Hi,
I'm trying to fix a timelion query for interface traffic via snmp with ifHCInOctets and ifHCOutOctets.
I've tried it in a few ways, trying to follow examples from this forum and also from https://berrynetworks.wordpress.com/2019/08/30/juniper-srx-performance-monitoring-with-the-elastic-stack/
#1 -
.es(index=dc1snmp*,metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2).divide(8).mvavg(30s).yaxis(units=bits/s,max=100000000).label("Ingress x2 WAN").lines(fill=1,width=2).scale_interval(1s)
#2 -
.es(index=dc1snmp*,metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2).subtract(.es(index=dc1snmp*, metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2, offset=-30s).multiply(8).mvavg(30s).yaxis(units=bits/s,max=10000000000).label("Ingress x2 WAN").lines(fill=1,width=2).scale_interval(1s))
With #1 and #2, I seem to be having an issue with it subtracting the last polling sum with the current value.
#3
.es(index=dc1snmp*,metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2).divide(8).mvavg(30s).yaxis(units=bits/s,max=100000000).label("Ingress x2 WAN").lines(fill=1,width=2).scale_interval(1s).derivative()
I'm kind of surprised because this is a common query and I can't seem to find many examples online of people having it working.
I think this is the closest I've gotten (using derivative), but I'm not sure why I'm getting negative values.
I've had to divide by 8, it seems like multiplying by 8 for octets -> bits is giving me inaccurate numbers
Any help is much appreciated!
Thank you