I am running InfluxDB 1.8.2 and I am recording my iptables firewall logs with telegraf’s tail plugin (with grok format), where each hit becomes one line with fields like “source IP”, “destination port” etc.
I am visualizing my data with Grafana and would like to have the following queries:
- Top 10 destination ports in the selected timeframe / 24h, including number of hits per port
- Top 10 source IPs in the selected timeframe / 24h, including number of hits per IP
Can you please help crafting the appropriate queries for these statistics? I only found information how to do this if the values are stored in tags, however I do not think that this would make sense in this case (maybe for the ports, but definitely not for the IPs).