ER仪表盘模板

前提条件

• 已采集ER流量日志，详情请参见企业路由器ER接入LTS。
• 日志配置结构化，详情请参见设置云端结构化解析日志。

ER流量日志中心

1. 登录云日志服务控制台。
2. 在左侧导航栏中选择“仪表盘 ”。
3. 在仪表盘模板下方，选择“ER仪表盘模板 > ER流量日志中心”，查看图表详情。
   • 过滤实例ID图，所关联的查询分析语句如下所示：

     SELECT DISTINCT(instance_id)

   • 过滤连接ID图，所关联的查询分析语句如下所示：

     SELECT DISTINCT(resource_id)

   • 流量方向图展示为静态过滤器，可按照入方向和出方向的流量进行过滤，所关联的查询分析语句如下所示：
   • 过滤源IP图，所关联的查询分析语句如下所示：

     SELECT DISTINCT(srcaddr)

   • 过滤目的IP图，所关联的查询分析语句如下所示：

     SELECT DISTINCT(dstaddr)

   • 过滤协议类型图，所关联的查询分析语句如下所示：

     SELECT DISTINCT(protocol)

   • TOP20包数统计图表所关联的查询分析语句如下所示：

     SELECT "srcaddr" as "源地址", "dstaddr" as "目的地址",  sum("packets") as "包数", "resource_id" as "连接ID", "instance_id" as "实例ID" group by "instance_id", "resource_id", "srcaddr", "dstaddr" order by "包数" desc limit 20

   • TOP20流量统计图表所关联的查询分析语句如下所示：

     SELECT "srcaddr" as "源地址", "dstaddr" as "目的地址",  sum("bytes") as "字节数", "resource_id" as "连接ID", "instance_id" as "实例ID" group by "instance_id", "resource_id", "srcaddr", "dstaddr" order by "字节数" desc limit 20

   • 流日志条数图表所关联的查询分析语句如下所示：

     select time_series(__time, 'PT1H', 'yyyy-MM-dd HH:mm:ss', '0', '+08:00') as "时间", count(*) as "流日志条数" group by "时间" order by "时间"

   • 流日志详情图表所关联的查询分析语句如下所示：

     SELECT "instance_id" as "实例ID", "resource_id" as "连接ID", "project_id" as "项目ID", "srcaddr" as "源IP", "dstaddr" as "目的IP", "srcport" as "源端口",  "dstport" as "目的端口", "protocol" as "协议类型", "direct" as "流量方向", "packets" as "包数", "bytes" as "字节数",  TIME_FORMAT( MILLIS_TO_TIMESTAMP("start"*1000), 'yyyy-MM-dd HH:mm:ss', '+08:00') as "开始时间", TIME_FORMAT( MILLIS_TO_TIMESTAMP("end"*1000) , 'yyyy-MM-dd HH:mm:ss', '+08:00') as "结束时间"