Aggregate statistics off by 1
elof2 at sentor.se
elof2 at sentor.se
Wed May 27 05:40:51 EDT 2015
Hi Carter!
I investigated this a little bit further.
I have this logfile with 4 MAR records:
ra -Zb -M man -nr elof.log | grep -i man
10:28:01.149822 man 0 0
0 0 0 0 0 0 STA
10:28:44.149779 man 0 0
25749 1 69980 2839 28277263 0 CON
10:29:44.149756 man 0 0
25191 1 78426 3104 36560040 0 CON
10:30:44.150890 man 0 0
25060 1 107220 2715 37037618 0 CON
I concatenate it four times:
cat elof.log elof.log elof.log elof.log >> elof2.log
ra -Zb -M man -nr elof2.log | grep -i man
Now I have 16 MAR records.
So far everything is sane and logical.
The file has 38852 flows (I checked with wc -l).
The file has 16 MAR records.
Total records should therefore be 38868.
I now add -A :
ra -Zb -M man -A -nr elof2.log | tail -1
Totalrecords 38868 TotalMarRecords 17 TotalFarRecords 38852
TotalPkts 1211504 TotalBytes 462893084
So, the problem is that TotalMarRecords show 1 too much.
It should be 16.
/Elof
On Tue, 26 May 2015, Carter Bullard wrote:
> Hey /Elof,
> We are not counting the first MAR record. If you were to filter the call using "not man" or "far", it should be correct. All streams have to have the first MAR record, so didn't think that we should count it ??
> Carter
>
>
>
>> On May 26, 2015, at 10:50 AM, elof2 at sentor.se wrote:
>>
>>
>> Hi Carter!
>>
>> Just found a silly error.
>>
>> When adding option
>> -A Print aggregate statistics for the input stream on termination.
>> I get this line:
>> Totalrecords 26282 TotalMarRecords 12 TotalFarRecords 26271 TotalPkts 1069033 TotalBytes 654980030
>>
>>
>> The silly error is that 26271+12=26283, not 26282.
>>
>>
>> Very minor, but still wanted you to know. :)
>>
>> /Elof
>>
>
More information about the argus
mailing list