Hi @scott
Thank you for your answer!
According to your questions/remarks following I provide answers:
Was this copied straight from Grafana?
Yes, I thought so but only influxdb frontend delivers the error message, in grafana I simply get ‘No data’
I checked again and found a bracked too much. Now it gives in influxdb the error:
runtime error @56:6-56:40: filter: cannot compile @ 56:17-56:39: unsupported binary expression int == string
Are 1 and 2 the only possible values for this field or are there others?
There are multiple values possible for ifOperStatus:
null -> N/A
1 -> UP
2 -> DOWN
3 -> testing
4 -> unknown
5 -> dormant
6 -> not present
7 -> lower layer down
You don’t have to drop columns if you’re going to regroup and then count. When you run count, all columns not in the group key will get dropped anyway.
This is good to know, I’ll consider this in the future
You shouldn’t limit to 1. This will make it so your count will always be one since count returns the number of rows with non-null values in the _value column. If you limit by 1, your count will always be 1.
Hmm, hence I misunderstood the function limit. Also a learning that’ll help me going along.
You don’t need to use aggregateWindow() in this query. If your every matches the time range of your query, you don’t really even need to window. You can just run the aggregate function, count().
So multiple aggregations don’t improve the output, I get that and I’m still learning on how to control the handling of the output from the metrics. Therefore your guidance helps already.
Now my remarks to the query you provided:
1.) Your query gives me a total count of ‘106’ and the swich I’m pointing to has only very few ports in state UP. It looks like your query iterates (as declared) over all interfaces including VLANs:
(The view from query inspector:)
from(bucket: "tigstack")
|> range(start: -1m)
|> filter(fn: (r) =>
r._measurement == "InterfaceTable" and
r.agent_host == "192.168.99.100" and
r.ifIndex =~ /1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18|19|20|21|22|23|24|25|26|27|28|29|30|31|32|33|34|35|36|37|38|39|40|41|42|43|44|45|46|47|48|49|50|51|52|102|200|201|251|300|401|601|602|603|606|1100|1102|1103|1104|1105|1106|2405|4324|4325|4326|4327|4328|4329|4330|4331/ and
r._field == "ifOperStatus"
)
|> duplicate(column: "_value", as: "PortUP")
|> group(columns: ["PortUP"])
|> count()
i.e. I need to regex somehow that the statement /${port:pipe}/ stops at the management interfaces. I tried that on the variable already ${port} with the statement:
(5[0-4]|[1-4][0-9]|0?[1-9])
But this doesn’t limit the port indices in the query. How can I narrow the query down to the physical interfaces available? We have also a few switches that have only 24 ports so query should accomodate for that case.
Do you have any idea on how to do that?
2.) Your query counts all interfaces’ ifOperStatus value despite the value given, as you’ve mentionend in your answer. Which leads me back to my initial problem on how to isolate the _value == “1” from all the others for this query.
It may help you to see what my target configuration should look like:
It’s this template grafana_switch_overview_dashboard
Here I’m working on the panel in the top right corner with the query I provieded.
I sincerly hope that you can provide further help in this. It’s my first project using the telegraf influxdb grafana combination and after 3 months it still feels like fumbling around and just get it good enough for production usage 
