Does telegraf - influx provide grouping?

Hello, I could make tail plugin send grok patterned logs into influxDB thanks to your help. However, I came up with that I need to use grouping according to subdomains I extract from logs.

request_time="0.004",timestamp="12/Jul/2024:00:28:00 +0900",referer="https://h27.{domain}.com/Main.html",subdomain="h27"

request_time="0.006",timestamp="12/Jul/2024:00:28:00 +0900",referer="https://h28.{domain}.com/Main.html",subdomain="h28"

for example, I wanted to show time-series (_value)s of request_time(_field) grouped by subdomains. But the problem is that subdomain is also included in _field just like request_time. It seems they don’t let me select both in one query. So I wonder if you could recommend any grouping function. (I tried tag mapping for subdomains, but it literally sent “subdomain” string rather than dynamic {subdomain}s).

The image I’m thinking of is as below and sorry for the quality.

image1201×627 33.7 KB

I appreciate it in advance.

Hi!

Did you try to set subdomain as a tag in your grok pattern?
Something like:
request_time=“%{NUMBER:request_time:float}”,timestamp=“%{DATA:timestamp:tag}”,referer=“%{DATA:referer:tag}”,subdomain=“%{WORD:subdomain:tag}”

The idea is only request_time as field and the rest as tags

Hope it helps

It works for me. Thank you.
And I also was able to find out the config below work on ChatGPT based on your tips.

[[processors.converter]]
  [processors.converter.fields]
    tag = ["subdomain"]