Hello everyone,
I am currently writing a program that does anomaly detection on system calls by creating a database of “normal behaviour”. The goal now is to visualize the data being collected. There are about 200 occurences a minute where a process does a systemcall. Currently, I am writing these system calls to an InfluxDB where the name of the process that does the calls is a tag and the system calls it does are fields.
A datapoint now is a timestamp, measurement, the processname, a call it did
I want to visualize the occurences of certain calls a process did in a specific amount of time, for example:
How many times did process x call ‘fopen’ in the last 5 minutes?
Is my schema sufficient for this? How would a query for this look like?
Thank you in advance.
