I learn aggregation operators must use vector expression , in my operator vector expression is like max_over_time, last_over_time function, and this function has to unwrap a single label(not multi labels?)。
so what is vector expression ? and how can i transfer origin log to a vector to use aggregation operators?
Vector expression simply means an expression that returns vector results.
For example, {SELECTOR} |= "<STRING>" returns logs, count_over_time({SELECTOR} |= "<STRING>" [$__interval]) returns a vector of metrics.
If you can provide some example logs and what you want to do I might be able to provide some concrete examples.
My sql is :select max(traceId) from log group by node, sceneId. It means search the max traceId splitted by node and sceneId.
How to use logql to realize?
then you’d do something like max_over_time({SELECTOR} | <filter>)