问题
I have some data in InfluxDB that is connected events for certain TCP connections. So the measurement is connection_events with tags being: mac_address of connecting system, and some other metadata. The value is just connected=true|false
What I want to do is something like this:
select count(mac_address), mac_address
from connection_events
where count(mac_address) > X
group by mac_address
In other words, I want to see results like:
28,ABCD
14,EFGH
3,XYZQ
However, InfluxDB doesn't like this kind of query. I can't figure out how to parse through the dataset of connection events and aggregate them by mac address.
回答1:
Functions in InfluxQL are not valid outside the SELECT clause, and there are as yet no subqueries or a HAVING clause.
However, you can accomplish what you need by using Continuous Queries
Use a CQ to calculate the count(mac_address) and store that in a new measurement foo. CREATE CQ... SELECT COUNT(mac_address) AS count INTO foo FROM connection_events GROUP BY time(5m), * Then for your graph you can query select count from foo where count > X group by mac_address.
来源:https://stackoverflow.com/questions/36209516/how-do-i-group-by-count-of-a-field-in-influxdb