Edge Delta Aggregate Metric Processor

The Edge Delta aggregate metric processor creates metrics from metrics.

  5 minute read  

Overview

The aggregate metric function performs mathematical operations on metric items. It can aggregate, batch and group metrics to provide a higher level view of metrics while reducing metric data volume at the edge.

For detailed instructions on how to use multiprocessors, see Use Multiprocessors.

Example Input

Consider this metric. It indicates that a single log had an HTTP status code of 200.

{
  "_type": "metric",
  "timestamp": 1744965983285,
  "resource": {
...
  },
  "attributes": {
    "level": "Notice",
    "msg": "processing completed with minor issues",
    "request": {
      "ip": "192.168.137.102",
      "method": "POST",
      "path": "/json/data"
    },
    "response_time_ms": 543,
    "status": 200,
    "timestamp": "2025-04-18T08:46:21.764083Z",
    "user": {
      "email": "wang.xiu@imaginarymail.com",
      "id": "99b4b6e8-b326-479f-b94f-aadf7a34b34c",
      "name": "8934f4b3-9539-470c-bd0b-3c4e58b73a8b"
    }
  },
  "description": "A count of each unique status code",
  "gauge": {
    "value": 200
  },
  "kind": "gauge",
  "name": "status_code",
  "unit": "1",
  "_stat_type": "value"
}

Note: The resource field has been redacted for brevity.

Configuration

You specify a name for the processor and a condition data items must fulfil for the processor to operate on them. You configure one or more rules. Each rule generates a metric. For each rule you can create conditions for that metric (in addition to the main condition), specify a unique metric name, a unique batching interval, and create dimension groups. For each dimension group, a unique metric data item is produced at every batching interval.

This example counts metrics per status. For example, there were 24 instances of the status 200 metric in the sample.

- name: Multiprocessor
  type: sequence
  processors:
  - type: aggregate_metric
    metadata: '{"id":"NoQMsANzEU7ltYMb5r1G0","type":"aggregate_metric","name":"Aggregate
      Metric"}'
    data_types:
    - metric
    aggregate_metric_rules:
    - name: Count per status code
      interval: 1m0s
      aggregation_type: count
      group_by:
      - attributes["status"]

Options

condition

The condition parameter contains a conditional phrase of an OTTL statement. It restricts operation of the processor to only data items where the condition is met. Those data items that do not match the condition are passed without processing. You configure it in the interface and an OTTL condition is generated. It is optional. You can select one of the following operators:

Operator Name Description Example
== Equal to Returns true if both values are exactly the same attributes["status"] == "OK"
!= Not equal to Returns true if the values are not the same attributes["level"] != "debug"
> Greater than Returns true if the left value is greater than the right attributes["duration_ms"] > 1000
>= Greater than or equal Returns true if the left value is greater than or equal to the right attributes["score"] >= 90
< Less than Returns true if the left value is less than the right attributes["load"] < 0.75
<= Less than or equal Returns true if the left value is less than or equal to the right attributes["retries"] <= 3
matches Regex match Returns true if the string matches a regular expression isMatch(attributes["name"], ".*\\.name$"

It is defined in YAML as follows:

- name: _multiprocessor
  type: sequence
  processors:
  - type: <processor type>
    condition: attributes["request"]["path"] == "/json/view"

Rules

Metric name

The name metric is a child of the metric definition. It defines the metric name. It is specified in the YAML as a string and is required.

It is defined in YAML as follows:

- name: _multiprocessor
  type: sequence
  processors:
  - type: <processor type>
    aggregate_metric_rules:
    - name: <metric name>

Aggregation Type

The aggregation_type metric is a child of the metric definition. It specifies the mathematical function to use to aggregate matching metrics.

Valid options are:

  • count - the number of instances matched.
  • sum - the sum of matched values.
  • max - the largest matching value.
  • mean - the average (mean) matching value.
  • median - the average (median) matching value.
  • min - the smallest matching value.
  • p90 - count of values in the 90th percentile.
  • p95 - count of values in the 95th percentile.
  • p99 - count of values in the 99th percentile.

It is defined in YAML as follows:

- name: _multiprocessor
  type: sequence
  processors:
  - type: <processor type>
    aggregate_metric_rules:
    - name: <metric name>
      aggregation_type: count

Batching interval

The interval parameter is a child of the metric definition. It defines the duration of the period between taking samples for the parent metric. A 1 minute interval will aggregate metrics each minute. It is specified as a duration and is required.

It is defined in YAML as follows:

- name: _multiprocessor
  type: sequence
  processors:
  - type: <processor type>
    aggregate_metric_rules:
    - name: <metric name>
      interval: 1m0s

conditions

The conditions parameter is a child of the metric definition. It contains a conditional phrase of an OTTL statement. It restricts operation of the processor to only data items where the condition is met, for the parent metric. This is different to the condition parameter which toggles the entire processor. Those data items that do not match the condition are passed without a metric being generated (other metrics in the same processor might still be created). It is specified by the tool as an OTTL condition when you select the condition fields in the interface and it is optional.

It is defined in YAML as follows:

- name: _multiprocessor
  type: sequence
  processors:
  - type: <processor type>
    aggregate_metric_rules:
    - name: <metric name>
      conditions:
      - attributes["level"] = Error

Group by

For each metric rule you can add a group. This creates a unique metric for each unique value discovered in the group by field. For example, with no group, 100 input metrics would result in a single aggregated metric showing, in this instance, the count of 100. If the status field is specified as a group (autocomplete helps select a field from the live tail sample set), one metric (a count) is generated for each HTTP status code. This aggregation enables you to see the breakdown of interval batch by status.

Final

The final parameter specifies whether successfully processed data items should continue to subsequent processors within the same multiprocessor node. Data items that fail to be processed by the processor will be passed to the next processor in the node regardless of this setting. You select the slider in the tool which specifies it for you in the YAML as a Boolean. The default is false and it is optional.

It is defined in YAML as follows:

- name: multiprocessor
  type: sequence
  processors:
    - type: <processor type>
    final: true