Hi,
Thanks for the several replies both on and off the list.
To be more specific, I am wanting to aggregate data to a 5/10/15 min
interval. Currently, I am aggregating data that falls in hour / day /
month / year periods for both count() and sum(). The sql I am currently
using is:
SELECT count(id) AS count, sum(conn_bytes) AS sum, hisec_port, conn_protocol, date_trunc('hour'::text, datetime) AS
date_trunc
FROM trafficlogs
WHERE (conn_outbound = false)
GROUP BY date_trunc('hour'::text, datetime), conn_protocol, hisec_port
HAVING (count(*) = ANY ( SELECT count(*) AS count FROM trafficlogs GROUP BY hisec_port, date_trunc('hour'::text,
datetime) ORDER BY count(*) DESC)
);
Which produces:
count sum hisec_portconn_protocol date_trunc
12 192 5,050 2003/09/17 00:00:00
11 176 5,050 2003/09/17 01:00:00
12 192 5,050 2003/09/17 02:00:00
11 176 5,050 2003/09/17 03:00:00
10 160 5,050 2003/09/17 04:00:00
- if you know of a more efficient way to do this than the sql above, pls
let me know
In my previous post I should have said I wanted to aggregating data in
5/10/15 min intervals in a similar manner to the above
