I don't understand the aggregate field in the configuration file. What I
want to get out of pmacct in the first step is the "most raw" data
possible, with no aggregations at all (for some experiments).
In a next step, I maybe want to get some aggregates, as I use the data for
a machine learning process and some features could be derived directly in
pmacct... is that a common approach?
How can I achive the first approach with raw netflow data (as "raw" as
possilbe) where I don't want any aggregation at all? And how does the
aggregation mechanism work? The only thing I found in the documentation
But there are some fields missing like for example timestamp_start... so
where is a complete list of possible fields? And how can I distinguish
between aggregation directives and "normal" fields like timestamp? Maybe
the configuration field "aggregate" is misleading because you don't only
configure the aggregate fields, but also the "normal" fields to receive?
Maybe I'm missing some piece of documentation... sorrry. And thank you in
advance for you help.
pmacct-discussion mailing list