Nagios Support Forum

In solarwinds we can view by conversation. I can't seem to find that option in NNA. I can sort by top talkers and such, but I want to know who are having the busiest conversation.

Thanks!

Create a query, aggregate by srcip,dstip - don't bother including Raw Query data if you want to query ALL your traffic. You may have to impose some sort of limit using Raw Query if you want it to finish ever.

When the Query is done sort how you wish - bytes, bytes/sec.

This is host <--> host. I was shooting to make one that aggregated by all 4 fields, but I couldn't get that to work at all for me. I'm going to do some digging in the backend and see if that's just a UI bug or if nfdump is blowing up completely.

Thanks man....I think we're actually getting the hang of this now

I would guess that nfdump is just not smart enough to handle a query aggregating by all 4 primary fields with no raw query - it wasn't going to finish in any reasonable amount of time. I doubt there is going to be anything we can do about that.

I added a nice simple query "dst port 80 or dst port 443" and that gave me results in about 10 seconds (at the CLi)

Running the same query in the GUI, got a chord diagram in about 5 seconds, but nfdump died and my little wait spinner just sat and spun in the UI.

Is aggregating by all 4 fields going to be important? If so I'll have to run this one up to the devs to look at.

jdalrymple wrote:Is aggregating by all 4 fields going to be important? If so I'll have to run this one up to the devs to look at.

Not for me, I don't think so.

Soooo... We good to close this?

Yes Mr. McDonald, lock 'er up!

Nah, you gotta do it like this: