Flow Collector Dashlets

Analyzing the Data

Once Flow Collector(s) and Flow Sources are set up, you can start analyzing the received data.
Analysis of Flow data is done via Monitoring > Dashboards, using one or more of the available 'Flow Collectors' dashlets:

The following Dashlets are available:

Sources Summary
Sources History
Top 10 Host Transmitters
Top 10 Host Receivers
Top 10 Port Transmitters
Top 10 Port Receivers
Top 10 Transfers

In the following sections we will cover each of the Dashlets, covering how to configure the Dashlet and what data is returned.

Sources Summary

This dashlet lists all the configured Flow Sources and the average amount of data received from them as well as the last update time.

Click on the cog icon to configure the dashlet options:

In the above configuration window, you can choose which sources are displayed within the Sources Summary Dashlet (either individually select the sources, or select 'All sources' to display all sources within the Opsview Monitor system).

There is also a ‘Duration’ field within the ‘Options’ section which allows you to determine the ‘average bytes’ period, this can be seen below:

Sources History

This dashlet displays the data transferred through each Flow Source, and investigate specific points in time.
To investigate a time, i.e. perhaps a spike in the throughput, hover your mouse over the time period which will display a tooltip with IP, Date and, Time which can be clicked to open the investigate window, as below:

When the beacon spot is clicked, a modal investigation window will load. This investigate window will display the data as it was at the point in time selected, i.e. it will display the ‘top 10 transfers’ that were occurring at the selected time.

You can also choose to change the duration from one of the following options. These buttons, along with the ‘-1’ and ‘+1’ buttons, allow you to step through the period in time – i.e. ‘What does it look like 10 minutes from now?’. This is great troubleshooting tool, as you can step through minute by minute to see what was happening on the network, and at which specific time it began to get overloaded (for example).

The configuration for the ‘Sources History’ Dashlet contains two sections: ‘Filter by Sources’ and ‘Graph Settings’, as below:

The 'Filter by Sources' section, allows you to choose which Flow Sources are displayed on the dashlet.
The 'Graph Settings' section allows you to fine tune how the graph is displayed:

Data type: Bytes, Packets or Flows.
Protocol: All, UDP, TCP, ICMP, Other
Duration: 1 hour, 3 hours, 6 hours, 12 hours, 1 day, 2 days, 3 days, 5 days, 10 days, 30 days
Chart style: Line, Area, Stack
Line thickness: Various options

There is also the option to bind the 'Y-Axis to 0'.

Finally, you can choose to 'zoom' into a specific section of the Sources History Dashlet by left-clicking and dragging your mouse over a specific area, which will redraw the Dashlet to focus just on the selected time period, as below:

Top 10 Host Transmitters

This dashlet displays the 'Top 10 Talkers' in terms of Bytes and packets transmitted per host, on a collector basis.

Click on the cog icon to configure the dashlet options:

You must choose a Flow Collector first.
After choosing the Flow Collector, the Flow Sources list will populate with all the Flow Sources created on the chosen Flow Collector.
You can then choose to use data from all Flow Sources, or select Flow Sources one by one.

The ‘Options’ section allows you to define the ‘Duration':

Top 10 Host Receivers

This dashlet displays the 'Top 10 Downloaders' in terms of Bytes and packets received per host, on a collector basis.

Click on the cog icon to configure the dashlet options:

The 'Options' section allows you to define the 'Duration:', i.e. the time period the data is gathered over. Options include 'Last 1 Min', 'Last 2 Mins', 'Last 5 Mins' and 'Last 10 Mins'.

Top 10 Port Transmitters

This dashlet displays the 'Top 10 Ports' in terms of Bytes and packets transmitted (i.e. data is being sent from Port 123), on a collector basis:

Click on the cog icon to configure the dashlet options:

Finally, the ‘Options’ section allows you to define the ‘Duration'.

Top 10 Port Receivers

This dashlet will display the 'Top 10 Ports' in terms of Bytes and packets downloaded/recieved (i.e. data is being downloaded to Port 123), on a collector basis:

Click on the cog icon to configure the dashlet options:

You must choose a Flow Collector first, i.e. an Opsview Monitor master or a cluster server.
After choosing the Flow Collector, the Flow Sources list will populate with all the Flow Sources created on the chosen Flow Collector.
You can then choose to use data from all Flow Sources, or select Flow Sources one by one.

Finally, the ‘Options’ section allows you to define the ‘Duration'.

Top 10 Transfers

This dashlet will display the Top 10 transfers on a collector basis, including the transmitter (Host + port) and Reciever (Host + Port), along with the Bytes, Packets, and the % of the total Bytes transferred (allowing you to see if a single transfer is eating all of your bandwidth).

To view the transmitter port (as it is cut off in the Dashlet below), simply mouse over on the pie chart segment:

Click on the cog icon to configure the dashlet options:

Finally, the ‘Options’ section allows you to define the ‘Duration'.