •

    duration • time • regex • array • object • function • namespace • table • table stream

  34. Ways to run Flux - (interpreter, fluxd api server, InfluxDB

    1.7 & 2.0)

  35. Flux builder in Chronograf

  36. Flux builder in Grafana

  37. Flux is about:

  38. Time series in Prometheus

  39. None
  40. None

  41. // get data from Prometheus on http://localhost:9090 fromProm(query:`node_cpu_seconds_total{cpu=“0”,mode=“idle”}`) // filter

    that by the last minute |> range(start:-1m)
  42. None
  43. None
  44. None
  45. None
  46. None
  47. None
  48. None

  49. Multiple time series in Prometheus

  50. fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=~”idle|user”}`) |> range(start:-1m) |> keep(columns: [“name”, “cpu”, “host”, “mode”,

    “_value”, “_time”])
  51. None
  52. None
  53. None
  54. None
  55. None

  56. Tables are the base unit

  57. Not tied to a specific data model/schema

  58. Filter function

  59. fromProm() |> range(start:-1m) |> filter(fn: (r) => r.__name__ == “node_cpu_seconds_total”

    and r.mode == “idle” and r.cpu == “0”) |> keep(columns: [“name”, “cpu”, “host”, “mode”, “_value”, “_time”])
  60. None
  61. None
  62. None
  63. None

  64. fromProm() |> range(start:-1m) |> filter(fn: (r) => r.__name__ == “node_cpu_seconds_total”

    and r.mode in [“idle”, “user”] and r.cpu == “0”) |> keep(columns: [“name”, “cpu”, “host”, “mode”, “_value”, “_time”])
  65. None
  66. None
  67. None

  68. Aggregate functions

  69. fromProm() |> range(start:-30s) |> filter(fn: (r) => r.__name__ == “node_cpu_seconds_total”

    and r.mode == “idle” and r.cpu =~ /0|1/) |> count() |> keep(columns: [“name”, “cpu”, “host”, “mode”, “_value”, “_time”])
  70. None
  71. None
  72. None
  73. None
  74. None
  75. None

  76. _start and _stop are about windows of data

  77. fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=“idle”}` |> range(start: -1m)

  78. None

  79. fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=“idle”}` |> range(start: -1m) |> window(every: 20s)

  80. None

  81. fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=“idle”}` |> range(start: -1m) |> window(every: 20s)j |> min()

  82. None

  83. fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=“idle”}` |> range(start: -1m) |> window(every: 20s)j |> min()

    |> window(every:inf)
  84. None

  85. Window converts N tables to M tables based on time

    boundaries

  86. Group converts N tables to M tables based on values

  87. fromProm(query: `node_cpu_seconds_total{cpu=~“0|1”,mode=“idle”}`) |> range(start: -1m)

  88. None

  89. fromProm(query: `node_cpu_seconds_total{cpu=~“0|1”,mode=“idle”}`) |> range(start: -1m) |> group(columns: [“__name__”, “mode”])

  90. None
  91. None
  92. None

  93. Nested range vectors fromProm(host:”http://localhost:9090") |> filter(fn: (r) => r.__name__ ==

    "node_disk_written_bytes_total") |> range(start:-1h) // transform into non-negative derivative values |> derivative() // break those out into tables for each 10 minute block of time |> window(every:10m) // get the max rate of change in each 10 minute window |> max() // and put everything back into a single table |> window(every:inf) // and now let’s convert to KB |> map(fn: (r) => r._value / 1024.0)

  94. Multiple Servers dc1 = fromProm(host:”http://prom.dc1.local:9090") |> filter(fn: (r) => r.__name__

    == “node_network_receive_bytes_total”) |> range(start:-1h) |> insertGroupKey(key: “dc”, value: “1”) dc2 = fromProm(host:”http://prom.dc2.local:9090") |> filter(fn: (r) => r.__name__ == “node_network_receive_bytes_total”) |> range(start:-1h) |> insertGroupKey(key: “dc”, value: “2”) dc1 |> union(streams: [dc2]) |> limit(n: 2) |> derivative() |> group(columns: [“dc”]) |> sum()

  95. Work with data from many sources • from() // influx

    • fromProm() • fromMySQL() • fromCSV() • fromS3() • …

  96. Defining Functions fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=“idle”}` |> range(start: -1m) |> window(every: 20s)j

    |> min() |> window(every:inf)

  97. Defining Functions windowAgg = (every, fn, <-stream) => { return

    stream |> window(every: every) |> fn() |> window(every:inf) } fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=“idle”}` |> range(start: -1m) |> windowAgg(every:20s, fn: min)

  98. Packages & Namespaces package “flux-helpers” windowAgg = (every, fn, <-stream)

    => { return stream |> window(every: every) |> fn() |> window(every:inf) } // in a new script import helpers “github.com/pauldix/flux-helpers" fromProm(query: `node_cpu_seconds_total{cpu=“0”,mode=“idle”}` |> range(start: -1m) |> helpers.windowAgg(every:20s, fn: min)

  99. Project Status • Everything in this talk is prototype (as

    of 2018-08-09) • Proposed Final Language Spec • Release flux, fluxd, InfluxDB 1.7, InfluxDB 2.0 alpha • Iterate with community to finalize spec • Optimizations! • https://github.com/influxdata/flux

  100. Future work

  101. More complex Flux compilations to PromQL?

  102. PromQL parser for Flux engine?

  103. Add Flux into Prometheus?

  104. Arrow API for Prometheus

  105. Apache Arrow

  106. Stream from Prometheus

  107. Pushdown matcher and range

  108. Later pushdown more?

  109. Standardized Remote Read API?

  110. Arrow is becoming the lingua franca in data science and

    big data

  111. fromProm(query: `{__name__=~/node_.*/}`) |> range(start:-1h) |> toCSV(file: “node-data.csv”) |> toFeather(file: “node-data.feather”)

  112. Much more work to be done…

  113. Prometheus + Flux = Possibilities

  114. Thank you Paul Dix @pauldix paul@influxdata.com