Graphs in Kibana

deepak727 · September 7, 2016, 5:26pm

Hi there,

I am using elk stack for log monitoring and visualization.

Now I am monitoring pfsense and freenas with collectd which ships logs to logstash and after that it goes to elasticsearch, every thing works perfect Except the traffic graphs.

In kibana when I searching for the particular interface for if_octects or if_packets it shows me the constant value which is the higher one in rx and tx columns, and because of that my visualization for the bandwidth is not perfect.

It seems that the rx and tx values for if_octets or if_packets are not resetting, it stuck to the higher value only even if the no traffice is passing trough the interfaces.

Can any one let me know what I am doing wrong and where, is it in collectd config or something with logstash or kibana ?

magnusbaeck · September 8, 2016, 5:38am

You might want to move this post to the Kibana category to get the correct attention. It's more of a Kibana question than a Logstash one.

deepak727 · September 8, 2016, 4:29pm

Hi

I did it....... thanks for the info......

spalger · September 8, 2016, 10:26pm

Can you expound on that a bit? I'm a screenshot or a sample of the data would be helpful.

deepak727 · September 9, 2016, 7:46pm

Here is the attached kibana discover page screenshot.

I am using collectd on pfsense through that I am getting the logs as attached in the screenshot, as you can see there is static value only and this time there is no data passing through the interface, so technically it should show 0 but it is not showing that...... it seems that it is giving me the higher captured value on rx and tx field.

spalger · September 9, 2016, 10:58pm

I'm not sure how collectd or pfsense work, but the values showing there are the values stored in elasticsearch. Maybe if you can share your collectd or pfsense configuration I could try to point out the issue?

deepak727 · September 10, 2016, 10:55am

Hi Spalger

Thanks for the reply.

As you know that pfsense is based on Freebsd and mine bsd version is 10.3

I am collecting logs through collectd and below is config of my collecd.conf in pfsense.

Hostname "ie.firewall.com"
FQDNLookup true
BaseDir "/var/db/collectd"
PIDFile "/var/run/collectd.pid"
PluginDir "/usr/local/lib/collectd"

LoadPlugin aggregation
LoadPlugin cpu
LoadPlugin df
LoadPlugin disk
LoadPlugin exec
LoadPlugin interface
LoadPlugin load
LoadPlugin memory
LoadPlugin network
LoadPlugin processes
LoadPlugin swap
LoadPlugin uptime
LoadPlugin syslog
LoadPlugin threshold
LoadPlugin tail
<Plugin "syslog">
LogLevel info

<Plugin "aggregation">

Plugin "cpu"
Type "cpu"
GroupBy "Host"
GroupBy "TypeInstance"
CalculateSum true

<Plugin "disk">
Disk "/^gptid/"
Disk "/^ada/"
Disk "/^md/"
Disk "/^pass/"
IgnoreSelected true

<Plugin "interface">
Interface "lo0"
Interface "ipfw0"
Interface "pflog0"
Interface "pfsync0"
Interface "plip0"
Interface "/^usbus/"
IgnoreSelected true

Instance "ha" WarningMax 10000000 Persist true Interesting false

<Plugin "df">
Mountpoint "/"
Mountpoint "/^/mnt//"

Server "xxx.xxx.x.xxx" "xxxx" ReportRelative true

Thanks