Clickhouse-netflow-dashboard
From Initech Technical Wiki
This should be all you need for a grafana dashboard which will visualise clickhouse data imported from pmacct.
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": "-- Grafana --",
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"gnetId": null,
"graphTooltip": 0,
"id": 6,
"iteration": 1571435676468,
"links": [],
"panels": [
{
"aliasColors": {},
"bars": false,
"dashLength": 10,
"dashes": false,
"datasource": "ClickHouse",
"fill": 1,
"gridPos": {
"h": 8,
"w": 14,
"x": 0,
"y": 0
},
"id": 15,
"legend": {
"avg": false,
"current": false,
"max": false,
"min": false,
"show": true,
"total": false,
"values": false
},
"lines": true,
"linewidth": 1,
"links": [],
"nullPointMode": "null",
"percentage": false,
"pointradius": 2,
"points": false,
"renderer": "flot",
"seriesOverrides": [],
"spaceLength": 10,
"stack": false,
"steppedLine": false,
"targets": [
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"interval": "",
"intervalFactor": 1,
"query": "SELECT\n toUInt32(toStartOfMinute(toDateTime(stamp_updated)))*1000 as t,\n sum(bytes/7.5) as Download\nFROM $table\nWHERE $timeFilter and as_dst=133075\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY t\nORDER BY t",
"rawQuery": "SELECT toUInt32(toStartOfMinute(toDateTime(stamp_updated)))*1000 as t, sum(bytes/7.5) as Download FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424875) and as_dst=133075 GROUP BY t ORDER BY t",
"refId": "A",
"round": "0s",
"table": "nfacct",
"tableLoading": false
},
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"intervalFactor": 1,
"query": "SELECT\n toUInt32(toStartOfMinute(toDateTime(stamp_updated)))*1000 as t,\n sum(bytes/7.5) as Upload\nFROM $table\nWHERE $timeFilter and as_src=133075\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY t\nORDER BY t",
"rawQuery": "SELECT toUInt32(toStartOfMinute(toDateTime(stamp_updated)))*1000 as t, sum(bytes/7.5) as Upload FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424875) and as_src=133075 GROUP BY t ORDER BY t",
"refId": "B",
"round": "0s",
"table": "nfacct",
"tableLoading": false
}
],
"thresholds": [],
"timeFrom": null,
"timeRegions": [
{
"colorMode": "red",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "05:00",
"fromDayOfWeek": 7,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "19:00",
"toDayOfWeek": 1
},
{
"colorMode": "red",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "05:00",
"fromDayOfWeek": 2,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "19:00",
"toDayOfWeek": 2
},
{
"colorMode": "red",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "05:00",
"fromDayOfWeek": 3,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "19:00",
"toDayOfWeek": 3
},
{
"colorMode": "red",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "05:00",
"fromDayOfWeek": 4,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "19:00",
"toDayOfWeek": 4
},
{
"colorMode": "red",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "05:00",
"fromDayOfWeek": 5,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "19:00",
"toDayOfWeek": 5
},
{
"colorMode": "red",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "05:00",
"fromDayOfWeek": 6,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "19:00",
"toDayOfWeek": 6
},
{
"colorMode": "green",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "19:00",
"fromDayOfWeek": 1,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "05:00",
"toDayOfWeek": 2
},
{
"colorMode": "green",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "19:00",
"fromDayOfWeek": 2,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "05:00",
"toDayOfWeek": 3
},
{
"colorMode": "green",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "19:00",
"fromDayOfWeek": 3,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "05:00",
"toDayOfWeek": 4
},
{
"colorMode": "green",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "19:00",
"fromDayOfWeek": 4,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "05:00",
"toDayOfWeek": 5
},
{
"colorMode": "green",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "19:00",
"fromDayOfWeek": 5,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "05:00",
"toDayOfWeek": 6
},
{
"colorMode": "green",
"fill": true,
"fillColor": "rgba(234, 112, 112, 0.12)",
"from": "19:00",
"fromDayOfWeek": 6,
"line": false,
"lineColor": "rgba(237, 46, 24, 0.60)",
"op": "time",
"to": "05:00",
"toDayOfWeek": 7
}
],
"timeShift": null,
"title": "Network Throughput (All Egress Points)",
"tooltip": {
"shared": true,
"sort": 0,
"value_type": "individual"
},
"type": "graph",
"xaxis": {
"buckets": null,
"mode": "time",
"name": null,
"show": true,
"values": []
},
"yaxes": [
{
"decimals": null,
"format": "bps",
"label": "bps",
"logBase": 1,
"max": null,
"min": "0",
"show": true
},
{
"format": "pps",
"label": "pps",
"logBase": 1,
"max": null,
"min": null,
"show": false
}
],
"yaxis": {
"align": false,
"alignLevel": null
}
},
{
"columns": [],
"datasource": "ClickHouse",
"fontSize": "100%",
"gridPos": {
"h": 8,
"w": 5,
"x": 14,
"y": 0
},
"id": 4,
"links": [],
"pageSize": 10,
"scroll": false,
"showHeader": true,
"sort": {
"col": 2,
"desc": true
},
"styles": [
{
"alias": "ASN",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"mappingType": 1,
"pattern": "Time",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Metric",
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Total",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Value",
"thresholds": [],
"type": "number",
"unit": "decbytes"
}
],
"targets": [
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"intervalFactor": 1,
"query": "SELECT\n as_src,\n sum(bytes) as Total\nFROM $table\nWHERE $timeFilter\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY as_src",
"rawQuery": "SELECT as_src, sum(bytes) as Total FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424875) GROUP BY as_src",
"refId": "A",
"round": "0s",
"table": "nfacct",
"tableLoading": false
}
],
"timeFrom": null,
"timeShift": null,
"title": "Source AS Distribution",
"transform": "timeseries_to_rows",
"type": "table"
},
{
"columns": [],
"datasource": "ClickHouse",
"fontSize": "100%",
"gridPos": {
"h": 8,
"w": 5,
"x": 19,
"y": 0
},
"id": 14,
"links": [],
"pageSize": 10,
"scroll": false,
"showHeader": true,
"sort": {
"col": 2,
"desc": true
},
"styles": [
{
"alias": "ASN",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 0,
"mappingType": 1,
"pattern": "Time",
"thresholds": [],
"type": "number",
"unit": "none"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Metric",
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Total",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Value",
"thresholds": [],
"type": "number",
"unit": "decbytes"
}
],
"targets": [
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"intervalFactor": 1,
"query": "SELECT\n as_dst,\n sum(bytes) as Total\nFROM $table\nWHERE $timeFilter\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY as_dst",
"rawQuery": "SELECT as_dst, sum(bytes) as Total FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424875) GROUP BY as_dst",
"refId": "A",
"round": "0s",
"table": "nfacct",
"tableLoading": false
}
],
"timeFrom": null,
"timeShift": null,
"title": "Destination AS Distribution",
"transform": "timeseries_to_rows",
"type": "table"
},
{
"aliasColors": {},
"breakPoint": "50%",
"cacheTimeout": null,
"combine": {
"label": "Others",
"threshold": 0
},
"datasource": "ClickHouse",
"fontSize": "80%",
"format": "decbytes",
"gridPos": {
"h": 8,
"w": 9,
"x": 0,
"y": 8
},
"id": 8,
"interval": null,
"legend": {
"header": "",
"percentage": false,
"show": true,
"sort": "total",
"sortDesc": true,
"values": true
},
"legendType": "Right side",
"links": [],
"maxDataPoints": 3,
"nullPointMode": "connected",
"pieType": "pie",
"strokeWidth": 1,
"targets": [
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"intervalFactor": 1,
"query": "SELECT\n $timeSeries as t,\n ip_proto,\n sum(bytes) as Total\nFROM $table\nWHERE $timeFilter\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY t,ip_proto",
"rawQuery": "SELECT (intDiv(toUInt32(stamp_updated), 3600) * 3600) * 1000 as t, ip_proto, sum(bytes) as Total FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424876) GROUP BY t,ip_proto",
"refId": "A",
"round": "0s",
"table": "nfacct",
"tableLoading": false
}
],
"timeFrom": null,
"timeShift": null,
"title": "Protocol Distribution",
"type": "grafana-piechart-panel",
"valueName": "total"
},
{
"cacheTimeout": null,
"colorBackground": false,
"colorValue": false,
"colors": [
"#299c46",
"rgba(237, 129, 40, 0.89)",
"#d44a3a"
],
"datasource": "ClickHouse",
"description": "",
"format": "decbytes",
"gauge": {
"maxValue": 100,
"minValue": 0,
"show": false,
"thresholdLabels": false,
"thresholdMarkers": true
},
"gridPos": {
"h": 8,
"w": 5,
"x": 9,
"y": 8
},
"id": 2,
"interval": null,
"links": [],
"mappingType": 1,
"mappingTypes": [
{
"name": "value to text",
"value": 1
},
{
"name": "range to text",
"value": 2
}
],
"maxDataPoints": 100,
"nullPointMode": "connected",
"nullText": null,
"postfix": "",
"postfixFontSize": "50%",
"prefix": "",
"prefixFontSize": "50%",
"rangeMaps": [
{
"from": "null",
"text": "N/A",
"to": "null"
}
],
"sparkline": {
"fillColor": "rgba(31, 118, 189, 0.18)",
"full": false,
"lineColor": "rgb(31, 120, 193)",
"show": false
},
"tableColumn": "",
"targets": [
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"intervalFactor": 1,
"query": "SELECT\n $timeSeries as t,\n sum(bytes)\nFROM $table\nWHERE $timeFilter\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY t\nORDER BY t",
"rawQuery": "SELECT (intDiv(toUInt32(stamp_updated), 120) * 120) * 1000 as t, sum(bytes) FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424875) GROUP BY t ORDER BY t",
"refId": "A",
"round": "0s",
"table": "nfacct",
"tableLoading": false
}
],
"thresholds": "",
"timeFrom": null,
"timeShift": null,
"title": "Total Traffic",
"type": "singlestat",
"valueFontSize": "80%",
"valueMaps": [
{
"op": "=",
"text": "N/A",
"value": "null"
}
],
"valueName": "total"
},
{
"columns": [],
"datasource": "ClickHouse",
"fontSize": "100%",
"gridPos": {
"h": 8,
"w": 5,
"x": 14,
"y": 8
},
"id": 10,
"links": [],
"pageSize": 10,
"scroll": false,
"showHeader": true,
"sort": {
"col": null,
"desc": false
},
"styles": [
{
"alias": "IP Address",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Time",
"thresholds": [],
"type": "string",
"unit": "short"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Metric",
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Total",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Value",
"thresholds": [],
"type": "number",
"unit": "decbytes"
}
],
"targets": [
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"intervalFactor": 1,
"query": "SELECT\n ip_src,\n ip_src,\n sum(bytes) as Total\nFROM $table\nWHERE $timeFilter\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY ip_src\nORDER BY Total DESC\nLIMIT 20\n",
"rawQuery": "SELECT ip_src, ip_src, sum(bytes) as Total FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424875) GROUP BY ip_src ORDER BY Total DESC LIMIT 20",
"refId": "A",
"round": "0s",
"table": "nfacct",
"tableLoading": false
}
],
"timeFrom": null,
"timeShift": null,
"title": "Top Talking Source IPs",
"transform": "timeseries_to_rows",
"type": "table"
},
{
"columns": [],
"datasource": "ClickHouse",
"fontSize": "100%",
"gridPos": {
"h": 8,
"w": 5,
"x": 19,
"y": 8
},
"id": 12,
"links": [],
"pageSize": 10,
"scroll": false,
"showHeader": true,
"sort": {
"col": null,
"desc": false
},
"styles": [
{
"alias": "IP Address",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Time",
"thresholds": [],
"type": "number",
"unit": "decbytes"
},
{
"alias": "",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Metric",
"thresholds": [],
"type": "hidden",
"unit": "short"
},
{
"alias": "Total",
"colorMode": null,
"colors": [
"rgba(245, 54, 54, 0.9)",
"rgba(237, 129, 40, 0.89)",
"rgba(50, 172, 45, 0.97)"
],
"dateFormat": "YYYY-MM-DD HH:mm:ss",
"decimals": 2,
"mappingType": 1,
"pattern": "Value",
"thresholds": [],
"type": "number",
"unit": "decbytes"
}
],
"targets": [
{
"database": "netflow",
"dateLoading": false,
"dateTimeColDataType": "stamp_updated",
"dateTimeType": "DATETIME",
"datetimeLoading": false,
"format": "time_series",
"formattedQuery": "SELECT $timeSeries as t, count() FROM $table WHERE $timeFilter GROUP BY t ORDER BY t",
"hide": false,
"intervalFactor": 1,
"query": "SELECT\n ip_dst,\n ip_dst,\n sum(bytes) as Total\nFROM $table\nWHERE $timeFilter\n$conditionalTest(AND ip_proto in ($ip_proto),$ip_proto)\n$conditionalTest(AND as_src in ($as_src),$as_src)\n$conditionalTest(AND as_dst in ($as_dst),$as_dst)\n$conditionalTest(AND ip_src in ($ip_src),$ip_src)\n$conditionalTest(AND ip_dst in ($ip_dst),$ip_dst)\nGROUP BY ip_dst\nORDER BY Total DESC\nLIMIT 20\n",
"rawQuery": "SELECT ip_dst, ip_dst, sum(bytes) as Total FROM netflow.nfacct WHERE stamp_updated >= toDateTime(1571424875) GROUP BY ip_dst ORDER BY Total DESC LIMIT 20",
"refId": "A",
"round": "0s",
"table": "nfacct",
"tableLoading": false
}
],
"timeFrom": null,
"timeShift": null,
"title": "Top Talking Destination IPs",
"transform": "timeseries_to_rows",
"type": "table"
}
],
"refresh": "30s",
"schemaVersion": 18,
"style": "dark",
"tags": [],
"templating": {
"list": [
{
"allValue": "",
"current": {
"text": "All",
"value": [
"$__all"
]
},
"datasource": "ClickHouse",
"definition": "select distinct ip_proto from nfacct where stamp_updated between '$from' and '$to'",
"hide": 0,
"includeAll": true,
"label": "Protocol",
"multi": true,
"name": "ip_proto",
"options": [],
"query": "select distinct ip_proto from nfacct where stamp_updated between '$from' and '$to'",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 1,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": "",
"current": {
"text": "All",
"value": [
"$__all"
]
},
"datasource": "ClickHouse",
"definition": "select distinct as_src from nfacct where stamp_updated between '$from' and '$to'",
"hide": 0,
"includeAll": true,
"label": "Source ASN",
"multi": true,
"name": "as_src",
"options": [],
"query": "select distinct as_src from nfacct where stamp_updated between '$from' and '$to'",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": "",
"current": {
"text": "All",
"value": [
"$__all"
]
},
"datasource": "ClickHouse",
"definition": "select distinct as_dst from nfacct where stamp_updated between '$from' and '$to'",
"hide": 0,
"includeAll": true,
"label": "Destination ASN",
"multi": true,
"name": "as_dst",
"options": [],
"query": "select distinct as_dst from nfacct where stamp_updated between '$from' and '$to'",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": "",
"current": {
"text": "All",
"value": [
"$__all"
]
},
"datasource": "ClickHouse",
"definition": "select distinct ip_src from nfacct where stamp_updated between '$from' and '$to'",
"hide": 0,
"includeAll": true,
"label": "Source IP",
"multi": true,
"name": "ip_src",
"options": [],
"query": "select distinct ip_src from nfacct where stamp_updated between '$from' and '$to'",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
},
{
"allValue": "",
"current": {
"text": "All",
"value": [
"$__all"
]
},
"datasource": "ClickHouse",
"definition": "select distinct ip_dst from nfacct where stamp_updated between '$from' and '$to'",
"hide": 0,
"includeAll": true,
"label": "Destination IP",
"multi": true,
"name": "ip_dst",
"options": [],
"query": "select distinct ip_dst from nfacct where stamp_updated between '$from' and '$to'",
"refresh": 2,
"regex": "",
"skipUrlSync": false,
"sort": 3,
"tagValuesQuery": "",
"tags": [],
"tagsQuery": "",
"type": "query",
"useTags": false
}
]
},
"time": {
"from": "now-3h",
"to": "now"
},
"timepicker": {
"refresh_intervals": [
"5s",
"10s",
"30s",
"1m",
"5m",
"15m",
"30m",
"1h",
"2h",
"1d"
],
"time_options": [
"5m",
"15m",
"1h",
"6h",
"12h",
"24h",
"2d",
"7d",
"30d"
]
},
"timezone": "",
"title": "Netflow",
"uid": "uBqt0hWZz",
"version": 44
}