Robert,

Generally - if you want Top 5 talkers in some time range, you need to
store it somewhere to be able to select them. Both works in SQL DB and
NoSQL - time series DB. RRD based solution will not give you features
you need.

If you speak about conversation, i suppose aggregation on
src_host/dst_host you are interested in for a time range.

You have it from memory, or f.e AMQP plugin.

You have output like
src     inB     outB
1.2.3.4 100     200

You can push it to InfluxDB like this:

dbname,src=$src inputbytes=$inB,outputbytes=$outB
timestamp is added automatically from the time of insert.

Grafana query can look like this

SELECT (last("inputbytes") - first("inputbytes")) + (last("outputbytes")
- first("outputbytes")) as "data" FROM "dbname" WHERE $timeFilter  and
"src" =~ /$src$/ GROUP BY timestamp

$timeFilter is time window selected in Grafana to show (15 minutes, 30 days)

It is possible that i do not fully understand your use case, but i hope
this will help you to have an idea how to do this.

r.


On 11/09/2016 11:55 PM, Robert Juric wrote:
> What I'm not sure of is whether or not time-series is the correct way to
> store my data? I am currently aggregating nfacctd data based on flow
> timestamps for accounting purposes. For those using InfuxDB and
> Graphite/Graphana, what primitives are you aggregating on and what do
> you pull out of the data in the graphing solution?
> 
> 
> 
> On Wed, Nov 9, 2016 at 4:21 PM, Rasto Rickardt <pho...@axfr.org
> <mailto:pho...@axfr.org>> wrote:
> 
>     I would use InfluxDB as database & Grafana for graphing.
> 
>     As you already using memory plugin, you can use pmacct client and push
>     data to InfluxDB. It is webservice, so simple bash & curl will work.
> 
>     r.
> 
>     On 11/09/2016 11:01 PM, Robert Juric wrote:
>     > After fiddling around for a few days I'm still at a loss for finding a
>     > good graphing option.
>     >
>     > I've been working today trying to use the memory plugin and cacti to
>     > graph some data, but I realized that it won't be good for dynamic type
>     > graphs. I could easily graph total tcp/udp traffic since those don't
>     > alter too much. Ideally I'd like to aggregate the dst_ports but
>     I'd like
>     > to graph the top 5. I understand Cacti may not be the best for this
>     > since you have to define the data sources manually.
>     >
>     > What other options are available or commonly used for graphing?
>     > Preferably something that can be aggregated on a per conversation
>     basis?
>     >
>     >
>     > _______________________________________________
>     > pmacct-discussion mailing list
>     > http://www.pmacct.net/#mailinglists
>     <http://www.pmacct.net/#mailinglists>
>     >
> 
>     _______________________________________________
>     pmacct-discussion mailing list
>     http://www.pmacct.net/#mailinglists
>     <http://www.pmacct.net/#mailinglists>
> 
> 
> 
> 
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
> 

_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists

Reply via email to