====== InfluxDb ======
cheat sheet / examples https://www.sqlpac.com/en/documents/influxdb-flux-language-advanced-features.html#influxdb-v2-quick-reminders \\
https://www.influxdata.com/blog/top-5-hurdles-for-flux-beginners-and-resources-for-learning-to-use-flux/ \\
<WRAP left tip 200px>
influxdb 3 
</WRAP><WRAP clear/>




<code>
from(bucket: "bucket")
  |> range(start: -2h)
  |> filter(fn: (r) =>  exists r.nas_name)
//   |> group(columns: ["nas_name","_measurment"])
  |>last()
  |> yield(name: "unique")
</code>


===== Influxdb queries =====
  * https://www.influxdata.com/blog/tldr-influxdb-tech-tips-converting-influxql-queries-flux-queries/



<code SQL>
import "influxdata/influxdb/schema"
 
from(bucket: "sensors")
//   |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
  |> range(start: 2024-02-20T01:00:00Z, stop: 2024-02-20T02:00:00Z)
  |> filter(fn: (r) => r["_measurement"] == "netflow")
  |> filter(fn: (r) => r["host"] == "gorkii21")
  |> filter(fn: (r) => r._field == "direction" or r._field == "dst" or r._field == "in_bytes")
  |> schema.fieldsAsCols()
  |> filter(fn: (r) => r["direction"] == "ingress")  
  |> filter(fn: (r) => r["dst"] == "192.168.114.109")   
  |> duplicate(column: "in_bytes", as: "_value")
  |> duplicate(column: "dst", as: "_measurement")
  |> group(columns: ["_measurement","_start"])
  |> aggregateWindow(every: 5m,  fn: sum, createEmpty: false)
// //   |> group(columns: ["dst"])
// //   |>sum()
//        
//   |> sum()
//   |> yield()
//   
//   |> drop(columns: ["host"])  
//   |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: false)
</code>

++++ Fields|
_measurement
direction
dst
dst_port
first_switched
flow_end_reason
host
icmp_code
icmp_type
in_bytes
in_packets
in_snmp
ip_version
last_switched
out_snmp
protocol
source
src
src_port
src_tos
tcp_flags
version
++++


++++ TMP flux|
<code SQL>
import "influxdata/influxdb/schema"
 
from(bucket: "sensors")
//   |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
  |> range(start: 2024-02-22T01:00:00Z, stop: 2024-02-22T10:00:00Z)
  |> filter(fn: (r) => r["_measurement"] == "netflow")
  |> filter(fn: (r) => r["host"] == "gorkii21")
  |> filter(fn: (r) => r._field == "direction" or r._field == "dst" or r._field == "in_bytes" or r._field == "in_snmp" or r._field == "out_snmp" or r._field == "in_packets")
  |> schema.fieldsAsCols()
  // |> filter(fn: (r) => r["direction"] == "ingress")  
   |> filter(fn: (r) => r["dst"] == "192.168.114.109")   
   |> duplicate(column: "in_bytes", as: "_value")
//  |> duplicate(column: "in_packets", as: "_value")
  |> duplicate(column: "dst", as: "_measurement")
    |> group(columns: ["_measurement","_start","in_snmp","out_snmp","direction"])
   |> aggregateWindow(every: 10m,  fn: sum, createEmpty: true)
//   |> group(columns: ["dst"])
//   |> sum()
//   |> group()
//   |>top(n: 10)
//   |>sort(columns: ["_value"])
//   |>yield()
//   
//   
//  
//   |> sum()
//   |> yield()
//   
//   |> drop(columns: ["host"])
//   |> aggregateWindow(every: v.windowPeriod, fn: last, createEmpty: false)




</code>
++++