Advanced Filtering

Overview

When using the Metrics Explorer, monitors, or dashboards to query metrics data, you can filter the data to narrow the scope of the timeseries returned. Any metric can be filtered by tag(s) using the from field to the right of the metric.

You can also perform advanced filtering with Boolean or Wildcard tag value filters. For queries outside of metrics data such as logs, traces, Network Monitoring, Real User Monitoring, Synthetics, or Security, see the Log Search Syntax documentation for configuration.

Boolean filtered queries

The following syntax is supported for Boolean filtered metric queries:

  • !
  • ,
  • NOT, not
  • AND, and
  • OR, or
  • IN, in
  • NOT IN, not in

When including or excluding multiple tags:

  • Include uses AND logic
  • Exclude uses OR logic

For more information on tags, see the Getting Started With Using Tags guide.

Note: Symbolic boolean syntax (!, ,) cannot be used with functional syntax operators (NOT, AND, OR, IN, NOT IN). The following query is considered invalid: avg:mymetric{env:prod AND !region:us-east}

Boolean filtered query examples

To use the examples below, click the code icon </> to see the query editor in the UI, and then copy and paste the query example into the query editor.

avg:system.cpu.user{env:staging AND (availability-zone:us-east-1a OR availability-zone:us-east-1c)} by {availability-zone}
avg:system.cpu.user{env:shop.ist AND availability-zone IN (us-east-1a, us-east-1b, us-east4-b)} by {availability-zone}
Boolean example AND IN
avg:system.cpu.user{env:prod AND location NOT IN (atlanta,seattle,las-vegas)}
Boolean example NOT IN

Wildcard filtered queries

Prefix, suffix, and substring wildcard tag filtering are supported:

  • pod_name: web-*
  • cluster:*-trace
  • node:*-prod-*

Wildcard filtered query examples

avg:system.disk.in_use{!device:/dev/loop*} by {device}
Wildcard used as suffix
sum:kubernetes.pods.running{service:*-canary} by {service}
Wildcard used as prefix
avg:system.disk.utilized{region:*east*} by {region}
Wildcard used as infix

Exclusion functions

Add an exclusion function to your query to:

  • Exclude N/A values.
  • Apply a minimum or maximum value to metrics that meet the threshold.
  • Exclude values that are above or below threshold values.

Functions do not delete datapoints from Datadog, but they do remove datapoints from your visualizations.

Further Reading

PREVIEWING: may/unit-testing