Aggregate statistics off by 1

elof2 at sentor.se elof2 at sentor.se
Wed Jun 17 10:17:27 EDT 2015 

Hi Carter!

Any comments? I guess not, just a simple fix in the code.

/Elof


On Tue, 2 Jun 2015, elof2 at sentor.se wrote:

>
> Hi Carter!
>
> I don't understand how _not_ counting someting yields 1 too much. :-)
>
> Anyhow, I think that all MAR records that exist in the file should be counted 
> and TotalMarRecords show the correct sum.
>
> In my example, TotalMarRecords should be 16, not 17.
>
> /Elof
>
>
> On Tue, 2 Jun 2015, Carter Bullard wrote:
>
>> Yes, in fact you included my email that stated that we don’t count the 
>> first MAR.
>> Do you think we should ???  Seems redundant since the first MAR must be 
>> there ??
>> Carter
>> 
>>> On May 27, 2015, at 5:40 AM, elof2 at sentor.se wrote:
>>> 
>>> 
>>> Hi Carter!
>>> 
>>> I investigated this a little bit further.
>>> 
>>> I have this logfile with 4 MAR records:
>>> ra -Zb -M man -nr elof.log | grep -i man
>>> 10:28:01.149822              man                  0      0 0      0 
>>> 0        0            0            0           STA
>>> 10:28:44.149779              man                  0      0 25749      1 
>>> 69980     2839     28277263            0           CON
>>> 10:29:44.149756              man                  0      0 25191      1 
>>> 78426     3104     36560040            0           CON
>>> 10:30:44.150890              man                  0      0 25060      1 
>>> 107220     2715     37037618            0           CON
>>> 
>>> I concatenate it four times:
>>> cat elof.log elof.log elof.log elof.log >> elof2.log
>>> 
>>> ra -Zb -M man -nr elof2.log | grep -i man
>>> Now I have 16 MAR records.
>>> 
>>> So far everything is sane and logical.
>>> 
>>> The file has 38852 flows (I checked with wc -l).
>>> The file has 16 MAR records.
>>> Total records should therefore be 38868.
>>> 
>>> I now add -A :
>>> ra -Zb -M man -A -nr elof2.log | tail -1
>>> Totalrecords 38868     TotalMarRecords 17        TotalFarRecords 38852 
>>> TotalPkts 1211504  TotalBytes 462893084
>>> 
>>> So, the problem is that TotalMarRecords show 1 too much.
>>> It should be 16.
>>> 
>>> /Elof
>>> 
>>> 
>>> On Tue, 26 May 2015, Carter Bullard wrote:
>>> 
>>>> Hey /Elof,
>>>> We are not counting the first MAR record.  If you were to filter the call 
>>>> using "not man" or "far", it should be correct.  All streams have to have 
>>>> the first MAR record, so didn't think that we should count it ??
>>>> Carter
>>>> 
>>>> 
>>>> 
>>>>> On May 26, 2015, at 10:50 AM, elof2 at sentor.se wrote:
>>>>> 
>>>>> 
>>>>> Hi Carter!
>>>>> 
>>>>> Just found a silly error.
>>>>> 
>>>>> When adding option
>>>>>      -A  Print aggregate statistics for the input stream on termination.
>>>>> I get this line:
>>>>> Totalrecords 26282     TotalMarRecords 12        TotalFarRecords 26271 
>>>>> TotalPkts 1069033  TotalBytes 654980030
>>>>> 
>>>>> 
>>>>> The silly error is that 26271+12=26283, not 26282.
>>>>> 
>>>>> 
>>>>> Very minor, but still wanted you to know. :)
>>>>> 
>>>>> /Elof
>>>>> 
>>>> 
>>> 
>> 
>

More information about the argus mailing list