5 Solutions
Hi,
I have a new dataset. Only the first 5 application is shown. The "others" is not added - I need to find out how to do it.
DROP TABLE IF EXISTS users_tmp; DROP TABLE IF EXISTS usrappbw_tmp; DROP SEQUENCE IF EXISTS temp_seq; CREATE TEMP SEQUENCE temp_seq; CREATE TEMPORARY TABLE users_tmp AS ( SELECT uid, user_src, bandwidth FROM ( SELECT NEXTVAL('temp_seq') AS uid, user_src, bandwidth FROM ( SELECT COALESCE(NULLIFNA(UPPER(`user`)), IPSTR(`srcip`)) AS user_src, SUM(COALESCE(`sentbyte`,0)+COALESCE(`rcvdbyte`,0)) AS bandwidth FROM $log WHERE $filter AND LOGID_TO_INT(`logid`) NOT IN (4, 7, 14) AND `appcat`='Video/Audio' AND `action` IN ('accept','close') AND `utmaction`='allow' AND NULLIFNA(`app`) IS NOT NULL GROUP BY user_src HAVING SUM(COALESCE(`sentbyte`,0)+COALESCE(`rcvdbyte`,0))>0 ORDER BY bandwidth DESC LIMIT 30 ) t ) s ); CREATE TEMPORARY TABLE usrappbw_tmp AS ( SELECT COALESCE(NULLIFNA(UPPER(`user`)), IPSTR(`srcip`)) AS user_src, `appid`, COALESCE(NULLIFNA(`app`),'Unknown Application') AS app_name, `appcat`, SUM(COALESCE(`sentbyte`,0)+COALESCE(`rcvdbyte`,0)) AS bandwidth FROM $log WHERE $filter AND LOGID_TO_INT(`logid`) NOT IN (4, 7, 14) AND `appcat`='Video/Audio' AND `action` IN ('accept','close') AND `utmaction`='allow' AND NULLIFNA(`app`) IS NOT NULL GROUP BY `appid`, app_name, `appcat`, user_src HAVING SUM(COALESCE(`sentbyte`,0)+COALESCE(`rcvdbyte`,0))>0 ORDER BY user_src ASC, bandwidth DESC ); SELECT ranked, uid, CASE WHEN ranked>1 THEN '' ELSE usr END AS usr, aid, aname, bw FROM ( SELECT RANK() OVER (PARTITION BY uid ORDER BY bw DESC) AS ranked, uid, usr, aid, aname, bw FROM ( SELECT users_tmp.uid AS uid, usrappbw_tmp.user_src AS usr, usrappbw_tmp.appid AS aid, usrappbw_tmp.app_name AS aname, usrappbw_tmp.bandwidth AS bw FROM usrappbw_tmp, users_tmp WHERE usrappbw_tmp.user_src=users_tmp.user_src GROUP BY uid, usr, aid, aname, bw ORDER BY uid ASC, bw DESC ) t ) s WHERE ranked<=5
It sould look like in the attached picture.
