Can Claude help me debug slow PPL queries?

Yes, the skill provides documentation for the Explain API endpoint, allowing Claude to help you analyze query execution plans and optimize performance.

Does it support complex aggregations?

Absolutely. It covers statistical functions, time-series bucketing with timechart, and cumulative calculations using streamstats.

How does this skill handle OpenTelemetry data?

The skill includes specific rules for escaping dotted field names, which is essential for correctly querying OTel attributes like 'status.code' or 'service.name'.

What is OpenSearch PPL?

Piped Processing Language (PPL) is a query language for OpenSearch that uses a pipe-delimited syntax to enable users to explore, discover, and find data easily.

OpenSearch PPL Reference

Name: OpenSearch PPL Reference
Author: opensearch-project

byopensearch-project

•

분석 및 모니터링

Provides a comprehensive reference for Piped Processing Language (PPL) to build and execute OpenSearch observability queries.

The OpenSearch PPL Reference skill equips Claude with the technical depth required to construct, debug, and optimize Piped Processing Language queries. It covers the full spectrum of PPL capabilities, from basic source selection and filtering to advanced time-series analysis, statistical aggregations, and complex data parsing using Grok or Regex. Specifically tailored for observability workflows, it provides critical guidance on handling OpenTelemetry (OTel) attribute escaping and performance caveats for memory-intensive commands like streamstats and eventstats, ensuring generated queries are both accurate and efficient.

주요 기능

01Advanced log parsing patterns using Grok and Regex

02Full PPL syntax and command reference including stats, eval, and dedup

03Guidance for OTel attribute field escaping and dotted notation

04Time-series analysis patterns with timechart and trendlines

05Query execution and explanation via OpenSearch API endpoints

0621 GitHub stars

사용 사례

01Calculating cumulative statistics and moving averages for system metrics

02Analyzing trace duration distributions and service performance bottlenecks

03Extracting structured data from raw log bodies for dashboarding

주요 기능

01Advanced log parsing patterns using Grok and Regex

02Full PPL syntax and command reference including stats, eval, and dedup

03Guidance for OTel attribute field escaping and dotted notation

04Time-series analysis patterns with timechart and trendlines

05Query execution and explanation via OpenSearch API endpoints

0621 GitHub stars

사용 사례

01Calculating cumulative statistics and moving averages for system metrics

02Analyzing trace duration distributions and service performance bottlenecks

03Extracting structured data from raw log bodies for dashboarding