Difference between revisions of "Query Meta Data"

From Observer GigaFlow Support | VIAVI Solutions Inc.
Jump to: navigation, search
(Created page with "Table Query select (cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::bigint as avalue, count(*) as acount from netflow WHERECLAUSE group by avalue ORDERBY LIMITRO...")
 
 
(2 intermediate revisions by one user not shown)
Line 3: Line 3:
  
 
Graph Query
 
Graph Query
  select FIRSTSEEN as afirstseen,appid ,avg(cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::int as aavg from netflow  WHERECLAUSE  and (meta::json->>'netscalerSmoothedRoundTripTime' )is not null group by afirstseen,appid o
+
  select FIRSTSEEN as afirstseen,appid ,avg(cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::int as aavg from netflow  
 +
  WHERECLAUSE  and (meta::json->>'netscalerSmoothedRoundTripTime' )is not null group by afirstseen,appid order by appid,afirstseen
 +
 
 
<gallery>
 
<gallery>
 
File:Metaquery.png|Report Query
 
File:Metaquery.png|Report Query
  
 
</gallery>
 
</gallery>
rder by appid,afirstseen
+
 
 +
As the name of the met field extracted you can use
 +
svalue returns Value
 +
scount returns Count
 +
acount returns Count
 +
avalue returns Value
 +
aavg returns Average
 +
atotal returns Total
 +
amin returns Min
 +
apct returns %
 +
amax returns Max

Latest revision as of 12:08, 14 April 2022

Table Query

select (cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::bigint as avalue, count(*) as acount from netflow WHERECLAUSE group by avalue ORDERBY LIMITROW

Graph Query

select FIRSTSEEN as afirstseen,appid ,avg(cast(meta::json->>'netscalerSmoothedRoundTripTime' as int))::int as aavg from netflow 
WHERECLAUSE  and (meta::json->>'netscalerSmoothedRoundTripTime' )is not null group by afirstseen,appid order by appid,afirstseen

As the name of the met field extracted you can use

svalue returns Value
scount returns Count
acount returns Count
avalue returns Value
aavg returns Average
atotal returns Total
amin returns Min
apct returns %
amax returns Max