I have some data in InfluxDB that is connected events for certain TCP connections. So the measurement is connection_events with tags being: mac_address of connecting system, and some other metadata. The value is just connected=true|false
What I want to do is something like this:
select count(mac_address), mac_address
from connection_events
where count(mac_address) > X
group by mac_address
In other words, I want to see results like:
28,ABCD
14,EFGH
3,XYZQ
However, InfluxDB doesn't like this kind of query. I can't figure out how to parse through the dataset of connection events and aggregate them by mac address.
Functions in InfluxQL are not valid outside the SELECT clause, and there are as yet no subqueries or a HAVING clause.
However, you can accomplish what you need by using Continuous Queries
Use a CQ to calculate the count(mac_address) and store that in a new measurement foo. CREATE CQ... SELECT COUNT(mac_address) AS count INTO foo FROM connection_events GROUP BY time(5m), * Then for your graph you can query select count from foo where count > X group by mac_address.
来源:https://stackoverflow.com/questions/36209516/how-do-i-group-by-count-of-a-field-in-influxdb