如何在InfluxDB中按字段计数分组? [英] How do I group by count of a field in InfluxDB?

问题描述

我在InfluxDB中有一些数据是某些TCP连接的连接事件.因此，度量为connection_events，其标签为:连接系统的mac_address和其他一些元数据.该值只是connected = true | false

I have some data in InfluxDB that is connected events for certain TCP connections. So the measurement is connection_events with tags being: mac_address of connecting system, and some other metadata. The value is just connected=true|false

我想做的是这样的:

select count(mac_address), mac_address 
from connection_events 
where count(mac_address) > X 
group by mac_address

换句话说，我想看到如下结果:

In other words, I want to see results like:

28，ABCD

28,ABCD

14，EFGH

3，XYZQ

但是，InfluxDB不喜欢这种查询.我不知道如何解析连接事件的数据集并通过mac地址汇总它们.

However, InfluxDB doesn't like this kind of query. I can't figure out how to parse through the dataset of connection events and aggregate them by mac address.

推荐答案

在SELECT子句之外，InfluxQL中的功能无效，并且还没有子查询或HAVING子句.

Functions in InfluxQL are not valid outside the SELECT clause, and there are as yet no subqueries or a HAVING clause.

但是，您可以使用连续查询

使用CQ计算count(mac_address)并将其存储在新的测量值foo中. CREATE CQ... SELECT COUNT(mac_address) AS count INTO foo FROM connection_events GROUP BY time(5m), *然后可以为您的图形查询select count from foo where count > X group by mac_address.

Use a CQ to calculate the count(mac_address) and store that in a new measurement foo. CREATE CQ... SELECT COUNT(mac_address) AS count INTO foo FROM connection_events GROUP BY time(5m), * Then for your graph you can query select count from foo where count > X group by mac_address.

这篇关于如何在InfluxDB中按字段计数分组?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！