The flow query engine supports rendering Top-N metrics from pre-aggregated documents stored in Elasticsearch. Use these to help alleviate compute load on the Elasticsearch cluster, particularly for environments with large volumes of flows (>10,000 flows/sec).
To use this functionality you must enable the Kafka forwarder as described in Configure Kafka forwarder and set up Nephron to process the flows.
Note
|
Nephron currently requires an Apache Flink cluster to deploy the job. |
Set the following properties in $OPENNMS_HOME/etc/org.opennms.features.flows.persistence.elastic.cfg
to control the query engine to use aggregated flows:
Property | Default | Description |
---|---|---|
alwaysUseRawForQueries |
true |
Use raw flow documents to respond to all queries instead of aggregated flows. |
alwaysUseAggForQueries |
false |
Use aggregated flow documents to respond to all queries instead of raw flows. |
timeRangeDurationAggregateThresholdMs |
120000 (2 minutes) |
Queries with time range filters that have a duration greater than this value will use aggregated flows when possible. |
timeRangeEndpointAggregateThresholdMs |
604800000 (7 days) |
Queries with time range filters that have an endpoint that is older than this value will use aggregated flows when possible. |