Kibana settings for IPFIX/Netflow

Every minute, we take a 1/4096 sample of traffic using IPFIX. I want to graph this data as bits/sec in a histogram. However, my math & kibana skills are failing me.

Here is how I think it should be set up, but it's always too low a value for Gbit/s:

Chart Value: total
Value Field: bytes (bytes per minute field)
Scale: 32768 (4096 * 8 bits in a byte)
Seconds, checked
Interval 1m
Y Format bytes

Help? Maybe I'm missing the obvious, but its 2 a.m. and I'm mystified.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/73ae7aaffd5d44f290d16a14c679e2f8%40BN1PR07MB039.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

I'm tired, I didn't explain that well, we use pmacct to do 1 minute aggregations.

From: elasticsearch@googlegroups.com [mailto:elasticsearch@googlegroups.com] On Behalf Of Janet Sullivan
Sent: Monday, July 21, 2014 1:50 AM
To: elasticsearch@googlegroups.com
Subject: Kibana settings for IPFIX/Netflow

Every minute, we take a 1/4096 sample of traffic using IPFIX. I want to graph this data as bits/sec in a histogram. However, my math & kibana skills are failing me.

Here is how I think it should be set up, but it's always too low a value for Gbit/s:

Chart Value: total
Value Field: bytes (bytes per minute field)
Scale: 32768 (4096 * 8 bits in a byte)
Seconds, checked
Interval 1m
Y Format bytes

Help? Maybe I'm missing the obvious, but its 2 a.m. and I'm mystified.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/f60cf590cb4146698ec2e4eacc8815b8%40BY2PR07MB043.namprd07.prod.outlook.com.
For more options, visit https://groups.google.com/d/optout.

Hi Janets,

currently I am also trying pmacct It's processing result. I am storing data
to elasticsearch, But currently struggling with dashboard creation, can you
share your kibana dashboard file. it's very useful to me.

-Dhanasekaran.

Did I learn something today? If not, I wasted it.

On Mon, Jul 21, 2014 at 5:19 AM, Janet Sullivan janets@nairial.net wrote:

I’m tired, I didn’t explain that well, we use pmacct to do 1 minute
aggregations.

From: elasticsearch@googlegroups.com [mailto:
elasticsearch@googlegroups.com] *On Behalf Of *Janet Sullivan
Sent: Monday, July 21, 2014 1:50 AM
To: elasticsearch@googlegroups.com
Subject: Kibana settings for IPFIX/Netflow

Every minute, we take a 1/4096 sample of traffic using IPFIX. I want to
graph this data as bits/sec in a histogram. However, my math & kibana
skills are failing me.

Here is how I think it should be set up, but it’s always too low a value
for Gbit/s:

Chart Value: total

Value Field: bytes (bytes per minute field)

Scale: 32768 (4096 * 8 bits in a byte)

Seconds, checked

Interval 1m

Y Format bytes

Help? Maybe I’m missing the obvious, but its 2 a.m. and I’m mystified.

--
You received this message because you are subscribed to the Google Groups
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an
email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/elasticsearch/f60cf590cb4146698ec2e4eacc8815b8%40BY2PR07MB043.namprd07.prod.outlook.com
https://groups.google.com/d/msgid/elasticsearch/f60cf590cb4146698ec2e4eacc8815b8%40BY2PR07MB043.namprd07.prod.outlook.com?utm_medium=email&utm_source=footer
.

For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/CAJzooYdPZOny6EqgCWD-QWGBXVhSbXj0HKWxc-arqAu9kbE_7A%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

I'd love to know just how you are processing IPFIX data. the current codec in log stash, as far as i know and am told will only process v5/9 net flow? How are you processing your ipfix data into ES?

If possible, could you please share me the sample kibana json file to explore the bytes data into bits/sec ?