Mailing List Archive

Grafana dashboard
We are investigating a way to expose high-level summary data to a larger
set of users than would have access to ntopng's gui. We are starting to go
down the path of connecting grafana to the influxdb instance ntopng is
running to make some visualizations. A quick look and it looks like this
is the method ntopng recommends as they have since deprecated their grafana
plugin.

I was wondering if anyone had any pre-built dashboard or visualizations
they'd be willing to share.

--
Munroe Sollog
Senior Network Engineer
munroe@lehigh.edu
Re: Grafana dashboard [ In reply to ]
Munroe,

> On 26 Jun 2020, at 19:46, Munroe Sollog <mus3@lehigh.edu> wrote:
>
> We are investigating a way to expose high-level summary data to a larger set of users than would have access to ntopng's gui. We are starting to go down the path of connecting grafana to the influxdb instance ntopng is running to make some visualizations. A quick look and it looks like this is the method ntopng recommends as they have since deprecated their grafana plugin.

This is correct.

>
> I was wondering if anyone had any pre-built dashboard or visualizations they'd be willing to share.
>

We haven't published any grafana dashboard yet. However, if you want to create them, you can use our FOSDEM presentation as a starting point: https://www.youtube.com/watch?v=sSZ3Sv0t_YQ <https://www.youtube.com/watch?v=sSZ3Sv0t_YQ>

Then, it would be nice if you could contribute created dashboards back to the community. We can create a place where to share them. I know there are several other ntopng users which have created their own dashboard. So my invite goes to them too. Anyone who would like to contribute created dashboard is very welcome to send them to us with some screenshots and an explanation.

Regards,

Simone


> --
> Munroe Sollog
> Senior Network Engineer
> munroe@lehigh.edu <mailto:munroe@lehigh.edu>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Grafana dashboard [ In reply to ]
Munroe,

> On 26 Jun 2020, at 19:46, Munroe Sollog <mus3@lehigh.edu> wrote:
>
> We are investigating a way to expose high-level summary data to a larger set of users than would have access to ntopng's gui. We are starting to go down the path of connecting grafana to the influxdb instance ntopng is running to make some visualizations. A quick look and it looks like this is the method ntopng recommends as they have since deprecated their grafana plugin.

This is correct.

>
> I was wondering if anyone had any pre-built dashboard or visualizations they'd be willing to share.
>

We haven't published any grafana dashboard yet. However, if you want to create them, you can use our FOSDEM presentation as a starting point: https://www.youtube.com/watch?v=sSZ3Sv0t_YQ <https://www.youtube.com/watch?v=sSZ3Sv0t_YQ>

Then, it would be nice if you could contribute created dashboards back to the community. We can create a place where to share them. I know there are several other ntopng users which have created their own dashboard. So my invite goes to them too. Anyone who would like to contribute created dashboard is very welcome to send them to us with some screenshots and an explanation.

Regards,

Simone


> --
> Munroe Sollog
> Senior Network Engineer
> munroe@lehigh.edu <mailto:munroe@lehigh.edu>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Grafana dashboard [ In reply to ]
Is there a document somewhere that describes the different series being
populated in the influxdb database? Some of this is self-explanatory, but
others not so much:

> show measurements

name: measurements

name

----

am_host:val_min

asn:ndpi

asn:rtt

asn:tcp_keep_alive

asn:tcp_lost

asn:tcp_out_of_order

asn:tcp_retransmissions

asn:traffic

country:traffic

elem_user_script:duration

elem_user_script:num_calls

elem_user_script:total_stats

evexporter_iface:traffic

flow_script:lua_duration

flow_script:pending_calls

flow_script:skipped_calls

flow_script:successful_calls

flow_user_script:duration

flow_user_script:num_calls

flow_user_script:total_stats

flowdev_port:traffic

host:active_flows

host:contacts

host:dns_qry_rcvd_rsp_sent

host:dns_qry_sent_rsp_rcvd

host:echo_packets

host:echo_reply_packets

host:engaged_alerts

host:host_unreachable_flows

host:l4protos

host:misbehaving_flows

host:ndpi

host:ndpi_categories

host:ndpi_flows

host:score

host:tcp_packets

host:tcp_rx_stats

host:tcp_tx_stats

host:total_alerts

host:total_flow_alerts

host:total_flows

host:traffic

host:udp_pkts

host:udp_sent_unicast

host:unreachable_flows

host_pool:devices

host_pool:hosts

host_pool:ndpi

host_pool:traffic

ht:state

iface:alerted_flows

iface:alerts_stats

iface:devices

iface:exported_vs_dropped_flows

iface:flows

iface:hosts

iface:http_hosts

iface:l4protos

iface:local2remote

iface:local_hosts

iface:misbehaving_flows

iface:ndpi

iface:ndpi_categories

iface:ndpi_flows

iface:new_flows

iface:packets_vs_drops

iface:remote2local

iface:score

iface:tcp_finack

iface:tcp_keep_alive

iface:tcp_lost

iface:tcp_out_of_order

iface:tcp_retransmissions

iface:tcp_rst

iface:tcp_syn

iface:tcp_synack

iface:traffic

iface:zmq_flow_coll_drops

iface:zmq_flow_coll_udp_drops

iface:zmq_msg_drops

iface:zmq_rcvd_msgs

iface:zmq_recv_flows

influxdb:dropped_points

influxdb:exported_points

influxdb:exports

influxdb:rtt

influxdb:storage_size

mac:arp_rqst_sent_rcvd_rpls

mac:ndpi_categories

mac:traffic

periodic_script:duration

process:num_alerts

process:resident_memory

profile:traffic

redis:hits

redis:keys

redis:memory

subnet:broadcast_traffic

subnet:engaged_alerts

subnet:tcp_keep_alive

subnet:tcp_lost

subnet:tcp_out_of_order

subnet:tcp_retransmissions

subnet:traffic

system:cpu_load

system:cpu_states

vlan:ndpi

vlan:traffic


On Mon, Jun 29, 2020 at 3:47 AM Simone Mainardi <mainardi@ntop.org> wrote:

> Munroe,
>
> On 26 Jun 2020, at 19:46, Munroe Sollog <mus3@lehigh.edu> wrote:
>
> We are investigating a way to expose high-level summary data to a larger
> set of users than would have access to ntopng's gui. We are starting to go
> down the path of connecting grafana to the influxdb instance ntopng is
> running to make some visualizations. A quick look and it looks like this
> is the method ntopng recommends as they have since deprecated their grafana
> plugin.
>
>
> This is correct.
>
>
> I was wondering if anyone had any pre-built dashboard or visualizations
> they'd be willing to share.
>
>
> We haven't published any grafana dashboard yet. However, if you want to
> create them, you can use our FOSDEM presentation as a starting point:
> https://www.youtube.com/watch?v=sSZ3Sv0t_YQ
>
> Then, it would be nice if you could contribute created dashboards back to
> the community. We can create a place where to share them. I know there are
> several other ntopng users which have created their own dashboard. So my
> invite goes to them too. Anyone who would like to contribute created
> dashboard is very welcome to send them to us with some screenshots and an
> explanation.
>
> Regards,
>
> Simone
>
>
> --
> Munroe Sollog
> Senior Network Engineer
> munroe@lehigh.edu
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop



--
Munroe Sollog
Senior Network Engineer
munroe@lehigh.edu
Re: Grafana dashboard [ In reply to ]
Is there a document somewhere that describes the different series being
populated in the influxdb database? Some of this is self-explanatory, but
others not so much:

> show measurements

name: measurements

name

----

am_host:val_min

asn:ndpi

asn:rtt

asn:tcp_keep_alive

asn:tcp_lost

asn:tcp_out_of_order

asn:tcp_retransmissions

asn:traffic

country:traffic

elem_user_script:duration

elem_user_script:num_calls

elem_user_script:total_stats

evexporter_iface:traffic

flow_script:lua_duration

flow_script:pending_calls

flow_script:skipped_calls

flow_script:successful_calls

flow_user_script:duration

flow_user_script:num_calls

flow_user_script:total_stats

flowdev_port:traffic

host:active_flows

host:contacts

host:dns_qry_rcvd_rsp_sent

host:dns_qry_sent_rsp_rcvd

host:echo_packets

host:echo_reply_packets

host:engaged_alerts

host:host_unreachable_flows

host:l4protos

host:misbehaving_flows

host:ndpi

host:ndpi_categories

host:ndpi_flows

host:score

host:tcp_packets

host:tcp_rx_stats

host:tcp_tx_stats

host:total_alerts

host:total_flow_alerts

host:total_flows

host:traffic

host:udp_pkts

host:udp_sent_unicast

host:unreachable_flows

host_pool:devices

host_pool:hosts

host_pool:ndpi

host_pool:traffic

ht:state

iface:alerted_flows

iface:alerts_stats

iface:devices

iface:exported_vs_dropped_flows

iface:flows

iface:hosts

iface:http_hosts

iface:l4protos

iface:local2remote

iface:local_hosts

iface:misbehaving_flows

iface:ndpi

iface:ndpi_categories

iface:ndpi_flows

iface:new_flows

iface:packets_vs_drops

iface:remote2local

iface:score

iface:tcp_finack

iface:tcp_keep_alive

iface:tcp_lost

iface:tcp_out_of_order

iface:tcp_retransmissions

iface:tcp_rst

iface:tcp_syn

iface:tcp_synack

iface:traffic

iface:zmq_flow_coll_drops

iface:zmq_flow_coll_udp_drops

iface:zmq_msg_drops

iface:zmq_rcvd_msgs

iface:zmq_recv_flows

influxdb:dropped_points

influxdb:exported_points

influxdb:exports

influxdb:rtt

influxdb:storage_size

mac:arp_rqst_sent_rcvd_rpls

mac:ndpi_categories

mac:traffic

periodic_script:duration

process:num_alerts

process:resident_memory

profile:traffic

redis:hits

redis:keys

redis:memory

subnet:broadcast_traffic

subnet:engaged_alerts

subnet:tcp_keep_alive

subnet:tcp_lost

subnet:tcp_out_of_order

subnet:tcp_retransmissions

subnet:traffic

system:cpu_load

system:cpu_states

vlan:ndpi

vlan:traffic


On Mon, Jun 29, 2020 at 3:47 AM Simone Mainardi <mainardi@ntop.org> wrote:

> Munroe,
>
> On 26 Jun 2020, at 19:46, Munroe Sollog <mus3@lehigh.edu> wrote:
>
> We are investigating a way to expose high-level summary data to a larger
> set of users than would have access to ntopng's gui. We are starting to go
> down the path of connecting grafana to the influxdb instance ntopng is
> running to make some visualizations. A quick look and it looks like this
> is the method ntopng recommends as they have since deprecated their grafana
> plugin.
>
>
> This is correct.
>
>
> I was wondering if anyone had any pre-built dashboard or visualizations
> they'd be willing to share.
>
>
> We haven't published any grafana dashboard yet. However, if you want to
> create them, you can use our FOSDEM presentation as a starting point:
> https://www.youtube.com/watch?v=sSZ3Sv0t_YQ
>
> Then, it would be nice if you could contribute created dashboards back to
> the community. We can create a place where to share them. I know there are
> several other ntopng users which have created their own dashboard. So my
> invite goes to them too. Anyone who would like to contribute created
> dashboard is very welcome to send them to us with some screenshots and an
> explanation.
>
> Regards,
>
> Simone
>
>
> --
> Munroe Sollog
> Senior Network Engineer
> munroe@lehigh.edu
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
>
>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop



--
Munroe Sollog
Senior Network Engineer
munroe@lehigh.edu
Re: Grafana dashboard [ In reply to ]
Munroe,

See https://github.com/ntop/ntopng/tree/dev/scripts/lua/modules/timeseries/schemas

Simone

> On 29 Jun 2020, at 20:50, Munroe Sollog <mus3@lehigh.edu> wrote:
>
> Is there a document somewhere that describes the different series being populated in the influxdb database? Some of this is self-explanatory, but others not so much:
>
> > show measurements
> name: measurements
> name
> ----
> am_host:val_min
> asn:ndpi
> asn:rtt
> asn:tcp_keep_alive
> asn:tcp_lost
> asn:tcp_out_of_order
> asn:tcp_retransmissions
> asn:traffic
> country:traffic
> elem_user_script:duration
> elem_user_script:num_calls
> elem_user_script:total_stats
> evexporter_iface:traffic
> flow_script:lua_duration
> flow_script:pending_calls
> flow_script:skipped_calls
> flow_script:successful_calls
> flow_user_script:duration
> flow_user_script:num_calls
> flow_user_script:total_stats
> flowdev_port:traffic
> host:active_flows
> host:contacts
> host:dns_qry_rcvd_rsp_sent
> host:dns_qry_sent_rsp_rcvd
> host:echo_packets
> host:echo_reply_packets
> host:engaged_alerts
> host:host_unreachable_flows
> host:l4protos
> host:misbehaving_flows
> host:ndpi
> host:ndpi_categories
> host:ndpi_flows
> host:score
> host:tcp_packets
> host:tcp_rx_stats
> host:tcp_tx_stats
> host:total_alerts
> host:total_flow_alerts
> host:total_flows
> host:traffic
> host:udp_pkts
> host:udp_sent_unicast
> host:unreachable_flows
> host_pool:devices
> host_pool:hosts
> host_pool:ndpi
> host_pool:traffic
> ht:state
> iface:alerted_flows
> iface:alerts_stats
> iface:devices
> iface:exported_vs_dropped_flows
> iface:flows
> iface:hosts
> iface:http_hosts
> iface:l4protos
> iface:local2remote
> iface:local_hosts
> iface:misbehaving_flows
> iface:ndpi
> iface:ndpi_categories
> iface:ndpi_flows
> iface:new_flows
> iface:packets_vs_drops
> iface:remote2local
> iface:score
> iface:tcp_finack
> iface:tcp_keep_alive
> iface:tcp_lost
> iface:tcp_out_of_order
> iface:tcp_retransmissions
> iface:tcp_rst
> iface:tcp_syn
> iface:tcp_synack
> iface:traffic
> iface:zmq_flow_coll_drops
> iface:zmq_flow_coll_udp_drops
> iface:zmq_msg_drops
> iface:zmq_rcvd_msgs
> iface:zmq_recv_flows
> influxdb:dropped_points
> influxdb:exported_points
> influxdb:exports
> influxdb:rtt
> influxdb:storage_size
> mac:arp_rqst_sent_rcvd_rpls
> mac:ndpi_categories
> mac:traffic
> periodic_script:duration
> process:num_alerts
> process:resident_memory
> profile:traffic
> redis:hits
> redis:keys
> redis:memory
> subnet:broadcast_traffic
> subnet:engaged_alerts
> subnet:tcp_keep_alive
> subnet:tcp_lost
> subnet:tcp_out_of_order
> subnet:tcp_retransmissions
> subnet:traffic
> system:cpu_load
> system:cpu_states
> vlan:ndpi
> vlan:traffic
>
>
> On Mon, Jun 29, 2020 at 3:47 AM Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>> wrote:
> Munroe,
>
>> On 26 Jun 2020, at 19:46, Munroe Sollog <mus3@lehigh.edu <mailto:mus3@lehigh.edu>> wrote:
>>
>> We are investigating a way to expose high-level summary data to a larger set of users than would have access to ntopng's gui. We are starting to go down the path of connecting grafana to the influxdb instance ntopng is running to make some visualizations. A quick look and it looks like this is the method ntopng recommends as they have since deprecated their grafana plugin.
>
> This is correct.
>
>>
>> I was wondering if anyone had any pre-built dashboard or visualizations they'd be willing to share.
>>
>
> We haven't published any grafana dashboard yet. However, if you want to create them, you can use our FOSDEM presentation as a starting point: https://www.youtube.com/watch?v=sSZ3Sv0t_YQ <https://www.youtube.com/watch?v=sSZ3Sv0t_YQ>
>
> Then, it would be nice if you could contribute created dashboards back to the community. We can create a place where to share them. I know there are several other ntopng users which have created their own dashboard. So my invite goes to them too. Anyone who would like to contribute created dashboard is very welcome to send them to us with some screenshots and an explanation.
>
> Regards,
>
> Simone
>
>
>> --
>> Munroe Sollog
>> Senior Network Engineer
>> munroe@lehigh.edu <mailto:munroe@lehigh.edu>_______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> --
> Munroe Sollog
> Senior Network Engineer
> munroe@lehigh.edu <mailto:munroe@lehigh.edu>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop
Re: Grafana dashboard [ In reply to ]
Munroe,

See https://github.com/ntop/ntopng/tree/dev/scripts/lua/modules/timeseries/schemas

Simone

> On 29 Jun 2020, at 20:50, Munroe Sollog <mus3@lehigh.edu> wrote:
>
> Is there a document somewhere that describes the different series being populated in the influxdb database? Some of this is self-explanatory, but others not so much:
>
> > show measurements
> name: measurements
> name
> ----
> am_host:val_min
> asn:ndpi
> asn:rtt
> asn:tcp_keep_alive
> asn:tcp_lost
> asn:tcp_out_of_order
> asn:tcp_retransmissions
> asn:traffic
> country:traffic
> elem_user_script:duration
> elem_user_script:num_calls
> elem_user_script:total_stats
> evexporter_iface:traffic
> flow_script:lua_duration
> flow_script:pending_calls
> flow_script:skipped_calls
> flow_script:successful_calls
> flow_user_script:duration
> flow_user_script:num_calls
> flow_user_script:total_stats
> flowdev_port:traffic
> host:active_flows
> host:contacts
> host:dns_qry_rcvd_rsp_sent
> host:dns_qry_sent_rsp_rcvd
> host:echo_packets
> host:echo_reply_packets
> host:engaged_alerts
> host:host_unreachable_flows
> host:l4protos
> host:misbehaving_flows
> host:ndpi
> host:ndpi_categories
> host:ndpi_flows
> host:score
> host:tcp_packets
> host:tcp_rx_stats
> host:tcp_tx_stats
> host:total_alerts
> host:total_flow_alerts
> host:total_flows
> host:traffic
> host:udp_pkts
> host:udp_sent_unicast
> host:unreachable_flows
> host_pool:devices
> host_pool:hosts
> host_pool:ndpi
> host_pool:traffic
> ht:state
> iface:alerted_flows
> iface:alerts_stats
> iface:devices
> iface:exported_vs_dropped_flows
> iface:flows
> iface:hosts
> iface:http_hosts
> iface:l4protos
> iface:local2remote
> iface:local_hosts
> iface:misbehaving_flows
> iface:ndpi
> iface:ndpi_categories
> iface:ndpi_flows
> iface:new_flows
> iface:packets_vs_drops
> iface:remote2local
> iface:score
> iface:tcp_finack
> iface:tcp_keep_alive
> iface:tcp_lost
> iface:tcp_out_of_order
> iface:tcp_retransmissions
> iface:tcp_rst
> iface:tcp_syn
> iface:tcp_synack
> iface:traffic
> iface:zmq_flow_coll_drops
> iface:zmq_flow_coll_udp_drops
> iface:zmq_msg_drops
> iface:zmq_rcvd_msgs
> iface:zmq_recv_flows
> influxdb:dropped_points
> influxdb:exported_points
> influxdb:exports
> influxdb:rtt
> influxdb:storage_size
> mac:arp_rqst_sent_rcvd_rpls
> mac:ndpi_categories
> mac:traffic
> periodic_script:duration
> process:num_alerts
> process:resident_memory
> profile:traffic
> redis:hits
> redis:keys
> redis:memory
> subnet:broadcast_traffic
> subnet:engaged_alerts
> subnet:tcp_keep_alive
> subnet:tcp_lost
> subnet:tcp_out_of_order
> subnet:tcp_retransmissions
> subnet:traffic
> system:cpu_load
> system:cpu_states
> vlan:ndpi
> vlan:traffic
>
>
> On Mon, Jun 29, 2020 at 3:47 AM Simone Mainardi <mainardi@ntop.org <mailto:mainardi@ntop.org>> wrote:
> Munroe,
>
>> On 26 Jun 2020, at 19:46, Munroe Sollog <mus3@lehigh.edu <mailto:mus3@lehigh.edu>> wrote:
>>
>> We are investigating a way to expose high-level summary data to a larger set of users than would have access to ntopng's gui. We are starting to go down the path of connecting grafana to the influxdb instance ntopng is running to make some visualizations. A quick look and it looks like this is the method ntopng recommends as they have since deprecated their grafana plugin.
>
> This is correct.
>
>>
>> I was wondering if anyone had any pre-built dashboard or visualizations they'd be willing to share.
>>
>
> We haven't published any grafana dashboard yet. However, if you want to create them, you can use our FOSDEM presentation as a starting point: https://www.youtube.com/watch?v=sSZ3Sv0t_YQ <https://www.youtube.com/watch?v=sSZ3Sv0t_YQ>
>
> Then, it would be nice if you could contribute created dashboards back to the community. We can create a place where to share them. I know there are several other ntopng users which have created their own dashboard. So my invite goes to them too. Anyone who would like to contribute created dashboard is very welcome to send them to us with some screenshots and an explanation.
>
> Regards,
>
> Simone
>
>
>> --
>> Munroe Sollog
>> Senior Network Engineer
>> munroe@lehigh.edu <mailto:munroe@lehigh.edu>_______________________________________________
>> Ntop mailing list
>> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
>> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
> _______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it <mailto:Ntop@listgateway.unipi.it>
> http://listgateway.unipi.it/mailman/listinfo/ntop <http://listgateway.unipi.it/mailman/listinfo/ntop>
>
> --
> Munroe Sollog
> Senior Network Engineer
> munroe@lehigh.edu <mailto:munroe@lehigh.edu>_______________________________________________
> Ntop mailing list
> Ntop@listgateway.unipi.it
> http://listgateway.unipi.it/mailman/listinfo/ntop