Kyle Brandt kylebrandt

Smooth Time Series (PromQL DS)

Trend line over Time Series (PromQL DS)

Aggregation and Math across Different Queries (Azure Metrics)

Calculate percentage of syn packages against total packets, per direction

📘 Basic Usage of SQL Expressions in Grafana

SQL expressions in Grafana let you perform lightweight SQL-like transformations on the results of other queries — directly within the panel. This is great for reshaping, renaming, filtering, and aggregating data without modifying the original datasource query.

🔧 How SQL Expressions Work

SQL expressions operate on the output of another query in the same panel, referenced by its query letter (e.g., A, B). These expressions are parsed and executed by Grafana — not sent to an external database.

Why `*_full_long` Formats Are Essential for Handling Label Sparsity

Overview

In Grafana, data coming from many sources includes sparse labels — meaning some series have label keys that others do not.
This is common in systems like Prometheus, OpenTelemetry, or SQL queries with GROUP BY.

However, traditional long formats (like time_series_long or numeric_long) do not preserve label sparsity correctly, leading to broken behaviors in visualization, alerts, and expressions.

SQL Expressions and Input

What do we want to happen to data when read by SQL Expressions?
- Data from an individual query needs to appear as a single table
  - Raw table data maps directly to single table
  - The "Long" formats of the TimeSeries and Numeric kinds map directly to a table
  - The "Multi" and "wide" formats of the TimeSeries and Numeric kinds need conversion to the kind's "Long" format
  - For now I'm calling this "SQL Conversion Rules"
What does SSE currently do for conversion?
To generalize, SSE reads TimeSeries and Numeric data in different formats, and converts them to the multi format for their kind. Things like alerting depend on this behavior.

SQL Expression Notes

Getting some thoughts down...

PoC Outline (with go-mysql-server)

Goals
- Main Goal: go-mysql-server end-to-end inside SSE over completion for discovery, supporting some subset of cases of combining other datasources
- Run go-mysql-server without "server"
Use SDK for response

Recorded Queries and Multiple Dimensions, The Ugly Details

Docs (https://grafana.com/docs/grafana/latest/administration/recorded-queries/#how-recorded-queries-work):

Recorded queries only work with backend data source plugins. Refer to Backend data source plugin for more information about backend data source plugins. You can recorded four types of queries:

single row and column - A query that returns a single row and column.

row count - A query that returns meaningful rows to be counted.

expression - Any expression. To learn more about creating and using expressions, see Write expression queries.

dataplane numeric - A query that returns dataplane numeric kind data.

Notes

NB" The "name" (id) fields are named using the path in these examples. This is not part of the API itself currently
e.g. http://localhost:3000/swagger?urls.primaryName=scope.grafana.app%2Fv0alpha1 for Swagger definitions.

Files

example.http: VSCode REST Client Extension HTTP Calls
scopesnodes.json: JSON output of ScopeNode kind items created in example.http
scopes.json: JSON output of Scope kind items created in example.http
find_no_param_response.json and find_parent_param_is_applications_response.json: The responses to the two calls to the find/scope_node_children endpoint that are in the example.http file

	/* Long
	WITH movie_genre AS (
	SELECT
	A.title,
	A.year,
	B.Genre AS genre
	FROM A
	JOIN B ON A.imdb_id = B.imdb_id
	),
	genre_totals AS (

	package sql

	import (
	"context"
	"time"

	mysql "github.com/dolthub/go-mysql-server/sql"
	"github.com/dolthub/go-mysql-server/sql/types"
	)

	package sql

	import (
	"fmt"

	mysql "github.com/dolthub/go-mysql-server/sql"
	"github.com/dolthub/go-mysql-server/sql/types"
	)

	type SlothFunction struct{}