Difference between revisions of "Query Meta Data"
From Observer GigaFlow Support | VIAVI Solutions Inc.
Kevin Wilkie (Talk | contribs) |
Kevin Wilkie (Talk | contribs) |
||
(One intermediate revision by one user not shown) | |||
Line 3: | Line 3: | ||
Graph Query | Graph Query | ||
− | select FIRSTSEEN as afirstseen,appid ,avg(cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::int as aavg from netflow WHERECLAUSE and (meta::json->>'netscalerSmoothedRoundTripTime' )is not null group by afirstseen,appid order by appid,afirstseen | + | select FIRSTSEEN as afirstseen,appid ,avg(cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::int as aavg from netflow |
+ | WHERECLAUSE and (meta::json->>'netscalerSmoothedRoundTripTime' )is not null group by afirstseen,appid order by appid,afirstseen | ||
<gallery> | <gallery> | ||
Line 9: | Line 10: | ||
</gallery> | </gallery> | ||
+ | |||
+ | As the name of the met field extracted you can use | ||
+ | svalue returns Value | ||
+ | scount returns Count | ||
+ | acount returns Count | ||
+ | avalue returns Value | ||
+ | aavg returns Average | ||
+ | atotal returns Total | ||
+ | amin returns Min | ||
+ | apct returns % | ||
+ | amax returns Max |
Latest revision as of 12:08, 14 April 2022
Table Query
select (cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::bigint as avalue, count(*) as acount from netflow WHERECLAUSE group by avalue ORDERBY LIMITROW
Graph Query
select FIRSTSEEN as afirstseen,appid ,avg(cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::int as aavg from netflow WHERECLAUSE and (meta::json->>'netscalerSmoothedRoundTripTime' )is not null group by afirstseen,appid order by appid,afirstseen
As the name of the met field extracted you can use
svalue returns Value scount returns Count acount returns Count avalue returns Value aavg returns Average atotal returns Total amin returns Min apct returns % amax returns Max