Hi everyone. I’m feeding in access logs, via telegraf, from a couple of very busy nginx servers which host about 350k domains.
Currently, I am feeding in only the timestamp of the request, and the domain name that the request went to: grok_patterns = ['^"%{HTTPDATE:ts:ts-httpd}" "%{HOSTNAME:http_host}"$']
From this data I need to calculate the number of requests at each domain over various time periods (e.g. 1d, 1w, 4w, 12w), for which continuous queries appear to be a great option.
My brain tells me a query like this is what I need: SELECT COUNT(*) FROM nginx_domains_log WHERE time >= now() - $timePeriod GROUP BY http_host, however that does not work, since http_host is not a tag.
How should I approach this, given that http_host is decently variable (around 350K possibilities)?
