We’re running an IP accounting solution that stores it’s data in Elasticsearch and uses Grafana to draw graphs from said data. Every minute sent/received bytes gets aggregated for every IP address so that we have a field for src_ip, dest_ip, bytes etc in our indices. Unfortunately we are quite new to Grafana.
So far we’ve set up a graph that show the inbound traffic in bytes with the query src_ip:$ip (also used templating to get all the src_ip in a drop down menu). The graph uses the metric sum bytes and groups by @timestamp. This shows the sum of all bytes in a given interval, but we’re more interested in getting bandwidth utilization.
What we can’t seem to figure out is how, if at all possible, to get the bandwidth usage (Mbps) per IP over time (in the end we want to see a monthly graph). I’m assuming we need to multiply by 8, but where? And divide by however large our interval is to get seconds? Do we need to run a derivative somewhere? Will that work with aggregated bytes? In short, what query/metrics etc should we use to get a fair representation of bandwidth usage?
Not sure how we can help? What data do you have? Have you tried group by ip (Terms aggregation). do you have a metric for nandwidth usage in your ES document? Your question is very low on details so hard for us to help. Why did you want to mulitply by 8? is your data in bits and you want bytes? you can use different unit types to get bits → bytes translation in the unit axes settings in grafana.
Sorry that the info was a bit sparse.
We are using Pmacct to capture (it uses libpcap) traffic on a SPAN port. Every minute source IP addresses, destination IP addresses, bytes and packets are being aggregated and saved to indices in Elasticsearch, so the fields we have are src_ip, dst_ip, bytes and packets (and @timestamp every minute). By running a query for all src_ip we are able to get the total amount of incoming bytes for every minute. See picture below:
We have set up templating with {“find”: “terms”, “field”: “src_ip”} so that a drop down menu populates with every address in the src_ip field, as you can see it is currently set to the All option. The variable for this is $ip. (The xxx… bit is our local host, so that the graph doesn’t count the data where we are the source i.e. outbound traffic).
What we want instead of this is a graph that shows the bandwidth usage, in bits per second, of the given IP address or All (depending on what is selected in the drop down menu). We want this calculated from the data that we have. We do not have a metric for bandwidth, only bytes, packets and flows (don’t know where flows comes from). I’m assuming we need to change the metric from sum of bytes to average of bytes or max of bytes?
Simply switching the unit type from bytes to bits doesn’t change the actual value, 10 bytes becomes 10 bits. Should we not also multiply by 8 so that we get 80 bits from 10 bytes? And then divide by however many seconds are in the currently displayed interval to get per second?
Essentially what we are asking is how to change the y-axis to correctly display bits per second instead of bytes and if this will even work given that the bytes are aggregated every minute, i.e. will the correct value be shown? There’s a hump in the logic here that we are unable to get over.
