Syslog from InfluxDB v2: Columns not broken out

Hello…Noob user here with the latest Grafana 7 and InfluxDB v2 installed. I have syslog messages coming into InfluxDB v2 through Telegraf and I am able to setup queries in InfluxDB Explorer using FLUX. I’m basically using FLUX to pull info out of the syslog message into its own column, capture a duration of a state change and graph that. However, when I use some of the same queries in Grafana my table only has 2 columns being time and the syslog message, none of the other columns show like hostname or the columns I generate. I do see that the header on the message column shows all other columns within it, even the columns I generate on the fly. Yet I can’t find a way to break that out in Grafana so that I can graph it.

So as an example, I have a column called “Time” and one called “message”, the message has the syslog message which is fine, and is a column I see in Influx. In parenthesis next to “message” it has all the other column info but for the last event. Like this…

message {appname=“fileserver”, facility=“local6”, host=“localhost.localdomain”, hostname=“test_server”, severity=“info”, ID=“1234”}

So in Influx each of the items inside the {} is its own column but in grafana it’s incorporated into the header as the last record. The ID=“1234” is the column I am generating on the fly with info inside the message using FLUX in Grafana.

Am I missing a setting to break out this information as it is in Influxdb v2?

Hi @r0br ,

Check out this video from Ryan Mckinley, VP of Innovation at Grafana, where he demos the flux query editor. Jump to minute 6. You’ll see that his table shows extra field in {} just like yours. He then explains this, and then shows how to use the outer join transformation to show all the fields.

Let me know if this gets you unblocked!

Awesome @mattabrams , I’ll check that out, much appreciated.

Rob!

Hello @mattabrams ,

The outer join didn’t do anything to break out the columns, it actually looked exactly the same after applying that. However, the “Labels to fields” transformation did exactly what I needed as now I have everything broken out.

Thanks for leading me down the correct path to solution!!

Rob!

1 Like

Woo! Awesome work ,@r0br !

Well, great news is I was able to break out the fields into their own columns. The bad news is that my stateDuration() flux query is taking the LAST value and filling in every event with that value for the columns I am generating in Grafana, where in InfluxDBv2 I get the actual duration for each event for that point in time.