I wanted to check back in and say thanks to everyone. After some time digging in I finally got my nfacctd data into InfluxDB and Grafana. Had to learn a lot on the way but I can finally put nfacctd to good use now!
Robert On Thu, Nov 10, 2016 at 5:07 AM, Rasto Rickardt <pho...@axfr.org> wrote: > Robert, > > Generally - if you want Top 5 talkers in some time range, you need to > store it somewhere to be able to select them. Both works in SQL DB and > NoSQL - time series DB. RRD based solution will not give you features > you need. > > If you speak about conversation, i suppose aggregation on > src_host/dst_host you are interested in for a time range. > > You have it from memory, or f.e AMQP plugin. > > You have output like > src inB outB > 1.2.3.4 100 200 > > You can push it to InfluxDB like this: > > dbname,src=$src inputbytes=$inB,outputbytes=$outB > timestamp is added automatically from the time of insert. > > Grafana query can look like this > > SELECT (last("inputbytes") - first("inputbytes")) + (last("outputbytes") > - first("outputbytes")) as "data" FROM "dbname" WHERE $timeFilter and > "src" =~ /$src$/ GROUP BY timestamp > > $timeFilter is time window selected in Grafana to show (15 minutes, 30 > days) > > It is possible that i do not fully understand your use case, but i hope > this will help you to have an idea how to do this. > > r. > > > On 11/09/2016 11:55 PM, Robert Juric wrote: > > What I'm not sure of is whether or not time-series is the correct way to > > store my data? I am currently aggregating nfacctd data based on flow > > timestamps for accounting purposes. For those using InfuxDB and > > Graphite/Graphana, what primitives are you aggregating on and what do > > you pull out of the data in the graphing solution? > > > > > > > > On Wed, Nov 9, 2016 at 4:21 PM, Rasto Rickardt <pho...@axfr.org > > <mailto:pho...@axfr.org>> wrote: > > > > I would use InfluxDB as database & Grafana for graphing. > > > > As you already using memory plugin, you can use pmacct client and > push > > data to InfluxDB. It is webservice, so simple bash & curl will work. > > > > r. > > > > On 11/09/2016 11:01 PM, Robert Juric wrote: > > > After fiddling around for a few days I'm still at a loss for > finding a > > > good graphing option. > > > > > > I've been working today trying to use the memory plugin and cacti > to > > > graph some data, but I realized that it won't be good for dynamic > type > > > graphs. I could easily graph total tcp/udp traffic since those > don't > > > alter too much. Ideally I'd like to aggregate the dst_ports but > > I'd like > > > to graph the top 5. I understand Cacti may not be the best for this > > > since you have to define the data sources manually. > > > > > > What other options are available or commonly used for graphing? > > > Preferably something that can be aggregated on a per conversation > > basis? > > > > > > > > > _______________________________________________ > > > pmacct-discussion mailing list > > > http://www.pmacct.net/#mailinglists > > <http://www.pmacct.net/#mailinglists> > > > > > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists > > <http://www.pmacct.net/#mailinglists> > > > > > > > > > > _______________________________________________ > > pmacct-discussion mailing list > > http://www.pmacct.net/#mailinglists > > > > _______________________________________________ > pmacct-discussion mailing list > http://www.pmacct.net/#mailinglists >
_______________________________________________ pmacct-discussion mailing list http://www.pmacct.net/#mailinglists