How do I group by count of a field in InfluxDB?

Question

I have some data in InfluxDB that is connected events for certain TCP connections. So the measurement is connection_events with tags being: mac_address of connecting system, and some other metadata. The value is just connected=true|false

What I want to do is something like this:

select count(mac_address), mac_address 
from connection_events 
where count(mac_address) > X 
group by mac_address

In other words, I want to see results like:

28,ABCD

14,EFGH

3,XYZQ

However, InfluxDB doesn't like this kind of query. I can't figure out how to parse through the dataset of connection events and aggregate them by mac address.

Answer 1

InfluxQL 中的函数在SELECT子句之外无效，并且还没有子查询或HAVING子句。

但是，您可以通过使用连续查询来完成您所需要的

使用 CQ 计算count(mac_address)并将其存储在新的测量中foo。CREATE CQ... SELECT COUNT(mac_address) AS count INTO foo FROM connection_events GROUP BY time(5m), *然后对于您的图表，您可以查询select count from foo where count > X group by mac_address.