InfluxDB Group By Field (Not Tag) and Get Top 10

Question

i am very new to influxdb.

I have a dataset like this; (Every row/point is a connection)

time                           dest_ip         source_ip    
----                           -------         ---------  
2018-08-10T11:42:38.848793088Z 211.158.223.252 10.10.10.227 
2018-08-10T11:42:38.87115392Z  211.158.223.252 10.10.10.59 
2018-08-10T11:42:38.875289088Z 244.181.55.139  10.10.10.59 
2018-08-10T11:42:38.880222208Z 138.63.15.221   10.10.10.59  
2018-08-10T11:42:38.886027008Z 229.108.28.201  10.10.10.227   
2018-08-10T11:42:38.892329728Z 229.108.28.201  10.10.10.181 
2018-08-10T11:42:38.896943104Z 229.108.28.201  10.10.10.59 
2018-08-10T11:42:38.904005376Z 22.202.67.174   10.10.10.227
2018-08-10T11:42:38.908818688Z 138.63.15.221   10.10.10.181  
2018-08-10T11:42:38.913192192Z 138.63.15.221   10.10.10.181 

dest_ip and source_ip are field, not tag.

1. Is it possible to group by dest_ip all connection records somehow and get top 10 records with counts?

2. Is it possible to group by dest_ip and source_ip together and get top 10 records with counts too?

3. Or any other solution to get top 10 source_ip to dest_ip relations according to connection counts?

Answer 1

Currently InfluxDB only supports tags and time interval in GROUP BY clause; as you can see the syntax of group by clause (for more information refer to InfluxDB documention):

SELECT <function>(<field_key>) FROM_clause WHERE <time_range> GROUP BY time(<time_interval>),[tag_key]

But if you insert dest_ip and source_ip as tags instead of fields, you achieve all your mentioned desires with InfluxQL query language.