revision

influxdb/by_nginx_client_ip.flux

@@ -0,0 +1,27 @@
+
+////////////////////////////////////////////////////////////////////
+v = {
+ "timeRangeStart": 2023-06-16T14:44:00Z,
+  "timeRangeStop": 2023-06-18T14:44:00Z
+}
+
+bucket = "telegraf"
+
+////////////////////////////////////////////////////////////////////
+hosts = ${httpHost:json}
+
+hostsLength = hosts |> length()
+measurement = "nginx_access-logv3"
+from(bucket: "${bucket}")
+  |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
+  |> filter(fn: (r) => r["_measurement"] == measurement and (r["_field"] == "client_ip" or r["_field"] == "nginx_host"))
+  |> pivot(rowKey:["_time"],
+        columnKey: ["_field"],
+        valueColumn: "_value")
+  |> filter(fn: (r) => if hostsLength>0 then contains(value: r["nginx_host"], set: hosts) else true)      
+  |> duplicate(column: "client_ip", as: "_value")
+  |> group(columns: ["client_ip"])
+  |>count()
+  |> group()
+  |> sort(columns: ["_value"], desc: true)
+  

influxdb/by_nginx_host.flux

@@ -0,0 +1,26 @@
+
+////////////////////////////////////////////////////////////////////
+v = {
+ "timeRangeStart": 2023-06-15T14:44:00Z,
+  "timeRangeStop": 2023-06-18T14:44:00Z
+}
+httpHosts = ["git.limbosolutions.com"]
+bucket = "telegraf"
+
+////////////////////////////////////////////////////////////////////
+
+measurement = "nginx_access-logv3"
+from(bucket: "${bucket}")
+  |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
+  |> filter(fn: (r) => r["_measurement"] == measurement and r["_field"] == "nginx_host")
+  |> duplicate(column: "_value", as: "nginx_host")
+  |> group(columns: ["nginx_host"])
+  |> count()
+  |> group()
+  |> sort(columns: ["_value"], desc: true)
+ 
+
+
+
+
+

influxdb/by_nginx_request.flux

@@ -0,0 +1,30 @@
+
+////////////////////////////////////////////////////////////////////
+v = {
+ "timeRangeStart": 2023-06-16T14:44:00Z,
+  "timeRangeStop": 2023-06-18T14:44:00Z
+}
+
+bucket = "telegraf"
+
+////////////////////////////////////////////////////////////////////
+hosts = ${httpHost:json}
+hostsLength = hosts |> length()
+measurement = "nginx_access-logv3"
+from(bucket: "${bucket}")
+  |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
+  |> filter(fn: (r) => r["_measurement"] == measurement and (r["_field"] == "request" or r["_field"] == "nginx_host"))
+  |> pivot(rowKey:["_time"],
+        columnKey: ["_field"],
+        valueColumn: "_value")
+  |> filter(fn: (r) => if hostsLength>0 then contains(value: r["nginx_host"], set: hosts) else true)
+  |> group()      
+  |> duplicate(column: "request", as: "_value")
+  |> group(columns: ["request"])
+  |>count()
+  |> group()
+  |> sort(columns: ["_value"], desc: true)
+  
+
+
+

influxdb/by_nginx_resp_code.flux

@@ -0,0 +1,23 @@
+
+////////////////////////////////////////////////////////////////////
+v = {
+ "timeRangeStart": 2023-06-16T14:44:00Z,
+  "timeRangeStop": 2023-06-18T14:44:00Z
+}
+
+bucket = "telegraf"
+
+////////////////////////////////////////////////////////////////////
+hosts = ${httpHost:json}
+
+hostsLength = hosts |> length()
+measurement = "nginx_access-logv3"
+from(bucket: "${bucket}")
+  |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
+  |> filter(fn: (r) => r["_measurement"] == measurement and r["_field"] == "nginx_host")
+  |> filter(fn: (r) => if hostsLength>0 then contains(value: r["_value"], set: hosts) else true)      
+  |> group(columns: ["resp_code"])
+  |> count()
+  |> group()
+  |> sort(columns: ["_value"], desc: true)
+  

influxdb/by_nginx_verb.flux

@@ -0,0 +1,23 @@
+
+////////////////////////////////////////////////////////////////////
+v = {
+ "timeRangeStart": 2023-06-16T14:44:00Z,
+  "timeRangeStop": 2023-06-18T14:44:00Z
+}
+
+bucket = "telegraf"
+
+////////////////////////////////////////////////////////////////////
+hosts = ${httpHost:json}
+
+hostsLength = hosts |> length()
+measurement = "nginx_access-logv3"
+from(bucket: "${bucket}")
+  |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
+  |> filter(fn: (r) => r["_measurement"] == measurement and r["_field"] == "nginx_host")
+  |> filter(fn: (r) => if hostsLength>0 then contains(value: r["_value"], set: hosts) else true)      
+  |> group(columns: ["verb"])
+  |> count()
+  |> group()
+  |> sort(columns: ["_value"], desc: true)
+  

influxdb/get_nginx_hosts.flux

@@ -0,0 +1,17 @@
+////////////////////////////////////////////////////////////////////
+v = {
+ "timeRangeStart": 2023-06-15T14:44:00Z,
+  "timeRangeStop": 2023-06-18T14:44:00Z
+}
+httpHosts = ["git.limbosolutions.com"]
+bucket = "telegraf"
+
+////////////////////////////////////////////////////////////////////
+
+measurement = "nginx_access-logv3"
+from(bucket: "${bucket}")
+  |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
+  |> filter(fn: (r) => r["_measurement"] == measurement and r["_field"] == "nginx_host")
+  |> keep(columns: ["_value"])
+  |> distinct()
+

influxdb/testess.flux

@@ -0,0 +1,19 @@
+
+////////////////////////////////////////////////////////////////////
+v = {
+ "timeRangeStart": 2023-06-15T14:44:00Z,
+  "timeRangeStop": 2023-06-18T14:44:00Z
+}
+httpHosts = ["git.limbosolutions.com"]
+bucket = "telegraf"
+
+////////////////////////////////////////////////////////////////////
+
+measurement = "nginx_access-logv3"
+from(bucket: "${bucket}")
+  |> range(start: v.timeRangeStart, stop: v.timeRangeStop)
+  |> filter(fn: (r) => r["_measurement"] == measurement and r["_field"] == "nginx_host" and r._value=="frontdoor-f7fje4hfd0hpc3h9.z01.azurefd.net")
+
+
+
+ 66.240.205.34 - - [18/Jun/2023:10:01:01 +0000] "H\x00\x00\x00tj\xA8\x9E#D\x98+\xCA\xF0\xA7\xBBl\xC5\x19\xD7\x8D\xB6\x18\xEDJ\x1En\xC1\xF9xu[l\xF0E\x1D-j\xEC\xD4xL\xC9r\xC9\x15\x10u\xE0%\x86Rtg\x05fv\x86]%\xCC\x80\x0C\xE8\xCF\xAE\x00\xB5\xC0f\xC8\x8DD\xC5\x09\xF4" 400 157 cloud.limbosolutions.com "-" "-"