{ "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "grafana", "uid": "-- Grafana --" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "type": "dashboard" } ] }, "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, "id": 1, "links": [], "panels": [ { "datasource": { "type": "grafana-clickhouse-datasource", "uid": "PDEE91DDB90597936" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "yellow", "value": 40 }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 7, "w": 9, "x": 0, "y": 0 }, "id": 8, "options": { "displayMode": "lcd", "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "maxVizHeight": 300, "minVizHeight": 16, "minVizWidth": 8, "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "/^Regional traffic bandwidth \\(MB\\)$/", "values": true }, "showUnfilled": true, "sizing": "auto", "valueMode": "color" }, "pluginVersion": "11.3.1", "targets": [ { "editorType": "sql", "format": 1, "meta": { "builderOptions": { "columns": [], "database": "", "limit": 1000, "mode": "list", "queryType": "table", "table": "" } }, "pluginVersion": "4.5.1", "queryType": "table", "rawSql": "SELECT\n SUM(pkt_len)/1024.0/1024.0 AS \"Regional traffic bandwidth (MB)\",\n dictGet('ip_region_dict', 'region', tuple(src_ip)) AS region\nFROM traffic_records_all\nGROUP BY region\nORDER BY \"Regional traffic bandwidth (MB)\" DESC\nLIMIT 10", "refId": "A" } ], "title": "Top regions (bandwidth)", "type": "bargauge" }, { "datasource": { "type": "grafana-clickhouse-datasource", "uid": "PDEE91DDB90597936" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [], "thresholds": { "mode": "percentage", "steps": [ { "color": "green", "value": null }, { "color": "#EAB839", "value": 40 }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 7, "w": 9, "x": 9, "y": 0 }, "id": 7, "options": { "displayMode": "lcd", "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": false }, "maxVizHeight": 300, "minVizHeight": 16, "minVizWidth": 8, "namePlacement": "auto", "orientation": "horizontal", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "/^Regional traffic$/", "values": true }, "showUnfilled": true, "sizing": "auto", "valueMode": "color" }, "pluginVersion": "11.3.1", "targets": [ { "editorType": "sql", "format": 1, "meta": { "builderOptions": { "columns": [], "database": "", "limit": 1000, "mode": "list", "queryType": "table", "table": "" } }, "pluginVersion": "4.5.1", "queryType": "table", "rawSql": "SELECT\n COUNT(src_ip) AS \"Regional traffic\",\n dictGet('ip_region_dict', 'region', tuple(src_ip)) AS region\nFROM traffic_records_all\nGROUP BY region\nORDER BY \"Regional traffic\" DESC\nLIMIT 10", "refId": "A" } ], "title": "Top regions (packet count)", "type": "bargauge" }, { "datasource": { "type": "grafana-clickhouse-datasource", "uid": "PDEE91DDB90597936" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 7, "w": 6, "x": 18, "y": 0 }, "id": 6, "options": { "displayLabels": [ "percent", "name" ], "legend": { "displayMode": "list", "placement": "right", "showLegend": true, "values": [ "percent" ] }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "/^Protocol bandwidth$/", "values": true }, "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "11.3.1", "targets": [ { "editorType": "sql", "format": 1, "meta": { "builderOptions": { "columns": [], "database": "", "limit": 1000, "mode": "list", "queryType": "table", "table": "" } }, "pluginVersion": "4.5.1", "queryType": "table", "rawSql": "SELECT\n l4_protocol as Protocol,\n SUM(pkt_len)/1024.0/1024.0 as \"Protocol bandwidth\"\n FROM traffic_records_all\n GROUP BY Protocol", "refId": "A" } ], "title": "Distribution of L4 protocol (bandwidth)", "type": "piechart" }, { "datasource": { "type": "grafana-clickhouse-datasource", "uid": "PDEE91DDB90597936" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 7, "w": 9, "x": 0, "y": 7 }, "id": 5, "options": { "barRadius": 0, "barWidth": 0.9, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "never", "stacking": "normal", "tooltip": { "mode": "single", "sort": "none" }, "xField": "Port", "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "pluginVersion": "11.3.1", "targets": [ { "editorType": "sql", "format": 1, "meta": { "builderOptions": { "columns": [], "database": "", "limit": 1000, "mode": "list", "queryType": "table", "table": "" } }, "pluginVersion": "4.5.1", "queryType": "table", "rawSql": "SELECT Port,\r\n src_bw/1024.0/1024.0 AS \"Source port bandwidth (MB)\",\r\n dst_bw/1024.0/1024.0 AS \"Destination port bandwidth (MB)\"\r\nFROM (\r\n SELECT src_port AS Port,\r\n SUM(pkt_len) AS src_bw\r\n FROM traffic_records_all\r\n GROUP BY src_port\r\n ORDER BY src_bw DESC\r\n LIMIT 40\r\n ) AS src\r\n INNER JOIN (\r\n SELECT dst_port AS Port,\r\n SUM(pkt_len) AS dst_bw\r\n FROM traffic_records_all\r\n GROUP BY dst_port\r\n ORDER BY dst_bw DESC\r\n LIMIT 40\r\n ) AS dst USING (Port)\r\nORDER BY (src_bw + dst_bw) DESC\r\nLIMIT 40;", "refId": "A" } ], "title": "Top ports (by bandwidth)", "type": "barchart" }, { "datasource": { "type": "grafana-clickhouse-datasource", "uid": "PDEE91DDB90597936" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "fillOpacity": 80, "gradientMode": "hue", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "lineWidth": 1, "scaleDistribution": { "type": "linear" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green", "value": null } ] } }, "overrides": [] }, "gridPos": { "h": 7, "w": 9, "x": 9, "y": 7 }, "id": 4, "options": { "barRadius": 0, "barWidth": 0.9, "fullHighlight": false, "groupWidth": 0.7, "legend": { "calcs": [], "displayMode": "list", "placement": "bottom", "showLegend": true }, "orientation": "auto", "showValue": "never", "stacking": "normal", "tooltip": { "mode": "single", "sort": "none" }, "xField": "Port", "xTickLabelRotation": 0, "xTickLabelSpacing": 0 }, "pluginVersion": "11.3.1", "targets": [ { "editorType": "sql", "format": 1, "meta": { "builderOptions": { "columns": [], "database": "", "limit": 1000, "mode": "list", "queryType": "table", "table": "" } }, "pluginVersion": "4.5.1", "queryType": "table", "rawSql": "SELECT \r\n Port, \r\n SourcePortCount AS \"Source port frequency\",\r\n DestPortCount AS \"Destination port frequency\"\r\nFROM\r\n(\r\n SELECT \r\n src_port AS Port, \r\n COUNT(*) AS SourcePortCount\r\n FROM traffic_records_all\r\n GROUP BY src_port\r\n ORDER BY SourcePortCount DESC\r\n LIMIT 40\r\n) AS src\r\nINNER JOIN\r\n(\r\n SELECT \r\n dst_port AS Port, \r\n COUNT(*) AS DestPortCount\r\n FROM traffic_records_all\r\n GROUP BY dst_port\r\n ORDER BY DestPortCount DESC\r\n LIMIT 40\r\n) AS dst\r\nUSING (Port)\r\nORDER BY (SourcePortCount + DestPortCount) DESC\r\nLIMIT 40;\r\n", "refId": "A" } ], "title": "Top ports (frequency)", "type": "barchart" }, { "datasource": { "type": "grafana-clickhouse-datasource", "uid": "PDEE91DDB90597936" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "mappings": [] }, "overrides": [] }, "gridPos": { "h": 7, "w": 6, "x": 18, "y": 7 }, "id": 1, "options": { "displayLabels": [ "percent", "name" ], "legend": { "displayMode": "list", "placement": "right", "showLegend": true, "values": [ "percent" ] }, "pieType": "pie", "reduceOptions": { "calcs": [ "lastNotNull" ], "fields": "/^Protocol frequency$/", "values": true }, "tooltip": { "mode": "single", "sort": "none" } }, "pluginVersion": "11.3.1", "targets": [ { "datasource": { "type": "grafana-clickhouse-datasource", "uid": "PDEE91DDB90597936" }, "editorType": "sql", "format": 1, "meta": { "builderOptions": { "columns": [], "database": "", "limit": 1000, "mode": "list", "queryType": "table", "table": "" } }, "pluginVersion": "4.5.1", "queryType": "table", "rawSql": "SELECT\r\n l4_protocol as Protocol,\r\n COUNT(Protocol) as \"Protocol frequency\"\r\n FROM traffic_records_all\r\n GROUP BY Protocol", "refId": "A" } ], "title": "Distribution of L4 protocol (frequency)", "type": "piechart" } ], "preload": false, "refresh": "", "schemaVersion": 40, "tags": [], "templating": { "list": [] }, "time": { "from": "now-6h", "to": "now" }, "timepicker": {}, "timezone": "browser", "title": "Internet traffic capture analysis", "uid": "be59fkbp3zs3kc", "version": 1, "weekStart": "" }