tags:

views:

26

answers:

2
Q: 

Providing additional data when selecting distinct rows

I have a table of login events coming from Active Directory. One type of these events are machine logins, which include the IP address of the machine doing the login. This is handy, since it provides a timestamped way to determine what machine was on what IP at a given time. I'm trying to construct a query that'll give me a timestamped list of when a machine first logged in to an IP (thank you DHCP, IP is variable).

The query that just returns the list if IP addresses that machine has held is simple.

SELECT DISTINCT IP
FROM EventStream
WHERE (Machine='$Machine')

I know 'select distinct' is a non-optimal query, which is why I'm looking for something better. This probably includes sub-queries, of which I know very little. Not providing 'Distinct' in this case returns a table with up to 2000 rows, so a lot of data is being selected out and not used.

What I would really like is some way to phrase a query such that I get a time-stamped list of when a machine first showed up on an IP address. I can fake it in code by iterating this query over the results of the first:

SELECT TOP 1 DateTime
FROM EventStream
WHERE (Machine='$Machine' and IP='$IP')
ORDER BY DateTime

I'm pretty sure these two can be combined into a grand-unified-query. Is this possible, or should I stick with application logic to provide what I'm looking for?

+2  A: 

Just to confirm, you want to see all the IP addresses the machine has used along with the first time it appeared on each IP address?

If so you should be able to do something like this:

SELECT IP, max(DateTime) as DateTime
FROM EventStream
WHERE Machine='$Machine'
GROUP BY IP
Aidan Kane  2010-07-21 16:54:49
Substituting a "min" for a "max" gives me what I need. Though the min/max method will give me HOW LONG it was on that IP, which is also useful in another area. Run-time of this guy is on par with returning 2000 rows. BUT... it give the right output!
sysadmin1138  2010-07-21 17:09:48
Oh yeah, MIN, oops, sorry!
Aidan Kane  2010-07-22 13:21:37
+1  A: 

A bit late to the party, but this would do what you want without you needing to first find the IPs and then loop through to find the information you want:

SELECT  Machine,
        IP,
        Date
FROM    (SELECT Machine,
                IP,
                Date,
                ROW_NUMBER() OVER (PARTITION BY Machine, IP ORDER BY Date DESC) RN
         FROM   EventStream) EventStream
WHERE   RN = 1

This gives you all IPs for all Machines in Eventstream and returns only the last date (ORDER BY Date DESC) for each, according to the column Date. If you want the first date, just remove 'DESC' from the order by.

WilliamD  2010-07-22 08:12:02
Nice example of a sub-query. I can use this too! Thanks!
sysadmin1138  2010-07-22 15:33:43

related questions

SQL Server, convert a named instance to default instance?
Natural (human alpha-numeric) sort in Microsoft SQL 2005
In MS SQL Server 2005, is there a way to export, the complete maintenance plan of a database as a SQL Script?
Does ReadUncommitted imply NoLock
Query to list all tables that contain a specific column with SQL Server 2005.
Can I maintain state between calls to a SQL Server UDF?
What are the benefits of using partitions with the Enterprise edition of SQL 2005
Upgrading Sharepoint 3.0 to SQL 2005 Backend?
What's the simplest way to execute a query in Visual C++
Can you perform an AND search of keywords using FREETEXT() on SQL Server 2005?
Create a database from another database?
What's the fastest way to bulk insert a lot of data in SQL Server (C# client)
SQL 2005 Book For Optimization Techniques
How do I create a mapping table in SQL Server Management Studio?
Cannot Add a Sql Server Login
SQL Server 2005 - Export table programatically (run a .sql file to rebuild it)
Diagnosing Deadlocks in SQL Server 2005
SQL2005: Linking a table to multiple tables and retaining Ref Integrity?
How to create a new instance of Sql Server 2005
SQL Server 2008 vs 2005 Linq integration
How do you kill all current connections to a SQL Server 2005 database?
Conditional Visibility and Page Breaks with SQL Server 2005 Reporting Services
SQL Server 2005 and 2008 on same developer machine?
Paging SQL Server 2005 Results
SQL 2005 For XML Explicit - Need help formatting