stats command

The stats command allows you to easily query the statistics endpoint of the Microsegmentation Console API.

info subcommand

The info subcommand allows you to retrieve info about the fields and tags of a measurement.
You must pass a valid measurement as the first parameter. That can be one of:
Example:
apoctl stats info eventlogs

query subcommand

The query subcommand allows you to query the statistics endpoint of the Microsegmentation Console API.
You must pass a valid measurement as the first parameter. That can be one of:

Selecting fields

By default, all fields will be retrieved. You can pass additional arguments to restrict the fields you want to retrieve.
Example:
apoctl stats query flows value srcid destid
Note that at least one field must be passed in addition to a single tag. To get the list of tags versus fields, you can use the info subcommand.

Applying aggregation functions

You can apply aggregation functions to a field you pass. Most of the available InfluxQL functions apply.
The most relevant ones are:
The full list and documentation is available at https://docs.influxdata.com/influxdb/v1.7/query_language/functions/.
Example:
apoctl stats query flows 'sum(value)' --group action

Defining a time window

You can define the time window with the flags --from, --to, --from-rel or --to-rel. If you don’t set any time limit, apoctl will make a call on the last hour.
To pass a relative time window:
apoctl stats query flows --from-rel 10s -n /my/namespace --filter 'id == xxxx'
To pass an absolute time window:
apoctl stats eventlogs content id --from 2018-01-01 --to 2018-02-02
The complete list of supported date formats is described at https://github.com/araddon/dateparse.

Filtering results

The --filter flag allows you to reduce the results to data matching your condition. The syntax is identical to all other apoctl filters.
Example:
apoctl stats query flows --filter "srcid == xxxxx or (action == reject and destid != yyyy)"

Grouping results

You can group the results using one or more available tags using the --group flag.
Example:
apoctl stats query flows 'sum(value)' --group action
To group by time you must use the key time(duration)
Example:
apoctl stats query flows 'sum(value)' --group "time(1w)"
Notes:
  • You must use an aggregation function when you use groups.
  • You can only group on tags, not on fields. To get the list of tags and fields, use the info subcommand.

Displaying results

By default the query command displays the results in a table. If you want to see the raw JSON response, you can use the flag --output.
Example:
apoctl stats query flows --output json

Recommended For You