Get duration of certain field value InfluxDB

Anaisdg · September 26, 2022, 10:10pm

Hello @mmmmgggg,
Yes! I’m so sorry for the delay. Sometimes questions fall through the cracks. Next time you dont hear back, please tag me.
Thank you for providing sample input data you rock!
You would do:

import "csv"
csvData = "#group,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE,FALSE

#datatype,string,long,dateTime:RFC3339,dateTime:RFC3339,dateTime:RFC3339,string,string,string,string,string,string,string,string,string,string,string,string,string

#default,_result,,,,,,,,,,,,,,,,,

,result,table,_start,_stop,_time,_value,_field,_measurement,dest_ip,dest_port,event_type,flow_id,host,in_iface,path,proto,src_ip,src_port

,,0,2022-09-16T09:00:00.00000000Z,2022-09-16T09:00:00.00000000Z,2022-09-16T09:00:00.00000000Z,False,PLC,suricata-alerts,192.168.0.14,80,alert,1437107460025591,opnsense.home.arpa,re1_vlan742^,/var/log/suricata/eve.json,TCP,111.111.111.111,36766

,,0,2022-09-16T09:05:00.00000000Z,2022-09-16T09:05:00.00000000Z,2022-09-16T09:05:00.00000000Z,False,PLC,suricata-alerts,192.168.0.14,80,alert,2166347159271520,opnsense.home.arpa,re1_vlan742^,/var/log/suricata/eve.json,TCP,222.222.222.222,34387

,,0,2022-09-16T09:10:00.00000000Z,2022-09-16T09:10:00.00000000Z,2022-09-16T09:10:00.00000000Z,True,PLC,suricata-alerts,192.168.0.14,80,alert,321927463147576,opnsense.home.arpa,re1_vlan742^,/var/log/suricata/eve.json,TCP,110.110.110.110,11751

,,0,2022-09-16T09:40:00.00000000Z,2022-09-16T09:40:00.00000000Z,2022-09-16T09:40:00.00000000Z,True,PLC,suricata-alerts,192.168.0.14,80,alert,333555236012237,opnsense.home.arpa,re1_vlan742^,/var/log/suricata/eve.json,TCP,100.100.100.100,13488

,,0,2022-09-16T10:00:00.00000000Z,2022-09-16T10:00:00.00000000Z,2022-09-16T10:00:00.00000000Z,False,PLC,suricata-alerts,192.168.0.14,80,alert,334429991280534,opnsense.home.arpa,re1_vlan742^,/var/log/suricata/eve.json,TCP,180.180.180.180,53958

,,0,2022-09-16T12:00:00.00000000Z,2022-09-16T12:00:00.00000000Z,2022-09-16T12:00:00.00000000Z,True,PLC,suricata-alerts,192.168.0.14,80,alert,33606186887911,opnsense.home.arpa,re1_vlan742^,/var/log/suricata/eve.json,TCP,180.180.180.180,45018

,,0,2022-09-16T12:10:00.00000000Z,2022-09-16T12:10:00.00000000Z,2022-09-16T12:10:00.00000000Z,False,PLC,suricata-alerts,123.123.123.123,80,alert,1554565580150037,opnsense.home.arpa,re0,/var/log/suricata/eve.json,TCP,150.150.150.150,511"

csv.from(csv: csvData)
|> stateDuration(unit: 1m, fn: (r) => true)

Using stateDuration:

This doc does a good example of highlighting other like functions too that are worth knowing about.

Topic		Replies	Views
Flux: Calculate for how long was a field value not zero InfluxDB 2 influxdb , query , flux	5	1273	March 20, 2023
How to retrive total duration based on a value state? Fluxlang influxdb	0	307	April 4, 2023
Math operations on field value and time influxdb	4	3591	January 24, 2019
Count and calculate the duration of Boolean true InfluxQL influxdb , kapacitor , influxql , query , tickscript	0	469	April 20, 2022
Calculating event duration from boolean values? influxdb , influxql	2	4611	February 12, 2023

Get duration of certain field value InfluxDB

Related topics