When you select a report definition or section in the reports browse pane, you can then edit its settings in the report settings pane.
The report settings pane also includes a number of controls:
When you select a report definition in the reports browse pane, the reports settings pane will show the description for the report definition and also a table of saved report results.
You can edit the report description so that it describes the purpose of the report. This description is not shown in the report results.
Each row in the report results table shows the time at which the report results were generated and also the following columns:
To refresh the report results table to load report results that have been generated by other users click the under the report results table.
When you select a query section in the reports browse pane, the report settings pane will display the settings for the query section. In a query section you can define a query to specify the data that you want to extract from the database, and a display format for the data that is produced when the query is run.
A query specifies the data that you want to extract from the
database. When a query is run it produces a table of results.
When you define a query you are specifying the columns or
fields that should be present in the table.
A column can be a key field, for example
sourceAddress, or a
value field, for example
Each row in the table will represent a unique combination
of the keys and values associated with that combination. For
example, if a query is defined to have the fields
bytesTotal, then the query will produce a
table of data where each row in the table includes a unique
source address and the bytes sent by that address.
sFlowTrend-Pro supports commonly used, basic queries defined using Basic settings (see Section 188.8.131.52, “Editing a query using basic settings”), flexible, complex queries using Advanced settings (see Section 184.108.40.206, “Editing a query using advanced settings”), and flexible, complex queries with that ability to further process the results before display using Scripted settings (see Section 220.127.116.11, “Editing a query using scripted settings”).
When you add a new query section, a default query section will be created with Basic settings. You can edit these settings in the Basic settings tab, or if you are defining a more complex query, you can view the basic settings in the Advanced settings tab or the Scripted settings tab, and then edit the settings in one of these tabs. However, if you edit the settings in the Advanced settings tab, the settings will become incompatible with the Basic settings, so you will only be able to view and edit the query settings in the Advanced settings tab. Similarly, if you edit the settings in the Scripted settings tab, the settings will become incompatible with the Basic settings and Advanced settings so you will only be able to view and edit the query settings in the Scripted settings tab.
The table of data produced when a query is run can be displayed in a number of different formats. You can select the most appropriate format for your use of the data. Displaying the data in a Table gives the raw data from the query; use this if you need the actual numbers. For example, you might want to check on the absolute utilisation of a link, or use the data in another application. Displaying the data in a Chart helps visualisation of the results; use this if you want to compare different items quickly, for example, easily see the largest contributors to the utilisation of a link. Another important difference between using a table and a chart is that a chart must have a value to plot. A table does not require a value, and so can be used to answer questions such as "which addresses were seen on a specific interface?".
In addition to choosing between a table and a chart, you can also decide whether to view the data as a total over the entire time period selected for the query, or as a trend of data over time. If you view the data as a total, then rows in the table represent data points for the whole time period. In this case, the interval from the time selector is ignored. If, however, you want to understand how a value changes over time, then you should select a trend. With a trend, each row in the table represents a data point for a period of time defined by the time selector interval.
If we use the Top Sources by frames query as an example, displaying the result of this query as a total will give the total frames sent by each of the top sources over the time period. Displaying the result as a trend will show how the number of frames sent by each of the top sources changed over time.
When a chart is used to display query results, the chart interprets results data using series, categories and values. sFlowTrend-Pro will choose the most appropriate fields to plot as categories and series based on the type of chart selected.
Categories are plotted on the x-axis of a
chart. Charts that show data as totals have
explicit categories, defined from the key fields that
were used in the query. The categories are
generated from all the unique combinations of the key
fields found in the data. For example, if the key
there will be a category for
source-destination pair found in the data.
Charts that show data as a trend over time use time as categories. Each category corresponds to an interval in the overall time period of the query.
Values are plotted on the y-axis of a chart. The value fields in the results form the values for the chart. Each category will a plotted against each of the values.
Each series contains a set of related data. How a series is plotted depends on the type of chart. For example, a bar chart will show each series as a set of bars of the same colour, and each category will have a bar of each colour. A stacked bar chart shows only one bar per category, but each bar will contain several segments, with each segment representing a series.
For charts that show data as totals, a series is
generated for each value field in the results. For
example, if the value fields were
bytesTotal, then one series is
created for frames, and one for bytes. Recall that
for a totals chart the categories are created from
the key fields; this means that each series is
formed from the associated value field plotted
against each category.
For charts that show data as a trend, the series are
generated from the key fields in the results. This
is done in a similar way to the categories in a
totals chart: each series will consist of the unique
combinations of the key fields found in the results
data. For example, if the key fields consisted of
sourceAddress, then a series
would be created for each source address found in
the results. These series are then plotted against
The display format information panel (see Section 18.104.22.168, “Editing a query using basic settings”) is useful in understanding how a query will be plotted. When a query is created in the basic or advanced settings tabs, then the categories, series and values that will be produced are shown. For time trend charts, since the categories are always time, this is assumed and not shown in the information panel. Similarly, for a totals chart, since the series are always generated from the values, the series are not shown. In the case of a table, the columns that will form the table are shown.
The following formats can be used to display the data:
Displays the data in a bar chart, with bars used to show the values for each series in the data. Bar charts are used to display and compare data summarised over the query time period.
If one series is available (in the query one value is selected), then a single bar per category is shown. If multiple series are present, then a group of bars is plotted for each category, with the bars coloured to indicate the series.
Displays the data in a stacked bar chart. This is similar to a normal bar chart, and when only one value field is selected in the query, produces the same result. However if multiple values are selected in the query, a series is generated for each value, and instead of plotting a separate bar for each series, a stacked bar is used. Each segment of the stacked bar represents a different series.
This type of chart is useful when two similar values
are to be compared, for example
framesOut for an interface.
Displays the data in a line chart trended over time. Each series in the data will be shown as a separate line in the chart, plotted against the categories. Use this chart to see how data changes over time.
A line in the chart is plotted for each series. With advanced charts, if more than one value is selected, a separate chart will be created for each value.
Displays the data in an area chart trended over time. Each series in the data will be shown as an area in the chart. The areas for each item will overlap, which can make the results of this chart difficult to see. You could try a line chart or stacked area chart if this is the case.
As with the line chart, each area in the chart is formed from the series, and a separate chart will be created if multiple values are specified.
The stacked area chart is identical to the area chart, except the areas are stacked on top of each other, rather than overlapping. This can make the chart much easier to read.
Use a table to view the raw results of your query. The table will include a column for each field specified in the query. It is not necessary for the query to include value fields, so a table is useful for inventory reports, where you want to understand what is present, rather than how much traffic is being generated.
All the columns for the query will be displayed in the table.
The trend table also displays data in a tabular form, but includes time as the first column. Use this type of table to get the specific values from a query, instead of the visualisation provided by charts.
All the columns for the query will be displayed. Each row in the table will include the time, and associated data for that time. If there are multiple data points per time period, then there will be multiple rows with the same time. Also, if there are any data points which are the 'other' from a top-n query, then they will be shown with the non-value columns blank (the columns for value fields will show the value for 'other').
The Basic settings tab helps you define and parameterise commonly used queries. These queries are very similar to those used in the Network tab (see Chapter 3, Network), Hosts tab (see Chapter 4, Hosts), and Services tab (see Chapter 5, Services).
To define a query using Basic settings, first decide whether you are interested in network traffic data (use the View selector to select Network), host performance data (use the View selector to select Host), or service performance data (use the View selector to select Service).
If the query is focused on network traffic data, you can select whether the query should extract data for the whole network or for an individual switch or interface. If the query should extract data for the whole network, use the Switch selector to select All switches. In this case, even if a traffic flow crossed multiple switches, the flow will only be counted once - ie the query de-duplicates the data. If the query should extract data about traffic crossing an individual switch and/or interface, use the Switch and Interface selectors to select the switch and interface of interest.
If the query is focused on host performance, you can select whether the query should extract data for all hosts physical hosts, all virtual hosts, or an individual host using the Host selector.
If the query is focused on service performance, you can select whether the query should extract data about all hosts or an individual host using the Host selector. You can use the Service selector to select the service of interest.
The next step is to use the Query selector to choose a predefined query; you can think of this as selecting the key fields for the columns in the query results. You can then use the Value selector to specify the value field column for the results. Note that the network Utilization and Counters predefined queries are only available when a single interface is selected using the Switch view and Interface view selectors.
The next step is to parameterise the query:
Once you have fully parameterised the query, you can select how you would like the results to be displayed using the Display results in selector to select a display format. When you select a display format, sFlowTrend-Pro helps you understand how the data produced by the query will be displayed. For example, if you select Bar chart (totals), the display format information panel will show which fields will be used for the categories (bars) and the value field used to determine the height of the bar.
The Advanced settings tab allows you to define your own queries by manually selecting the key fields and value fields that the query should extract data for.
To define a query using Advanced settings, first select the database table that query should access. sFlowTrend-Pro includes three database tables:
If you have selected Counters or Traffic database table, you can then decide whether the query should extract data for the whole network or for specific switches or a specific interface. If the query should extract data for the whole network, check the All switches check box. If the query is to extract data for specific switches, then make sure that the All switches check box is not checked, then select one or multiple switches from the list of switches being monitored. If the query should extract data about traffic crossing an individual interface, select the switch for the interface, then use the Interface selector to select the interface of interest. If the query is defined to have a view with multiple switches, if a traffic flow crossed multiple switches, the flow will only be counted once - ie the query de-duplicates the data.
If you have selected the Host counters database table, you can then decide whether the query should extract data for all hosts or for specific hosts. If the query should extract data for all hosts, check the All hosts check box. If the query is to extract data for specific hosts, then make sure that the All hosts check box is not checked, then select one or multiple hosts from the list of hosts being monitored.
If you have selected the Service counters or Services database table, you can then decide whether the query should extract data for all hosts or for specific hosts. If the query should extract data for all hosts, check the All hosts check box. If the query is to extract data for specific hosts, then make sure that the All hosts check box is not checked, then select one or multiple hosts from the list of hosts being monitored. If the query should extract data about a specific service, then use the Service selector to select the service of interest.
The next step is to specify the fields for which the
query should extract data for. The
Select query fields panel allows you to
select fields from those available for the selected
database. The available fields are shown in the
Available fields list, with the
value fields listed in italic.
If you want to display the results of the query in a chart,
you must select at least one value field.
The Available fields list
includes a type in text field that allows you to filter
the available fields for fields whose names match the
typed in text. For example, if you have selected the
Traffic database, you can type
addr into the type in field to see
only those fields which include
addr in their names.
You can also specify functions of fields. Functions are described at Section 16.4, “Database functions”. Click the Function button to show a dialog that helps you build a function. Some functions may not be relevant for the selected database.
If you have selected at least one value field, you will have the option of selecting whether the query results should be sorted and which value the results should be sorted on. You can also specify the Top N, which will cause the query results to show only the top n entries when sorting on the specified value. You can also choose to see all the results by checking the Include all checkbox, this is only sensible if you choose to display the query results in a table.
As with the Basic settings, you can parameterise the query further by selecting a time period for which data should be extracted (see Chapter 9, Selecting a time period ) and a filter to select traffic that meets certain attributes (see Chapter 10, Filtering).
The final step is to select the output format for the query results using the Display results in selector. Select a table or chart appropriate to the report you are creating.
The Category or series format field
can be used to improve the formatting of a chart.
This can be set to a string, using the syntax of the Java
class. Depending on the chart selected, a list of fields
are used for the categories or series in the chart. The
format string can combine the members of the list into a more
human-readable form. Each item in the list of categories or
series can be referenced in the format string using
%i$s, where i is the
member of the list.
For example, if the series list is
(as in the example), and a format string
is used, then the series will be named
If a format is not specified, then the series will be named
using a comma separated list (
agent, ifIndex in
It can be quite complicated to create a format string. The
basic approach is to consider that each item in the
series or category list will always be a string, and can
be referenced using
etc. Other characters can then be used to combine these
together in a meaningful way (in the example above, the
'>' character is used to separate the
agent from the ifIndex).
The Scripted settings tab is divided into two areas: variable definitions and the script editor.
Variable definitions allow a query to be parameterised
(run with different settings) without editing the script
itself. Instead, a variable definition is changed.
This mechanism is used by the basic and advanced query
editors to specify the various parameters of a query. If
you view a basic query within the scripted query editor
(by selecting the Scripted settings
tab, you can see the variables used. Variables can be
changed by editing the name of the variable, or the value,
within the table. A variable can be deleted by clicking
and new variables added as required. Any variables defined
here can be accessed from the report script as properties
var query = new Query("flows", "", 'timestamp("Timestamp", time), sourceAddress,\ resolve("Source name", sourceAddress), rate(framesTotal)', "", "lastHour", 1, "rate(framesTotal)", true, false, 5); var result = query.run(); report.timeChart("lineChart", result, "sourceAddress, resolve(sourceAddress)", "%1$s(%2$s", "rate(framesTotal)");
Note that you have to take care with the use of single and
double quotes, and use the line continuation character
to concatenate long strings which cover multiple lines
together. In particular, any quotes that appear within
database functions must be double quotes (in the example
above, we have used single quotes for the select string,
to make it easier to then use double quotes within the
When you select an HTML section in the reports browse pane, the report settings pane will display the settings for the HTML section. An HTML section can be used to provide formatted and unformatted content in the report. For example, if you would like to show a title and a description for a chart produced by a query section, you can insert an HTML section before the query section. You can then edit the settings for the HTML section as follows:
<h1>Top sources</h1> <p>This chart displays top sources for today</p>
You can enter text or HTML formatted text in an HTML section.