ES|QL METRICS_INFO command
The METRICS_INFO processing command retrieves
information about the metrics available in
time series data streams,
along with their applicable dimensions and other metadata.
Use METRICS_INFO to discover which metrics exist, what types and units they have, and which
dimensions apply to them without having to inspect index mappings or rely on the field
capabilities API. Any WHERE filters that precede
METRICS_INFO narrow the set of time series considered, so only metrics with matching data are
returned.
METRICS_INFO
METRICS_INFO takes no parameters.
METRICS_INFO produces one row per distinct metric signature — that is, per unique combination
of metric name and its properties across backing indices. When the same metric is defined with
different properties (for example, different units) in different data streams, separate rows are
returned for each variant.
The output contains the following columns, all of type keyword:
metric_name- The name of the metric field (single-valued).
data_stream- The data stream(s) that contain this metric (multi-valued when the metric is included in multiple data streams which align on the unit, metric type, and field type).
unit- The unit declared in the field mapping,
such as
bytesorpackets(multi-valued when definitions differ across backing indices; may benullif no unit is declared). metric_type- The metric type, for example
counterorgauge(multi-valued when definitions differ across backing indices). field_type- The Elasticsearch field type, for example
long,double, orinteger(multi-valued when definitions differ across backing indices). dimension_fields- The dimension field names associated with this metric (multi-valued). The union of dimension keys across all time series for that metric.
METRICS_INFOcan only be used after aTSsource command. Using it afterFROMor other source commands produces an error.METRICS_INFOmust appear before pipeline-breaking commands such asSTATS,SORT, orLIMIT.- The output replaces the original table: downstream commands operate on the metadata rows, not the raw time series documents.
Return every metric available in the targeted time series data stream, sorted alphabetically by name:
TS k8s
| METRICS_INFO
| SORT metric_name
| metric_name:keyword | data_stream:keyword | unit:keyword | metric_type:keyword | field_type:keyword | dimension_fields:keyword |
|---|---|---|---|---|---|
| network.eth0.rx | k8s | packets | gauge | integer | [cluster, pod, region] |
| network.eth0.tx | k8s | packets | gauge | integer | [cluster, pod, region] |
| network.total_bytes_in | k8s | bytes | counter | long | [cluster, pod, region] |
| network.total_cost | k8s | usd | counter | double | [cluster, pod, region] |
Place a WHERE clause before METRICS_INFO to
restrict the time series considered. Only metrics that have actual data matching the filter are
returned:
TS k8s
| WHERE cluster == "prod"
| METRICS_INFO
| SORT metric_name
| metric_name:keyword | data_stream:keyword | unit:keyword | metric_type:keyword | field_type:keyword | dimension_fields:keyword |
|---|---|---|---|---|---|
| network.eth0.rx | k8s | packets | gauge | integer | [cluster, pod, region] |
| network.eth0.tx | k8s | packets | gauge | integer | [cluster, pod, region] |
| network.total_bytes_in | k8s | bytes | counter | long | [cluster, pod, region] |
| network.total_cost | k8s | usd | counter | double | [cluster, pod, region] |
Use KEEP to return only the columns you need:
TS k8s
| WHERE cluster == "prod"
| METRICS_INFO
| KEEP metric_name, metric_type
| SORT metric_name
| metric_name:keyword | metric_type:keyword |
|---|---|
| network.eth0.rx | gauge |
| network.eth0.tx | gauge |
| network.total_bytes_in | counter |
| network.total_cost | counter |
Use WHERE after METRICS_INFO to narrow results
by metadata, for example to only counter metrics:
TS k8s
| METRICS_INFO
| WHERE metric_type == "counter"
| SORT metric_name
| metric_name:keyword | data_stream:keyword | unit:keyword | metric_type:keyword | field_type:keyword | dimension_fields:keyword |
|---|---|---|---|---|---|
| network.total_bytes_in | k8s | bytes | counter | long | [cluster, pod, region] |
| network.total_cost | k8s | usd | counter | double | [cluster, pod, region] |
Use a LIKE pattern after METRICS_INFO to find metrics whose name matches a prefix or
wildcard. This is useful for exploring a specific subsystem when you know part of the metric
name:
TS k8s
| METRICS_INFO
| WHERE metric_name LIKE "network.eth0*"
| SORT metric_name
| metric_name:keyword | data_stream:keyword | unit:keyword | metric_type:keyword | field_type:keyword | dimension_fields:keyword |
|---|---|---|---|---|---|
| network.eth0.rx | k8s | packets | gauge | integer | [cluster, pod, region] |
| network.eth0.tx | k8s | packets | gauge | integer | [cluster, pod, region] |
Combine with STATS to aggregate the metadata.
For example, count distinct metrics whose name matches a pattern:
TS k8s
| METRICS_INFO
| WHERE metric_name LIKE "network.total*"
| STATS matching_metrics = COUNT_DISTINCT(metric_name)
| matching_metrics:long |
|---|
| 2 |
Group the metric catalogue by metric_type to see how many counter, gauge, or other metrics
exist:
TS k8s
| METRICS_INFO
| STATS metric_count = COUNT(*) BY metric_type
| SORT metric_type
| metric_count:long | metric_type:keyword |
|---|---|
| 2 | counter |
| 2 | gauge |