hyperdxio
diff --git a/‎.changeset/add-cli-pattern-mining.md‎
Lines changed: 5 additions & 0 deletions b/‎.changeset/add-cli-pattern-mining.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.changeset/add-drain-library.md‎
Lines changed: 5 additions & 0 deletions b/‎.changeset/add-drain-library.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎package.json‎
Lines changed: 1 addition & 0 deletions b/‎package.json‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎packages/cli/src/api/eventQuery.ts‎
Lines changed: 139 additions & 0 deletions b/‎packages/cli/src/api/eventQuery.ts‎
Lines changed: 139 additions & 0 deletions
diff --git a/‎packages/cli/src/components/EventViewer/EventViewer.tsx‎
Lines changed: 89 additions & 3 deletions b/‎packages/cli/src/components/EventViewer/EventViewer.tsx‎
Lines changed: 89 additions & 3 deletions
@@ -0,0 +1,5 @@
+---
+"@hyperdx/cli": patch
+---
+
+Add event pattern mining view (Shift+P) with sampled estimation and drill-down
@@ -0,0 +1,5 @@
+---
+"@hyperdx/common-utils": patch
+---
+
+Add Drain log template mining library (ported from browser-drain)
@@ -42,6 +42,7 @@
     "run:clickhouse": "nx run @hyperdx/app:run:clickhouse",
     "dev": "sh -c '. ./scripts/dev-env.sh && yarn build:common-utils && dotenvx run --convention=nextjs -- docker compose -p \"$HDX_DEV_PROJECT\" -f docker-compose.dev.yml up -d && yarn app:dev; dotenvx run --convention=nextjs -- docker compose -p \"$HDX_DEV_PROJECT\" -f docker-compose.dev.yml down'",
     "dev:local": "IS_LOCAL_APP_MODE='DANGEROUSLY_is_local_app_mode💀' yarn dev",
+    "cli:dev": "yarn workspace @hyperdx/cli dev",
     "dev:down": "sh -c '. ./scripts/dev-env.sh && docker compose -p \"$HDX_DEV_PROJECT\" -f docker-compose.dev.yml down && sh ./scripts/dev-kill-ports.sh'",
     "dev:compose": "sh -c '. ./scripts/dev-env.sh && docker compose -p \"$HDX_DEV_PROJECT\" -f docker-compose.dev.yml'",
     "knip": "knip",
 
@@ -10,6 +10,7 @@ import type {
 import { chSqlToAliasMap } from '@hyperdx/common-utils/dist/clickhouse';
 import { renderChartConfig } from '@hyperdx/common-utils/dist/core/renderChartConfig';
 import type { Metadata } from '@hyperdx/common-utils/dist/core/metadata';
+import { aliasMapToWithClauses } from '@hyperdx/common-utils/dist/core/utils';
 import { DisplayType } from '@hyperdx/common-utils/dist/types';
 import type {
   BuilderChartConfigWithDateRange,
@@ -106,6 +107,144 @@ export async function buildEventSearchQuery(
   return renderChartConfig(config, metadata, source.querySettings);
 }
 
+// ---- Alias WITH clauses from source select --------------------------
+
+/**
+ * Compute WITH clauses from the source's default select expression.
+ * When a source defines `SeverityText as level`, searches for `level:error`
+ * need `WITH SeverityText AS level` so the alias is available in WHERE.
+ */
+async function buildAliasWithClauses(
+  source: SourceResponse,
+  metadata: Metadata,
+): Promise<BuilderChartConfigWithDateRange['with']> {
+  const selectExpr = source.defaultTableSelectExpression;
+  if (!selectExpr) return undefined;
+
+  const tsExpr = source.timestampValueExpression ?? 'TimestampTime';
+
+  // Render a dummy query with the source's select to extract aliases
+  const dummyConfig: BuilderChartConfigWithDateRange = {
+    displayType: DisplayType.Search,
+    select: selectExpr,
+    from: source.from,
+    where: '',
+    connection: source.connection,
+    timestampValueExpression: tsExpr,
+    implicitColumnExpression: source.implicitColumnExpression,
+    limit: { limit: 0 },
+    dateRange: [new Date(), new Date()],
+  };
+
+  const dummySql = await renderChartConfig(
+    dummyConfig,
+    metadata,
+    source.querySettings,
+  );
+  const aliasMap = chSqlToAliasMap(dummySql);
+  return aliasMapToWithClauses(aliasMap);
+}
+
+// ---- Pattern sampling query -----------------------------------------
+
+export interface PatternSampleQueryOptions {
+  source: SourceResponse;
+  searchQuery?: string;
+  startTime: Date;
+  endTime: Date;
+  /** Number of random rows to sample (default 100_000) */
+  sampleLimit?: number;
+}
+
+/**
+ * Build a query that randomly samples events for pattern mining.
+ * Selects the body column and timestamp, ordered by rand().
+ */
+export async function buildPatternSampleQuery(
+  opts: PatternSampleQueryOptions,
+  metadata: Metadata,
+): Promise<ChSql> {
+  const {
+    source,
+    searchQuery = '',
+    startTime,
+    endTime,
+    sampleLimit = 100_000,
+  } = opts;
+
+  const tsExpr = source.timestampValueExpression ?? 'TimestampTime';
+
+  // Use the same select as the main event table so sample rows have all columns
+  let selectExpr = source.defaultTableSelectExpression ?? '';
+  if (!selectExpr && source.kind === 'trace') {
+    selectExpr = buildTraceSelectExpression(source);
+  }
+
+  // Compute alias WITH clauses so search aliases (e.g. `level`) resolve in WHERE
+  const aliasWith = searchQuery
+    ? await buildAliasWithClauses(source, metadata)
+    : undefined;
+
+  const config: BuilderChartConfigWithDateRange = {
+    displayType: DisplayType.Search,
+    select: selectExpr,
+    from: source.from,
+    where: searchQuery,
+    whereLanguage: searchQuery ? 'lucene' : 'sql',
+    connection: source.connection,
+    timestampValueExpression: tsExpr,
+    implicitColumnExpression: source.implicitColumnExpression,
+    orderBy: 'rand()',
+    limit: { limit: sampleLimit },
+    dateRange: [startTime, endTime],
+    ...(aliasWith ? { with: aliasWith } : {}),
+  };
+
+  return renderChartConfig(config, metadata, source.querySettings);
+}
+
+// ---- Total count query ----------------------------------------------
+
+export interface TotalCountQueryOptions {
+  source: SourceResponse;
+  searchQuery?: string;
+  startTime: Date;
+  endTime: Date;
+}
+
+/**
+ * Build a query to get the total count of events matching the search.
+ */
+export async function buildTotalCountQuery(
+  opts: TotalCountQueryOptions,
+  metadata: Metadata,
+): Promise<ChSql> {
+  const { source, searchQuery = '', startTime, endTime } = opts;
+
+  const tsExpr = source.timestampValueExpression ?? 'TimestampTime';
+
+  // Compute alias WITH clauses so search aliases (e.g. `level`) resolve in WHERE
+  const aliasWith = searchQuery
+    ? await buildAliasWithClauses(source, metadata)
+    : undefined;
+
+  const config: BuilderChartConfigWithDateRange = {
+    displayType: DisplayType.Table,
+    select: 'count() as total',
+    from: source.from,
+    where: searchQuery,
+    whereLanguage: searchQuery ? 'lucene' : 'sql',
+    connection: source.connection,
+    timestampValueExpression: tsExpr,
+    implicitColumnExpression: source.implicitColumnExpression,
+    limit: { limit: 1 },
+    dateRange: [startTime, endTime],
+    ...(aliasWith ? { with: aliasWith } : {}),
+  };
+
+  return renderChartConfig(config, metadata, source.querySettings);
+}
+
 // ---- Full row fetch (SELECT *) -------------------------------------
 
 // ---- Trace waterfall queries ----------------------------------------
 
@@ -15,8 +15,11 @@ import {
   SqlPreviewScreen,
 } from './SubComponents';
 import { TableView } from './TableView';
+import { PatternView } from './PatternView';
+import { PatternSamplesView } from './PatternSamplesView';
 import { DetailPanel } from './DetailPanel';
 import { useEventData } from './useEventData';
+import { usePatternData } from './usePatternData';
 import { useKeybindings } from './useKeybindings';
 
 export default function EventViewer({
@@ -76,6 +79,12 @@ export default function EventViewer({
   const [traceSelectedNode, setTraceSelectedNode] = useState<SpanNode | null>(
     null,
   );
+  const [showPatterns, setShowPatterns] = useState(false);
+  const [patternSelectedRow, setPatternSelectedRow] = useState(0);
+  const [patternScrollOffset, setPatternScrollOffset] = useState(0);
+  const [expandedPattern, setExpandedPattern] = useState<number | null>(null);
+  const [sampleSelectedRow, setSampleSelectedRow] = useState(0);
+  const [sampleScrollOffset, setSampleScrollOffset] = useState(0);
   const [timeRange, setTimeRange] = useState<TimeRange>(() => {
     const now = new Date();
     return { start: new Date(now.getTime() - 60 * 60 * 1000), end: now };
@@ -111,6 +120,23 @@ export default function EventViewer({
     expandedRow,
   });
 
+  // ---- Pattern mining -----------------------------------------------
+
+  const {
+    patterns,
+    loading: patternsLoading,
+    error: patternsError,
+    totalCount: patternsTotalCount,
+  } = usePatternData({
+    clickhouseClient,
+    metadata,
+    source,
+    submittedQuery,
+    startTime: timeRange.start,
+    endTime: timeRange.end,
+    enabled: showPatterns,
+  });
+
   // ---- Derived values ----------------------------------------------
 
   const columns = useMemo(
@@ -171,11 +197,22 @@ export default function EventViewer({
     focusDetailSearch,
     showHelp,
     showSql,
+    showPatterns,
     expandedRow,
     detailTab,
     traceDetailExpanded,
     selectedRow,
     scrollOffset,
+    patternSelectedRow,
+    patternScrollOffset,
+    patternCount: patterns.length,
+    expandedPattern,
+    sampleSelectedRow,
+    sampleScrollOffset,
+    sampleCount:
+      expandedPattern !== null
+        ? (patterns[expandedPattern]?.samples.length ?? 0)
+        : 0,
     isFollowing,
     hasMore,
     events,
@@ -198,7 +235,13 @@ export default function EventViewer({
     setFocusDetailSearch,
     setShowHelp,
     setShowSql,
+    setShowPatterns,
     setSqlScrollOffset,
+    setPatternSelectedRow,
+    setPatternScrollOffset,
+    setExpandedPattern,
+    setSampleSelectedRow,
+    setSampleScrollOffset,
     setSelectedRow,
     setScrollOffset,
     setExpandedRow,
@@ -313,6 +356,27 @@ export default function EventViewer({
             onTraceChSqlChange={setTraceChSql}
             onTraceSelectedNodeChange={setTraceSelectedNode}
           />
+        ) : showPatterns &&
+          expandedPattern !== null &&
+          patterns[expandedPattern] ? (
+          <PatternSamplesView
+            pattern={patterns[expandedPattern]}
+            columns={columns}
+            selectedRow={sampleSelectedRow}
+            scrollOffset={sampleScrollOffset}
+            maxRows={maxRows}
+            wrapLines={wrapLines}
+          />
+        ) : showPatterns ? (
+          <PatternView
+            patterns={patterns}
+            selectedRow={patternSelectedRow}
+            scrollOffset={patternScrollOffset}
+            maxRows={maxRows}
+            loading={patternsLoading}
+            error={patternsError}
+            wrapLines={wrapLines}
+          />
         ) : (
           <TableView
             columns={columns}
@@ -328,13 +392,35 @@ export default function EventViewer({
         )}
 
         <Footer
-          rowCount={events.length}
-          cursorPos={scrollOffset + selectedRow + 1}
+          rowCount={
+            showPatterns && expandedPattern !== null
+              ? (patterns[expandedPattern]?.samples.length ?? 0)
+              : showPatterns
+                ? patterns.length
+                : events.length
+          }
+          cursorPos={
+            showPatterns && expandedPattern !== null
+              ? sampleScrollOffset + sampleSelectedRow + 1
+              : showPatterns
+                ? patternScrollOffset + patternSelectedRow + 1
+                : scrollOffset + selectedRow + 1
+          }
           wrapLines={wrapLines}
           isFollowing={isFollowing}
           loadingMore={loadingMore}
           paginationError={paginationError}
-          scrollInfo={expandedRow !== null ? `Ctrl+D/U to scroll` : undefined}
+          scrollInfo={
+            expandedRow !== null
+              ? 'Ctrl+D/U to scroll'
+              : showPatterns && expandedPattern !== null
+                ? '[SAMPLES] h to go back'
+                : showPatterns
+                  ? patternsLoading
+                    ? '[PATTERNS] Sampling…'
+                    : `[PATTERNS] ${patterns.length} patterns${patternsTotalCount != null ? ` from ~${patternsTotalCount.toLocaleString()} events` : ''} — l to expand, P/Esc to close`
+                  : undefined
+          }
         />
       </Box>
     </Box>
-Original file line number
+Diff line change
@@ @@ -0,0 +1,5 @@ @@
 +---
 +"@hyperdx/cli": patch
 +---
++
 +Add event pattern mining view (Shift+P) with sampled estimation and drill-down