I have a pfsense firewall with ntopng installed, that is storing it’s data in InfluxDB. I set the ntopng database as a source in Grafana. I want to create a dashboard that shows host traffic for all devices on my network, and I have been able to do this. However, as far as I can tell the ntopng measures do not actually contain the hostnames for the devices, just the IP address. I am looking for a way to translate the IP addresses to hostnames.
I tried creating a custom measure named xlat_host_to_name that contains the columns ipaddr and hostname. I then inserted a few entries for devices I know. I then created the two variables below.
SHOW TAG VALUES FROM "xlat_host_to_name" WITH KEY = "hostname"
SHOW TAG VALUES FROM "xlat_host_to_name" WITH KEY = "ipaddr" WHERE hostname =~ /$hostname/
Next I updated my query to filter on the hostip variable:
SELECT derivative(mean("bytes_rcvd"), 1m) *8 FROM "host:traffic" WHERE ("host" =~ /^$hostip$/) AND $timeFilter GROUP BY time($__interval), "host" fill(null)
And I set the Alias By to $hostname.
This works if I want to select and view results from an individual machine.However, there are still several problems. The first being that if I select more than one hostname, the alias will show all hostnames for each row returned. The other problem is, if an IP is not included in the xlat_host_to_name measure it will not show anything. I would prefer to have some way to replace if found but use the IP if not.
This is my first time using Grafana and Influxdb, so any thoughts or suggestions are most welcome.