I'm running a distinct count syntax, stats dc(src_ip) by, and it returns the number of distinct source IPs but I would like to create a conditional statement (eval?) that it should only return the stats if the count is greater than 50.
Tried something like this, but no joy. Any idea how to make a conditional distinct count where count has to be more than X?
stats dc(src_ip) | eval status=if(count>50) => doesn't work
The stats command will always return results (although sometimes they'll be null). You can, however, suppress results that meet your conditions.
stats dc(src_ip) as ip_count
| where ip_count > 50
Related
Is it possible to implement count() MTS based on condition?
For instance:
We need to monitor the amount of time RDS CPU picks the point of 95% for the last 3 days.
A = data('CPU_Utilization').count(...when point > 95%).
detector(when(A > {number_of_times_breached}, lasting='3d')).publish(...)
Update.
Solution was found by my colleague:
A = data('CPU_Utilization').above({condition_value}, inclusive=True).count(...)
You can use eval() with boolean result inside count() in your SPL query.
Something like
| <your search> | stats count(eval(point>0.95))
I have a SQL question.
I have a table with a list of rows of format [user:String, score:Double]
I would like to COUNT the number of items (number of users) in my table where the score > xx (input that I specify). I need to use LIMIT as I use AWS select on a boto3 lambda function (there is a max memory). I would like to know how many items have been scanned to reach this limit.
For example, if I LIMIT to 1000, maybe I will need to scan 3000 items, 2000 items will be < xx and 1000 items (the limit) will be > xx so I get a feel that my user will be in the top 33% (arguable I know as it depends if the subset is representative etc :) )
How to do it (and how to do it on AWS select, as there are some functions that are not available like "order by" etc)?
EDIT: To add details, see the following picture.
I can run select count(*) FROM s3object[*][*] s where s.score>14 limit 5
and I will get 1 row ok.
Now, if I have 1 million users, and I have to limit the results to 1000 (because of memory). How I do I know how many items where scanned to get to these 1000 rows ?
I would like to COUNT the number of items (number of users) in my table where the score > xx (input that I specify).
Isn't the query you want a simple aggregation query with a filter?
select count(*)
from t
where score > ?;
? is a parameter with the limit that you specify. This always returns one row, so there is no need for LIMIT.
In my App backend with Knex using PSQL I'm trying to get the count of the rows where they have the same ID.
The issue is that whatever I'm doing always the count is 1 when in reality I have 2 rows for the same ID.
My table looks
In the table shared I need to count the rows with the same conversation_id which is 1.
The expected result should be count = 2
What I tried with Knex:
tx(tableName).select(columns.conversationId)
.whereIn(columns.conversationId, conversationIds)
.groupBy(columns.conversationId, columns.createdAt, columns.id);
The groupBy section if I try to remove columns.createdAt, columns.id it is complaining saying that those need to be included in the groupBy or in an aggregate function.
Removing in the following SQL those extra groupBy element I'm getting the right result but Knex doesn't like it and I'm stuck on it.
SQL generated as follow:
select
conversation_id ,
COUNT(*)
from
message
group by
conversation_id,
created_at ,
id ;
The result of this SQL is as follow
As you see the result is not good and I'm not able to make it work correctly with Knex which complain if I remove the elements from the groupBy
Tinkering with some expressions in the QueryLab, I wonder if something like the following will work:
tx(tableName)
.select(columns.conversationId)
.whereIn(columns.conversationId, conversationIds)
.count()
Which would give something like (these values are placeholders, obviously):
select "columns"."conversationId", count(*) from "tableName" where "columns"."conversationId" in (1, 2, 3)
I want to use a query that could be used as subquery. But I noticed that query like this:
x = Deal.all_objects.filter(state='created').values('id').annotate(cnt=Count('id')).values('cnt')
produces
SELECT COUNT("deals_deal"."id") AS "cnt"
FROM "deals_deal"
WHERE "deals_deal"."state" = created
GROUP BY "deals_deal"."id"
I don't need the GROUP BY, I just want to count offers that match filter.
I don't want to use .count() because It would not let me to write a query like this:
Deal.all_objects.filter(
Q(creator=OuterRef('pk')) | Q(taker=OuterRef('pk'), state='completed')
).annotate(cnt=Count('pk')).values('cnt')
How to modify above query so that it count without GROUP BY?
What you are looking for is done with aggregate not annotate.
x = Deal.objects.filter(state='created').values('id').aggregate(cnt=Count('id'))
# x is a dictionary {"cnt":9000}, you wouldn't even need the ".values('id')" now
This will result in a query something like this
SELECT COUNT("deals_deal"."id") AS "cnt"
FROM "deals_deal"
WHERE "deals_deal"."state" = created
Further cool things you can do with Aggregate
I'm trying to write a query to return the town, and the number of runners from each town where the number of runners is greater than 5.
My Query right now look like this:
select hometown, count(hometown) from marathon2016 where count(hometown) > 5 group by hometown order by count(hometown) desc;
but sqlite3 responds with this:
Error: misuse of aggregate: count()
What am i doing wrong, Why cant I use the count() here, and what should I use instead.
When you're trying to use an aggregate function (such as count) in a WHERE cause, you're usually looking for HAVING instead of WHERE:
select hometown, count(hometown)
from marathon2016
group by hometown
having count(*) > 5
order by count(*) desc
You can't use an aggregate in a WHERE cause because aggregates are computed across multiple rows (as specified by GROUP BY) but WHERE is used to filter individual rows to determine what row set GROUP BY will be applied to (i.e. WHERE happens before grouping and aggregates apply after grouping).
Try the following:
select
hometown,
count(hometown) as hometown_count
from
marathon2016
group by
hometown
having
hometown_count > 5
order by
hometown_count desc;