Examples

Example 1

In this example, we are going to apply several operations using the demo.ecommerce.data table:

Filter by status code=404

  • Go to the table toolbar and select the Filter icon.
  • By default, the first operation is Equal.
  • If you click the Arguments field, a warning message is displayed notifying that there are not enough arguments for this operation. This means you need to click on the New argument icon.

  • The two arguments needed for this operation are:
    • Value - Select the Status Code column from the dropdown list.
    • Is - Enter the 404 value clicking the pencil icon.

  • Click Filter data.

Create new columns: latitude and longitude

  • Go to the table toolbar and select the Create column icon.
  • Assign the new column name as Latitude.
  • Select the Geolocated latitude operation from the dropdown list.
  • The operation argument is the IP, so select the clientIpAdress column.
  • Click Create column.

  • Repeat the same steps for the longitude, using the Geolocated longitude operation.

Calculate the average of the TimeTaken value

  • We are going to use the following query as the base:

    from demo.ecommerce.data
    where statusCode = 404
    group every 10m by method, clientIpAddress
    every 10m

  • Use the count operation to aggregate the data. We have named the new column as My count.
  • Click Aggregate function.

  • Click again the Aggregation icon and assign the new column name as My average.
  • Select the average operation.
  • The argument used is Average of. Select the TimeTaken value.
  • Click Aggregate function.

Example 2

See below an example of a LINQ query to get the traffic volume by country and port.

from netstat.netflow.lt
where ispublic(srcIp)
select mmcountry(srcIp) as country
group every 30m by country, dstPort
every 1h
select sum(bytes) as bytes,
avg(packets) as packets,
humanSize(bytes) as bytesHuman

But how can we get to the same result using the available operations?

from netstat.netflow.lt

  • Go to the Data search → Finder area and open the netstat.netflow.lt table.

where ispublic(srcIp)

  1. Go to the table toolbar and select the Filter icon
  2. Select the operation from the dropdown list: Is Public IP4
  3. Select the argument (the column where to apply the filter): scrIp
  4. Click Filter data.

 


select mmcountry(srcIp) as country

  1. Go to the table toolbar and select the Create column icon.
  2. Select the Create column tab.
  3. Select the operation from the dropdown list: Geolocated country
  4. Select the argument (the column where to apply the filter): scrIp
  5. Click Create column.

 


group every 30m by country, dstPort
every 1h

  • Group the data by using the Grouping function:

  1. Go to the table toolbar and select the Group icon
  2. Select the time of the grouping: 1h
  3. Define the first argument for the grouping: country
  4. Click New argument
  5. Select dstPort as the second argument
  6. Click Group by.

 

select sum(bytes) as bytes

  1. Go to the table toolbar and click on Aggregation icon.
  2. Select the Sum function in the Aggregation field.
  3. Select bytes as the operation argument
  4. Click Aggregate function.


avg(packets) as packets

  1. Go to the table toolbar and click the Aggregation icon.
  2. Select the Average function in the Aggregation field.
  3. Select packets as the operation argument.
  4. Click Aggregate function.

humanSize(bytes) as bytesHuman

  1. Go to the table toolbar and click the Create column icon.
  2. Define the column name as bytesHuman.
  3. Select the HumanSize function in the Operation field.
  4. Select bytes as the operation argument.
  5. Click Create column.

 

As a result, the final table will have a new column, bytesHuman, with the traffic volume by port and country. If you click the Toggle query editor button, you can see the LINQ version of our query.

Have we answered your question?

If not, please contact our technical support team via email by clicking the button below.

CONTACT US