Mapping is required for Elasticsearch to correctly interpret all fields produced by ntopng, specifically thoseĬontaining IP and Geo Location data. Index mapping defines the multiple supported types. More primary shards and can have zero or more replica shards distributed across nodes of a cluster. An index is a logical namespace which maps to one or Indexes are like ‘databases’ in a RDBMS terms. These settings are effective for all databases.Įs ntopng ntopng -% Y. Maximum Number of Aggregated Flows Dumped Every 5 Minutes: is used to specify the maximum number of aggregated flows dumped every 5-minutes.
Reducing the number of aggregated flows may be useful to reduce the total number of exports performed and thus, the number of aggregated flows in the database. MySQL and nIndex aggregate flows at 5-minute intervals to make certain queries faster. Limit the Number of Aggregated Flows: allows to cap the number of aggregated flows dumped periodically when using nIndex or MySQL.Maximum Number of Bytes per Tiny Flow: is used to configure the maximum number of bytes a flow must have to be considered tiny.Maximum Number of Packets per Tiny Flow: is used to configure the maximum number of packets a flow must have to be considered tiny.It is not recommended to use this option when dumped flows are used for security analyses. This reduction is mostly effective when dumped flows are used to do analyses based on the volume. Excluding tiny flows from the dump is an effective strategy to reduce the number of dumped flows. Tiny flows are small flows, that is, flows totalling less than a certain configurable number of packets or bytes. Tiny Flows Dump: to toggle the dump of tiny flows.Turning flows dump off may be useful when the destination downstream database is running out of space, for debug purposes, or when the user only wants alerts stored in ElasticsearchAlerts. Flows dump can be turned on or off using this toggle. Flows Dump: to toggle the dump of flows during the execution of ntopng.Physical Interfaces Aggregation: Interface Views
0 kommentar(er)
