How to find bandwidth usage from netflow data

Saurabh_Jambhule · October 2, 2016, 12:00pm

I want to display bandwidth usage as on x-axis timestamp and on y-axis data usage in mbps.
I have netflow v5 data. How should I do this?
Thank you.

warkolm · October 2, 2016, 11:22pm

Is the data in Elasticsearch?

Saurabh_Jambhule · October 3, 2016, 9:10am

yes, data is in elasticsearch

 "@timestamp": "2016-10-01T18:14:24.000Z",
    "netflow": {
      "version": 5,
      "flow_seq_num": 122645,
      "engine_type": 0,
      "engine_id": 0,
      "sampling_algorithm": 0,
      "sampling_interval": 0,
      "flow_records": 6,
      "ipv4_src_addr": "10.0.0.20",
      "ipv4_dst_addr": "10.0.0.31",
      "ipv4_next_hop": "0.0.0.0",
      "input_snmp": 8,
      "output_snmp": 1,
      "in_pkts": 1,
      "in_bytes": 64,
      "first_switched": "2016-10-01T18:13:24.000Z",
      "last_switched": "2016-10-01T18:14:24.000Z",
      "l4_src_port": 5246,
      "l4_dst_port": 80,
      "tcp_flags": 0,
      "protocol": 17,
      "src_tos": 1,
      "src_as": 20,
      "dst_as": 13,
      "src_mask": 32,
      "dst_mask": 31

I want to add "in_bytes" received per second. And also want to edit y-axis label in kibana linechart

warkolm · October 3, 2016, 11:45am

Ok, so have you built a line graph yet?

Saurabh_Jambhule · October 6, 2016, 6:06am

Yes, I have done that. But I want to display customized label on y-axis like data usage in Mbps.
How to do this?

pereyrdi · April 7, 2017, 6:25pm

Saurabh, Did you calculate the bandwith from 'in_bytes'?
I just sum the values from 'in_bytes', but that not the real bandwith utilization, there is more math to calculate.

If I solve it, i will publish it =)
diego

Christian_Dahlqvist · April 8, 2017, 6:45am

Timelion has a function called scale_interval which I often use to get rates per time interval.

pereyrdi · April 10, 2017, 3:07pm

Christian, please an example for the newbies
Something like this you mean ?

.es('Hostname:r123', metric='sum:in_bytes').scale_interval(30s) show me zero...
I want to get bytes traffic filter by host.

Thanks

Christian_Dahlqvist · April 10, 2017, 3:29pm

Assuming we have a logstash* index patterns that contains web access logs and the size of each request is stored in a numeric field called bytes, the following expression shows downloaded volume as MB/s: .es(index=logstash*, metric='sum:bytes').divide(1048576).scale_interval('1s').title('MB per second')

pereyrdi · April 11, 2017, 11:41am

Thanks a lot !!!!

Raj_Kumar · June 1, 2017, 11:55am

Hi Christian,

Its wonderful update but is that MB/s or MB/minute ,am confused

Thanks,
Raj

Christian_Dahlqvist · June 1, 2017, 12:09pm

There seems to be a typo there and the interval should indeed be 1s in order to get per second value. Have updated the interval as well as the title.

Raj_Kumar · June 1, 2017, 12:10pm

Gotcha Thank you for the response

Raj_Kumar · June 1, 2017, 12:15pm

One Query Christian,if I want in mbps ,can i multiply with 8

.es(index=logstash*, metric='sum:bytes').divide(1048576).scale_interval('1s').title('MB per second') ,how can use that function in this query

Christian_Dahlqvist · June 1, 2017, 12:26pm

I guess you could divide by 131072 instead of 1048576.

Raj_Kumar · June 1, 2017, 12:32pm

Thank you

Topic		Replies	Views
Help with line graph and netflow/ipfix to graph bits/s of a ASN Kibana	2	1019	July 19, 2017
Bandwidth with netflow Data Kibana	7	2532	February 14, 2018
Netflow bandwidth usage in gauge or metric Kibana	2	1035	November 21, 2019
Bandwidth by accumulated data? Kibana	8	891	March 20, 2018
Timelion - How to calculate and viszualize " Mbps " using netflow data Kibana timelion	15	4188	February 2, 2018

How to find bandwidth usage from netflow data

Related topics