PromQL Flashcards
Quick reference flashcards for Prometheus Query Language (PCA exam).
Basic Queries
Q: What is an instant vector?
Answer
A set of time series with a single sample value at a given timestamp. up
http_requests_total{job="api"}
Q: What is a range vector?
Answer
A set of time series with a range of samples over time. http_requests_total[5m]
http_requests_total{job="api"}[1h]
Q: How to filter by label?
Answer
# Exact match
up{job="prometheus"}
# Regex match
up{job=~"prom.*"}
# Not equal
up{job!="prometheus"}
# Regex not match
up{job!~"test.*"}
Functions
Q: What is rate()?
Answer
Per-second average rate of increase over time range. rate(http_requests_total[5m])
Q: What is irate()?
Answer
Instant rate using last two data points. irate(http_requests_total[5m])
Q: What is increase()?
Answer
Total increase over time range. increase(http_requests_total[1h])
Q: What is histogram_quantile()?
Answer
Calculates quantile from histogram buckets. # 99th percentile
histogram_quantile(0.99, rate(http_request_duration_seconds_bucket[5m]))
# 50th percentile (median)
histogram_quantile(0.50, rate(http_request_duration_seconds_bucket[5m]))
Aggregation
Q: How to sum by label?
Answer
sum by (job) (rate(http_requests_total[5m]))
# or
sum(rate(http_requests_total[5m])) by (job)
Q: How to sum without label?
Answer
sum without (instance) (rate(http_requests_total[5m]))
Q: What aggregation operators exist?
Answer
- `sum` - Sum values - `avg` - Average - `min` / `max` - Minimum/Maximum - `count` - Count elements - `stddev` / `stdvar` - Standard deviation/variance - `topk` / `bottomk` - Top/Bottom K elements - `quantile` - Calculate quantile
Operators
Q: How to calculate percentage?
Answer
# Error rate percentage
100 * (
sum(rate(http_requests_total{status=~"5.."}[5m]))
/
sum(rate(http_requests_total[5m]))
)
Q: How to compare to past?
Answer
Use `offset`: # Current vs 1 hour ago
rate(http_requests_total[5m]) - rate(http_requests_total[5m] offset 1h)
# Current vs 1 day ago
rate(http_requests_total[5m]) / rate(http_requests_total[5m] offset 1d)
Q: What comparison operators exist?
Answer
- `==` - Equal - `!=` - Not equal - `>` / `<` - Greater/Less than - `>=` / `<=` - Greater/Less than or equal # Filter where value > 100
http_requests_total > 100
# Return 1 or 0 (bool modifier)
http_requests_total > bool 100
Common Patterns
Q: CPU utilization query?
Answer
100 - (avg by (instance) (rate(node_cpu_seconds_total{mode="idle"}[5m])) * 100)
Q: Memory utilization query?
Answer
100 * (1 - (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes))
Q: Disk usage query?
Answer
100 - (node_filesystem_avail_bytes / node_filesystem_size_bytes * 100)
Q: Request latency P99?
Answer
histogram_quantile(0.99,
sum by (le) (rate(http_request_duration_seconds_bucket[5m]))
)
Recording Rules
Q: What is a recording rule?
Answer
Pre-computed query stored as new time series: - Improves query performance - Simplifies complex queries - Naming convention: `level:metric:operations` groups:
- name: example
rules:
- record: job:http_requests:rate5m
expr: sum by (job) (rate(http_requests_total[5m]))
Alerting Rules
Q: What is an alerting rule?
Answer
groups:
- name: alerts
rules:
- alert: HighErrorRate
expr: rate(http_requests_total{status="500"}[5m]) > 0.1
for: 5m
labels:
severity: critical
annotations:
summary: "High error rate detected"
Q: What does 'for' do in alerting?
Answer
Duration the condition must be true before firing: - Prevents flapping alerts - Alert goes from PENDING to FIRING after duration
← Back to Home