0

I am trying to display data where it aggregates by a field and displays count per a window. I'm struggling coming up with the syntax. Let's assume this is my data in InfluxDb:

import "array"

data = array.from(rows: [
  {application: "ap1", time: "2022-10-01T10:10:06.757Z", message: "error..."},
  {application: "ap2", time: "2022-10-03T15:11:05.757Z", message: "error..."},
  {application: "ap1", time: "2022-10-02T12:11:08.757Z", message: "error..."},
  {application: "ap1", time: "2022-10-04T13:13:05.757Z", message: "error..."},
  {application: "ap3", time: "2022-10-05T10:11:16.757Z", message: "error..."},
  {application: "ap3", time: "2022-10-06T15:22:05.757Z", message: "error..."},
])

data
 |> group(columns: ["application", "time"])

I'd like to group by results like this:

enter image description here

The window could be...show count per application type...per hour, per day, or per week.

obautista
  • 3,517
  • 13
  • 48
  • 83

2 Answers2

1

You could try with the count function.

Munin
  • 1,576
  • 2
  • 19
0

Group data by application column and then use aggregateWindow with desired time interval and count function.

Eg.

data
 |> map(fn: (r) => ({ r with _time: time(v: r.time) }))
 |> range(start: 2022-10-01T00:00:00Z)
 |> group(columns: ["application"])
 |> aggregateWindow(every: 1mo, fn: count, column: "message", createEmpty: false)

Output:

2022-10-13T12:29:14.412Z  ap1  3
2022-10-13T12:29:14.412Z  ap2  1
2022-10-13T12:29:14.412Z  ap3  2

When you query data from a bucket, some columns are provided by default, like _time and _value, so there would be no need for extra time mapping call like in the example above and you could also omit column arg to aggregateWindow() as it operates on _value column by default.

alespour
  • 397
  • 1
  • 5