Robert,
Generally - if you want Top 5 talkers in some time range, you need to
store it somewhere to be able to select them. Both works in SQL DB and
NoSQL - time series DB. RRD based solution will not give you features
you need.
If you speak about conversation, i suppose aggregation on
src_host/dst_host you are interested in for a time range.
You have it from memory, or f.e AMQP plugin.
You have output like
src inB outB
1.2.3.4 100 200
You can push it to InfluxDB like this:
dbname,src=$src inputbytes=$inB,outputbytes=$outB
timestamp is added automatically from the time of insert.
Grafana query can look like this
SELECT (last("inputbytes") - first("inputbytes")) + (last("outputbytes")
- first("outputbytes")) as "data" FROM "dbname" WHERE $timeFilter and
"src" =~ /$src$/ GROUP BY timestamp
$timeFilter is time window selected in Grafana to show (15 minutes, 30 days)
It is possible that i do not fully understand your use case, but i hope
this will help you to have an idea how to do this.
r.
On 11/09/2016 11:55 PM, Robert Juric wrote:
> What I'm not sure of is whether or not time-series is the correct way to
> store my data? I am currently aggregating nfacctd data based on flow
> timestamps for accounting purposes. For those using InfuxDB and
> Graphite/Graphana, what primitives are you aggregating on and what do
> you pull out of the data in the graphing solution?
>
>
>
> On Wed, Nov 9, 2016 at 4:21 PM, Rasto Rickardt <[email protected]
> <mailto:[email protected]>> wrote:
>
> I would use InfluxDB as database & Grafana for graphing.
>
> As you already using memory plugin, you can use pmacct client and push
> data to InfluxDB. It is webservice, so simple bash & curl will work.
>
> r.
>
> On 11/09/2016 11:01 PM, Robert Juric wrote:
> > After fiddling around for a few days I'm still at a loss for finding a
> > good graphing option.
> >
> > I've been working today trying to use the memory plugin and cacti to
> > graph some data, but I realized that it won't be good for dynamic type
> > graphs. I could easily graph total tcp/udp traffic since those don't
> > alter too much. Ideally I'd like to aggregate the dst_ports but
> I'd like
> > to graph the top 5. I understand Cacti may not be the best for this
> > since you have to define the data sources manually.
> >
> > What other options are available or commonly used for graphing?
> > Preferably something that can be aggregated on a per conversation
> basis?
> >
> >
> > _______________________________________________
> > pmacct-discussion mailing list
> > http://www.pmacct.net/#mailinglists
> <http://www.pmacct.net/#mailinglists>
> >
>
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
> <http://www.pmacct.net/#mailinglists>
>
>
>
>
> _______________________________________________
> pmacct-discussion mailing list
> http://www.pmacct.net/#mailinglists
>
_______________________________________________
pmacct-discussion mailing list
http://www.pmacct.net/#mailinglists
