I've read the post: Finding total latency(round trip time or response time) per flow?
I want to be able for a new transaction protocol, call it elastic which transacts on port: 2019 to be able to calculate response times but also be able to still see flow statistics.
Packetbeat has a finite set of protocols that it understands (see docs). In order to measure response time Packetbeat needs to understand the protocol to know when a request and response are sent.
So if the protocol isn't one of the ones that Packetbeat has a decoder for then you can cannot get response times without implementing a custom decoder and building your own Packetbeat (or contributing the decoder).
You can measure generic flow stats only for traffic on port 2019 by setting a custom filter (docs). Note that is overrides the packet filter for all of Packetbeat so if you enable the DNS protocol, for example, you will need to add port 53 into the filter manually.
packetbeat.interfaces.bpf_filter: "port 2012"
packetbeat.flows.enabled: true
I get it, so if I want to get both flow stats and protocol (say http) response time, I need to do something like this:
packetbeat.interfaces.device: any
packetbeat.interfaces.bpf_filter: "port 2019"
- type: http
ports: [2019]
enabled: true
Is this right?
Is there an easy way to know if I'm missing any other protocols that exist in the flows?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.