Timelion snmp interface traffic query


I'm trying to fix a timelion query for interface traffic via snmp with ifHCInOctets and ifHCOutOctets.

I've tried it in a few ways, trying to follow examples from this forum and also from https://berrynetworks.wordpress.com/2019/08/30/juniper-srx-performance-monitoring-with-the-elastic-stack/

#1 -
.es(index=dc1snmp*,metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2).divide(8).mvavg(30s).yaxis(units=bits/s,max=100000000).label("Ingress x2 WAN").lines(fill=1,width=2).scale_interval(1s)

#2 -
.es(index=dc1snmp*,metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2).subtract(.es(index=dc1snmp*, metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2, offset=-30s).multiply(8).mvavg(30s).yaxis(units=bits/s,max=10000000000).label("Ingress x2 WAN").lines(fill=1,width=2).scale_interval(1s))

With either instance, I seem to be having an issue with it subtracting the last polling sum with the current value.

I'm kind of surprised because this is a common query and I can't seem to find many examples online of people having it working.

If anyone can take a look and offer suggestions, it would be much appreciated.

Thank you!

update - I think this is the closest I've gotten (using derivative), but I'm not sure why I'm getting negative values.
I've had to divide by 8, it seems like multiplying by 8 for octets -> bits is giving me inaccurate numbers
.es(index=dc1snmp*,metric=sum:iso.org.dod.internet.mgmt.mib-2.ifMIB.ifMIBObjects.ifXTable.ifXEntry.ifHCInOctets.2).divide(8).mvavg(30s).yaxis(units=bits/s,max=100000000).label("Ingress x2 WAN").lines(fill=1,width=2).scale_interval(1s).derivative()

@timroes , I saw a post of yours related to this - Graphing Network utilisation from SNMP ifHCInOctets

I was hoping I could grab your attention and see if there is anything obviously wrong with how I am trying to achieve this.

Thanks in advance : )

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.