I’m getting Nginx reverse proxy data into Influx through the Telegraf logparser.
Nginx outputs some fields that measure duration as part of another duration (i.e. upstream_response_time is part of the total response_time). For analysis it would be best to have a separate field that’s response_time - upstream_response_time.
Since Telegraf’s logparser plugin is incapable of transformation steps like that, I tried to implement it as a continuous query in Influx, SELECT INTOing each record with extra calculated fields into another retention policy.
CREATE DATABASE nginx_logs;
CREATE RETENTION POLICY “one_hour” ON “nginx_logs” DURATION 1h REPLICATION 1 DEFAULT;
CREATE RETENTION POLICY “one_day” ON “nginx_logs” DURATION 1d REPLICATION 1;
CREATE CONTINUOUS QUERY “separate_timings” ON “nginx_logs” BEGIN
SELECT
*,
“response_time” - “upstream_connection_time” - “upstream_response_time” as downstream_time,
“upstream_response_time” - “upstream_header_time” as upstream_body_time
INTO “one_day”."saas_requests_enhanced"
FROM "saas_requests"
END;
However, that doesn’t work since a continuous query needs a GROUP BY time(unit) clause.
What would be the way to go about this in Influx or the TICK stack ?
