I'm new to the ELK stack and have formerly used commercial monitoring products to achieve the task I'm now placed with but I'm looking towards monitoring network appliances for their network utilization using SNMP.
My setup is:
collectd - SNMP plugin polls out to the appliances. At the moment, looking at the IF-MIB HC Octet counters.
logstash - Binary input, no filters, output ES.
ES - 2.3.3
Steep learning curve, but so far a lot of this seems intuitive which is great.
Unfortunately I've come unstuck on how I might achieve the following step and spent many hours trying to find any such existing article or blog post out there which might shine some light.
So I'm looking for a push in the right direction, even if it's a link to where this may have been asked before (which I've just not found so far)
Here's what I'm seeing:
ES sees documents which have RX and TX, and they basically just keep accumulating octets as delivered by the MIB.
So Logstash and Collectd are working fine.
I need to graph/visualize the difference between the values in a previous document with the later one, and then work out how much change there was during the interval between them.
The first document, TX = 1000
The second document, TX = 6000
Octets/Bytes per second (based on a five second interval) = 1000 Bps (8000 bps).
Would this be something achieveable with scripted fields in Kibana, or am I too far gone and need to look at ES more directly?
I suppose I'm looking to get the delta value between the two to plot a graph.