dataSource.-
You have three possibilities depending on which database you need to access to:
rb_flow.-
Netflow/sFlow database
rb_state.-
Wireless station health obtained via NMSP
rb_social.-
Social data from twitter and instagram sensors
rb_event.-
IDS/IPS events database
rb_monitor.-
SNMP monitoring database
namespace_uuids.-
(optional) array of one or more values. It should be the uuids of the namespace where the data is going to be searched. If this value is not indicated, the dataSource used will be the default.
granularity.-
The granularity JSON field specifies the bucket size for values. It could be a built-in time interval like "second", "minute", "fifteen_minute", "thirty_minute", "hour" or "day". It can also be an expression like {"type": "period", "period":"PT6m"} meaning "6 minute buckets". In the example, it is set to the special value "all" which means bucket all data points together into the same time bucket
intervals.-
I specify the time range(s) of the query. The interval must be especified on iso format and it can include the time zone if desired. See http://en.wikipedia.org/wiki/ISO_8601 to get more information.
queryType.-
This JSON field identifies which kind of query operator is to be used. You have two posibilities:
groupBy.-
This the most flexible query, but also has the poorest performance
topN.-
This is like a groupBy query but grouping and sorting by a single dimension. This is much faster than groupBy
timeseries.-
This is used to generate time series using the specified aggregators.
aggregations.-
array of elements. These fields applied to the columns specified by fieldName and the output of the aggregations will be named according to the value in the "name" field. There are different aggregators depends of the dataSource used:
rb_flow.-
{type: "longSum", name: "events", fieldName: "events"} -> flows count / occurrences
{type: "longSum", name: "pkts", fieldName: "sum_pkts"} -> sum of packets
{type: "longSum", name: "bytes", fieldName: "sum_bytes"} -> sum of bytes
rb_monitor.-
{type: "longSum", name: "events", fieldName: "events"} -> monitored element result on the specified interval
{type: "min", name: "min", fieldName: "min_value"} -> min value for the monitored param
{type: "max", name: "max", fieldName: "max_value"} -> max value for the monitored param
metric.-
(only for topN queryType) Should be the same value as on the name fields indicated on aggregations. It is used for ordering.
dimensions.-
(only for groupBy and timeseries queryType) The dimensions JSON field value is an array of zero or more fields. These are used to constrain the grouping. If empty, then one value per time granularity bucket is requested in the groupBy. There are many dimensions available on each dataSource as we will see at the next sections.
dimension.-
(only for topN queryType) The dimension JSON field value is a single value. There are many dimensions available on each dataSource as we will see at the next sections.
filter.-
Specifies the filter (the "WHERE" clause in SQL) for the query. We will have an specific section where it will explain the filter format.
threshold.-
(only for topN queryType) value for limit the result of values returned on topN queries.
orderBy.-
(only for groupBy queryType) it has the below fields:
{ "type": "default", "limit": 25, "columns": [ { "dimension": "bytes", "direction": "DESCENDING" } ] }