Hi John,
You can use the group-by clause to get the output into the format you
want. Say each data record has a column named month and a column
denoting the number of bytes transferred called bytes, you can get the
traffic volume (assumed to be total number of bytes transferred here) by
a query of the following form
ibis -d data-dir -q "select month, sum(bytes) where
your-selection-criteria group by month"
In factor, if you use actually use ibis.cpp to answer this query, the
group by clause can actually be skipped if the order of group by
operation is the same as the order of the columns in the select clause.
Internally, ibis.cpp detects that you have requested an aggregation
operation in the select clause and by default will perform group by on
all column names that are not in an aggregation function.
The same select clause can be passed to ibis::query object or
ibis::table::select function as well.
Thanks for your reply but seems matters are a bit more complex dut to
the way nprobe is using fastbit.
The "database" is in the directory /opt/rb/shared/var/db/fastbit.
If we execute `find /opt/rb/shared/var/db/fastbit` we get:
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/SRC_AS
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/LAST_SWITCHED
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/SRC_TOS.idx
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/FIRST_SWITCHED.idx
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/IN_BYTES
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/TCP_FLAGS
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/IPV4_DST_MASK.idx
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/L4_SRC_PORT.idx
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/DST_AS.idx
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/L4_DST_PORT
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/SRC_AS.idx
[...]
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/IPV4_NEXT_HOP
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/IPV4_SRC_ADDR
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/IPV4_SRC_MASK
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/PROTOCOL.idx
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/DST_AS
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/IPV4_SRC_ADDR.idx
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/OUTPUT_SNMP
/opt/rb/shared/var/db/fastbit/2011/02/09/13/40/IPV4_DST_MASK
[...]
Sadly, there is no "time" column. Time is implicit in the directory
were the file is.
Right now, we use the fbquery command (I believe a parser provided by
Luca for ibis) to consult fastbit database this way:
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/01 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/02 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/03 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/04 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/05 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/06 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/07 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/08 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/09 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/10 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/11 ...
fbquery -c sum(IN_BYTES) -d /opt/rb/shared/var/db/fastbit/2011/12 ...
So we have to execute fbquery 12 times to be able to get all the dots
in the graph.
Of course we could directly use ibis and might even consider
modifying how nprobe stores its data, but right now thats the case.
Regards
--
Jaime Nebrera - [email protected]
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
