Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

flux support #269

Open
mroe1234 opened this issue Jul 6, 2020 · 2 comments
Open

flux support #269

mroe1234 opened this issue Jul 6, 2020 · 2 comments

Comments

@mroe1234
Copy link

mroe1234 commented Jul 6, 2020

Using world map-panel .3.2 and Grafana 6.7.4
my flux query:

from(bucket: "ntopng/autogen") 
  |> range(start: -2h) 
  |> filter(fn: (r) => r._measurement == "country:traffic" and (r.ifid == "5") and (r._field == "bytes_ingress")) 
  |> sum()
  |> drop(columns: ["_measurement","ifid"]) 
  |> group(columns: ["country"])

I have also tried:
|> duplicate(column: "country", as: "_field")

The output data via the influx cli looks like:

Table: keys: [country]
    country:string                     _start:time                      _stop:time           _field:string                  _value:float  
    US  2020-07-06T14:13:30.643974014Z  2020-07-06T16:13:30.643974014Z                      US                  849475542117  
Table: keys: [country]
    country:string                     _start:time                      _stop:time           _field:string                  _value:float  
    UY  2020-07-06T14:13:30.643974014Z  2020-07-06T16:13:30.643974014Z                      UY                      15727176  
Table: keys: [country]
    country:string                     _start:time                      _stop:time           _field:string                  _value:float  
   UZ  2020-07-06T14:13:30.643974014Z  2020-07-06T16:13:30.643974014Z                      UZ                      10035102

However the map remains empty.
@amotl amotl mentioned this issue Oct 27, 2020
Closed
@tommy915
Copy link

Got it to work using this.

from(bucket: "my bucket")
    |> range(start: v.timeRangeStart, stop: v.timeRangeStop) 
    |> filter(fn: (r) => 
    r._measurement == "something" and 
    r._field == "Lat" or
    r._field == "Lon" or
    r._field == "MCUTemp"
  )
  |> pivot(rowKey:["_time"], columnKey: ["_field"], valueColumn: "_value")

@wrightsonm
Copy link

wrightsonm commented Jul 21, 2021
edited

The above flux works for long/lat, but not if you want to use US,GB,RU 2 letter country codes.

Location Data: countries

This is my solution:

from(bucket: "pfsense")
 |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
 |> filter(fn: (r) => r["_measurement"] == "tail_ip_block_log")
 |> filter(fn: (r) => r["_field"] == "action" or r["_field"] == "direction" or r["_field"] == "host")
 |> pivot(rowKey:["_time"], columnKey: ["_field"], valueColumn: "_value")
 |> filter(fn: (r) => r.host =~ /^.*$/ and r.action == "block" and r.direction == "in")
 |> group(columns: ["geoip_code"]) 
 |> keep(columns: ["_time","geoip_code","action"])
 |> count(column:"action")
 |> map(fn: (r) => ({ r with _time: now() }))

credit to Grafana Issue #30290 for the last line:

|> map(fn: (r) => ({ r with _time: now() }))
This is the key to the problem of the error message: "TypeError: Cannot read property 'length' of undefined"

A transform "rename by regex" is also required:
Match: action\s(.*)
Replace $1

For reference this is my original fluxql query:

SELECT count("action") FROM "tail_ip_block_log" WHERE ("host" =~ /^$Host$/ AND "action" = 'block' AND "direction" = 'in') AND $timeFilter GROUP BY time(10m), "geoip_code"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wrightsonm @mroe1234 @tommy915