How do I breakdown a table by a column?

Grafana Dashboards
, ,
1

grafana version: 9.0.2 on Linux

I have webserver access logs from which I want to present the N highest IP addresses per day. The data itself is reasonably easy to get by pulling it out and grouping by day, but now that I have it:

image
image1216×735 57.1 KB

I want to show it in the best presentable manner. I can do a transform grouping to get e.g.:

image
image1212×186 25.7 KB

but what I want is a separate value per day, say like this (kibana):

image
image1452×464 45 KB

What is the best way to accomplish what I want using grafana?

2

Hi @supermathie

Can you please share a sample/test data in .csv or .json format? so that the community users can try to help you out and share the solution

3

I would upload a file, but .csv upload is disallowed. You can add it to authorized extensions in the admin panel if you want to change that.

"@timestamp","source.ip","Count"
1680048000000,178.18.0.0,45485
1680048000000,93.190.0.0,38713
1680048000000,2604:a880:cad::,28761
1680048000000,2a03:b0c0:1::,9265
1680048000000,2604:a880:1::,9242
1680134400000,178.18.0.1,967009
1680134400000,2604:a880:cad::1,267788
1680134400000,93.190.0.1,222905
1680134400000,3.96.0.1,91863
1680134400000,2604:a880:1::,88659
1680220800000,178.18.0.2,2851792
1680220800000,3.96.0.2,1231751
1680220800000,93.190.0.2,203758
1680220800000,2604:a880:cad::2,153148
1680220800000,2604:a880:800::2,151295
4

Hi @supermathie,

So this is what we got as a close match to create the Dashboard you desired (link to Dashboard).

The logic here is that we have used the timestamp as a dashboard-variable. Since we do have the environment to reproduce it on ElasticSearch but you can define a query-based variable for timestamp as a dashboard variable which will generate the timestamps, which you can select.

image

In the Query Editor, we are using the time variable from the dashboard-variable:

image
image1272×244 22.5 KB

Optional, you can repeat the panels using the Repeat option and select “by variable” (have to play around but can be v.useful)

Also the panels, we are using the Group by transformation and grouping it with the source.ip counting the total Count

image

I hope this helps to bring you closer to your solution.

5

Yes! That was another idea we had, but can’t figure out how to do this: