Ntop to Graphana Examples Screenshots

Iv been using diffrent methods of passing data over to graphana and still in the early learning process hoever id be intrested to see other peoples example screenshot dashboards of what they have running from data the have gatherd from Ntop, ntop-ng

my setup is as follows PFsend / Telegraf / InfluxDB to get the data over to graphana i find the information for this topic limited and would like to see ntop epand on the metrics they have for example actual details of alerts being produced, theres probobly other ways to get that but its simple this way,

I know this is a really old topic, iv been dabbling with this setup for quite some time and managed to pull through some intresting metrics with meaningfull information for my network, i like graphana for its sleek looks its ease of use and how it can minipulate th data,

i first got introduced to it in my workplace they had 3 large screens and we had a new tech specialist who introduced it to the company via Zabix and the information was amzing and i was hooked on it after that,

i built my self a PFsense box and installed Ntop-NG and telegraph for basic metrix as much as this was great seeing the system information network bandidth i was looking for a more usuable format information on all devices, protocals,times,who in 1 place this is where Ntop came in to it, i installed that and began to read up on what was required to connect to graphana,

i figured in the settings of ntop you can set the time series (database) to go els where this is where i placed influxDB database connection settings for example on my network this works perfect i checked to make sure that the data was pulling through by logging in to influxdb terminal and checking the store had created all good there,

Then i went over to Graphana and input the settings required for it to pull the data from influxDB

Telgraph (transmiting system matrics
Ntop (transmitting Usage matrics)

InfluxDB takes that information and sends it over to graphana in real time both Data sources above

Then Created your output tables in a format that suites you i will provide some screenshots, heres examples of what iv put together

1 Like

Very nice setup. But I am unsure what your question is?

Hello thank you, was looking to see if other people with Ntop setup or Ntop-NG that has a similiar setup theres some questions i have regarding the metrics its great but somethings like limiting the amount of results i am strugling with, in my case applications so only showing theamount needed like 10, i remember in the past i used to use graylog and snort with a slightly more complex setup which i think may have broke it down at the Database side,

Also with my query regarding the IP results i can see it pulls all IPs but id like to have each of these produce names, i do have another one but i had to create each data ip as seperate querys this one goes as

for the ip one
SELECT non_negative_derivative(mean(“bytes_rcvd”), 1s) *8 FROM “host:traffic” WHERE $timeFilter GROUP BY time(1s), “host”

and application flows look like this

SELECT non_negative_derivative(mean(“bytes”), 1s) *8 FROM “iface:ndpi” WHERE $timeFilter GROUP BY time(1s), “protocol”

I managed to filter the name down using the Tranform tab becouse if i dident apply this it looked similar to this, was wondering if there was a way to transform the Ips to identify as names :slight_smile:

iface:ndpi.non_negative_derivative {protocol: QUIC}

I see one question here

I am strugling with, in my case applications so only showing theamount needed like 10

What else? It is hard to parse out what clear and specific questions you want answered. Getting lost in the verbosity

Hi the question would be

  • Can i Split the Ips in to meaning full names IE hostnames so for example = My pc, then is another pc so they are relevent to me,

  • Can i also limit the amount that appears so instead of tons of applications which are not showing any data is there a way to hide these so they dont show unless they go past a threshhold 1kbs for example,

  • Last one is the reason i posted was to get more idias from others who have setup the same that are members of this forum, thanks

1 Like
  • do you not have that data in your influxdb? meaning ip to host name?
  • You can also do this in your influx query so they do not show up at all
  • data is data so even if one does not have experience in NTop etc and since the data is going to influx it really does not matter ?

Are you using the influxql or flux query language to query from your influxdb bucket?

Sorry for not comming back regarding your questions so on my quest to use grafana i found an issue i had old ipads that i wanted to use from my project and set them to acces the local site which turned out not so great they ended up droping to a page that gave instructions to [Grafana UI shows “Grafana has failed to load its application files” from browser when users try to access]

I have now downgraded my version to be compatable but lost the ability to lower the results part for example “iface:ndpi.non_negative_derivative {protocol: QUIC}” is there a possible way to get this list to just show the protocol on its own without all the query stuff in there to, so the results are above in one of my screenshots on the newer version it was easy you just selected Transorm then change fieldnames it did it its self but i cant do it on this version,