Facing an issue with time ranges in queries

Question

Can someone help me understand how to query for different specific time ranges in Grafana? I'm using count_over_time, and I want to subtract the count of systems that sent the lines "Timestamp" in the last hour from the count of systems that sent the line "Timestamp" in the last minute. Both outcomes seem to depend solely on the dashboard time ranges, not on the values I input. Am I using the functions incorrectly?

My end goal is to visualize this number in a pie chart. So, if transformations might help here, that would also be a viable solution.

Answer 1

sum(count by(label) (something)) is equivalent to count(something); based on the description this is not what you want. If you want to get number of distinct systems you need count(count by(system) ( ..your_selector.. )).

After that, you graph visualizes exactly what you asked it to (but probably you forgot to account for cases when logs are missing. To do that, you can use this

( count(count by(system) ( count_over_time(..your_selector.. [1m]) ) or vector(0) ) 
- ( count(count by(system) ( count_over_time(..your_selector.. [1h]) ) or vector(0) )

---

A couple notices:

• your question mentions "subtract the count <...> in the last hour from the count <...> in the last minute", but query does the opposite. I've gone with what is in text of question in my query.
• it is not clear what meaning you are trying to extract from queries in question. If you want something like distinct values over range [now-1h,now-1m] (which is not the same what described in question), you might be interested in offset operator. It'll be something like count(count by(system) ( count_over_time(..your_selector.. [59m] offset 1m) ) or vector(0)
• I have no clue what you mean by trying to visualize result on pie chart, since your query will return a single result.