About the traffic hsitogram

[cksjackey]

Hi All,

First of all, I am so impressive of using the latest version of kibana 3. I have installed logstash to monitor the firewall log and I would like to create a histogram to show the bandwidth usage so I could then filter by either source or destination IP address to find out the top talker.

To archive that, I have created a histogram and configure it with following parameter.

Mode: Total
Field: @fields.sent <==how many bytes does the source IP address sent out

However I receive the following message.

ClassCastException[org.elasticsearch.index.field.data.strings.SingleValueStringFieldData cannot be cast to org.elasticsearch.index.field.data.NumericFieldData]
Test

query1 (2542) @fields.sent total per 30s | (0 hits)
Error: Time mode requires the flot.time plugin.

query1 (2542) @fields.sent total per 30s | (0 hits)
Error: Time mode requires the flot.time plugin.

It would be highly appreciate if someone could help or share any idea on it. Many thanks.

Rgds,
Jacky

[Lins59]

Hi,

You have to cast the number of bytes sent into an int with Logstash.
This can be done using : (%{NUMBER:bytes:int}|-) (please note the :int).
Casting works also with a float (but you won't use it in this situation)

Regards,
Pierre