We have 2 Devices: Device1, Device2. device-id and interface-name are tags and all others fields.
We have 3 measurements: one for device1 neighbor details, one for device2 neighbor details, another one for MTU details of device1, device2
First, we have to identify the connected interfaces between them. the condition will be local interface-name or port-id is equal to remote sides receiving-interface-name.
Then we have to check the other value (MTU) on those interfaces if the value is different then raise a critical alert.
Measurement1:
m1, device-id=Device1,remote-device=Device2,port-id=Interface1,receiving-interface-name=Interface1,timestamp= T1 → S2**
m1, device-id=Device1,remote-device=Device2,port-id=Interface2,receiving-interface-name=Interface4,timestamp= T1 → S3
m1, device-id=Device1,remote-device=Device2,port-id=Interface3,receiving-interface-name=Interface5,timestamp= T1 → S4
m1, device-id=Device1,remote-device=Device2,port-id=Interface6,receiving-interface-name=Interface8,timestamp= T1 → S4**
Measurement2:
m2, device-id=Device2,remote-device=Device1,port-id=Interface1,receiving-interface-name=Interface1,timestamp= T1 → S1 **
m2, device-id=Device2,remote-device=Device1,port-id=Interface2,receiving-interface-name=Interface19,timestamp= T1 → S2
m2, device-id=Device2,remote-device=Device3,port-id=Interface4,receiving-interface-name=Interface2,timestamp= T2–> S3
m2, device-id=Device2,remote-device=Device1,port-id=Interface5,receiving-interface-name=Interface11,timestamp= T1 → S4
m2, device-id=Device2,remote-device=Device1,port-id=Interface8,receiving-interface-name=Interface6,timestamp=T1–> S4**
Now, we got the neighboring devices based on the above 2 measurements. We have to use those device-id’s and port-id’s with below measurement to get MTU mismatched interfaces. Now, we have to check the MTU value of interface1 of device1 and interface1 of devices2 && interface6 of Device1 and interface8 of device2. If there is a mismatch we have to report it.
Here, even we can use a single measurement(m1) alone and compare the MTU values with m3.
Measurement3:
m3, device-id=Device1,interface-name=Interface1,MTU=1650, timestamp=T1 → S1**
m3, device-id=Device1,interface-name=Interface2,MTU=1550, timestamp=T1 → S2
m3, device-id=Device1,interface-name=Interface3,MTU=1600, timestamp=T1 → S3
m3, device-id=Device1,interface-name=Interface6,MTU=1550, timestamp=T1 → S4
m3, device-id=Device2,interface-name=Interface1,MTU=1600, timestamp=T1 → S5**
m3, device-id=Device2,interface-name=Interface2,MTU=1550, timestamp=T1 → S6
m3, device-id=Device2,interface-name=Interface4,MTU=1600, timestamp=T1 → S7
m3, device-id=Device2,interface-name=Interface8,MTU=1550, timestamp=T1 → S8
**
Result will be Device1, interface1,MTU=1650 and Device2,Interface1,MTU=1600.
**
We have to use a stream instead of batch. If it is not possible with streaming node then we can go for a batch.
dbrp “ncx”.“autogen”
var output = batch
|query(‘select “port-id”,“receiving-interface-name”,“neigh-device-id”,“device-id” from “m1”’)
.period(1m)
.every(1m)
.groupBy(*)var output_neighbor = batch
|query(‘select “port-id”,“receiving-interface-name”,“neigh-device-id”,“device-id” from “m2”’)
.period(1m)
.every(1m)
.groupBy(*)var mtu = ‘select “mtu” from “m3” where interface-name=‘output’.“receiving-interface-name”’
var intf_name = ‘select “interface-name” from “m2” where “output.device-id == output_neighbor.device-id” AND “output.port-id=output_neighbor.receiving-interface-name” AND “output.receiving-interface-name=output_neighbor.port-id”’
var mtu_neighbor = ‘select “mtu” from “m3” where interface-name=’+intf_name
|alert()
.crit(lambda: (mtu == mtu_neighbor))
.log(‘/tmp/out.tmp’)
Here, we want to know how to access a particular field/tag from variable.
> var mtu = ‘select “mtu” from “m3” where interface-name=‘output’.“receiving-interface-name”’
here we are accessing the receiving-interface-a name from variable output.
Is there anyway to write nested select queries in Influx?
