signoz-writing-clickhouse-queries作成者: signoz
Use this skill when the user asks for SigNoz queries involving:
npx skills add https://github.com/signoz/agent-skills --skill signoz-writing-clickhouse-queriesWriting ClickHouse Queries for SigNoz Dashboards
When to Use
Use this skill when the user asks for SigNoz queries involving:
- Logs: severity, body text, log volume, structured fields, containers, services, or environments.
- Traces: spans, latency, duration, p95 or p99, HTTP operations, DB operations, or error spans.
- Dashboard panels: timeseries charts, value widgets, and table breakdowns.
If the user asks for a dashboard panel but does not mention ClickHouse, still use this skill.
Signal Detection
Identify whether the request is about logs or traces.
- Logs: log lines, severity, body text, log volume, container logs, or structured log fields.
- Traces: spans, latency, duration, p99, trace analysis, HTTP operations, DB operations, or error spans.
If the request is ambiguous, ask the user to clarify.
Reference Routing
- Logs: read
references/clickhouse-logs-reference.mdbefore writing any query. - Traces: read
references/clickhouse-traces-reference.mdbefore writing any query.
Each reference covers table schemas, optimization patterns, attribute access syntax, dashboard templates, query examples, and a validation checklist.
Quick Reference
- Timeseries panel: return rows of
(ts, value)for a chart over time. - Value panel: return a single
valuefor a stat or counter widget. - Table panel: return labelled columns for a grouped breakdown.
Key Variables by Signal
Logs
- Timestamp type:
UInt64in nanoseconds. - Time filter:
$start_timestamp_nanoand$end_timestamp_nano. - Bucket filter:
$start_timestampand$end_timestamp. - Display conversion:
fromUnixTimestamp64Nano(timestamp). - Main table:
signoz_logs.distributed_logs_v2. - Resource table:
signoz_logs.distributed_logs_v2_resource.
Traces
- Timestamp type:
DateTime64(9). - Time filter:
$start_datetimeand$end_datetime. - Bucket filter:
$start_timestampand$end_timestamp. - Display conversion: use the timestamp directly.
- Main table:
signoz_traces.distributed_signoz_index_v3. - Resource table:
signoz_traces.distributed_traces_v3_resource.
Top Anti-Patterns
- Missing
ts_bucket_start BETWEEN $start_timestamp - 1800 AND $end_timestamp. - Using plain
INinstead ofGLOBAL INon the resource fingerprint subquery. - Adding a resource CTE when there is no resource attribute filter.
- Logs query with
$start_datetimeor$end_datetime. - Traces query with
$start_timestamp_nanoor$end_timestamp_nano. - Traces query with
resources_string['service.name']instead ofresource_string_service$$name.
Query Attribution
Every generated query MUST end with a SETTINGS clause for monitoring:
SELECT ...
FROM ...
WHERE ...
SETTINGS log_comment = 'signoz-writing-clickhouse-queries skill | YYYY-MM-DD'
Replace YYYY-MM-DD with today's date (e.g., 2026-04-03). If the query
already has a SETTINGS clause, append log_comment to it with a comma.
Workflow
- Detect the signal: logs or traces.
- Read the matching reference file before writing the query.
- Pick the panel type: timeseries, value, or table.
- Build the query using the required patterns from the reference.
- Append the
SETTINGS log_commentattribution clause. - Validate the result with the checklist in the reference.
signozのその他のスキル
signoz-clickhouse-query
by signoz
Use this skill when the user asks for SigNoz queries involving:
signoz-creating-alerts
by signoz
Build a SigNoz alert from a user's natural-language intent. The skill targets two consumers: an autonomous AI SRE agent that runs without a human in the loop, and a human at a Claude Code / Codex / Cursor prompt. Both go through the same flow — the human just gets a chance to intervene at the preview step.
signoz-creating-dashboards
by signoz
This skill calls SigNoz MCP server tools ( signoz:signoz_create_dashboard , signoz:signoz_list_dashboards , signoz:signoz_list_dashboard_templates , signoz:signoz_import_dashboard , signoz:signoz_list_metrics , signoz:signoz_get_field_values , signoz:signoz_aggregate_logs , signoz:signoz_aggregate_traces , etc.). Before running the workflow, confirm the signoz:signoz_* tools are available. If they are not, the SigNoz MCP server is not installed or configured — stop and direct the user to set...
signoz-docs
by signoz
Use this skill first whenever the user asks about SigNoz instrumentation, OpenTelemetry setup, querying, dashboards, alerts, troubleshooting, self-hosted…
signoz-explaining-alerts
by signoz
Decode an existing SigNoz alert's configuration into a plain-language explanation. The skill is read-only and stays focused on the rule itself: what it watches, when it fires, where it notifies. A single line of fire-frequency data is included to ground the explanation, but this skill does not investigate any specific fire — that is signoz-investigating-alerts 's job.
signoz-explaining-dashboards
by signoz
This skill calls SigNoz MCP server tools ( signoz:signoz_get_dashboard , signoz:signoz_list_dashboards ). Before running the workflow, confirm the signoz:signoz_* tools are available. If they are not, the SigNoz MCP server is not installed or configured — stop and direct the user to set it up: https://signoz.io/docs/ai/signoz-mcp-server/ . Do not guess at a dashboard's contents from its title alone.
signoz-generating-queries
by signoz
This skill calls SigNoz MCP server tools heavily ( signoz:signoz_execute_builder_query , signoz:signoz_query_metrics , signoz:signoz_search_logs , signoz:signoz_search_traces , signoz:signoz_aggregate_logs , signoz:signoz_aggregate_traces , signoz:signoz_get_field_keys , signoz:signoz_get_field_values , signoz:signoz_list_metrics , signoz:signoz_list_services , signoz:signoz_get_service_top_operations , signoz:signoz_get_trace_details ). Before running the workflow, confirm the...
signoz-investigating-alerts
by signoz
Diagnose why a SigNoz alert fired. The skill correlates the alert's own signal with neighbor signals around the fire window, and surfaces a ranked list of likely causes with supporting evidence. It is the companion to signoz-explaining-alerts — explain decodes the rule statically; investigate diagnoses a specific incident.